|
Plagegeister aller Art und deren Bekämpfung: Iminent hat mein Internet verseuchtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.11.2013, 22:22 | #1 |
| Iminent hat mein Internet verseucht Die Startseite war erst irgendeine Suchmaschine, die ich nicht mehr erinnere. Jetzt ist es ASK, nachdem ich irgendeine andere Software runterlud und irrtuemlich auch ASK akzeptierte. Und ich kann die Startseite nicht dauerhaft ändern. Sie springt immer wieder zurueck auf ASK. Dann öffnen sich immer noch andere Webseiten (in einem neuen Fenster), ohne dass ich dies wuensche oder gar angeklickt habe. Insgesamt ist alles viel langsamer. Hier kommen die Files: defogger defogger_disable by jpshortstuff (23.02.10.1) Log created at 21:22 on 13/11/2013 (SantaClara) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-11-2013 01 Ran by SantaClara (administrator) on MELO on 13-11-2013 21:29:16 Running from C:\Users\SantaClara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8JW3PF89 Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (iMesh Inc.) C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe (iMesh Inc.) C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Iminent) C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Seiko Epson Corporation) C:\windows\system32\EscSvc64.exe () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe (Intel Corporation) C:\windows\system32\igfxext.exe (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe (NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe (iMesh, Inc) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Iminent) C:\Program Files (x86)\Iminent\Iminent.exe (Iminent) C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (iMesh Inc.) C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrUI.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe () C:\Program Files (x86)\Speed Test Analysis\BackgroundHost64.exe (Microsoft Corporation) C:\windows\system32\taskmgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Farbar) C:\Users\SantaClara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8JW3PF89\FRST64 (1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor) HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-10-31] (Qualcomm Atheros) HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-31] (Atheros Communications) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [499608 2011-06-16] (Adobe Systems Incorporated) HKLM\...\Run: [Bitcasa] - C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc) HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2872176 2012-10-08] (ELAN Microelectronics Corp.) HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [WrtMon.exe] - C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [Scan Buttons] - C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Pmsb.exe [214360 2011-01-21] (NewSoft Technology Corporation) HKCU\...\Run: [iMesh] - C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe [31012720 2013-11-03] (iMesh, Inc) MountPoints2: {1ed749e8-69f2-11e2-be68-806e6f6e6963} - "D:\InstallNavi.exe" HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [35736 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation) HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation) HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH) HKLM-x32\...\Run: [PMSpeed] - C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.exe [116632 2010-07-29] (NewSoft Technology Corporation) HKLM-x32\...\Run: [FUFAXRCV] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [Iminent] - C:\Program Files (x86)\Iminent\Iminent.exe [1074736 2013-10-29] (Iminent) HKLM-x32\...\Run: [IminentMessenger] - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe [884784 2013-10-29] (Iminent) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL C:\PROGRA~2\MUSICT~1\Datamngr\x64\mgrldr.dll [23616 2013-10-10] () AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL C:\PROGRA~2\MUSICT~1\Datamngr\mgrldr.dll [20032 2013-10-10] () IMEO\bitguard.exe: [Debugger] tasklist.exe IMEO\bprotect.exe: [Debugger] tasklist.exe IMEO\browsemngr.exe: [Debugger] tasklist.exe IMEO\browserdefender.exe: [Debugger] tasklist.exe IMEO\browsermngr.exe: [Debugger] tasklist.exe IMEO\browserprotect.exe: [Debugger] tasklist.exe IMEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe IMEO\cltmngsvc.exe: [Debugger] tasklist.exe IMEO\delta babylon.exe: [Debugger] tasklist.exe IMEO\delta tb.exe: [Debugger] tasklist.exe IMEO\delta2.exe: [Debugger] tasklist.exe IMEO\deltainstaller.exe: [Debugger] tasklist.exe IMEO\deltasetup.exe: [Debugger] tasklist.exe IMEO\deltatb.exe: [Debugger] tasklist.exe IMEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe IMEO\iminentsetup.exe: [Debugger] tasklist.exe IMEO\rjatydimofu.exe: [Debugger] tasklist.exe IMEO\sweetimsetup.exe: [Debugger] tasklist.exe IMEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe Startup: C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\SantaClara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation) HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll [486464 2013-10-10] () <===== ATTENTION HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll [659008 2013-10-10] () <===== ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.iminent.com/?appId=1911A78D-EEBF-40DB-A918-D8BD7E920A5C HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File SearchScopes: HKLM - DefaultScope {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM - {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1487&systemid=1&v=n9639-163&apn_uid=4136014975604365&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM-x32 - {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1487&systemid=1&v=n9639-163&apn_uid=4136014975604365&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms} SearchScopes: HKLM-x32 - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=1911A78D-EEBF-40DB-A918-D8BD7E920A5C&ref=toolbox&q={searchTerms} SearchScopes: HKCU - {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL = SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1487&systemid=1&v=n9639-163&apn_uid=4136014975604365&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms} SearchScopes: HKCU - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=1911A78D-EEBF-40DB-A918-D8BD7E920A5C&ref=toolbox&q={searchTerms} BHO: Speed Test Analysis - {310D38FE-EB4C-467C-8781-B7C2AEB7847D} - C:\Program Files (x86)\Speed Test Analysis\ScriptHost64.dll (SpeedAnalysis.com) BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO-x32: Music Toolbar (Dist. by iMesh, Inc.) - {0307351f-b2d7-41f2-b44a-8af7d9d90a18} - C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll () BHO-x32: iminent Helper Object - {112BA211-334C-4A90-90EC-2AD1CDAB287C} - C:\Program Files (x86)\IminentToolbar\1.8.26.8\bh\iminent.dll (Iminent) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: coontiinueTosoave - {1DCE63B7-6C05-D920-EC87-68F8A715C19E} - C:\ProgramData\coontiinueTosoave\51a0b97656bd7.dll No File BHO-x32: Speed Test Analysis - {310D38FE-EB4C-467C-8781-B7C2AEB7847D} - C:\Program Files (x86)\Speed Test Analysis\ScriptHost.dll (SpeedAnalysis.com) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (SIEN) BHO-x32: EbOoKBrowsoe - {C2AD2A3F-CECC-7692-CE9E-218B032C6887} - C:\ProgramData\EbOoKBrowsoe\51a0b992c832f.dll () BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Iminent Toolbar - {1FAFD711-ABF9-4F6A-8130-5166C7371427} - C:\Program Files (x86)\IminentToolbar\1.8.26.8\iminentTlbr.dll (Iminent) Toolbar: HKLM-x32 - Music Toolbar (Dist. by iMesh, Inc.) - {0307351f-b2d7-41f2-b44a-8af7d9d90a18} - C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll () Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Chrome: ======= CHR Extension: (EbOoKBrowsoe) - C:\Users\SANTAC~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobdkjkcffjijahpmjpgipkpdggpmoeo\1 CHR Extension: (Iminent) - C:\Users\SANTAC~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.43.4.1_0 CHR Extension: () - C:\Users\SANTAC~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.5 CHR Extension: (coontiinueTosoave) - C:\Users\SANTAC~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlohpbniocddkjfjaoiemefphfnfjpaf\1 CHR Extension: (Iminent Chrome Toolbar) - C:\Users\SANTAC~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0 CHR HKLM-x32\...\Chrome\Extension: [kckgnnipheglejoddfhekdjpbdbinhmb] - C:\Users\SantaClara\AppData\Roaming\SpeedTestAnalysis\SpeedTestAnalysis.crx CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx CHR HKLM-x32\...\Chrome\Extension: [pkhojieggfgllhllcegoffdcnmdeojgb] - C:\Program Files (x86)\IminentToolbar\1.8.26.8\iminent.crx ==================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171664 2012-11-05] (Adobe Systems Incorporated) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations) R2 DatamngrCoordinator; C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe [3423808 2013-10-10] (iMesh Inc.) R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.) R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [90992 2012-10-08] (ELAN Microelectronics Corp.) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation) R2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe [2886464 2013-10-29] (Iminent) R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros) ==================== Drivers (Whitelisted) ==================== R1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2013-10-11] (Emsisoft GmbH) R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20131101.003\BHDrvx64.sys [1524824 2013-10-23] (Symantec Corporation) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-31] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation) R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2013-10-11] (Emsisoft GmbH) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-27] (Symantec Corporation) R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20131112.002\IDSvia64.sys [521816 2013-10-28] (Symantec Corporation) R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20131113.001\ENG64.SYS [126040 2013-11-08] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20131113.001\EX64.SYS [2099288 2013-11-08] (Symantec Corporation) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation) R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider) R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\NISx64\1501000.012\SymELAM.sys [23568 2013-09-10] (Symantec Corporation) R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-13] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation) R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation) S3 SBIOSIO; \??\C:\Windows\Temp\SBIOSIO64.SYS [x] S3 TVICPORT; \??\C:\windows\system32\DRIVERS\TVICPORT.SYS [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-13 21:27 - 2013-11-13 21:28 - 00000000 ____D C:\Users\SantaClara\Desktop\Trojaner-Hilfe 2013-11-13 21:22 - 2013-11-13 21:22 - 00000482 _____ C:\Users\SantaClara\Desktop\defogger_disable.log 2013-11-13 21:22 - 2013-11-13 21:22 - 00000000 _____ C:\Users\SantaClara\defogger_reenable 2013-11-13 08:03 - 2013-11-13 08:03 - 00002573 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk 2013-11-13 07:55 - 2013-11-13 07:55 - 00000000 ____D C:\Users\Public\Downloads\Norton 2013-11-13 01:28 - 2013-11-13 01:28 - 00000000 ____D C:\ProgramData\A3C7 2013-11-13 01:27 - 2013-11-13 01:27 - 00000000 ___RD C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2013-11-13 01:27 - 2013-11-05 23:58 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2013-11-13 01:27 - 2013-11-05 23:58 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-11-12 23:31 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2013-11-12 23:31 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll 2013-11-12 23:31 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll 2013-11-12 23:31 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll 2013-11-12 23:31 - 2013-09-14 02:15 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe 2013-11-12 23:31 - 2013-09-13 23:36 - 00628736 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll 2013-11-12 23:31 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll 2013-11-12 23:31 - 2013-09-13 23:36 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll 2013-11-12 23:31 - 2013-09-13 23:36 - 00084992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll 2013-11-12 23:31 - 2013-09-13 23:36 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe 2013-11-12 23:31 - 2013-09-13 23:34 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe 2013-11-12 23:31 - 2013-09-13 23:33 - 03279360 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll 2013-11-12 23:31 - 2013-09-13 23:33 - 01622016 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll 2013-11-12 23:31 - 2013-09-13 23:33 - 00773120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll 2013-11-12 23:31 - 2013-09-13 23:33 - 00328192 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll 2013-11-12 23:31 - 2013-09-13 23:33 - 00252928 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll 2013-11-12 23:31 - 2013-09-13 23:33 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll 2013-11-12 23:31 - 2013-09-13 23:33 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll 2013-11-12 23:31 - 2013-09-13 23:33 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll 2013-11-12 23:31 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys 2013-11-12 23:31 - 2013-08-30 06:43 - 00061784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\crashdmp.sys 2013-11-12 23:31 - 2013-08-30 06:20 - 01173504 _____ (Microsoft Corporation) C:\windows\system32\UIAutomationCore.dll 2013-11-12 23:31 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAutomationCore.dll 2013-11-12 23:31 - 2013-08-21 07:39 - 00465240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys 2013-11-12 23:31 - 2013-08-10 07:30 - 00151896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tpm.sys 2013-11-12 23:31 - 2013-08-10 06:21 - 00817152 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2013-11-12 23:31 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2013-11-12 23:31 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll 2013-11-12 23:31 - 2013-07-25 00:07 - 13661696 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll 2013-11-12 23:31 - 2013-07-12 02:38 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll 2013-11-12 23:31 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSDApi.dll 2013-11-12 23:30 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-11-12 23:30 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-11-12 23:30 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-11-12 23:30 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2013-11-12 23:30 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2013-11-12 23:30 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys 2013-11-12 23:30 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL 2013-11-12 23:30 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL 2013-11-12 23:30 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2013-11-12 23:30 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2013-11-12 23:30 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll 2013-11-12 23:30 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll 2013-11-12 23:29 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-11-12 23:29 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-11-12 23:29 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-11-12 23:29 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-11-12 23:29 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-11-12 23:29 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-11-12 23:29 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2013-11-12 23:29 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2013-11-12 23:29 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2013-11-12 23:29 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2013-11-12 23:29 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2013-11-12 23:29 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2013-11-12 23:29 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll 2013-11-12 23:29 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\windows\system32\authui.dll 2013-11-11 01:56 - 2013-11-11 01:56 - 00000000 ____D C:\ProgramData\BrowserProtect 2013-11-11 01:56 - 2013-11-11 01:56 - 00000000 ____D C:\ProgramData\Browser Manager 2013-11-11 01:56 - 2013-11-11 01:56 - 00000000 ____D C:\ProgramData\BitGuard 2013-11-11 01:49 - 2013-11-11 01:49 - 00000000 ____D C:\FRST 2013-11-11 01:43 - 2013-11-11 01:43 - 00001188 _____ C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk 2013-11-11 01:43 - 2013-11-11 01:43 - 00001184 _____ C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk 2013-11-11 01:43 - 2013-11-11 01:43 - 00000000 ____D C:\Users\SantaClara\Documents\My Received Files 2013-11-11 01:43 - 2013-11-11 01:43 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\MusicNet 2013-11-11 01:26 - 2013-11-11 01:43 - 00000000 ____D C:\Users\SantaClara\AppData\Local\iMesh 2013-11-11 01:26 - 2013-11-11 01:26 - 00000000 ____D C:\ProgramData\Wincert 2013-11-11 01:26 - 2013-11-11 01:26 - 00000000 ____D C:\Program Files (x86)\iMesh Applications 2013-11-11 01:25 - 2013-11-13 21:29 - 00000000 ____D C:\ProgramData\Datamngr 2013-11-11 01:25 - 2013-11-11 01:25 - 00000000 ____D C:\Program Files (x86)\Music Toolbar 2013-11-11 01:07 - 2013-11-11 01:07 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2013-11-11 01:07 - 2013-11-11 01:07 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2013-11-11 01:07 - 2013-11-11 01:07 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2013-11-11 01:07 - 2013-11-11 01:07 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2013-11-11 01:07 - 2013-11-11 01:07 - 00000000 ____D C:\ProgramData\Sun 2013-11-11 01:07 - 2013-11-11 01:07 - 00000000 ____D C:\ProgramData\Oracle 2013-11-11 01:07 - 2013-11-11 01:07 - 00000000 ____D C:\Program Files (x86)\Java 2013-11-11 00:08 - 2013-11-11 00:08 - 00000000 ____D C:\ProgramData\IBUpdaterService 2013-11-11 00:07 - 2013-11-11 00:08 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\SpeedTestAnalysis 2013-11-11 00:07 - 2013-11-11 00:08 - 00000000 ____D C:\Program Files (x86)\Speed Test Analysis 2013-11-11 00:07 - 2013-11-11 00:07 - 00001272 _____ C:\Users\SantaClara\Desktop\SpeedTestAnalysis.lnk 2013-11-11 00:07 - 2013-11-11 00:07 - 00000635 _____ C:\windows\SysWOW64\InstallUtil.InstallLog 2013-11-11 00:07 - 2013-11-11 00:07 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\iminent 2013-11-11 00:07 - 2013-11-11 00:07 - 00000000 ____D C:\ProgramData\Iminent 2013-11-11 00:07 - 2013-11-11 00:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-11 00:07 - 2013-11-11 00:07 - 00000000 ____D C:\Program Files (x86)\IminentToolbar 2013-11-11 00:07 - 2013-11-11 00:07 - 00000000 ____D C:\Program Files (x86)\Iminent 2013-11-11 00:06 - 2013-11-11 00:06 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\mresreg 2013-11-11 00:06 - 2013-11-11 00:06 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\IN-MEDIAKG 2013-11-11 00:06 - 2013-11-11 00:06 - 00000000 ____D C:\Program Files (x86)\mresreg 2013-11-11 00:06 - 2013-11-11 00:06 - 00000000 ____D C:\Program Files (x86)\HomepageFIX2013 2013-11-10 13:42 - 2013-08-10 04:58 - 00356352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll 2013-11-10 13:42 - 2013-08-02 06:08 - 17561088 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2013-11-10 13:42 - 2013-08-02 06:08 - 08858112 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll 2013-11-10 13:42 - 2013-08-02 06:08 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll 2013-11-10 13:42 - 2013-07-25 00:10 - 00158208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mbsmsapi.dll 2013-11-10 13:42 - 2013-04-09 23:29 - 00893952 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll 2013-11-10 13:41 - 2013-08-10 06:21 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll 2013-11-10 13:41 - 2013-08-10 06:21 - 00128512 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncInfo.dll 2013-11-10 13:41 - 2013-08-03 07:40 - 01374208 _____ (Microsoft Corporation) C:\windows\system32\wdc.dll 2013-11-10 13:41 - 2013-08-03 07:40 - 00566784 _____ (Microsoft Corporation) C:\windows\system32\wvc.dll 2013-11-10 13:41 - 2013-08-03 07:40 - 00462336 _____ (Microsoft Corporation) C:\windows\system32\sysmon.ocx 2013-11-10 13:41 - 2013-08-03 06:14 - 00399360 _____ (Microsoft Corporation) C:\windows\SysWOW64\sysmon.ocx 2013-11-10 13:41 - 2013-08-03 06:13 - 01245696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdc.dll 2013-11-10 13:41 - 2013-08-03 06:13 - 00437248 _____ (Microsoft Corporation) C:\windows\SysWOW64\wvc.dll 2013-11-10 13:41 - 2013-08-02 07:28 - 19758080 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2013-11-10 13:41 - 2013-08-02 07:28 - 10116608 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll 2013-11-10 13:41 - 2013-08-02 07:28 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll 2013-11-10 13:41 - 2013-08-01 11:41 - 02233688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2013-11-10 13:41 - 2013-07-31 00:30 - 00386923 _____ C:\windows\system32\ApnDatabase.xml 2013-11-10 13:41 - 2013-07-25 00:06 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\mbsmsapi.dll 2013-11-10 13:41 - 2013-04-10 00:17 - 01125888 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll 2013-11-08 08:16 - 2013-11-08 08:16 - 00001938 _____ C:\Users\SantaClara\Desktop\Memory Cleaner.lnk 2013-11-08 08:16 - 2013-11-08 08:16 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com 2013-11-08 08:16 - 2013-11-08 08:16 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\KoshyJohn.com 2013-10-22 23:03 - 2013-10-22 23:03 - 00001946 _____ C:\Users\Public\Desktop\SW Update.lnk 2013-10-20 14:10 - 2013-10-20 14:12 - 00010307 _____ C:\Users\SantaClara\Documents\Kontakte ausland.odt 2013-10-14 00:12 - 2013-10-30 08:33 - 00000000 ____D C:\Users\SantaClara\AppData\Local\Thunderbird 2013-10-14 00:12 - 2013-10-14 00:12 - 00002086 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk 2013-10-14 00:12 - 2013-10-14 00:12 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\Thunderbird 2013-10-14 00:11 - 2013-11-09 19:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-10-14 00:11 - 2013-11-02 17:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-10-14 00:11 - 2013-10-14 00:11 - 00000000 ____D C:\ProgramData\Mozilla ==================== One Month Modified Files and Folders ======= 2013-11-13 21:29 - 2013-11-11 01:25 - 00000000 ____D C:\ProgramData\Datamngr 2013-11-13 21:28 - 2013-11-13 21:27 - 00000000 ____D C:\Users\SantaClara\Desktop\Trojaner-Hilfe 2013-11-13 21:22 - 2013-11-13 21:22 - 00000482 _____ C:\Users\SantaClara\Desktop\defogger_disable.log 2013-11-13 21:22 - 2013-11-13 21:22 - 00000000 _____ C:\Users\SantaClara\defogger_reenable 2013-11-13 21:22 - 2013-04-27 18:48 - 00000000 ____D C:\Users\SantaClara 2013-11-13 21:19 - 2012-07-26 09:12 - 00000000 ____D C:\windows\rescache 2013-11-13 21:17 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\sru 2013-11-13 08:04 - 2013-01-28 18:21 - 00177752 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS 2013-11-13 08:04 - 2013-01-28 18:21 - 00008222 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT 2013-11-13 08:04 - 2013-01-28 18:20 - 00000000 ____D C:\ProgramData\Norton 2013-11-13 08:03 - 2013-11-13 08:03 - 00002573 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk 2013-11-13 08:01 - 2013-01-28 18:20 - 00000000 ____D C:\windows\system32\Drivers\NISx64 2013-11-13 08:01 - 2013-01-28 18:20 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security 2013-11-13 07:55 - 2013-11-13 07:55 - 00000000 ____D C:\Users\Public\Downloads\Norton 2013-11-13 01:34 - 2013-02-03 03:58 - 00753134 _____ C:\windows\system32\perfh007.dat 2013-11-13 01:34 - 2013-02-03 03:58 - 00155826 _____ C:\windows\system32\perfc007.dat 2013-11-13 01:34 - 2012-07-26 08:28 - 01745416 _____ C:\windows\system32\PerfStringBackup.INI 2013-11-13 01:29 - 2013-01-28 18:22 - 00000000 ____D C:\ProgramData\WinClon 2013-11-13 01:28 - 2013-11-13 01:28 - 00000000 ____D C:\ProgramData\A3C7 2013-11-13 01:27 - 2013-11-13 01:27 - 00000000 ___RD C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2013-11-13 01:26 - 2012-07-26 08:22 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-11-13 01:21 - 2013-01-28 17:15 - 01470106 _____ C:\windows\WindowsUpdate.log 2013-11-13 01:21 - 2012-07-26 09:12 - 00000000 ___RD C:\windows\ToastData 2013-11-13 01:21 - 2012-07-26 09:12 - 00000000 ____D C:\windows\WinStore 2013-11-13 01:13 - 2013-08-27 06:13 - 00000000 ____D C:\windows\system32\MRT 2013-11-13 01:09 - 2013-06-04 05:58 - 82896128 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2013-11-12 23:27 - 2012-07-26 09:12 - 00000000 ____D C:\windows\AUInstallAgent 2013-11-11 02:13 - 2013-04-27 18:52 - 00000000 ___RD C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-11-11 02:13 - 2013-04-27 18:52 - 00000000 ___RD C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-11-11 02:12 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\BBI 2013-11-11 01:56 - 2013-11-11 01:56 - 00000000 ____D C:\ProgramData\BrowserProtect 2013-11-11 01:56 - 2013-11-11 01:56 - 00000000 ____D C:\ProgramData\Browser Manager 2013-11-11 01:56 - 2013-11-11 01:56 - 00000000 ____D C:\ProgramData\BitGuard 2013-11-11 01:49 - 2013-11-11 01:49 - 00000000 ____D C:\FRST 2013-11-11 01:43 - 2013-11-11 01:43 - 00001188 _____ C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk 2013-11-11 01:43 - 2013-11-11 01:43 - 00001184 _____ C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk 2013-11-11 01:43 - 2013-11-11 01:43 - 00000000 ____D C:\Users\SantaClara\Documents\My Received Files 2013-11-11 01:43 - 2013-11-11 01:43 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\MusicNet 2013-11-11 01:43 - 2013-11-11 01:26 - 00000000 ____D C:\Users\SantaClara\AppData\Local\iMesh 2013-11-11 01:26 - 2013-11-11 01:26 - 00000000 ____D C:\ProgramData\Wincert 2013-11-11 01:26 - 2013-11-11 01:26 - 00000000 ____D C:\Program Files (x86)\iMesh Applications 2013-11-11 01:25 - 2013-11-11 01:25 - 00000000 ____D C:\Program Files (x86)\Music Toolbar 2013-11-11 01:07 - 2013-11-11 01:07 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2013-11-11 01:07 - 2013-11-11 01:07 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2013-11-11 01:07 - 2013-11-11 01:07 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2013-11-11 01:07 - 2013-11-11 01:07 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2013-11-11 01:07 - 2013-11-11 01:07 - 00000000 ____D C:\ProgramData\Sun 2013-11-11 01:07 - 2013-11-11 01:07 - 00000000 ____D C:\ProgramData\Oracle 2013-11-11 01:07 - 2013-11-11 01:07 - 00000000 ____D C:\Program Files (x86)\Java 2013-11-11 00:08 - 2013-11-11 00:08 - 00000000 ____D C:\ProgramData\IBUpdaterService 2013-11-11 00:08 - 2013-11-11 00:07 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\SpeedTestAnalysis 2013-11-11 00:08 - 2013-11-11 00:07 - 00000000 ____D C:\Program Files (x86)\Speed Test Analysis 2013-11-11 00:08 - 2013-04-27 18:50 - 00000000 ____D C:\Users\SantaClara\AppData\Local\VirtualStore 2013-11-11 00:07 - 2013-11-11 00:07 - 00001272 _____ C:\Users\SantaClara\Desktop\SpeedTestAnalysis.lnk 2013-11-11 00:07 - 2013-11-11 00:07 - 00000635 _____ C:\windows\SysWOW64\InstallUtil.InstallLog 2013-11-11 00:07 - 2013-11-11 00:07 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\iminent 2013-11-11 00:07 - 2013-11-11 00:07 - 00000000 ____D C:\ProgramData\Iminent 2013-11-11 00:07 - 2013-11-11 00:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-11 00:07 - 2013-11-11 00:07 - 00000000 ____D C:\Program Files (x86)\IminentToolbar 2013-11-11 00:07 - 2013-11-11 00:07 - 00000000 ____D C:\Program Files (x86)\Iminent 2013-11-11 00:06 - 2013-11-11 00:06 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\mresreg 2013-11-11 00:06 - 2013-11-11 00:06 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\IN-MEDIAKG 2013-11-11 00:06 - 2013-11-11 00:06 - 00000000 ____D C:\Program Files (x86)\mresreg 2013-11-11 00:06 - 2013-11-11 00:06 - 00000000 ____D C:\Program Files (x86)\HomepageFIX2013 2013-11-09 19:41 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\ELAM 2013-11-09 19:38 - 2013-10-14 00:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-11-09 19:38 - 2012-08-05 22:07 - 00030208 _____ C:\windows\PFRO.log 2013-11-09 19:05 - 2013-02-17 17:21 - 00000000 ____D C:\windows\Minidump 2013-11-09 11:43 - 2013-09-14 20:11 - 00000000 ___RD C:\Users\SantaClara\Dropbox 2013-11-09 11:43 - 2013-09-14 20:05 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\Dropbox 2013-11-09 11:24 - 2013-08-27 22:45 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\.oit 2013-11-09 11:14 - 2013-06-16 16:33 - 00000000 ____D C:\Users\SantaClara\AppData\Local\CrashDumps 2013-11-08 08:16 - 2013-11-08 08:16 - 00001938 _____ C:\Users\SantaClara\Desktop\Memory Cleaner.lnk 2013-11-08 08:16 - 2013-11-08 08:16 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com 2013-11-08 08:16 - 2013-11-08 08:16 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\KoshyJohn.com 2013-11-05 23:58 - 2013-11-13 01:27 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2013-11-05 23:58 - 2013-11-13 01:27 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-11-03 22:51 - 2013-05-14 18:27 - 00000000 ____D C:\Users\SantaClara\Documents\Photomuseum 2013-11-02 17:44 - 2013-10-14 00:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-10-31 23:08 - 2013-07-14 19:22 - 00014199 _____ C:\Users\SantaClara\Documents\pswd.odt 2013-10-31 07:05 - 2013-07-07 22:21 - 00000000 ____D C:\Users\SantaClara\Documents\Verwaltung - eigene 2013-10-30 08:33 - 2013-10-14 00:12 - 00000000 ____D C:\Users\SantaClara\AppData\Local\Thunderbird 2013-10-22 23:03 - 2013-10-22 23:03 - 00001946 _____ C:\Users\Public\Desktop\SW Update.lnk 2013-10-22 23:03 - 2013-01-28 18:25 - 00000000 ____D C:\ProgramData\Samsung 2013-10-21 07:05 - 2013-04-27 18:58 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-182115508-3913688524-3247281400-1001 2013-10-20 14:12 - 2013-10-20 14:10 - 00010307 _____ C:\Users\SantaClara\Documents\Kontakte ausland.odt 2013-10-20 13:16 - 2013-07-07 10:16 - 00000000 ____D C:\Users\SantaClara\Documents\Beruf - Recht - BWL 2013-10-18 22:00 - 2013-05-17 19:01 - 00000000 ____D C:\Users\SantaClara\Documents\yo 2013-10-14 00:12 - 2013-10-14 00:12 - 00002086 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk 2013-10-14 00:12 - 2013-10-14 00:12 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\Thunderbird 2013-10-14 00:12 - 2013-05-22 19:47 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\Mozilla 2013-10-14 00:11 - 2013-10-14 00:11 - 00000000 ____D C:\ProgramData\Mozilla Files to move or delete: ==================== C:\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll C:\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll C:\ProgramData\MakeMarkerFile.exe C:\Users\EasySurvey\EasySurvey.exe Some content of TEMP: ==================== C:\Users\SantaClara\AppData\Local\Temp\BundleSweetIMSetup.exe C:\Users\SantaClara\AppData\Local\Temp\Delta.exe C:\Users\SantaClara\AppData\Local\Temp\DeltaTB.exe C:\Users\SantaClara\AppData\Local\Temp\IminentSetup-1-.exe C:\Users\SantaClara\AppData\Local\Temp\MybabylonTB.exe C:\Users\SantaClara\AppData\Local\Temp\propsys.dll C:\Users\SantaClara\AppData\Local\Temp\SpeedTestSetup.exe C:\Users\SantaClara\AppData\Local\Temp\WSSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-08 07:36 ==================== End Of Log ============================ Additional Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-11-2013 01 Ran by SantaClara at 2013-11-13 21:30:29 Running from C:\Users\SantaClara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8JW3PF89 Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== Adobe Photoshop Elements 11 (x32 Version: 11.0) Adobe Reader X (10.1.3) MUI (x32 Version: 10.1.3) AllSharePlayLink (x32 Version: 1.0.0) Anleitung für Epson Connect (x32) Bitcasa version 0.9.20.4135 (Version: 0.9.20.4135) CyberLink Power2Go 8 (x32 Version: 8.0.0.1912) CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02) D3DX10 (x32 Version: 15.4.2368.0902) Dropbox (HKCU Version: 2.0.26) Easy File Share (x32 Version: 1.3.6) EbOoKBrowsoe (x32 Version: ) Elements 11 Organizer (x32 Version: 11.0) E-POP (x32 Version: 1.0.1) Epson Benutzerhandbuch WF-3520 Series (x32) Epson Event Manager (x32 Version: 3.01.0005) Epson FAX Utility (x32 Version: 1.30.00) Epson Netzwerkhandbuch WF-3520 Series (x32) Epson PC-FAX Driver (x32) EPSON Scan (x32) EPSON WF-3520 Series Printer Uninstall EpsonNet Print (x32 Version: 2.6.0) ETDWare X64 11.7.5.5_WHQL (Version: 11.7.5.5) Fotogalerie (x32 Version: 16.4.3503.0728) Galerie de photos (x32 Version: 16.4.3503.0728) Help Desk (Version: 1.0.9) HomepageFIX 2013 (x32 Version: Aktuelle Version) iMesh (HKCU Version: 12.5.0.134165) Iminent (x32 Version: 6.44.21.0) Iminent Toolbar on IE and Chrome (x32 Version: 1.8.26.8) Intel AppUp(SM) center (x32 Version: 3.6.1.33070.11) Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36702) Intel(R) Management Engine Components (x32 Version: 8.1.0.1252) Intel(R) Processor Graphics (x32 Version: 9.17.10.2963) Intel(R) Rapid Storage Technology (x32 Version: 11.5.2.1001) Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149) Intel® Trusted Connect Service Client (Version: 1.24.388.1) Java 7 Update 45 (x32 Version: 7.0.450) Java Auto Updater (x32 Version: 2.1.9.8) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office (x32 Version: 14.0.6120.5004) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Movie Maker (x32 Version: 16.4.3503.0728) Mozilla Maintenance Service (x32 Version: 24.1.0) Mozilla Thunderbird 24.1.0 (x86 de) (x32 Version: 24.1.0) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT110 (x32 Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1108.0727) Music Toolbar for Internet Explorer (Dist. by iMesh, Inc.) (x32 Version: 1.6.2.0) Norton Internet Security (x32 Version: 20.4.0.40) Norton Online Backup (x32 Version: 2.2.3.51) Norton Online Backup ARA (x32 Version: 4.1.0.14) Nvu 1.0 (x32 Version: 1.0) OpenOffice.org 3.4.1 (x32 Version: 3.41.9593) PDF24 Creator 5.6.0 (x32) Photo Common (x32 Version: 16.4.3503.0728) Photo Gallery (x32 Version: 16.4.3503.0728) Plants vs. Zombies (x32) Presto! PageManager 9.03 SE (x32 Version: 9.03.06) PSE11 STI Installer (x32 Version: 11.0) Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.214) Qualcomm Atheros Client Installation Program (x32 Version: 10.0) Raccolta foto (x32 Version: 16.4.3503.0728) Realtek Ethernet Controller Driver (x32 Version: 8.4.907.2012) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6818) Recovery (x32 Version: 6.0.9.6) S Agent (Version: 1.1.45) Settings (x32 Version: 2.0.1) Speed Test Analysis (x32 Version: 1.0.0.5) Support Center (Version: 2.1.100) Support Center FAQ (x32 Version: 1.0.9) SW Update (x32 Version: 2.1.21) User Guide (x32 Version: 1.2.00) Winamp (x32 Version: 5.64 ) Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1) Windows Live (x32 Version: 16.4.3503.0728) Windows Live Communications Platform (x32 Version: 16.4.3503.0728) Windows Live Essentials (x32 Version: 16.4.3503.0728) Windows Live Installer (x32 Version: 16.4.3503.0728) Windows Live Photo Common (x32 Version: 16.4.3503.0728) Windows Live PIMT Platform (x32 Version: 16.4.3503.0728) Windows Live SOXE (x32 Version: 16.4.3503.0728) Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728) Windows Live UX Platform (x32 Version: 16.4.3503.0728) Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728) ==================== Restore Points ========================= 29-10-2013 06:01:11 Geplanter Prüfpunkt 06-11-2013 02:44:06 Geplanter Prüfpunkt 10-11-2013 12:47:10 Windows Update ==================== Hosts content: ========================== 2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0168A4EE-AC81-4967-AAED-CD003A4C6947} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation) Task: {2CADA547-8CFA-4245-B58A-00D272DB12D2} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.) Task: {62FB137C-D70D-49A6-92A8-B7B89BFE0326} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation) Task: {877A8539-1C1D-46E7-BDBD-81A53099C9CC} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation) Task: {A3DF6F31-43C0-40BC-8842-C0E077EE20F3} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-03-12] (SEC) Task: {BC0B6D51-68C9-421B-AC14-85B6740BBE1D} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation) Task: {C4F4FFEC-BFAC-4211-9548-EBE463A7FF4B} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-11-30] (Samsung Electronics CO., LTD.) Task: {D1AB0C06-FECF-45C8-B2B7-313104E19475} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation) Task: {F7AD3C9F-972C-4709-98DD-F4CF63BED337} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wscstub.exe [2013-06-04] (Symantec Corporation) Task: {FE78C4F4-BA55-4FB6-BA74-F0ABA4D1ED45} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation) ==================== Loaded Modules (whitelisted) ============= 2013-11-11 01:25 - 2013-10-10 12:55 - 00659008 _____ () C:\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll 2013-01-03 01:50 - 2012-11-01 06:43 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll 2012-10-31 12:57 - 2012-10-31 12:57 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll 2012-10-31 12:52 - 2012-10-31 12:52 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll 2012-10-31 12:55 - 2012-10-31 12:55 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2013-10-16 18:15 - 2013-10-16 18:15 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll 2013-09-30 10:32 - 2013-09-30 10:32 - 00333632 _____ () C:\Program Files (x86)\Speed Test Analysis\ButtonSite64.dll 2013-11-11 01:25 - 2013-10-10 12:55 - 00023616 _____ () C:\Program Files (x86)\Music Toolbar\Datamngr\x64\mgrldr.dll 2013-11-11 01:25 - 2013-10-10 12:55 - 00020032 _____ () C:\Program Files (x86)\Music Toolbar\Datamngr\mgrldr.dll 2013-11-11 01:25 - 2013-10-10 12:55 - 00486464 _____ () C:\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll 2012-11-30 08:26 - 2012-11-30 08:26 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll 2012-11-30 08:26 - 2012-11-30 08:26 - 01068664 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll 2012-11-30 08:26 - 2012-11-30 08:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll 2012-11-30 08:26 - 2012-11-30 08:26 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll 2012-11-30 08:26 - 2012-11-30 08:26 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll 2012-11-30 08:26 - 2012-11-30 08:26 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll 2012-11-30 08:26 - 2012-11-30 08:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll 2012-11-30 08:26 - 2012-11-30 08:26 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll 2012-11-30 08:26 - 2012-11-30 08:26 - 00103032 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll 2013-11-11 01:26 - 2013-11-03 23:11 - 03216240 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\avcodec-51.dll 2013-11-11 01:26 - 2013-11-03 23:11 - 00444784 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\avformat-51.dll 2013-11-11 01:26 - 2013-11-03 23:11 - 00030576 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\avutil-49.dll 2013-11-11 01:26 - 2013-11-03 23:11 - 00800624 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\ResourcesLoc.dll 2013-11-11 01:26 - 2013-11-03 23:11 - 01553776 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\nickel.ocx 2013-11-11 01:26 - 2013-11-03 23:11 - 00153456 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\ammp3.dll 2013-06-10 23:06 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll 2013-01-28 18:08 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2011-08-15 12:12 - 2011-08-15 12:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll 2012-06-14 03:57 - 2012-06-14 03:57 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll 2011-08-15 12:12 - 2011-08-15 12:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll 2011-08-15 12:15 - 2011-08-15 12:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll 2011-08-17 08:41 - 2011-08-17 08:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll 2011-08-17 08:48 - 2011-08-17 08:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll 2011-08-17 08:48 - 2011-08-17 08:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll 2011-08-15 11:23 - 2011-08-15 11:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll 2012-06-14 03:56 - 2012-06-14 03:56 - 00481792 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll 2012-06-14 04:06 - 2012-06-14 04:06 - 00500064 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll 2012-06-14 03:55 - 2012-06-14 03:55 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll 2011-07-19 08:05 - 2011-07-19 08:05 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll 2011-08-15 12:17 - 2011-08-15 12:17 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll 2011-07-19 08:04 - 2011-07-19 08:04 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll 2013-05-25 13:31 - 2013-05-25 14:16 - 00112128 _____ () C:\ProgramData\EbOoKBrowsoe\51a0b992c832f.dll 2013-06-10 23:06 - 2012-05-30 07:51 - 00699280 ____R () C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/13/2013 09:24:19 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" in Zeile C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Komponente 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Error: (11/13/2013 08:44:57 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537, Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: ccSet.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x519abdb0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x659ab88e ID des fehlerhaften Prozesses: 0x16a8 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5 Error: (11/13/2013 00:25:55 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537, Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e Ausnahmecode: 0xc0000374 Fehleroffset: 0x000daa3c ID des fehlerhaften Prozesses: 0x2c5c Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5 Error: (11/13/2013 00:25:43 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537, Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e Ausnahmecode: 0xc0000374 Fehleroffset: 0x000daa3c ID des fehlerhaften Prozesses: 0x1750 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5 Error: (11/12/2013 11:40:47 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537, Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e Ausnahmecode: 0xc0000374 Fehleroffset: 0x000daa3c ID des fehlerhaften Prozesses: 0x16f4 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5 Error: (11/12/2013 11:36:20 PM) (Source: Application Hang) (User: ) Description: Programm IEXPLORE.EXE, Version 10.0.9200.16537 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b50 Startzeit: 01cedff78a190f0f Endzeit: 4294967295 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Berichts-ID: d7835319-4bea-11e3-be9d-50b7c3fc4b60 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (11/12/2013 11:35:37 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537, Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e Ausnahmecode: 0xc0000374 Fehleroffset: 0x000daa3c ID des fehlerhaften Prozesses: 0x1318 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5 Error: (11/12/2013 11:21:28 PM) (Source: Application Hang) (User: ) Description: Programm WWAHost.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1fd4 Startzeit: 01cedff578eb9a10 Endzeit: 4294967295 Anwendungspfad: C:\Windows\System32\WWAHost.exe Berichts-ID: c04c97fb-4be8-11e3-be9d-50b7c3fc4b60 Vollständiger Name des fehlerhaften Pakets: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Windows.Store Error: (11/12/2013 11:21:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Melo) Description: Die App „winstore_cw5n1h2txyewy!Windows.Store“ wurde nicht innerhalb der vorgesehenen Zeit gestartet. Error: (11/11/2013 01:20:59 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537, Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e Ausnahmecode: 0xc0000374 Fehleroffset: 0x000daa3c ID des fehlerhaften Prozesses: 0x2e20 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5 System errors: ============= Error: (11/13/2013 08:45:16 AM) (Source: Microsoft-Windows-Kernel-Power) (User: ) Description: 4 Error: (11/13/2013 01:41:16 AM) (Source: Microsoft-Windows-Kernel-Power) (User: ) Description: 4 Error: (11/11/2013 11:49:19 PM) (Source: Microsoft-Windows-Kernel-Power) (User: ) Description: 4 Error: (11/11/2013 08:41:48 AM) (Source: Microsoft-Windows-Kernel-Power) (User: ) Description: 4 Error: (11/11/2013 02:35:49 AM) (Source: Microsoft-Windows-Kernel-Power) (User: ) Description: 4 Error: (11/11/2013 01:26:08 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Datamngr Coordinator" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (11/11/2013 00:07:11 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "SProtection" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (11/09/2013 06:40:35 PM) (Source: Microsoft-Windows-Kernel-Power) (User: ) Description: 4 Error: (11/09/2013 01:10:20 PM) (Source: Microsoft-Windows-Kernel-Power) (User: ) Description: 4 Error: (11/09/2013 00:28:42 PM) (Source: Microsoft-Windows-Kernel-Power) (User: ) Description: 4 Microsoft Office Sessions: ========================= Error: (11/13/2013 09:24:19 PM) (Source: SideBySide)(User: ) Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Users\SantaClara\Documents\Programme\computerbild_downloader_fuer_pdfcreator .exe Error: (11/13/2013 08:44:57 AM) (Source: Application Error)(User: ) Description: IEXPLORE.EXE10.0.9200.16537512347f7ccSet.dll_unloaded0.0.0.0519abdb0c0000005659ab88e16a801cee03b88eb7b0bC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEccSet.dll7d9e540f-4c37-11e3-be9e-50b7c3fc4b60 Error: (11/13/2013 00:25:55 AM) (Source: Application Error)(User: ) Description: IEXPLORE.EXE10.0.9200.16537512347f7ntdll.dll6.2.9200.16578515fac6ec0000374000daa3c2c5c01cedffe84b4c98dC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\ntdll.dllc69e31f7-4bf1-11e3-be9d-50b7c3fc4b60 Error: (11/13/2013 00:25:43 AM) (Source: Application Error)(User: ) Description: IEXPLORE.EXE10.0.9200.16537512347f7ntdll.dll6.2.9200.16578515fac6ec0000374000daa3c175001cedff6d715dc09C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\ntdll.dllbf770bb0-4bf1-11e3-be9d-50b7c3fc4b60 Error: (11/12/2013 11:40:47 PM) (Source: Application Error)(User: ) Description: IEXPLORE.EXE10.0.9200.16537512347f7ntdll.dll6.2.9200.16578515fac6ec0000374000daa3c16f401cedff78a144a4cC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\ntdll.dll7861103e-4beb-11e3-be9d-50b7c3fc4b60 Error: (11/12/2013 11:36:20 PM) (Source: Application Hang)(User: ) Description: IEXPLORE.EXE10.0.9200.16537b5001cedff78a190f0f4294967295C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEd7835319-4bea-11e3-be9d-50b7c3fc4b60 Error: (11/12/2013 11:35:37 PM) (Source: Application Error)(User: ) Description: IEXPLORE.EXE10.0.9200.16537512347f7ntdll.dll6.2.9200.16578515fac6ec0000374000daa3c131801cedeae8e211f16C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\ntdll.dllc011c8a6-4bea-11e3-be9d-50b7c3fc4b60 Error: (11/12/2013 11:21:28 PM) (Source: Application Hang)(User: ) Description: WWAHost.exe6.2.9200.164201fd401cedff578eb9a104294967295C:\Windows\System32\WWAHost.exec04c97fb-4be8-11e3-be9d-50b7c3fc4b60winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewyWindows.Store Error: (11/12/2013 11:21:18 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Melo) Description: winstore_cw5n1h2txyewy!Windows.Store Error: (11/11/2013 01:20:59 AM) (Source: Application Error)(User: ) Description: IEXPLORE.EXE10.0.9200.16537512347f7ntdll.dll6.2.9200.16578515fac6ec0000374000daa3c2e2001cede73e4dec321C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\ntdll.dll232d7113-4a67-11e3-be9c-50b7c3fc4b60 ==================== Memory info =========================== Percentage of memory in use: 39% Total physical RAM: 3795.53 MB Available physical RAM: 2286.03 MB Total Pagefile: 15571.54 MB Available Pagefile: 13782.73 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:443.17 GB) (Free:385.36 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: B20F2230) Partition: GPT Partition Type ==================== End Of Log ============================ GMER GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-11-13 21:50:49 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000038 TOSHIBA_MQ01ABD050 rev.AX002F 465,76GB Running: gmer_2.1.19163.exe; Driver: C:\Users\SANTAC~1\AppData\Local\Temp\pxloypog.sys ---- User code sections - GMER 2.1 ---- .text C:\windows\Explorer.EXE[2412] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f836d5177a 4 bytes [D5, 36, F8, 07] .text C:\windows\Explorer.EXE[2412] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f836d51782 4 bytes [D5, 36, F8, 07] ---- Threads - GMER 2.1 ---- Thread C:\windows\system32\csrss.exe [600:632] fffff960008ef5e8 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- |
14.11.2013, 06:35 | #2 | |
/// the machine /// TB-Ausbilder | Iminent hat mein Internet verseucht hi,
__________________So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
17.11.2013, 20:56 | #3 |
| Iminent hat mein Internet verseucht @Schrauber: Vielen Dank für die rasche Reaktion.
__________________Jetzt stehen wir in der WG leider plötzlich ohne Internet da, da eine von uns vergaß, dass eine Kündigung in der Welt war. Wenn unser Internet wieder geht, melde ich mich wieder. Entschuldigung. |
18.11.2013, 12:22 | #4 |
/// the machine /// TB-Ausbilder | Iminent hat mein Internet verseucht ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
22.06.2014, 23:12 | #5 |
| Iminent hat mein Internet verseucht Hallo und guten Abend, @Schrauber: und einen ganz besonderen Gruß an Dich, lange, lange hat es gedauert, bis ich wieder am Netz bin. Mein Problem besteht noch immer. Vielleicht hat es sich sogar verschärft. Auch folgende Seiten poppen immer wieder auf: hxxp://dating.singlessalad.com/ hxxp://lovetest.singlessalad.com/ hxxp://speedtest.gateable.com hxxp://www.speedanalysis.net/ Hier nun wieder eine aktuelle FRST.txt: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-06-2014 01 Ran by SantaClara (administrator) on MELO on 22-06-2014 23:29:55 Running from C:\Users\SantaClara\Downloads Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (iMesh Inc) C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe (iMesh Inc) C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe (NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe () C:\Program Files (x86)\Speed Test Analysis\BackgroundHost64.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor) HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-10-31] (Qualcomm Atheros) HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-31] (Atheros Communications) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated) HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872176 2012-10-08] (ELAN Microelectronics Corp.) HKLM\...\Run: [WrtMon.exe] => C:\windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH) HKLM-x32\...\Run: [PMSpeed] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE [116632 2010-07-29] (NewSoft Technology Corporation) HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [Iminent] => C:\Program Files (x86)\Iminent\Iminent.exe [1074736 2013-10-29] (Iminent) HKLM-x32\...\Run: [IminentMessenger] => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe [884784 2013-10-29] (Iminent) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-182115508-3913688524-3247281400-1001\...\Run: [Scan Buttons] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.EXE [214360 2011-01-21] (NewSoft Technology Corporation) HKU\S-1-5-21-182115508-3913688524-3247281400-1001\...\Run: [iMesh] => C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe [31012720 2013-11-04] (iMesh, Inc) IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\jumpflip: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\searchinstaller.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\searchsettings.exe: [Debugger] tasklist.exe IFEO\searchsettings64.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\umbrella.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe IFEO\websteroids.exe: [Debugger] tasklist.exe IFEO\websteroidsservice.exe: [Debugger] tasklist.exe Startup: C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\SantaClara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: 1EldosIconOverlay -> {8E9BA62A-78E0-4671-9FB2-D94091BA7C47} => C:\windows\SYSTEM32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: BitcasaIconOverlay -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc) ShellIconOverlayIdentifiers: BitcasaProgressOverlay -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers-x32: 1EldosIconOverlay -> {8E9BA62A-78E0-4671-9FB2-D94091BA7C47} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM - {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1487&systemid=1&v=a12720-163&apn_uid=4136014975604365&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM-x32 - {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1487&systemid=1&v=a12720-163&apn_uid=4136014975604365&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms} SearchScopes: HKLM-x32 - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=1911A78D-EEBF-40DB-A918-D8BD7E920A5C&ref=toolbox&q={searchTerms} SearchScopes: HKCU - {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL = SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1487&systemid=1&v=a12720-163&apn_uid=4136014975604365&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms} SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=21&locale=de_DE&gct=kwd&qsrc=2869 SearchScopes: HKCU - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=1911A78D-EEBF-40DB-A918-D8BD7E920A5C&ref=toolbox&q={searchTerms} BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO-x32: Music Toolbar (Dist. by iMesh, Inc.) - {0307351f-b2d7-41f2-b44a-8af7d9d90a18} - C:\PROGRA~2\MUSICT~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll No File BHO-x32: iminent Helper Object - {112BA211-334C-4A90-90EC-2AD1CDAB287C} - C:\Program Files (x86)\IminentToolbar\1.8.26.8\bh\iminent.dll (Iminent) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: coontiinueTosoave - {1DCE63B7-6C05-D920-EC87-68F8A715C19E} - C:\ProgramData\coontiinueTosoave\51a0b97656bd7.dll No File BHO-x32: Speed Test Analysis - {310D38FE-EB4C-467C-8781-B7C2AEB7847D} - C:\Program Files (x86)\Speed Test Analysis\ScriptHost.dll (SpeedAnalysis.com) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (SIEN) BHO-x32: EbOoKBrowsoe - {C2AD2A3F-CECC-7692-CE9E-218B032C6887} - C:\ProgramData\EbOoKBrowsoe\51a0b992c832f.dll () BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Iminent Toolbar - {1FAFD711-ABF9-4F6A-8130-5166C7371427} - C:\Program Files (x86)\IminentToolbar\1.8.26.8\iminentTlbr.dll (Iminent) Toolbar: HKLM-x32 - Music Toolbar (Dist. by iMesh, Inc.) - {0307351f-b2d7-41f2-b44a-8af7d9d90a18} - C:\PROGRA~2\MUSICT~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll No File Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: iMeshPlugin - C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll (iMesh) FF HKLM-x32\...\Firefox\Extensions: [speedtestanalysis@SpeedAnalysis.com] - C:\Users\SantaClara\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com FF Extension: Speed Test Analysis - C:\Users\SantaClara\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com [2013-11-11] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF [2014-06-22] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn [2014-06-22] FF HKCU\...\Firefox\Extensions: [speedtestanalysis@SpeedAnalysis.com] - C:\Users\SantaClara\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com FF Extension: Speed Test Analysis - C:\Users\SantaClara\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com [2013-11-11] Chrome: ======= CHR HomePage: hxxp://start.iminent.com/?appId=1911A78D-EEBF-40DB-A918-D8BD7E920A5C CHR RestoreOnStartup: "hxxp://start.iminent.com/?appId=1911A78D-EEBF-40DB-A918-D8BD7E920A5C" CHR Extension: (Iminent) - C:\Users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl [2013-11-11] CHR Extension: (No Name) - C:\Users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb [2013-11-11] CHR Extension: (Iminent Chrome Toolbar) - C:\Users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb [2013-11-11] CHR HKLM-x32\...\Chrome\Extension: [kckgnnipheglejoddfhekdjpbdbinhmb] - C:\Users\SantaClara\AppData\Roaming\SpeedTestAnalysis\SpeedTestAnalysis.crx [2013-09-30] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\Exts\Chrome.crx [2014-06-22] CHR HKLM-x32\...\Chrome\Extension: [pkhojieggfgllhllcegoffdcnmdeojgb] - C:\Program Files (x86)\IminentToolbar\1.8.26.8\iminent.crx [2013-10-06] ==================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171664 2012-11-06] (Adobe Systems Incorporated) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations) R2 DatamngrCoordinator; C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe [3544088 2014-05-20] (iMesh Inc) R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.) [File not signed] R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [90992 2012-10-08] (ELAN Microelectronics Corp.) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376 2014-05-11] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation) S2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe [2886464 2013-10-29] (Iminent) R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== R1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2013-10-12] (Emsisoft GmbH) U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation) R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-06-06] (Symantec Corporation) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-31] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation) R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1503000.00C\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation) S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2013-10-12] (Emsisoft GmbH) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-21] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-21] (Symantec Corporation) R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files (x86)\Music Toolbar\Datamngr\x64\setmgrc1.cfg [36248 2014-05-20] (iMesh Inc) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140620.001\IDSvia64.sys [525016 2014-06-20] (Symantec Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140622.003\ENG64.SYS [126040 2014-06-21] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140622.003\EX64.SYS [2099288 2014-06-21] (Symantec Corporation) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation) R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider) R3 SRTSP; C:\Windows\system32\drivers\NISx64\1503000.00C\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1503000.00C\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\NISx64\1503000.00C\SymELAM.sys [23568 2013-10-30] (Symantec Corporation) R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-22] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1503000.00C\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation) R1 SymNetS; C:\Windows\system32\drivers\NISx64\1503000.00C\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 SBIOSIO; \??\C:\Windows\Temp\SBIOSIO64.SYS [X] S3 TVICPORT; \??\C:\windows\system32\DRIVERS\TVICPORT.SYS [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-22 23:29 - 2014-06-22 23:29 - 02083328 _____ (Farbar) C:\Users\SantaClara\Downloads\FRST64.exe 2014-06-22 23:29 - 2014-06-22 23:29 - 00025146 _____ () C:\Users\SantaClara\Downloads\FRST.txt 2014-06-22 23:27 - 2014-06-22 23:28 - 00000482 _____ () C:\Users\SantaClara\Desktop\defogger_disable.log 2014-06-22 23:27 - 2014-06-22 23:27 - 00000254 _____ () C:\Users\SantaClara\Desktop\defogger_enable.log 2014-06-22 23:25 - 2014-06-22 23:25 - 00050477 _____ () C:\Users\SantaClara\Desktop\Defogger.exe 2014-06-22 19:52 - 2014-06-22 19:52 - 00000000 ____D () C:\Users\SantaClara\Documents\IT 2014-06-22 18:48 - 2014-06-22 18:48 - 00000000 ___RD () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-06-22 12:20 - 2014-06-22 12:20 - 00000000 ____D () C:\ProgramData\22279 2014-06-22 11:55 - 2014-06-22 11:55 - 00000000 ____D () C:\windows\System32\Tasks\Norton Internet Security 2014-06-22 11:52 - 2014-06-22 11:52 - 00177752 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS 2014-06-22 11:52 - 2014-06-22 11:52 - 00008222 _____ () C:\windows\system32\Drivers\SYMEVENT64x86.CAT 2014-06-22 11:52 - 2014-06-22 11:52 - 00002573 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk 2014-06-22 11:52 - 2014-06-22 11:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2014-06-22 11:52 - 2014-06-22 11:52 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security 2014-06-22 11:48 - 2014-06-22 11:48 - 00001259 _____ () C:\Users\SantaClara\Desktop\Norton-Installationsdateien.lnk 2014-06-22 11:34 - 2014-06-22 11:34 - 00000000 ____D () C:\ProgramData\Symantec 2014-06-22 11:19 - 2014-06-22 11:19 - 00000000 ____D () C:\ProgramData\PCSettings 2014-06-22 08:46 - 2014-06-22 23:19 - 00000000 ____D () C:\ProgramData\Datamngr 2014-06-21 16:23 - 2014-06-21 16:23 - 00000000 ____D () C:\Users\SantaClara\Documents\Symantec ==================== One Month Modified Files and Folders ======= 2014-06-22 23:30 - 2014-06-22 23:29 - 00025146 _____ () C:\Users\SantaClara\Downloads\FRST.txt 2014-06-22 23:30 - 2013-11-11 02:49 - 00000000 ____D () C:\FRST 2014-06-22 23:29 - 2014-06-22 23:29 - 02083328 _____ (Farbar) C:\Users\SantaClara\Downloads\FRST64.exe 2014-06-22 23:28 - 2014-06-22 23:27 - 00000482 _____ () C:\Users\SantaClara\Desktop\defogger_disable.log 2014-06-22 23:27 - 2014-06-22 23:27 - 00000254 _____ () C:\Users\SantaClara\Desktop\defogger_enable.log 2014-06-22 23:27 - 2013-11-13 22:22 - 00000000 _____ () C:\Users\SantaClara\defogger_reenable 2014-06-22 23:27 - 2013-04-27 19:48 - 00000000 ____D () C:\Users\SantaClara 2014-06-22 23:25 - 2014-06-22 23:25 - 00050477 _____ () C:\Users\SantaClara\Desktop\Defogger.exe 2014-06-22 23:19 - 2014-06-22 08:46 - 00000000 ____D () C:\ProgramData\Datamngr 2014-06-22 22:20 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru 2014-06-22 19:52 - 2014-06-22 19:52 - 00000000 ____D () C:\Users\SantaClara\Documents\IT 2014-06-22 19:08 - 2013-01-28 18:15 - 01281417 _____ () C:\windows\WindowsUpdate.log 2014-06-22 18:48 - 2014-06-22 18:48 - 00000000 ___RD () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-06-22 13:38 - 2013-07-14 19:50 - 00000000 ____D () C:\Users\SantaClara\Documents\aaTESTER 2014-06-22 13:21 - 2012-07-26 09:59 - 00000000 ____D () C:\windows\CbsTemp 2014-06-22 13:12 - 2013-02-03 04:58 - 00753134 _____ () C:\windows\system32\perfh007.dat 2014-06-22 13:12 - 2013-02-03 04:58 - 00155826 _____ () C:\windows\system32\perfc007.dat 2014-06-22 13:12 - 2012-07-26 09:28 - 01745416 _____ () C:\windows\system32\PerfStringBackup.INI 2014-06-22 13:08 - 2013-01-28 19:22 - 00000000 ____D () C:\ProgramData\WinClon 2014-06-22 13:04 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-06-22 13:03 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\BBI 2014-06-22 13:01 - 2012-07-26 10:12 - 00000000 ___HD () C:\windows\ELAMBKUP 2014-06-22 12:20 - 2014-06-22 12:20 - 00000000 ____D () C:\ProgramData\22279 2014-06-22 11:55 - 2014-06-22 11:55 - 00000000 ____D () C:\windows\System32\Tasks\Norton Internet Security 2014-06-22 11:54 - 2013-01-28 19:20 - 00000000 ____D () C:\ProgramData\Norton 2014-06-22 11:52 - 2014-06-22 11:52 - 00177752 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS 2014-06-22 11:52 - 2014-06-22 11:52 - 00008222 _____ () C:\windows\system32\Drivers\SYMEVENT64x86.CAT 2014-06-22 11:52 - 2014-06-22 11:52 - 00002573 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk 2014-06-22 11:52 - 2014-06-22 11:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2014-06-22 11:52 - 2014-06-22 11:52 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security 2014-06-22 11:52 - 2013-01-28 19:21 - 00003234 _____ () C:\windows\System32\Tasks\Norton WSC Integration 2014-06-22 11:52 - 2013-01-28 19:21 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared 2014-06-22 11:48 - 2014-06-22 11:48 - 00001259 _____ () C:\Users\SantaClara\Desktop\Norton-Installationsdateien.lnk 2014-06-22 11:48 - 2013-11-13 08:55 - 00000000 ____D () C:\Users\Public\Downloads\Norton 2014-06-22 11:34 - 2014-06-22 11:34 - 00000000 ____D () C:\ProgramData\Symantec 2014-06-22 11:31 - 2012-08-05 23:07 - 00215052 _____ () C:\windows\PFRO.log 2014-06-22 11:19 - 2014-06-22 11:19 - 00000000 ____D () C:\ProgramData\PCSettings 2014-06-22 11:10 - 2013-01-28 19:20 - 00000000 ____D () C:\windows\system32\Drivers\NISx64 2014-06-22 10:05 - 2013-08-27 07:13 - 00000000 ____D () C:\windows\system32\MRT 2014-06-22 10:05 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM 2014-06-22 09:39 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent 2014-06-21 16:23 - 2014-06-21 16:23 - 00000000 ____D () C:\Users\SantaClara\Documents\Symantec 2014-06-21 16:13 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\NDF 2014-06-03 11:46 - 2013-11-15 01:23 - 00002385 _____ () C:\windows\setupact.log 2014-06-03 11:46 - 2013-09-14 21:05 - 00000000 ____D () C:\Users\SantaClara\AppData\Roaming\Dropbox 2014-06-01 17:17 - 2013-06-04 06:58 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe Files to move or delete: ==================== C:\ProgramData\MakeMarkerFile.exe C:\Users\EasySurvey\EasySurvey.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-22 09:53 ==================== End Of Log ============================ --- --- --- Und die Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2014 01 Ran by SantaClara at 2014-06-22 23:43:13 Running from C:\Users\SantaClara\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated) Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated) AllSharePlayLink (HKLM-x32\...\{CE1836A8-3F2B-49BD-8395-93DD414068D2}) (Version: 1.0.0 - Samsung Electronics Co., Ltd.) Anleitung für Epson Connect (HKLM-x32\...\Epson Connect Guide) (Version: - ) Bitcasa version 0.9.20.4135 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 0.9.20.4135 - Bitcasa Inc.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.) CyberLink Power2Go 8 (x32 Version: 8.0.0.1912 - CyberLink Corp.) Hidden CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.) CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dropbox (HKCU\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.) Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.6 - Samsung Electronics CO.,LTD.) EbOoKBrowsoe (HKLM-x32\...\{E5B7E1B4-21FC-6765-A3D7-BA0416DC6AF7}) (Version: - EbookBrowse) Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.) Epson Benutzerhandbuch WF-3520 Series (HKLM-x32\...\WF-3520 Series Useg) (Version: - ) Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION) Epson Netzwerkhandbuch WF-3520 Series (HKLM-x32\...\WF-3520 Series Netg) (Version: - ) Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - ) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION) ETDWare X64 11.7.5.5_WHQL (HKLM\...\Elantech) (Version: 11.7.5.5 - ELAN Microelectronic Corp.) Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Help Desk (HKLM\...\{22B32087-797D-4A1B-AFA7-072C87580ADC}) (Version: 1.0.9 - Samsung Electronics CO., LTD.) HomepageFIX 2013 (HKLM-x32\...\HomepageFIX 2013_is1) (Version: Aktuelle Version - IN MEDIA KG) iMesh (HKCU\...\iMesh) (Version: 12.5.0.134165 - iMesh Inc) <==== ATTENTION Iminent (HKLM-x32\...\IMBoosterARP) (Version: 6.44.21.0 - Iminent) <==== ATTENTION Iminent (x32 Version: 6.44.21.0 - Iminent) Hidden <==== ATTENTION Iminent Toolbar on IE and Chrome (HKLM-x32\...\iminent) (Version: 1.8.26.8 - iminent) <==== ATTENTION Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel) Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2963 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.1.0 - Mozilla) Mozilla Thunderbird 24.1.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.1.0 (x86 de)) (Version: 24.1.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden Music Toolbar for Internet Explorer (Dist. by iMesh, Inc.) (HKLM-x32\...\imeshmusicboxtoolbarhaIE) (Version: 1.6.2.0 - APN LLC) <==== ATTENTION Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.3.0.12 - Symantec Corporation) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51 - Symantec Corporation) Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden Nvu 1.0 (HKLM-x32\...\Nvu_is1) (Version: 1.0 - Thorsten Fritz) OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) PDF24 Creator 5.6.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version: - PopCap Games) Presto! PageManager 9.03 SE (HKLM-x32\...\{04AF7536-446D-4F5A-8920-B4E885E4581B}) (Version: 9.03.06 - Newsoft Technology Corporation) PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.214 - Qualcomm Atheros Communications) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.4.907.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6818 - Realtek Semiconductor Corp.) Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.9.6 - Samsung Electronics CO., LTD.) S Agent (Version: 1.1.45 - Samsung Electronics CO., LTD.) Hidden Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.) Speed Test Analysis (HKLM-x32\...\Speed Test Analysis) (Version: 1.0.0.5 - SpeedAnalysis.com) <==== ATTENTION Support Center (HKLM\...\{8EC7C961-2CD2-49DC-8F39-75E9CD20BB19}) (Version: 2.1.100 - Samsung Electronics CO., LTD.) Support Center FAQ (x32 Version: 1.0.9 - Samsung Electronics CO., LTD.) Hidden SW Update (HKLM-x32\...\{DA06101F-FD76-4BF0-88BD-B26A197005E3}) (Version: 2.1.21 - Samsung Electronics CO., LTD.) User Guide (HKLM-x32\...\{087EB114-ACEF-44D3-8C0A-27AE0CC8A8BB}) (Version: 1.2.00 - Samsung Electronics CO., LTD.) Winamp (HKLM-x32\...\Winamp) (Version: 5.64 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 27-04-2014 20:45:46 Geplanter Prüfpunkt 22-06-2014 07:53:39 Windows Update ==================== Hosts content: ========================== 2012-07-26 07:26 - 2013-11-14 08:17 - 00000027 ____N C:\windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {2CADA547-8CFA-4245-B58A-00D272DB12D2} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.) Task: {462A9C50-E71D-498A-A654-45D48150D9F5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-06-01] (Microsoft Corporation) Task: {7378AA20-9E33-41DC-BB41-9EC044D5C630} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {877A8539-1C1D-46E7-BDBD-81A53099C9CC} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation) Task: {9B8853FE-6E29-4028-AD4F-ACE0F19FEE8C} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {A3DF6F31-43C0-40BC-8842-C0E077EE20F3} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-03-12] (SEC) Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {BC0B6D51-68C9-421B-AC14-85B6740BBE1D} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation) Task: {C4F4FFEC-BFAC-4211-9548-EBE463A7FF4B} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-11-30] (Samsung Electronics CO., LTD.) Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {D1AB0C06-FECF-45C8-B2B7-313104E19475} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation) Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {ED90EF92-B208-45CE-BF48-9EC6D81E9DFE} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\WSCStub.exe [2014-05-11] (Symantec Corporation) ==================== Loaded Modules (whitelisted) ============= 2014-06-22 08:46 - 2014-05-20 14:10 - 00664600 _____ () C:\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00082312 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe 2013-01-03 02:50 - 2012-11-01 07:43 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll 2012-10-31 13:57 - 2012-10-31 13:57 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll 2012-10-31 13:52 - 2012-10-31 13:52 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll 2012-10-31 13:55 - 2012-10-31 13:55 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2012-10-31 13:57 - 2012-10-31 13:57 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe 2013-10-16 19:15 - 2013-10-16 19:15 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll 2014-06-22 08:46 - 2014-05-20 14:10 - 00024088 _____ () C:\Program Files (x86)\Music Toolbar\Datamngr\x64\mgrldr.dll 2013-09-30 11:32 - 2013-09-30 11:32 - 00333632 _____ () C:\Program Files (x86)\Speed Test Analysis\ButtonSite64.dll 2013-09-30 11:32 - 2013-09-30 11:32 - 00475456 _____ () C:\Program Files (x86)\Speed Test Analysis\BackgroundHost64.exe 2014-06-22 08:46 - 2014-05-20 14:10 - 00020504 _____ () C:\Program Files (x86)\Music Toolbar\Datamngr\mgrldr.dll 2014-06-22 08:46 - 2014-05-20 14:10 - 00490008 _____ () C:\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll 2013-01-28 19:08 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 01068664 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00103032 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll 2013-05-25 14:31 - 2013-05-25 15:16 - 00112128 _____ () C:\ProgramData\EbOoKBrowsoe\51a0b992c832f.dll 2012-04-04 07:53 - 2012-04-04 07:53 - 00312832 _____ () C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.DEU 2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll 2012-08-10 16:50 - 2012-08-10 16:50 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll 2013-10-14 01:11 - 2013-11-02 18:44 - 03008624 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll 2013-10-14 01:11 - 2013-11-02 18:44 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll 2013-10-14 01:11 - 2013-11-02 18:44 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "Bitcasa" HKLM\...\StartupApproved\Run: => "ETDCtrl" HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run: => "RtHDVCpl" HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher" HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8" HKLM\...\StartupApproved\Run32: => "CLVirtualDrive" HKLM\...\StartupApproved\Run32: => "Intel AppUp(SM) center" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKLM\...\StartupApproved\Run32: => "EEventManager" HKLM\...\StartupApproved\Run32: => "FUFAXRCV" HKLM\...\StartupApproved\Run32: => "FUFAXSTM" HKLM\...\StartupApproved\Run32: => "PMSpeed" HKLM\...\StartupApproved\Run32: => "Iminent" HKLM\...\StartupApproved\Run32: => "IminentMessenger" HKCU\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk" HKCU\...\StartupApproved\StartupFolder: => "Dropbox.lnk" HKCU\...\StartupApproved\Run: => "Scan Buttons" HKCU\...\StartupApproved\Run: => "iMesh" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/22/2014 11:34:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: soffice.bin, Version: 3.4.9593.500, Zeitstempel: 0x5028bfc0 Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.2.9200.16622, Zeitstempel: 0x519e974e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001f035 ID des fehlerhaften Prozesses: 0x12b0 Startzeit der fehlerhaften Anwendung: 0xsoffice.bin0 Pfad der fehlerhaften Anwendung: soffice.bin1 Pfad des fehlerhaften Moduls: soffice.bin2 Berichtskennung: soffice.bin3 Vollständiger Name des fehlerhaften Pakets: soffice.bin4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: soffice.bin5 Error: (06/22/2014 11:21:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Melo) Description: Bei der Aktivierung der App „Microsoft.SkypeApp_kzf8qxf38zg5c!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (06/22/2014 11:06:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Melo) Description: Bei der Aktivierung der App „Microsoft.SkypeApp_kzf8qxf38zg5c!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (06/22/2014 09:00:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Melo) Description: Bei der Aktivierung der App „Microsoft.SkypeApp_kzf8qxf38zg5c!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (06/22/2014 08:45:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Melo) Description: Bei der Aktivierung der App „Microsoft.SkypeApp_kzf8qxf38zg5c!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (06/22/2014 07:30:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Melo) Description: Bei der Aktivierung der App „Microsoft.SkypeApp_kzf8qxf38zg5c!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (06/22/2014 02:25:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537, Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e Ausnahmecode: 0xc0000374 Fehleroffset: 0x000daa3c ID des fehlerhaften Prozesses: 0x2e5c Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5 Error: (06/22/2014 02:24:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537, Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e Ausnahmecode: 0xc0000374 Fehleroffset: 0x000daa3c ID des fehlerhaften Prozesses: 0x1834 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5 Error: (06/22/2014 00:18:19 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm symerr.exe, Version 5.2.0.14 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 890 Startzeit: 01cf8e0157d6d913 Endzeit: 31 Anwendungspfad: C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\symerr.exe Berichts-ID: 8672e8ba-f9f6-11e3-bea5-50b7c3fc4b60 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (06/22/2014 11:57:09 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm IEXPLORE.EXE, Version 10.0.9200.16537 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1500 Startzeit: 01cf8dfe749b4176 Endzeit: 78 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Berichts-ID: 8f06273e-f9f3-11e3-bea5-50b7c3fc4b60 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: System errors: ============= Error: (06/22/2014 11:27:20 PM) (Source: DCOM) (EventID: 10010) (User: Melo) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (06/22/2014 11:21:46 PM) (Source: DCOM) (EventID: 10010) (User: Melo) Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa Error: (06/22/2014 11:06:46 PM) (Source: DCOM) (EventID: 10010) (User: Melo) Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa Error: (06/22/2014 09:13:43 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (06/22/2014 09:00:20 PM) (Source: DCOM) (EventID: 10010) (User: Melo) Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa Error: (06/22/2014 08:45:20 PM) (Source: DCOM) (EventID: 10010) (User: Melo) Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa Error: (06/22/2014 07:30:18 PM) (Source: DCOM) (EventID: 10010) (User: Melo) Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa Error: (06/22/2014 07:27:36 PM) (Source: DCOM) (EventID: 10016) (User: Melo) Description: ComputerstandardLokalAktivierung{682159D9-C321-47CA-B3F1-30E36B2EC8B9}{CDCBCFCA-3CDC-436F-A4E2-0E02075250C2}MeloSantaClaraS-1-5-21-182115508-3913688524-3247281400-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (06/22/2014 07:27:36 PM) (Source: DCOM) (EventID: 10016) (User: Melo) Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}MeloSantaClaraS-1-5-21-182115508-3913688524-3247281400-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (06/22/2014 07:27:20 PM) (Source: DCOM) (EventID: 10016) (User: Melo) Description: ComputerstandardLokalAktivierung{682159D9-C321-47CA-B3F1-30E36B2EC8B9}{CDCBCFCA-3CDC-436F-A4E2-0E02075250C2}MeloSantaClaraS-1-5-21-182115508-3913688524-3247281400-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Microsoft Office Sessions: ========================= Error: (06/22/2014 11:34:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: soffice.bin3.4.9593.5005028bfc0RPCRT4.dll6.2.9200.16622519e974ec00000050001f03512b001cf8e419f216884C:\Program Files (x86)\OpenOffice.org 3\program\soffice.binC:\windows\SYSTEM32\RPCRT4.dllf9e10659-fa54-11e3-bea7-50b7c3fc4b60 Error: (06/22/2014 11:21:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Melo) Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141 Error: (06/22/2014 11:06:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Melo) Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141 Error: (06/22/2014 09:00:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Melo) Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141 Error: (06/22/2014 08:45:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Melo) Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141 Error: (06/22/2014 07:30:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Melo) Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141 Error: (06/22/2014 02:25:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: IEXPLORE.EXE10.0.9200.16537512347f7ntdll.dll6.2.9200.16578515fac6ec0000374000daa3c2e5c01cf8e14e8900eadC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\ntdll.dll3b5c0c6d-fa08-11e3-bea7-50b7c3fc4b60 Error: (06/22/2014 02:24:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: IEXPLORE.EXE10.0.9200.16537512347f7ntdll.dll6.2.9200.16578515fac6ec0000374000daa3c183401cf8e0b96100babC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\ntdll.dll1c321476-fa08-11e3-bea7-50b7c3fc4b60 Error: (06/22/2014 00:18:19 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: symerr.exe5.2.0.1489001cf8e0157d6d91331C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\symerr.exe8672e8ba-f9f6-11e3-bea5-50b7c3fc4b60 Error: (06/22/2014 11:57:09 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: IEXPLORE.EXE10.0.9200.16537150001cf8dfe749b417678C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE8f06273e-f9f3-11e3-bea5-50b7c3fc4b60 CodeIntegrity Errors: =================================== Date: 2013-11-14 07:15:59.716 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 68% Total physical RAM: 3795.53 MB Available physical RAM: 1199.78 MB Total Pagefile: 15571.54 MB Available Pagefile: 12179.44 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:443.17 GB) (Free:384.7 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: B20F2230) Partition: GPT Partition Type. ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-06-23 00:08:45 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000039 TOSHIBA_MQ01ABD050 rev.AX002F 465,76GB Running: Gmer-19357.exe; Driver: C:\Users\SANTAC~1\AppData\Local\Temp\pxloypog.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\windows\System32\win32k.sys!W32pServiceTable fffff96000179a00 7 bytes [40, CA, 81, 01, 00, 4C, F2] .text C:\windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000179a08 7 bytes [01, EA, BF, FF, 00, C7, DA] ---- User code sections - GMER 2.1 ---- .text C:\windows\Explorer.EXE[10476] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fc717d1532 4 bytes [7D, 71, FC, 07] .text C:\windows\Explorer.EXE[10476] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fc717d153a 4 bytes [7D, 71, FC, 07] .text C:\windows\Explorer.EXE[10476] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fc717d165a 4 bytes [7D, 71, FC, 07] ---- Threads - GMER 2.1 ---- Thread C:\windows\system32\csrss.exe [1620:7136] fffff960008fd5e8 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- |
23.06.2014, 18:43 | #6 |
/// the machine /// TB-Ausbilder | Iminent hat mein Internet verseucht Adware & Co. deinstallieren
Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter: Scan mit Combofix
__________________ --> Iminent hat mein Internet verseucht |
25.06.2014, 01:33 | #7 |
| Iminent hat mein Internet verseucht @Schrauber: Vielen Dank vorab fuer Deine schnelle Hilfe. Hier nun die ComboFix.txt: Code:
ATTFilter ComboFix 14-06-24.01 - SantaClara 25.06.2014 2:10.2.2 - x64 Microsoft Windows 8 6.2.9200.0.1252.49.1031.18.3796.2393 [GMT 2:00] ausgeführt von:: c:\users\SantaClara\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} SP: Norton Internet Security *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Java\jre7\bin\jp2ssv.dll c:\programdata\Wincert\WIN32C~1.DLL . ---- Vorheriger Suchlauf ------- . c:\users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobdkjkcffjijahpmjpgipkpdggpmoeo c:\users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobdkjkcffjijahpmjpgipkpdggpmoeo\1\1369487762.png c:\users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobdkjkcffjijahpmjpgipkpdggpmoeo\1\51a0b992c812a6.11322428.js c:\users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobdkjkcffjijahpmjpgipkpdggpmoeo\1\background.html c:\users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobdkjkcffjijahpmjpgipkpdggpmoeo\1\content.js c:\users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobdkjkcffjijahpmjpgipkpdggpmoeo\1\lsdb.js c:\users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobdkjkcffjijahpmjpgipkpdggpmoeo\1\manifest.json c:\users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobdkjkcffjijahpmjpgipkpdggpmoeo\1\popup.html c:\users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobdkjkcffjijahpmjpgipkpdggpmoeo\1\sqlite.js c:\users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlohpbniocddkjfjaoiemefphfnfjpaf c:\users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlohpbniocddkjfjaoiemefphfnfjpaf\1\51a0b976569c82.00861701.js c:\users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlohpbniocddkjfjaoiemefphfnfjpaf\1\background.html c:\users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlohpbniocddkjfjaoiemefphfnfjpaf\1\content.js c:\users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlohpbniocddkjfjaoiemefphfnfjpaf\1\lsdb.js c:\users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlohpbniocddkjfjaoiemefphfnfjpaf\1\manifest.json c:\users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlohpbniocddkjfjaoiemefphfnfjpaf\1\sqlite.js . . ((((((((((((((((((((((( Dateien erstellt von 2014-05-25 bis 2014-06-25 )))))))))))))))))))))))))))))) . . 2014-06-25 00:21 . 2014-06-25 00:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-06-24 22:43 . 2014-06-24 22:43 -------- d-----w- c:\program files (x86)\VS Revo Group 2014-06-22 22:26 . 2014-06-23 05:23 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-06-22 22:25 . 2014-06-22 22:25 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware 2014-06-22 22:25 . 2014-06-22 22:25 -------- d-----w- c:\programdata\Malwarebytes 2014-06-22 22:25 . 2014-05-12 05:26 64216 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-06-22 22:25 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-06-22 22:25 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-06-22 10:20 . 2014-06-22 10:20 -------- d-----w- c:\programdata\22279 2014-06-22 09:59 . 2014-06-22 09:59 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared 2014-06-22 09:52 . 2014-06-22 09:52 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2014-06-22 09:52 . 2014-06-22 09:52 -------- d-----w- c:\program files (x86)\Norton Internet Security 2014-06-22 09:34 . 2014-06-22 09:34 -------- d-----w- c:\programdata\Symantec 2014-06-22 09:19 . 2014-06-22 09:19 -------- d-----w- c:\programdata\PCSettings 2014-06-22 09:10 . 2014-06-22 13:31 -------- d-----w- c:\windows\system32\drivers\NISx64\1503000.00C . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-06-22 06:24 . 2013-04-27 19:47 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin 2014-06-01 15:17 . 2013-06-04 04:58 95414520 ----a-w- c:\windows\system32\MRT.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C2AD2A3F-CECC-7692-CE9E-218B032C6887}] 2013-05-25 13:16 112128 ------w- c:\programdata\EbOoKBrowsoe\51a0b992c832f.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay] @="{8E9BA62A-78E0-4671-9FB2-D94091BA7C47}" [HKEY_CLASSES_ROOT\CLSID\{8E9BA62A-78E0-4671-9FB2-D94091BA7C47}] 2012-08-06 03:41 158224 ----a-w- c:\windows\System32\CbFsMntNtf3.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 130736 ----a-w- c:\users\SantaClara\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 130736 ----a-w- c:\users\SantaClara\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 130736 ----a-w- c:\users\SantaClara\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay] @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}" [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}] 2012-08-06 03:41 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Scan Buttons"="c:\program files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.EXE" [2011-01-21 214360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-08-15 97392] "CLMLServer_For_P2G8"="c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [2012-06-08 111120] "CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-12 491120] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] "Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-07-13 155488] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2012-08-15 2994880] "PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2013-06-10 162856] "PMSpeed"="c:\program files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE" [2010-07-29 116632] "FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-04-03 502912] "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-04-03 863360] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-04-02 1058912] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] . c:\users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\SantaClara\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-5 27370808] OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "PromptOnSecureDesktop"= 0 (0x0) "ConsentPromptBehaviorAdmin"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "EnableCursorSuppression"= 1 (0x1) "ConsentPromptBehaviorUser"= 3 (0x3) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys] @="Driver" . R0 SymELAM;Symantec ELAM Driver;c:\windows\system32\drivers\NISx64\1503000.00C\SymELAM.sys;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\SymELAM.sys [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x] R2 SProtection;SProtection;c:\program files (x86)\Common Files\Umbrella\umbrella.exe;c:\program files (x86)\Common Files\Umbrella\umbrella.exe [x] R2 SWUpdateService;SW Update Service;c:\programdata\Samsung\SW Update Service\SWMAgent.exe;c:\programdata\Samsung\SW Update Service\SWMAgent.exe [x] R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp64.sys;c:\eek\Run\cleanhlp64.sys [x] R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 SBIOSIO;SBIOSIO;c:\windows\Temp\SBIOSIO64.SYS;c:\windows\Temp\SBIOSIO64.SYS [x] S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1503000.00C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1503000.00C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\SYMEFA64.SYS [x] S1 A2DDA;A2 Direct Disk Access Support Driver;c:\eek\RUN\a2ddax64.sys;c:\eek\RUN\a2ddax64.sys [x] S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140606.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [x] S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys;c:\windows\SYSNATIVE\drivers\cbfs3.sys [x] S1 ccSet_NARA;NARA Settings Manager;c:\windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NARAx64\0401000.00E\ccSetx64.sys [x] S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1503000.00C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\ccSetx64.sys [x] S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x] S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140623.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140623.001\IDSvia64.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1503000.00C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1503000.00C\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\SYMNETS.SYS [x] S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x] S2 Easy Launcher;Easy Launcher;c:\program files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe;c:\program files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [x] S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x] S2 ETDService;Elan Service;c:\program files\Elantech\ETDService.exe;c:\program files\Elantech\ETDService.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe [x] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x] S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x] S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x] S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x] S3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 ETD;Samsung PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 RadioHIDMini;Radio HID Mini-driver;c:\windows\System32\drivers\RadioHIDMini.sys;c:\windows\SYSNATIVE\drivers\RadioHIDMini.sys [x] S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x] . . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay] @="{8E9BA62A-78E0-4671-9FB2-D94091BA7C47}" [HKEY_CLASSES_ROOT\CLSID\{8E9BA62A-78E0-4671-9FB2-D94091BA7C47}] 2012-08-06 03:42 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BitcasaIconOverlay] @="{A6975448-A999-49BB-B3E4-7730CF6A82C0}" [HKEY_CLASSES_ROOT\CLSID\{A6975448-A999-49BB-B3E4-7730CF6A82C0}] 2012-12-27 07:58 570880 ----a-w- c:\program files\Bitcasa\ExplorerMenu.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BitcasaProgressOverlay] @="{6FB8D52A-0064-45B2-B687-F596FEAD09C2}" [HKEY_CLASSES_ROOT\CLSID\{6FB8D52A-0064-45B2-B687-F596FEAD09C2}] 2012-12-27 07:58 570880 ----a-w- c:\program files\Bitcasa\ExplorerMenu.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 164016 ----a-w- c:\users\SantaClara\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 164016 ----a-w- c:\users\SantaClara\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 164016 ----a-w- c:\users\SantaClara\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 164016 ----a-w- c:\users\SantaClara\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay] @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}" [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}] 2012-08-06 03:42 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-12-12 13263072] "BtTray"="c:\program files (x86)\Bluetooth Suite\BtTray.exe" [2012-10-31 766080] "BtvStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-10-31 127616] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608] "Bitcasa"="c:\program files\Bitcasa\Bitcasa.exe" [2012-12-27 4365824] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-17 172016] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-17 399856] "Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-17 442352] "WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2008-05-24 26448] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.de/ mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.2.1 192.168.2.1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . BHO-{0307351f-b2d7-41f2-b44a-8af7d9d90a18} - (no file) BHO-{1DCE63B7-6C05-D920-EC87-68F8A715C19E} - c:\programdata\coontiinueTosoave\51a0b97656bd7.dll BHO-{310D38FE-EB4C-467C-8781-B7C2AEB7847D} - (no file) Toolbar-Locked - (no file) Toolbar-{0307351f-b2d7-41f2-b44a-8af7d9d90a18} - (no file) Toolbar-10 - (no file) Toolbar-Locked - (no file) Toolbar-10 - (no file) HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe AddRemove-{246EA909-3E52-03A2-F330-75C407BA3AD4} - c:\progra~3\INSTAL~2\{6585A~1\Setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\diMaster.dll\" /prefetch:1" "ImagePath"="\SystemRoot\system32\drivers\NISx64\1503000.00C\SYMNETS.SYS" "TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12;c:\program files (x86)\Norton Internet Security\Engine64\21.3.0.12" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) @SACL=(02 0000) . Zeit der Fertigstellung: 2014-06-25 02:26:58 ComboFix-quarantined-files.txt 2014-06-25 00:26 . Vor Suchlauf: 11 Verzeichnis(se), 413.740.609.536 Bytes frei Nach Suchlauf: 12 Verzeichnis(se), 413.363.363.840 Bytes frei . - - End Of File - - 2A75DE4C5F97F7F7F5693005FCF23817 |
25.06.2014, 18:22 | #8 |
/// the machine /// TB-Ausbilder | Iminent hat mein Internet verseucht Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
27.06.2014, 21:26 | #9 |
| Iminent hat mein Internet verseucht @Schrauber, ich kann die Malwarebytes Anti-Malware nicht installieren. Es gibt vier bis sechs "runtime error"-Meldungen. Und beim Starten nach der Installation sagt "der Computer", dass das Programm nicht ausgefuehrt werden kann. Was kann ich machen? Vielen Dank & viele Gruesse |
28.06.2014, 18:26 | #10 |
/// the machine /// TB-Ausbilder | Iminent hat mein Internet verseucht lass MBAM weg.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
13.07.2014, 16:08 | #11 |
| Iminent hat mein Internet verseucht @Schrauber, tut mir leid, dass ich mich länger nicht mit dem PC beschäftigen konnte. Ich war auf auswärtigen Terminen ohne diesen PC und dann hat mich die Familie immer noch in Beschlag genommen.... Ich hoffe, Du betreust mich weiterhin... Vielen Dank schon einmal dafuer. AdwCleaner.txt Code:
ATTFilter # AdwCleaner v3.215 - Bericht erstellt am 13/07/2014 um 13:35:35 # Aktualisiert 09/07/2014 von Xplode # Betriebssystem : Windows 8.1 (64 bits) # Benutzername : SantaClara - MELO # Gestartet von : C:\Users\SantaClara\Desktop\adwcleaner_3.215.exe # Option : Suchen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Datei Gefunden : C:\Users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage Ordner Gefunden : C:\Program Files (x86)\IminentToolbar Ordner Gefunden : C:\ProgramData\BitGuard Ordner Gefunden : C:\ProgramData\Browser Manager Ordner Gefunden : C:\ProgramData\BrowserProtect Ordner Gefunden : C:\ProgramData\EbOoKBrowsoe Ordner Gefunden : C:\ProgramData\IBUpdaterService Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EbOoKBrowsoe Ordner Gefunden : C:\ProgramData\StarApp Ordner Gefunden : C:\ProgramData\wincert Ordner Gefunden : C:\Users\SantaClara\AppData\LocalLow\DataMngr Ordner Gefunden : C:\Users\SantaClara\AppData\LocalLow\EbOoKBrowsoe Ordner Gefunden : C:\Users\SantaClara\AppData\Roaming\OpenCandy Ordner Gefunden : C:\Users\SantaClara\AppData\Roaming\SpeedTestAnalysis ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gefunden : HKCU\Software\APN DTX Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1DCE63B7-6C05-D920-EC87-68F8A715C19E} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2AD2A3F-CECC-7692-CE9E-218B032C6887} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1DCE63B7-6C05-D920-EC87-68F8A715C19E} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2AD2A3F-CECC-7692-CE9E-218B032C6887} Schlüssel Gefunden : HKCU\Software\SIEN SA Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : [x64] HKCU\Software\APN DTX Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Schlüssel Gefunden : [x64] HKCU\Software\Softonic Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1DCE63B7-6C05-D920-EC87-68F8A715C19E} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C2AD2A3F-CECC-7692-CE9E-218B032C6887} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iMesh.AudioCD Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Schlüssel Gefunden : HKLM\Software\DataMngr Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1DCE63B7-6C05-D920-EC87-68F8A715C19E} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{310D38FE-EB4C-467C-8781-B7C2AEB7847D} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2AD2A3F-CECC-7692-CE9E-218B032C6887} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [speedtestanalysis@SpeedAnalysis.com] Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedtestanalysis@SpeedAnalysis.com] ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17126 -\\ Google Chrome v [ Datei : C:\Users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\preferences ] Gefunden [Extension] : pkhojieggfgllhllcegoffdcnmdeojgb ************************* AdwCleaner[R0].txt - [9760 octets] - [13/07/2014 13:35:35] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9820 octets] ########## Code:
ATTFilter # AdwCleaner v3.215 - Bericht erstellt am 13/07/2014 um 13:45:37 # Aktualisiert 09/07/2014 von Xplode # Betriebssystem : Windows 8.1 (64 bits) # Benutzername : SantaClara - MELO # Gestartet von : C:\Users\SantaClara\Desktop\adwcleaner_3.215.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\BitGuard Ordner Gelöscht : C:\ProgramData\Browser Manager Ordner Gelöscht : C:\ProgramData\BrowserProtect Ordner Gelöscht : C:\ProgramData\IBUpdaterService Ordner Gelöscht : C:\ProgramData\StarApp Ordner Gelöscht : C:\ProgramData\wincert Ordner Gelöscht : C:\ProgramData\EbOoKBrowsoe Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EbOoKBrowsoe Ordner Gelöscht : C:\Program Files (x86)\IminentToolbar Ordner Gelöscht : C:\Users\SantaClara\AppData\LocalLow\DataMngr Ordner Gelöscht : C:\Users\SantaClara\AppData\LocalLow\EbOoKBrowsoe Ordner Gelöscht : C:\Users\SantaClara\AppData\Roaming\OpenCandy Ordner Gelöscht : C:\Users\SantaClara\AppData\Roaming\SpeedTestAnalysis Datei Gelöscht : C:\Users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [speedtestanalysis@SpeedAnalysis.com] Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedtestanalysis@SpeedAnalysis.com] Schlüssel Gelöscht : HKCU\Software\SIEN SA Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iMesh.AudioCD Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1DCE63B7-6C05-D920-EC87-68F8A715C19E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C2AD2A3F-CECC-7692-CE9E-218B032C6887} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{310D38FE-EB4C-467C-8781-B7C2AEB7847D} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1DCE63B7-6C05-D920-EC87-68F8A715C19E} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2AD2A3F-CECC-7692-CE9E-218B032C6887} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1DCE63B7-6C05-D920-EC87-68F8A715C19E} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2AD2A3F-CECC-7692-CE9E-218B032C6887} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1DCE63B7-6C05-D920-EC87-68F8A715C19E} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2AD2A3F-CECC-7692-CE9E-218B032C6887} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} Schlüssel Gelöscht : HKCU\Software\APN DTX Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKLM\Software\DataMngr Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17126 -\\ Google Chrome v [ Datei : C:\Users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\preferences ] Gelöscht [Extension] : pkhojieggfgllhllcegoffdcnmdeojgb ************************* AdwCleaner[R0].txt - [10104 octets] - [13/07/2014 13:35:35] AdwCleaner[S0].txt - [9493 octets] - [13/07/2014 13:45:37] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9553 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 8.1 x64 Ran by SantaClara on 13.07.2014 at 15:02:58,32 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Failed to delete: [Folder] "C:\ProgramData\boost_interprocess" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 13.07.2014 at 15:13:35,62 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
13.07.2014, 16:16 | #12 |
| Iminent hat mein Internet verseucht So, nun doch herausgefunden, wie das funktioniert. Hier kommen die FRST.txt und die Additional.txt |
14.07.2014, 14:30 | #13 |
/// the machine /// TB-Ausbilder | Iminent hat mein Internet verseucht Hi, Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke. So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
17.07.2014, 01:03 | #14 |
| Iminent hat mein Internet verseucht @Schrauber: Vielen Dank fuer Deine weiteren Schritte. Leider kann ich seit zwei Tagen nicht den ESET Online Scanner downloaden. Es heisst: "Die Seite kann nicht angezeigt werden." - und das völlig unmotiviert. Denn bei anderen Internetseiten gibt es kein Problem. Das passiert in letzter Zeit auch häufiger, dass populäre Internetseiten (z. B. BBC - Homepage) nicht angezeigt werden können, obwohl doch alles ok ist und eben andere Internetseiten völlig problemlos geöffnet werden können. Ist das auch ein Virus oder ähnliches? Sobald mir der Download von ESET gelungen ist, melde ich mich wieder. Beste Gruesse Wenn man vom Teufel spricht..... Hat nun doch noch endlich geklappt mit ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internet# product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=d1d0475d1c2b554c8afe779fccb1d753 # engine=19208 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-07-16 11:31:50 # local_time=2014-07-17 01:31:50 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='Norton Internet Security' # compatibility_mode=3597 16777213 100 100 8155 168150095 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 1815312 30434803 0 0 # scanned=212967 # found=9 # cleaned=0 # scan_time=7168 sh=6C5F221B49AD2693D21EE0528FE6286A410D7517 ft=1 fh=fdf8e68f729f4ef4 vn="Variante von Win32/Adware.MultiPlug.I Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\EbOoKBrowsoe\51a0b992c832f.dll.vir" sh=9B56D5787C88CF939DABA1E9273775A1D33EF25F ft=1 fh=8aacdf233e2d6e39 vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32prop.dll.vir" sh=2FA019C3D1CC2BC1905FBD6765DA3CFBE851DD64 ft=1 fh=f275e610e24fd946 vn="Win64/Toolbar.SearchSuite.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64cert.dll.vir" sh=34ABB88310B01A075382292FDE9F2B6E727E5D66 ft=1 fh=1bef8d0f51d0bf3a vn="Win64/Toolbar.SearchSuite.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64prop.dll.vir" sh=E15DF75E5B81A209E0E453092C9610C3F8DC7073 ft=1 fh=8918dac93ad3a346 vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\Wincert\WIN32C~1.DLL.vir" sh=3B39F64FBC1F16DF8ED2F3D7BC47A2AB228257B8 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobdkjkcffjijahpmjpgipkpdggpmoeo\1\51a0b992c812a6.11322428.js.vir" sh=FF32D82508C6BFDF2DB4BD1EBB2719C39BAB0992 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlohpbniocddkjfjaoiemefphfnfjpaf\1\51a0b976569c82.00861701.js.vir" sh=061835A0FF0C2CCE68BAE010A645292D7C13FB2B ft=1 fh=aab26c3e0cc2e8a4 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\SantaClara\Desktop\winamp564_full_emusic-7plus_de-de.exe" sh=EE072FA3FD3DFFA5C766D8D8F7ADAF25588914AA ft=1 fh=90acba26c47f2848 vn="Variante von Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SantaClara\Documents\Programme\computerbild_downloader_fuer_pdfcreator.exe" Code:
ATTFilter Results of screen317's Security Check version 0.99.85 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 45 Java version out of Date! Adobe Reader 10.1.3 Adobe Reader out of Date! Mozilla Thunderbird (24.6.0) ````````Process Check: objlist.exe by Laurent```````` Symantec Norton Online Backup NOBuClient.exe Symantec Norton Online Backup NOBuAgent.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-07-2014 Ran by SantaClara (administrator) on MELO on 17-07-2014 01:47:42 Running from C:\Users\SantaClara\Desktop Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe (Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe (NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872176 2012-10-08] (ELAN Microelectronics Corp.) HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-10-31] (Qualcomm Atheros) HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-31] (Atheros Communications) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated) HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc) HKLM\...\Run: [WrtMon.exe] => C:\windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation) HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH) HKLM-x32\...\Run: [PMSpeed] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE [116632 2010-07-29] (NewSoft Technology Corporation) HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-182115508-3913688524-3247281400-1001\...\Run: [Scan Buttons] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.EXE [214360 2011-01-21] (NewSoft Technology Corporation) Startup: C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\SantaClara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: 1EldosIconOverlay -> {8E9BA62A-78E0-4671-9FB2-D94091BA7C47} => C:\windows\SYSTEM32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: BitcasaIconOverlay -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc) ShellIconOverlayIdentifiers: BitcasaProgressOverlay -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers-x32: 1EldosIconOverlay -> {8E9BA62A-78E0-4671-9FB2-D94091BA7C47} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ SearchScopes: HKLM - DefaultScope {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM - {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKLM-x32 - {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKCU - {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL = BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation) BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO-x32: No Name - {0307351f-b2d7-41f2-b44a-8af7d9d90a18} - No File BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - No Name - {0307351f-b2d7-41f2-b44a-8af7d9d90a18} - No File Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF [2014-06-22] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn [2014-07-16] Chrome: ======= CHR HomePage: CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\Exts\Chrome.crx [2014-07-15] ==================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171664 2012-11-06] (Adobe Systems Incorporated) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations) R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.) [File not signed] R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe [276376 2014-06-27] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation) R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-06-26] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-06-26] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== R1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2013-10-12] (Emsisoft GmbH) R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [1530160 2014-06-06] (Symantec Corporation) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-31] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation) R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1504000.00D\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation) S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2013-10-12] (Emsisoft GmbH) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-21] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-21] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140715.001\IDSvia64.sys [525016 2014-06-20] (Symantec Corporation) S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-23] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140716.016\ENG64.SYS [126040 2014-06-21] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140716.016\EX64.SYS [2099288 2014-06-21] (Symantec Corporation) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation) R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider) R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1504000.00D\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1504000.00D\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\NISx64\1504000.00D\SymELAM.sys [23568 2013-10-30] (Symantec Corporation) R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-22] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1504000.00D\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1504000.00D\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-06-26] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-16 23:21 - 2014-07-16 23:21 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security 2014-07-16 23:20 - 2014-07-16 23:21 - 02347384 _____ (ESET) C:\Users\SantaClara\Desktop\esetsmartinstaller_deu.exe 2014-07-16 23:03 - 2014-07-16 23:03 - 00854390 _____ () C:\Users\SantaClara\Desktop\SecurityCheck.exe 2014-07-13 16:57 - 2014-07-13 17:00 - 00000000 ____D () C:\aaaTester 2014-07-13 16:50 - 2014-07-13 16:50 - 01110476 _____ () C:\Users\SantaClara\Desktop\7z920.exe 2014-07-13 16:04 - 2014-07-13 16:04 - 00000000 ____D () C:\Users\SantaClara\Desktop\FRST-OlderVersion 2014-07-13 15:13 - 2014-07-13 15:13 - 00000685 _____ () C:\Users\SantaClara\Desktop\JRT.txt 2014-07-13 15:02 - 2014-07-13 15:02 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-07-13 15:00 - 2014-07-13 15:00 - 01016261 _____ (Thisisu) C:\Users\SantaClara\Desktop\JRT.exe 2014-07-13 13:35 - 2014-07-13 13:45 - 00000000 ____D () C:\AdwCleaner 2014-07-13 13:33 - 2014-07-13 13:33 - 01348263 _____ () C:\Users\SantaClara\Desktop\adwcleaner_3.215.exe 2014-07-13 12:12 - 2014-07-13 12:12 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-13 10:43 - 2014-07-13 10:43 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\SantaClara\Desktop\mbam-setup-2.0.2.1012.exe 2014-07-13 09:43 - 2014-07-13 09:43 - 00380416 _____ () C:\Users\SantaClara\Desktop\Gmer-19357.exe 2014-07-13 09:36 - 2014-07-13 16:04 - 02086912 _____ (Farbar) C:\Users\SantaClara\Desktop\FRST64.exe 2014-07-13 09:33 - 2014-07-13 09:33 - 00050477 _____ () C:\Users\SantaClara\Desktop\Defogger.exe 2014-07-13 09:27 - 2014-07-13 09:27 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\SantaClara\Desktop\revosetup95.exe 2014-07-13 08:54 - 2014-07-13 08:54 - 05218570 _____ (Swearware) C:\Users\SantaClara\Desktop\ComboFix.exe 2014-07-12 18:26 - 2014-07-13 08:27 - 00000000 ___RD () C:\Users\SantaClara\Podcasts 2014-07-12 18:23 - 2014-07-12 18:26 - 00000000 ____D () C:\Program Files\Zune 2014-07-12 18:23 - 2014-07-12 18:23 - 00000939 _____ () C:\Users\Public\Desktop\Zune.lnk 2014-07-12 18:23 - 2014-07-12 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune 2014-07-12 17:42 - 2014-07-16 23:18 - 00000000 __RDO () C:\Users\SantaClara\OneDrive 2014-07-10 00:33 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll 2014-07-09 21:27 - 2014-07-09 21:27 - 00000000 ____D () C:\Program Files\Common Files\Atheros 2014-07-09 21:12 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe 2014-07-09 21:12 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe 2014-07-09 21:12 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-07-09 21:12 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2014-07-09 21:12 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2014-07-09 21:12 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll 2014-07-09 21:12 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll 2014-07-09 21:12 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2014-07-09 21:12 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2014-07-09 21:12 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2014-07-09 21:11 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-07-09 21:11 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-07-09 21:11 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-07-09 21:11 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-07-09 21:11 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-07-09 21:11 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-07-09 21:11 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-07-09 21:11 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-07-09 21:11 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-07-09 21:11 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-07-09 21:11 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-07-09 21:11 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-07-09 21:11 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-07-09 21:11 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-07-09 21:11 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-07-09 21:11 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-07-09 21:11 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-07-09 21:11 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-07-09 21:11 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-07-09 21:11 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-07-09 21:11 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-07-09 21:11 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-07-09 21:11 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-07-09 21:11 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-07-09 21:11 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-07-09 21:11 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-07-09 21:11 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-07-09 21:10 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll 2014-07-09 21:10 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll 2014-07-09 21:10 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2014-07-09 21:10 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2014-07-09 21:10 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2014-07-09 21:10 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2014-07-09 21:10 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-07-09 21:10 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2014-07-09 21:10 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2014-07-09 21:10 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-07-09 21:10 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2014-07-09 21:10 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2014-07-09 21:10 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2014-07-09 21:10 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2014-07-09 21:10 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2014-07-09 21:10 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2014-07-09 21:10 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2014-06-27 23:40 - 2014-06-27 23:40 - 01110476 _____ () C:\Users\SantaClara\Desktop\Zip 7z920.exe 2014-06-27 23:40 - 2014-06-27 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-06-27 23:40 - 2014-06-27 23:40 - 00000000 ____D () C:\Program Files (x86)\7-Zip 2014-06-27 22:22 - 2014-06-27 22:22 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\SantaClara\Downloads\mbam-setup-2.0.1.1004.exe 2014-06-27 22:06 - 2013-08-22 08:57 - 00002143 ___RS () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Choice.lnk 2014-06-27 22:02 - 2014-06-27 22:05 - 00000000 ___RD () C:\WINDOWS\BrowserChoice 2014-06-27 21:55 - 2014-07-13 12:12 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-27 20:26 - 2014-05-19 08:31 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe 2014-06-27 20:26 - 2014-05-19 08:21 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe 2014-06-27 20:26 - 2014-05-19 07:23 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe 2014-06-26 07:42 - 2014-06-26 07:42 - 00000000 __SHD () C:\Users\SantaClara\AppData\Local\EmieUserList 2014-06-26 07:42 - 2014-06-26 07:42 - 00000000 __SHD () C:\Users\SantaClara\AppData\Local\EmieSiteList 2014-06-26 07:38 - 2014-06-26 07:38 - 00001450 _____ () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-06-26 07:37 - 2014-06-26 07:37 - 00000020 ___SH () C:\Users\SantaClara\ntuser.ini 2014-06-26 01:25 - 2014-06-26 07:38 - 00000000 ___DC () C:\WINDOWS\Panther 2014-06-26 01:25 - 2014-06-26 01:25 - 00000000 __SHD () C:\Recovery 2014-06-26 01:24 - 2014-06-26 01:24 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe 2014-06-26 01:24 - 2014-06-26 01:24 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe 2014-06-26 01:23 - 2014-06-26 01:23 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2014-06-26 01:23 - 2014-06-26 01:23 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2014-06-26 01:23 - 2014-06-26 01:23 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys 2014-06-26 01:23 - 2014-06-26 01:23 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-06-26 01:23 - 2014-06-26 01:23 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-06-26 01:23 - 2014-06-26 01:23 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe 2014-06-26 01:23 - 2014-06-26 01:23 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe 2014-06-26 01:23 - 2014-06-26 01:23 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe 2014-06-26 01:23 - 2014-06-26 01:23 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-06-26 01:23 - 2014-06-26 01:23 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2014-06-26 01:23 - 2014-06-26 01:23 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll 2014-06-26 01:23 - 2014-06-26 01:23 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-06-26 01:23 - 2014-06-26 01:23 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll 2014-06-26 01:23 - 2014-06-26 01:23 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-06-26 01:23 - 2014-06-26 01:23 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-06-26 01:23 - 2014-06-26 01:23 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-06-26 01:23 - 2014-06-26 01:23 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll 2014-06-26 01:22 - 2014-06-26 01:22 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll 2014-06-26 01:22 - 2014-06-26 01:22 - 03048904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe 2014-06-26 01:22 - 2014-06-26 01:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll 2014-06-26 01:22 - 2014-06-26 01:22 - 02834944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll 2014-06-26 01:22 - 2014-06-26 01:22 - 02518872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-06-26 01:22 - 2014-06-26 01:22 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll 2014-06-26 01:22 - 2014-06-26 01:22 - 01336648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2014-06-26 01:22 - 2014-06-26 01:22 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2014-06-26 01:22 - 2014-06-26 01:22 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2014-06-26 01:22 - 2014-06-26 01:22 - 00055328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys 2014-06-26 01:21 - 2014-06-26 01:21 - 02900992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 02641920 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 02479616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 02373784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2014-06-26 01:21 - 2014-06-26 01:21 - 02331000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 02270208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 02141912 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 02088160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2014-06-26 01:21 - 2014-06-26 01:21 - 02030080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 02013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2014-06-26 01:21 - 2014-06-26 01:21 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 01779800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 01764864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 01679128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2014-06-26 01:21 - 2014-06-26 01:21 - 01542768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 01306624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 01291200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 01112536 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 01095488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2014-06-26 01:21 - 2014-06-26 01:21 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00924160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00836096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL 2014-06-26 01:21 - 2014-06-26 01:21 - 00800256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00669696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00655360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2014-06-26 01:21 - 2014-06-26 01:21 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00518552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00488280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2014-06-26 01:21 - 2014-06-26 01:21 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlangpui.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL 2014-06-26 01:21 - 2014-06-26 01:21 - 00406912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00390488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00387210 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2014-06-26 01:21 - 2014-06-26 01:21 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlangpui.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00379224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2014-06-26 01:21 - 2014-06-26 01:21 - 00376152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2014-06-26 01:21 - 2014-06-26 01:21 - 00360512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00356848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00355832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2014-06-26 01:21 - 2014-06-26 01:21 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL 2014-06-26 01:21 - 2014-06-26 01:21 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pdh.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00197632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00157016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys 2014-06-26 01:21 - 2014-06-26 01:21 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2014-06-26 01:21 - 2014-06-26 01:21 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys 2014-06-26 01:21 - 2014-06-26 01:21 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys 2014-06-26 01:21 - 2014-06-26 01:21 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpnpmgr.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevPropMgr.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00113648 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00111616 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys 2014-06-26 01:21 - 2014-06-26 01:21 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00094016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxproxy.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32tm.exe 2014-06-26 01:21 - 2014-06-26 01:21 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys 2014-06-26 01:21 - 2014-06-26 01:21 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\w32tm.exe 2014-06-26 01:21 - 2014-06-26 01:21 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\l2gpstore.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\l2gpstore.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpipreg.sys 2014-06-26 01:21 - 2014-06-26 01:21 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SetNetworkLocation.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sxproxy.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00033280 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys 2014-06-26 01:21 - 2014-06-26 01:21 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll 2014-06-26 01:19 - 2014-06-26 01:19 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll 2014-06-26 01:19 - 2014-06-26 01:19 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll 2014-06-26 01:19 - 2014-06-26 01:19 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll 2014-06-26 01:19 - 2014-06-26 01:19 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll 2014-06-26 01:18 - 2014-06-26 01:18 - 03360256 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2014-06-26 01:18 - 2014-06-26 01:18 - 02151424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2014-06-26 01:18 - 2014-06-26 01:18 - 01975296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2014-06-26 01:18 - 2014-06-26 01:18 - 01509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2014-06-26 01:18 - 2014-06-26 01:18 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2014-06-26 01:18 - 2014-06-26 01:18 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2014-06-26 01:17 - 2014-06-26 01:17 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2014-06-26 01:17 - 2014-06-26 01:17 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2014-06-26 01:17 - 2014-06-26 01:17 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2014-06-26 01:17 - 2014-06-26 01:17 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2014-06-26 01:17 - 2014-06-26 01:17 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2014-06-26 01:17 - 2014-06-26 01:17 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2014-06-26 01:17 - 2014-06-26 01:17 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2014-06-26 01:17 - 2014-06-26 01:17 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2014-06-26 01:17 - 2014-06-26 01:17 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2014-06-26 01:17 - 2014-06-26 01:17 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2014-06-26 01:17 - 2014-06-26 01:17 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2014-06-26 01:17 - 2014-06-26 01:17 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2014-06-26 01:16 - 2014-06-26 01:16 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2014-06-26 01:16 - 2014-06-26 01:16 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2014-06-26 01:16 - 2014-06-26 01:16 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2014-06-26 01:16 - 2014-06-26 01:16 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2014-06-26 01:16 - 2014-06-26 01:16 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2014-06-26 01:15 - 2014-06-26 01:15 - 21268952 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 18755672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 16872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 07425368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2014-06-26 01:15 - 2014-06-26 01:15 - 07173120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 06645248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 05774848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 05104640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 04269056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 02688000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 02124840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 01527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 01466856 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 01436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe 2014-06-26 01:15 - 2014-06-26 01:15 - 01403856 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 01379064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 01308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 01287168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 01222656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 01200288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 01200128 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2014-06-26 01:15 - 2014-06-26 01:15 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 01029120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 01025024 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00955904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00881616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe 2014-06-26 01:15 - 2014-06-26 01:15 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00765408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2014-06-26 01:15 - 2014-06-26 01:15 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00629760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00609448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00589656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys 2014-06-26 01:15 - 2014-06-26 01:15 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00491744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2014-06-26 01:15 - 2014-06-26 01:15 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00467496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00463256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2014-06-26 01:15 - 2014-06-26 01:15 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00407016 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2014-06-26 01:15 - 2014-06-26 01:15 - 00406504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2014-06-26 01:15 - 2014-06-26 01:15 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00384856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2014-06-26 01:15 - 2014-06-26 01:15 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2014-06-26 01:15 - 2014-06-26 01:15 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2014-06-26 01:15 - 2014-06-26 01:15 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00364640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00360792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys 2014-06-26 01:15 - 2014-06-26 01:15 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00337240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys 2014-06-26 01:15 - 2014-06-26 01:15 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe 2014-06-26 01:15 - 2014-06-26 01:15 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00324888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00310616 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys 2014-06-26 01:15 - 2014-06-26 01:15 - 00307304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00305768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00275800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys 2014-06-26 01:15 - 2014-06-26 01:15 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe 2014-06-26 01:15 - 2014-06-26 01:15 - 00263424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2014-06-26 01:15 - 2014-06-26 01:15 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2014-06-26 01:15 - 2014-06-26 01:15 - 00244880 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2014-06-26 01:15 - 2014-06-26 01:15 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2014-06-26 01:15 - 2014-06-26 01:15 - 00201920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00180056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2014-06-26 01:15 - 2014-06-26 01:15 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00130144 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00125496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00111528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00077312 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys 2014-06-26 01:15 - 2014-06-26 01:15 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tlscsp.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00032600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00028408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe 2014-06-26 01:15 - 2014-06-26 01:15 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll 2014-06-26 01:13 - 2014-06-26 01:13 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff 2014-06-26 01:11 - 2014-06-26 01:11 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer 2014-06-26 01:11 - 2014-06-26 01:11 - 00000000 ____D () C:\Program Files\Reference Assemblies 2014-06-26 01:11 - 2014-06-26 01:11 - 00000000 ____D () C:\Program Files\MSBuild 2014-06-26 01:11 - 2014-06-26 01:11 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies 2014-06-26 01:11 - 2014-06-26 01:11 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2014-06-26 01:11 - 2013-08-03 06:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2014-06-26 01:11 - 2013-08-03 06:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2014-06-26 01:11 - 2013-08-03 06:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2014-06-26 01:11 - 2013-08-03 06:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2014-06-26 01:11 - 2013-08-03 06:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2014-06-26 01:11 - 2013-08-03 06:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Vorlagen 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Startmenü 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Druckumgebung 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Programme 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\ProgramData\Vorlagen 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\ProgramData\Startmenü 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\ProgramData\Dokumente 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Dokumente und Einstellungen 2014-06-26 01:02 - 2014-07-16 23:31 - 01788851 _____ () C:\WINDOWS\WindowsUpdate.log 2014-06-26 01:01 - 2014-06-26 01:01 - 00022960 _____ () C:\WINDOWS\system32\emptyregdb.dat 2014-06-26 00:44 - 2014-06-26 00:44 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-06-26 00:39 - 2014-06-26 00:39 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate 2014-06-26 00:37 - 2014-07-12 18:26 - 00000000 ____D () C:\Users\SantaClara 2014-06-26 00:37 - 2014-06-26 01:02 - 00022863 _____ () C:\WINDOWS\diagwrn.xml 2014-06-26 00:37 - 2014-06-26 01:02 - 00022863 _____ () C:\WINDOWS\diagerr.xml 2014-06-26 00:37 - 2014-06-26 00:38 - 00000000 ___RD () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-06-26 00:37 - 2014-06-26 00:38 - 00000000 ___RD () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Vorlagen 2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Startmenü 2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Netzwerkumgebung 2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Lokale Einstellungen 2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Eigene Dateien 2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Druckumgebung 2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Documents\Eigene Musik 2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Documents\Eigene Bilder 2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\AppData\Local\Verlauf 2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\AppData\Local\Anwendungsdaten 2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Anwendungsdaten 2014-06-26 00:37 - 2014-03-18 12:11 - 00000369 _____ () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2014-06-26 00:37 - 2014-03-18 12:11 - 00000369 _____ () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2014-06-26 00:37 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-06-26 00:37 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-06-26 00:28 - 2014-06-26 00:42 - 00000000 ____D () C:\Program Files\Elantech 2014-06-26 00:28 - 2014-06-26 00:28 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM 2014-06-26 00:28 - 2014-06-26 00:28 - 00000000 ____D () C:\WINDOWS\system32\SRSLabs 2014-06-26 00:28 - 2014-06-26 00:28 - 00000000 ____D () C:\Program Files\Realtek 2014-06-25 23:26 - 2014-06-26 01:02 - 00006549 _____ () C:\WINDOWS\comsetup.log 2014-06-25 21:16 - 2014-06-25 21:16 - 00000000 ____D () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-06-25 02:26 - 2014-06-25 02:26 - 00022290 _____ () C:\Users\SantaClara\Desktop\ComboFix.txt 2014-06-25 01:09 - 2014-07-13 16:08 - 00025775 _____ () C:\Users\SantaClara\Desktop\Addition.txt 2014-06-25 00:54 - 2014-07-17 01:47 - 00018969 _____ () C:\Users\SantaClara\Desktop\FRST.txt 2014-06-25 00:43 - 2014-06-25 00:43 - 00001264 _____ () C:\Users\SantaClara\Desktop\Revo Uninstaller.lnk 2014-06-25 00:43 - 2014-06-25 00:43 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-06-23 00:26 - 2014-06-23 07:23 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-06-23 00:25 - 2014-07-13 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-23 00:25 - 2014-06-23 00:25 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-23 00:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-06-23 00:25 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-06-23 00:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-06-23 00:22 - 2014-06-23 00:22 - 00000000 ____D () C:\Users\SantaClara\Desktop\anti-malware 2014-06-23 00:08 - 2014-07-13 09:49 - 00003077 _____ () C:\Users\SantaClara\Desktop\GMER.txt 2014-06-22 23:27 - 2014-07-13 09:34 - 00000482 _____ () C:\Users\SantaClara\Desktop\defogger_disable.log 2014-06-22 23:27 - 2014-06-22 23:27 - 00000254 _____ () C:\Users\SantaClara\Desktop\defogger_enable.log 2014-06-22 19:52 - 2014-06-22 19:52 - 00000000 ____D () C:\Users\SantaClara\Documents\IT 2014-06-22 12:20 - 2014-06-22 12:20 - 00000000 ____D () C:\ProgramData\22279 2014-06-22 11:52 - 2014-07-16 23:15 - 00002521 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk 2014-06-22 11:52 - 2014-07-16 23:15 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2014-06-22 11:52 - 2014-06-22 11:52 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS 2014-06-22 11:52 - 2014-06-22 11:52 - 00008222 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT 2014-06-22 11:52 - 2014-06-22 11:52 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security 2014-06-22 11:48 - 2014-06-22 11:48 - 00001259 _____ () C:\Users\SantaClara\Desktop\Norton-Installationsdateien.lnk 2014-06-22 11:34 - 2014-06-22 11:34 - 00000000 ____D () C:\ProgramData\Symantec 2014-06-22 11:19 - 2014-06-22 11:19 - 00000000 ____D () C:\ProgramData\PCSettings 2014-06-21 16:23 - 2014-06-21 16:23 - 00000000 ____D () C:\Users\SantaClara\Documents\Symantec ==================== One Month Modified Files and Folders ======= 2014-07-17 01:48 - 2014-06-25 00:54 - 00018969 _____ () C:\Users\SantaClara\Desktop\FRST.txt 2014-07-17 01:47 - 2013-11-11 02:49 - 00000000 ____D () C:\FRST 2014-07-17 01:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-07-16 23:31 - 2014-06-26 01:02 - 01788851 _____ () C:\WINDOWS\WindowsUpdate.log 2014-07-16 23:31 - 2013-04-27 19:58 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-182115508-3913688524-3247281400-1001 2014-07-16 23:21 - 2014-07-16 23:21 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security 2014-07-16 23:21 - 2014-07-16 23:20 - 02347384 _____ (ESET) C:\Users\SantaClara\Desktop\esetsmartinstaller_deu.exe 2014-07-16 23:19 - 2013-01-28 19:22 - 00000000 ____D () C:\ProgramData\WinClon 2014-07-16 23:18 - 2014-07-12 17:42 - 00000000 __RDO () C:\Users\SantaClara\OneDrive 2014-07-16 23:15 - 2014-06-22 11:52 - 00002521 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk 2014-07-16 23:15 - 2014-06-22 11:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2014-07-16 23:15 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-07-16 23:15 - 2013-01-28 19:21 - 00003234 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration 2014-07-16 23:15 - 2013-01-28 19:20 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NISx64 2014-07-16 23:15 - 2012-07-26 10:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP 2014-07-16 23:13 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2014-07-16 23:03 - 2014-07-16 23:03 - 00854390 _____ () C:\Users\SantaClara\Desktop\SecurityCheck.exe 2014-07-16 23:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-07-13 17:00 - 2014-07-13 16:57 - 00000000 ____D () C:\aaaTester 2014-07-13 16:50 - 2014-07-13 16:50 - 01110476 _____ () C:\Users\SantaClara\Desktop\7z920.exe 2014-07-13 16:08 - 2014-06-25 01:09 - 00025775 _____ () C:\Users\SantaClara\Desktop\Addition.txt 2014-07-13 16:04 - 2014-07-13 16:04 - 00000000 ____D () C:\Users\SantaClara\Desktop\FRST-OlderVersion 2014-07-13 16:04 - 2014-07-13 09:36 - 02086912 _____ (Farbar) C:\Users\SantaClara\Desktop\FRST64.exe 2014-07-13 15:13 - 2014-07-13 15:13 - 00000685 _____ () C:\Users\SantaClara\Desktop\JRT.txt 2014-07-13 15:02 - 2014-07-13 15:02 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-07-13 15:00 - 2014-07-13 15:00 - 01016261 _____ (Thisisu) C:\Users\SantaClara\Desktop\JRT.exe 2014-07-13 13:47 - 2014-03-18 03:50 - 00001110 _____ () C:\WINDOWS\PFRO.log 2014-07-13 13:45 - 2014-07-13 13:35 - 00000000 ____D () C:\AdwCleaner 2014-07-13 13:33 - 2014-07-13 13:33 - 01348263 _____ () C:\Users\SantaClara\Desktop\adwcleaner_3.215.exe 2014-07-13 12:13 - 2013-06-16 17:33 - 00000000 ____D () C:\Users\SantaClara\AppData\Local\CrashDumps 2014-07-13 12:12 - 2014-07-13 12:12 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-13 12:12 - 2014-06-27 21:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-13 12:12 - 2014-06-23 00:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-13 10:43 - 2014-07-13 10:43 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\SantaClara\Desktop\mbam-setup-2.0.2.1012.exe 2014-07-13 09:49 - 2014-06-23 00:08 - 00003077 _____ () C:\Users\SantaClara\Desktop\GMER.txt 2014-07-13 09:43 - 2014-07-13 09:43 - 00380416 _____ () C:\Users\SantaClara\Desktop\Gmer-19357.exe 2014-07-13 09:34 - 2014-06-22 23:27 - 00000482 _____ () C:\Users\SantaClara\Desktop\defogger_disable.log 2014-07-13 09:33 - 2014-07-13 09:33 - 00050477 _____ () C:\Users\SantaClara\Desktop\Defogger.exe 2014-07-13 09:27 - 2014-07-13 09:27 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\SantaClara\Desktop\revosetup95.exe 2014-07-13 08:54 - 2014-07-13 08:54 - 05218570 _____ (Swearware) C:\Users\SantaClara\Desktop\ComboFix.exe 2014-07-13 08:27 - 2014-07-12 18:26 - 00000000 ___RD () C:\Users\SantaClara\Podcasts 2014-07-12 18:26 - 2014-07-12 18:23 - 00000000 ____D () C:\Program Files\Zune 2014-07-12 18:26 - 2014-06-26 00:37 - 00000000 ____D () C:\Users\SantaClara 2014-07-12 18:23 - 2014-07-12 18:23 - 00000939 _____ () C:\Users\Public\Desktop\Zune.lnk 2014-07-12 18:23 - 2014-07-12 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune 2014-07-12 18:04 - 2014-03-18 12:03 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-07-12 18:04 - 2014-03-18 11:25 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat 2014-07-12 18:04 - 2014-03-18 11:25 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat 2014-07-12 16:05 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-07-10 08:24 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-07-10 08:20 - 2013-10-14 01:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-10 08:20 - 2013-08-22 16:44 - 03365360 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-07-10 00:41 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-07-10 00:41 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-10 00:41 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-10 00:41 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore 2014-07-10 00:41 - 2013-01-28 19:11 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite 2014-07-10 00:36 - 2013-08-27 07:13 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-07-10 00:34 - 2013-06-04 06:58 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-07-10 00:33 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-07-09 21:27 - 2014-07-09 21:27 - 00000000 ____D () C:\Program Files\Common Files\Atheros 2014-07-09 21:27 - 2013-08-22 16:46 - 00288886 _____ () C:\WINDOWS\setupact.log 2014-07-09 21:27 - 2013-08-22 16:46 - 00000262 _____ () C:\WINDOWS\setuperr.log 2014-07-09 21:27 - 2013-07-09 07:29 - 00000000 ____D () C:\Users\SantaClara\Documents\Bluetooth Folder 2014-07-09 21:25 - 2014-03-18 11:40 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-08 02:56 - 2013-05-14 19:27 - 00000000 ____D () C:\Users\SantaClara\Documents\V-Photomuseum 2014-07-08 00:31 - 2013-05-17 20:01 - 00000000 ____D () C:\Users\SantaClara\Documents\yo 2014-07-04 06:59 - 2013-10-14 01:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-06-27 23:40 - 2014-06-27 23:40 - 01110476 _____ () C:\Users\SantaClara\Desktop\Zip 7z920.exe 2014-06-27 23:40 - 2014-06-27 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-06-27 23:40 - 2014-06-27 23:40 - 00000000 ____D () C:\Program Files (x86)\7-Zip 2014-06-27 22:22 - 2014-06-27 22:22 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\SantaClara\Downloads\mbam-setup-2.0.1.1004.exe 2014-06-27 22:17 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-06-27 22:06 - 2013-06-06 20:17 - 00003552 _____ () C:\WINDOWS\System32\Tasks\CreateChoiceProcessTask 2014-06-27 22:05 - 2014-06-27 22:02 - 00000000 ___RD () C:\WINDOWS\BrowserChoice 2014-06-27 22:05 - 2013-04-27 19:49 - 00000000 ____D () C:\Users\SantaClara\AppData\Local\Packages |
17.07.2014, 01:04 | #15 |
| Iminent hat mein Internet verseucht FRST.txt - Teil 2 Code:
ATTFilter 2014-06-27 20:40 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\restore 2014-06-26 22:55 - 2013-08-22 17:38 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-06-26 22:55 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-06-26 07:42 - 2014-06-26 07:42 - 00000000 __SHD () C:\Users\SantaClara\AppData\Local\EmieUserList 2014-06-26 07:42 - 2014-06-26 07:42 - 00000000 __SHD () C:\Users\SantaClara\AppData\Local\EmieSiteList 2014-06-26 07:38 - 2014-06-26 07:38 - 00001450 _____ () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-06-26 07:38 - 2014-06-26 01:25 - 00000000 ___DC () C:\WINDOWS\Panther 2014-06-26 07:37 - 2014-06-26 07:37 - 00000020 ___SH () C:\Users\SantaClara\ntuser.ini 2014-06-26 01:25 - 2014-06-26 01:25 - 00000000 __SHD () C:\Recovery 2014-06-26 01:24 - 2014-06-26 01:24 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe 2014-06-26 01:24 - 2014-06-26 01:24 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe 2014-06-26 01:24 - 2013-08-22 17:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template 2014-06-26 01:23 - 2014-06-26 01:23 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2014-06-26 01:23 - 2014-06-26 01:23 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2014-06-26 01:23 - 2014-06-26 01:23 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys 2014-06-26 01:23 - 2014-06-26 01:23 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-06-26 01:23 - 2014-06-26 01:23 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-06-26 01:23 - 2014-06-26 01:23 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe 2014-06-26 01:23 - 2014-06-26 01:23 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe 2014-06-26 01:23 - 2014-06-26 01:23 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe 2014-06-26 01:23 - 2014-06-26 01:23 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-06-26 01:23 - 2014-06-26 01:23 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2014-06-26 01:23 - 2014-06-26 01:23 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll 2014-06-26 01:23 - 2014-06-26 01:23 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-06-26 01:23 - 2014-06-26 01:23 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll 2014-06-26 01:23 - 2014-06-26 01:23 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-06-26 01:23 - 2014-06-26 01:23 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-06-26 01:23 - 2014-06-26 01:23 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-06-26 01:23 - 2014-06-26 01:23 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll 2014-06-26 01:22 - 2014-06-26 01:22 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll 2014-06-26 01:22 - 2014-06-26 01:22 - 03048904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe 2014-06-26 01:22 - 2014-06-26 01:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll 2014-06-26 01:22 - 2014-06-26 01:22 - 02834944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll 2014-06-26 01:22 - 2014-06-26 01:22 - 02518872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-06-26 01:22 - 2014-06-26 01:22 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll 2014-06-26 01:22 - 2014-06-26 01:22 - 01336648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2014-06-26 01:22 - 2014-06-26 01:22 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2014-06-26 01:22 - 2014-06-26 01:22 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2014-06-26 01:22 - 2014-06-26 01:22 - 00055328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys 2014-06-26 01:21 - 2014-06-26 01:21 - 02900992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 02641920 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 02479616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 02373784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2014-06-26 01:21 - 2014-06-26 01:21 - 02331000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 02270208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 02141912 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 02088160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2014-06-26 01:21 - 2014-06-26 01:21 - 02030080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 02013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2014-06-26 01:21 - 2014-06-26 01:21 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 01779800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 01764864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 01679128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2014-06-26 01:21 - 2014-06-26 01:21 - 01542768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 01306624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 01291200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 01112536 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 01095488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2014-06-26 01:21 - 2014-06-26 01:21 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00924160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00836096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL 2014-06-26 01:21 - 2014-06-26 01:21 - 00800256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00669696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00655360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2014-06-26 01:21 - 2014-06-26 01:21 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00518552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00488280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2014-06-26 01:21 - 2014-06-26 01:21 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlangpui.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL 2014-06-26 01:21 - 2014-06-26 01:21 - 00406912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00390488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00387210 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2014-06-26 01:21 - 2014-06-26 01:21 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlangpui.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00379224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2014-06-26 01:21 - 2014-06-26 01:21 - 00376152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2014-06-26 01:21 - 2014-06-26 01:21 - 00360512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00356848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00355832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2014-06-26 01:21 - 2014-06-26 01:21 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL 2014-06-26 01:21 - 2014-06-26 01:21 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pdh.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00197632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00157016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys 2014-06-26 01:21 - 2014-06-26 01:21 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2014-06-26 01:21 - 2014-06-26 01:21 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys 2014-06-26 01:21 - 2014-06-26 01:21 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys 2014-06-26 01:21 - 2014-06-26 01:21 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpnpmgr.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevPropMgr.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00113648 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00111616 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys 2014-06-26 01:21 - 2014-06-26 01:21 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00094016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxproxy.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32tm.exe 2014-06-26 01:21 - 2014-06-26 01:21 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys 2014-06-26 01:21 - 2014-06-26 01:21 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\w32tm.exe 2014-06-26 01:21 - 2014-06-26 01:21 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\l2gpstore.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\l2gpstore.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpipreg.sys 2014-06-26 01:21 - 2014-06-26 01:21 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SetNetworkLocation.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sxproxy.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00033280 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys 2014-06-26 01:21 - 2014-06-26 01:21 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll 2014-06-26 01:21 - 2014-06-26 01:21 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll 2014-06-26 01:21 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\setup 2014-06-26 01:19 - 2014-06-26 01:19 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll 2014-06-26 01:19 - 2014-06-26 01:19 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll 2014-06-26 01:19 - 2014-06-26 01:19 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll 2014-06-26 01:19 - 2014-06-26 01:19 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll 2014-06-26 01:18 - 2014-06-26 01:18 - 03360256 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2014-06-26 01:18 - 2014-06-26 01:18 - 02151424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2014-06-26 01:18 - 2014-06-26 01:18 - 01975296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2014-06-26 01:18 - 2014-06-26 01:18 - 01509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2014-06-26 01:18 - 2014-06-26 01:18 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2014-06-26 01:18 - 2014-06-26 01:18 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2014-06-26 01:18 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates 2014-06-26 01:17 - 2014-06-26 01:17 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2014-06-26 01:17 - 2014-06-26 01:17 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2014-06-26 01:17 - 2014-06-26 01:17 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2014-06-26 01:17 - 2014-06-26 01:17 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2014-06-26 01:17 - 2014-06-26 01:17 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2014-06-26 01:17 - 2014-06-26 01:17 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2014-06-26 01:17 - 2014-06-26 01:17 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2014-06-26 01:17 - 2014-06-26 01:17 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2014-06-26 01:17 - 2014-06-26 01:17 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2014-06-26 01:17 - 2014-06-26 01:17 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2014-06-26 01:17 - 2014-06-26 01:17 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2014-06-26 01:17 - 2014-06-26 01:17 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2014-06-26 01:16 - 2014-06-26 01:16 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2014-06-26 01:16 - 2014-06-26 01:16 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2014-06-26 01:16 - 2014-06-26 01:16 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2014-06-26 01:16 - 2014-06-26 01:16 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2014-06-26 01:16 - 2014-06-26 01:16 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2014-06-26 01:16 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2014-06-26 01:16 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-06-26 01:16 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-06-26 01:16 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-06-26 01:16 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-06-26 01:15 - 2014-06-26 01:15 - 21268952 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 18755672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 16872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 07425368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2014-06-26 01:15 - 2014-06-26 01:15 - 07173120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 06645248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 05774848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 05104640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 04269056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 02688000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 02124840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 01527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 01466856 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 01436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe 2014-06-26 01:15 - 2014-06-26 01:15 - 01403856 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 01379064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 01308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 01287168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 01222656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 01200288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 01200128 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2014-06-26 01:15 - 2014-06-26 01:15 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 01029120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 01025024 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00955904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00881616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe 2014-06-26 01:15 - 2014-06-26 01:15 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00765408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2014-06-26 01:15 - 2014-06-26 01:15 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00629760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00609448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00589656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys 2014-06-26 01:15 - 2014-06-26 01:15 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00491744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2014-06-26 01:15 - 2014-06-26 01:15 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00467496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00463256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2014-06-26 01:15 - 2014-06-26 01:15 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00407016 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2014-06-26 01:15 - 2014-06-26 01:15 - 00406504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2014-06-26 01:15 - 2014-06-26 01:15 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00384856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2014-06-26 01:15 - 2014-06-26 01:15 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2014-06-26 01:15 - 2014-06-26 01:15 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2014-06-26 01:15 - 2014-06-26 01:15 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00364640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00360792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys 2014-06-26 01:15 - 2014-06-26 01:15 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00337240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys 2014-06-26 01:15 - 2014-06-26 01:15 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe 2014-06-26 01:15 - 2014-06-26 01:15 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00324888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00310616 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys 2014-06-26 01:15 - 2014-06-26 01:15 - 00307304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00305768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00275800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys 2014-06-26 01:15 - 2014-06-26 01:15 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe 2014-06-26 01:15 - 2014-06-26 01:15 - 00263424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2014-06-26 01:15 - 2014-06-26 01:15 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2014-06-26 01:15 - 2014-06-26 01:15 - 00244880 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2014-06-26 01:15 - 2014-06-26 01:15 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2014-06-26 01:15 - 2014-06-26 01:15 - 00201920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00180056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2014-06-26 01:15 - 2014-06-26 01:15 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00130144 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00125496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00111528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00077312 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys 2014-06-26 01:15 - 2014-06-26 01:15 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tlscsp.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00032600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00028408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe 2014-06-26 01:15 - 2014-06-26 01:15 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll 2014-06-26 01:15 - 2014-06-26 01:15 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll 2014-06-26 01:13 - 2014-06-26 01:13 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff 2014-06-26 01:11 - 2014-06-26 01:11 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer 2014-06-26 01:11 - 2014-06-26 01:11 - 00000000 ____D () C:\Program Files\Reference Assemblies 2014-06-26 01:11 - 2014-06-26 01:11 - 00000000 ____D () C:\Program Files\MSBuild 2014-06-26 01:11 - 2014-06-26 01:11 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies 2014-06-26 01:11 - 2014-06-26 01:11 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2014-06-26 01:11 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Vorlagen 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Startmenü 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Druckumgebung 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Programme 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\ProgramData\Vorlagen 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\ProgramData\Startmenü 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\ProgramData\Dokumente 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien 2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Dokumente und Einstellungen 2014-06-26 01:03 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows NT 2014-06-26 01:03 - 2013-08-22 15:36 - 00000000 __RHD () C:\Users\Default 2014-06-26 01:02 - 2014-06-26 00:37 - 00022863 _____ () C:\WINDOWS\diagwrn.xml 2014-06-26 01:02 - 2014-06-26 00:37 - 00022863 _____ () C:\WINDOWS\diagerr.xml 2014-06-26 01:02 - 2014-06-25 23:26 - 00006549 _____ () C:\WINDOWS\comsetup.log 2014-06-26 01:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Registration 2014-06-26 01:01 - 2014-06-26 01:01 - 00022960 _____ () C:\WINDOWS\system32\emptyregdb.dat 2014-06-26 00:54 - 2013-08-22 17:36 - 00000000 __RSD () C:\WINDOWS\Media 2014-06-26 00:53 - 2013-08-22 17:36 - 00000000 __RHD () C:\Users\Public\Libraries 2014-06-26 00:47 - 2013-11-11 02:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-06-26 00:47 - 2013-11-11 01:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomepageFIX2013 2014-06-26 00:47 - 2013-11-08 09:16 - 00000000 ____D () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com 2014-06-26 00:47 - 2013-09-14 21:08 - 00000000 ____D () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-06-26 00:47 - 2013-08-27 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software 2014-06-26 00:47 - 2013-08-27 23:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Presto! PageManager 9.03 Standard 2014-06-26 00:47 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep 2014-06-26 00:47 - 2013-07-07 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 2014-06-26 00:47 - 2013-07-06 10:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp 2014-06-26 00:47 - 2013-07-06 10:10 - 00000000 ____D () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in 2014-06-26 00:47 - 2013-05-25 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\coontiinueTosoave 2014-06-26 00:47 - 2013-05-22 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nvu 2014-06-26 00:47 - 2013-05-01 16:02 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 2014-06-26 00:47 - 2013-02-03 05:13 - 00000000 ____D () C:\WINDOWS\en-GB 2014-06-26 00:47 - 2013-01-28 19:42 - 00000000 ____D () C:\WINDOWS\it 2014-06-26 00:47 - 2013-01-28 19:42 - 00000000 ____D () C:\WINDOWS\de 2014-06-26 00:47 - 2013-01-28 19:41 - 00000000 ____D () C:\WINDOWS\fr 2014-06-26 00:47 - 2013-01-28 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel AppUp(SM) center 2014-06-26 00:47 - 2013-01-28 19:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go 8 2014-06-26 00:47 - 2013-01-28 19:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 10 2014-06-26 00:47 - 2013-01-28 19:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program 2014-06-26 00:47 - 2013-01-28 19:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2014-06-26 00:47 - 2013-01-28 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2014-06-26 00:44 - 2014-06-26 00:44 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-06-26 00:44 - 2014-03-18 11:25 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN 2014-06-26 00:44 - 2014-03-18 11:25 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep 2014-06-26 00:44 - 2014-03-18 11:25 - 00000000 ____D () C:\WINDOWS\system32\WCN 2014-06-26 00:44 - 2013-08-27 23:41 - 00000000 ____D () C:\WINDOWS\SysWOW64\color 2014-06-26 00:44 - 2013-08-22 17:37 - 00004893 _____ () C:\WINDOWS\DtcInstall.log 2014-06-26 00:44 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz 2014-06-26 00:44 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME 2014-06-26 00:44 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns 2014-06-26 00:44 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\spool 2014-06-26 00:44 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\MUI 2014-06-26 00:44 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\IME 2014-06-26 00:44 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI 2014-06-26 00:44 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\oobe 2014-06-26 00:44 - 2012-07-26 07:37 - 00000000 ____D () C:\Users\Default.migrated 2014-06-26 00:42 - 2014-06-26 00:28 - 00000000 ____D () C:\Program Files\Elantech 2014-06-26 00:42 - 2013-08-27 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON 2014-06-26 00:42 - 2013-08-22 17:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker 2014-06-26 00:42 - 2013-08-22 17:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar 2014-06-26 00:42 - 2013-08-22 17:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar 2014-06-26 00:42 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2014-06-26 00:42 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\IME 2014-06-26 00:42 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Help 2014-06-26 00:42 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\System 2014-06-26 00:42 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-06-26 00:42 - 2013-01-28 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitcasa 2014-06-26 00:42 - 2012-08-05 23:11 - 00000000 ____D () C:\ProgramData\PRICache 2014-06-26 00:39 - 2014-06-26 00:39 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate 2014-06-26 00:39 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery 2014-06-26 00:38 - 2014-06-26 00:37 - 00000000 ___RD () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-06-26 00:38 - 2014-06-26 00:37 - 00000000 ___RD () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Vorlagen 2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Startmenü 2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Netzwerkumgebung 2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Lokale Einstellungen 2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Eigene Dateien 2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Druckumgebung 2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Documents\Eigene Musik 2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Documents\Eigene Bilder 2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\AppData\Local\Verlauf 2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\AppData\Local\Anwendungsdaten 2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Anwendungsdaten 2014-06-26 00:28 - 2014-06-26 00:28 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM 2014-06-26 00:28 - 2014-06-26 00:28 - 00000000 ____D () C:\WINDOWS\system32\SRSLabs 2014-06-26 00:28 - 2014-06-26 00:28 - 00000000 ____D () C:\Program Files\Realtek 2014-06-25 23:57 - 2013-01-28 18:15 - 02014946 _____ () C:\WINDOWS\WindowsUpdate (1).log 2014-06-25 23:01 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent 2014-06-25 21:16 - 2014-06-25 21:16 - 00000000 ____D () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-06-25 08:35 - 2013-07-07 16:21 - 00000000 ____D () C:\Users\SantaClara\Documents\Musik 2014-06-25 02:27 - 2013-11-14 08:01 - 00000000 ____D () C:\Qoobox 2014-06-25 02:27 - 2013-01-28 19:34 - 00000000 ____D () C:\Users\EasySurvey 2014-06-25 02:26 - 2014-06-25 02:26 - 00022290 _____ () C:\Users\SantaClara\Desktop\ComboFix.txt 2014-06-25 02:22 - 2012-07-26 07:26 - 00000215 _____ () C:\WINDOWS\system.ini 2014-06-25 01:38 - 2013-11-11 01:07 - 00000898 _____ () C:\WINDOWS\SysWOW64\InstallUtil.InstallLog 2014-06-25 00:43 - 2014-06-25 00:43 - 00001264 _____ () C:\Users\SantaClara\Desktop\Revo Uninstaller.lnk 2014-06-25 00:43 - 2014-06-25 00:43 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-06-23 07:23 - 2014-06-23 00:26 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-06-23 00:25 - 2014-06-23 00:25 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-23 00:22 - 2014-06-23 00:22 - 00000000 ____D () C:\Users\SantaClara\Desktop\anti-malware 2014-06-22 23:27 - 2014-06-22 23:27 - 00000254 _____ () C:\Users\SantaClara\Desktop\defogger_enable.log 2014-06-22 23:27 - 2013-11-13 22:22 - 00000000 _____ () C:\Users\SantaClara\defogger_reenable 2014-06-22 19:52 - 2014-06-22 19:52 - 00000000 ____D () C:\Users\SantaClara\Documents\IT 2014-06-22 13:38 - 2013-07-14 19:50 - 00000000 ____D () C:\Users\SantaClara\Documents\aaTESTER 2014-06-22 12:20 - 2014-06-22 12:20 - 00000000 ____D () C:\ProgramData\22279 2014-06-22 11:54 - 2013-01-28 19:20 - 00000000 ____D () C:\ProgramData\Norton 2014-06-22 11:52 - 2014-06-22 11:52 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS 2014-06-22 11:52 - 2014-06-22 11:52 - 00008222 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT 2014-06-22 11:52 - 2014-06-22 11:52 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security 2014-06-22 11:52 - 2013-01-28 19:21 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared 2014-06-22 11:48 - 2014-06-22 11:48 - 00001259 _____ () C:\Users\SantaClara\Desktop\Norton-Installationsdateien.lnk 2014-06-22 11:48 - 2013-11-13 08:55 - 00000000 ____D () C:\Users\Public\Downloads\Norton 2014-06-22 11:34 - 2014-06-22 11:34 - 00000000 ____D () C:\ProgramData\Symantec 2014-06-22 11:19 - 2014-06-22 11:19 - 00000000 ____D () C:\ProgramData\PCSettings 2014-06-21 16:23 - 2014-06-21 16:23 - 00000000 ____D () C:\Users\SantaClara\Documents\Symantec 2014-06-19 03:39 - 2014-07-09 21:11 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-06-19 02:48 - 2014-07-09 21:11 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-06-19 02:16 - 2014-07-09 21:11 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-06-19 02:09 - 2014-07-09 21:11 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-06-19 01:51 - 2014-07-09 21:11 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-06-19 01:50 - 2014-07-09 21:11 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-06-19 01:48 - 2014-07-09 21:11 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-06-19 01:46 - 2014-07-09 21:11 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-06-19 01:39 - 2014-07-09 21:11 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-06-19 01:33 - 2014-07-09 21:11 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-06-19 01:32 - 2014-07-09 21:11 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-06-19 01:27 - 2014-07-09 21:11 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-06-19 01:12 - 2014-07-09 21:11 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-06-19 00:59 - 2014-07-09 21:11 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-06-19 00:58 - 2014-07-09 21:11 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-06-19 00:58 - 2014-07-09 21:11 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-06-19 00:57 - 2014-07-09 21:11 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-06-19 00:52 - 2014-07-09 21:11 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-06-19 00:51 - 2014-07-09 21:11 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-06-19 00:49 - 2014-07-09 21:11 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-06-19 00:45 - 2014-07-09 21:11 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-06-19 00:35 - 2014-07-09 21:11 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-06-19 00:34 - 2014-07-09 21:11 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-06-19 00:15 - 2014-07-09 21:11 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-06-19 00:13 - 2014-07-09 21:11 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-06-19 00:09 - 2014-07-09 21:11 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-06-19 00:07 - 2014-07-09 21:11 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-06-17 00:26 - 2014-07-09 21:12 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe 2014-06-17 00:24 - 2014-07-09 21:12 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe Files to move or delete: ==================== C:\ProgramData\MakeMarkerFile.exe C:\Users\EasySurvey\EasySurvey.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-16 23:31 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-07-2014 Ran by SantaClara at 2014-07-17 01:51:11 Running from C:\Users\SantaClara\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton Internet Security (Disabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated) Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated) AllSharePlayLink (HKLM-x32\...\{CE1836A8-3F2B-49BD-8395-93DD414068D2}) (Version: 1.0.0 - Samsung Electronics Co., Ltd.) Anleitung für Epson Connect (HKLM-x32\...\Epson Connect Guide) (Version: - ) Bitcasa version 0.9.20.4135 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 0.9.20.4135 - Bitcasa Inc.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.) CyberLink Power2Go 8 (x32 Version: 8.0.0.1912 - CyberLink Corp.) Hidden CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.) CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dropbox (HKCU\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.) Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.6 - Samsung Electronics CO.,LTD.) EbOoKBrowsoe (HKLM-x32\...\{E5B7E1B4-21FC-6765-A3D7-BA0416DC6AF7}) (Version: - EbookBrowse) Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.) Epson Benutzerhandbuch WF-3520 Series (HKLM-x32\...\WF-3520 Series Useg) (Version: - ) Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION) Epson Netzwerkhandbuch WF-3520 Series (HKLM-x32\...\WF-3520 Series Netg) (Version: - ) Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - ) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION) ETDWare X64 11.7.5.5_WHQL (HKLM\...\Elantech) (Version: 11.7.5.5 - ELAN Microelectronic Corp.) Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Help Desk (HKLM\...\{22B32087-797D-4A1B-AFA7-072C87580ADC}) (Version: 1.0.9 - Samsung Electronics CO., LTD.) HomepageFIX 2013 (HKLM-x32\...\HomepageFIX 2013_is1) (Version: Aktuelle Version - IN MEDIA KG) Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel) Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla) Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.4.0.13 - Symantec Corporation) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51 - Symantec Corporation) Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden Nvu 1.0 (HKLM-x32\...\Nvu_is1) (Version: 1.0 - Thorsten Fritz) OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) PDF24 Creator 5.6.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version: - PopCap Games) Presto! PageManager 9.03 SE (HKLM-x32\...\{04AF7536-446D-4F5A-8920-B4E885E4581B}) (Version: 9.03.06 - Newsoft Technology Corporation) PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.214 - Qualcomm Atheros Communications) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.4.907.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6818 - Realtek Semiconductor Corp.) Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.9.6 - Samsung Electronics CO., LTD.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) S Agent (Version: 1.1.45 - Samsung Electronics CO., LTD.) Hidden Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.) Support Center (HKLM\...\{8EC7C961-2CD2-49DC-8F39-75E9CD20BB19}) (Version: 2.1.100 - Samsung Electronics CO., LTD.) Support Center FAQ (x32 Version: 1.0.9 - Samsung Electronics CO., LTD.) Hidden SW Update (HKLM-x32\...\{DA06101F-FD76-4BF0-88BD-B26A197005E3}) (Version: 2.1.21 - Samsung Electronics CO., LTD.) User Guide (HKLM-x32\...\{087EB114-ACEF-44D3-8C0A-27AE0CC8A8BB}) (Version: 1.2.00 - Samsung Electronics CO., LTD.) Winamp (HKLM-x32\...\Winamp) (Version: 5.64 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation) Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 27-06-2014 18:40:15 Windows Update 09-07-2014 19:18:59 Windows Update 12-07-2014 16:22:47 Zune 4.8 installiert ==================== Hosts content: ========================== 2012-07-26 07:26 - 2014-06-25 02:21 - 00000027 ____N C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {0D5DD34B-4481-486D-BB20-BD500336FBEB} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\WSCStub.exe [2014-06-27] (Symantec Corporation) Task: {1DE0CA86-2FC0-42EE-B3E5-675AE49C6571} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {2559CBD2-D54B-411A-84C9-E2A689E2115A} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation) Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {2CADA547-8CFA-4245-B58A-00D272DB12D2} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {566741B8-6187-4636-B5EA-3149881380E0} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {66FD2B28-C412-47EA-B8EA-D1278784B07A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-10] (Microsoft Corporation) Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {7BB1EC61-3140-48A7-9245-3DD56ECC42BA} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {888D153F-E674-4C66-8012-51D3DA0F9B2F} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {8D8626DA-B77D-4C68-889A-882BEB7C0430} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {A3DF6F31-43C0-40BC-8842-C0E077EE20F3} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-03-12] (SEC) Task: {BC0B6D51-68C9-421B-AC14-85B6740BBE1D} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation) Task: {C4F4FFEC-BFAC-4211-9548-EBE463A7FF4B} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-11-30] (Samsung Electronics CO., LTD.) Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D1AB0C06-FECF-45C8-B2B7-313104E19475} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation) Task: {D4F1838F-B2D1-4B45-AEF2-FB800DF0E0ED} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation Task: {D5B56BAE-AD79-4F11-BD22-A42519998BAE} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE ==================== Loaded Modules (whitelisted) ============= 2012-11-30 09:26 - 2012-11-30 09:26 - 00082312 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe 2012-10-31 13:57 - 2012-10-31 13:57 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll 2012-10-31 13:52 - 2012-10-31 13:52 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll 2012-10-31 13:55 - 2012-10-31 13:55 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2012-10-31 13:57 - 2012-10-31 13:57 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe 2013-10-16 19:15 - 2013-10-16 19:15 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll 2012-07-24 05:06 - 2012-07-24 05:06 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe 2012-11-30 09:26 - 2012-11-30 09:26 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 01068664 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00103032 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll 2013-01-28 19:08 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2011-08-15 13:12 - 2011-08-15 13:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll 2012-06-14 04:57 - 2012-06-14 04:57 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll 2011-08-15 13:12 - 2011-08-15 13:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll 2011-08-15 13:15 - 2011-08-15 13:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll 2011-08-17 09:41 - 2011-08-17 09:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll 2011-08-17 09:48 - 2011-08-17 09:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll 2011-08-17 09:48 - 2011-08-17 09:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll 2011-08-15 12:23 - 2011-08-15 12:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll 2012-06-14 04:56 - 2012-06-14 04:56 - 00481792 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll 2012-06-14 05:06 - 2012-06-14 05:06 - 00500064 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll 2012-06-14 04:55 - 2012-06-14 04:55 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll 2011-07-19 09:05 - 2011-07-19 09:05 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll 2011-08-15 13:17 - 2011-08-15 13:17 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll 2011-07-19 09:04 - 2011-07-19 09:04 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\SantaClara\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "Bitcasa" HKLM\...\StartupApproved\Run: => "ETDCtrl" HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run: => "RtHDVCpl" HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher" HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8" HKLM\...\StartupApproved\Run32: => "CLVirtualDrive" HKLM\...\StartupApproved\Run32: => "Intel AppUp(SM) center" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKLM\...\StartupApproved\Run32: => "EEventManager" HKLM\...\StartupApproved\Run32: => "FUFAXRCV" HKLM\...\StartupApproved\Run32: => "FUFAXSTM" HKLM\...\StartupApproved\Run32: => "PMSpeed" HKLM\...\StartupApproved\Run32: => "Iminent" HKLM\...\StartupApproved\Run32: => "IminentMessenger" HKCU\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk" HKCU\...\StartupApproved\StartupFolder: => "Dropbox.lnk" HKCU\...\StartupApproved\Run: => "Scan Buttons" HKCU\...\StartupApproved\Run: => "iMesh" ==================== Faulty Device Manager Devices ============= Name: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS Description: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Qualcomm Atheros Communications Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/17/2014 01:33:16 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (07/16/2014 11:33:00 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (07/16/2014 11:23:56 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (07/16/2014 11:23:56 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (07/16/2014 11:23:47 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (07/16/2014 11:23:47 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (07/16/2014 11:21:07 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (07/16/2014 09:30:54 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17126, Zeitstempel: 0x53882e30 Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.17207, Zeitstempel: 0x53a22b71 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000839e5 ID des fehlerhaften Prozesses: 0x1958 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5 System errors: ============= Error: (07/16/2014 08:30:01 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (07/16/2014 08:08:01 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (07/16/2014 01:32:16 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (07/16/2014 00:25:24 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (07/15/2014 10:09:26 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (07/15/2014 08:22:36 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (07/13/2014 07:55:22 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (07/13/2014 05:21:49 PM) (Source: DCOM) (EventID: 10016) (User: MELO) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}MeloSantaClaraS-1-5-21-182115508-3913688524-3247281400-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (07/13/2014 05:21:49 PM) (Source: DCOM) (EventID: 10016) (User: MELO) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}MeloSantaClaraS-1-5-21-182115508-3913688524-3247281400-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (07/13/2014 05:21:48 PM) (Source: DCOM) (EventID: 10016) (User: MELO) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}MeloSantaClaraS-1-5-21-182115508-3913688524-3247281400-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Microsoft Office Sessions: ========================= Error: (07/17/2014 01:33:16 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (07/16/2014 11:33:00 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (07/16/2014 11:23:56 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SantaClara\Desktop\esetsmartinstaller_deu.exe Error: (07/16/2014 11:23:56 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SantaClara\Desktop\esetsmartinstaller_deu.exe Error: (07/16/2014 11:23:47 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SantaClara\Desktop\esetsmartinstaller_deu.exe Error: (07/16/2014 11:23:47 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SantaClara\Desktop\esetsmartinstaller_deu.exe Error: (07/16/2014 11:21:07 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SantaClara\Desktop\esetsmartinstaller_deu.exe Error: (07/16/2014 09:30:54 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: IEXPLORE.EXE11.0.9600.1712653882e30MSHTML.dll11.0.9600.1720753a22b71c0000005000839e5195801cfa12c6028a925C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\MSHTML.dllb34fe502-0d1f-11e4-beb1-1867b021d017 CodeIntegrity Errors: =================================== Date: 2014-06-25 02:20:50.049 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-06-25 02:20:49.924 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-11-14 07:15:59.716 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 41% Total physical RAM: 3795.54 MB Available physical RAM: 2226.62 MB Total Pagefile: 4435.54 MB Available Pagefile: 2639.78 MB Total Virtual: 131072 MB Available Virtual: 131071.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:442.73 GB) (Free:402.13 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: B20F2230) Partition: GPT Partition Type. ==================== End Of Log ============================ |
Themen zu Iminent hat mein Internet verseucht |
administrator, adobe, cpu, downloader, emsisoft, error, explorer, farbar, farbar recovery scan tool, fehler, google, installation, internet, mozilla, nicht möglich, ntdll.dll, object, pdf, plug-in, programm, realtek, registry, richtlinie, security, services.exe, software, svchost.exe, symantec, system, windows, windowsapps, winlogon.exe, wlan |