Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Coin-miner zieht alle ressourcen! Processor 100% (https://www.trojaner-board.de/136651-coin-miner-zieht-alle-ressourcen-processor-100-a.html)

mamic 15.06.2013 14:29
Coin-miner zieht alle ressourcen! Processor 100%
 
Hallo, ich fürchte ich habe mir einen Virus eingefangen. Seit einer Stunde läuft mein Prozessor mit 100% - der Task Manager zeigt dass ein Programm "Coin-miner (32-bit)" die ganze Last verursacht.
Ich bitte um Hilfe, hoffe ich hab das mit den log files richtig gemacht.
Gruss
mamic

HTML-Code:
OTL Extras logfile created on: 15.06.2013 14:43:15 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = G:\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16599)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 5,75 Gb Available Physical Memory | 72,69% Memory free
9,10 Gb Paging File | 6,93 Gb Available in Paging File | 76,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,43 Gb Total Space | 20,50 Gb Free Space | 27,54% Space Free | Partition Type: NTFS
Drive E: | 379,63 Gb Total Space | 11,30 Gb Free Space | 2,98% Space Free | Partition Type: NTFS
Drive G: | 75,19 Gb Total Space | 16,79 Gb Free Space | 22,32% Space Free | Partition Type: NTFS
Drive H: | 9,77 Gb Total Space | 0,80 Gb Free Space | 8,17% Space Free | Partition Type: NTFS
 
Computer Name: YPS | User Name: Santa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AA2EAD-5274-4D92-9EDD-D49C8061DE85}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0A53D4A1-9579-4BC2-B94A-A70C9A0E055A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{19FBCE80-5F45-4E38-A25A-7E4FCBC90F1A}" = lport=138 | protocol=17 | dir=in | app=system |
"{244C4895-4C76-475A-8613-6FFEC6114CCE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{34544656-2DAE-49C1-BAC3-54D53767C889}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3A426161-B67B-4454-B706-29AE10C1B108}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4560CD55-5749-404E-A939-5EBC735E61C4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{52DB5E37-0527-4BB7-A20C-7C7CC57B9A0A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5A9ECE9F-4BF2-42D0-9D9A-B9D4F80D60C4}" = rport=139 | protocol=6 | dir=out | app=system |
"{782D33FC-6480-4395-8780-8ADA2333039B}" = lport=445 | protocol=6 | dir=in | app=system |
"{7A8B0523-3C55-4896-A3C8-C0FBF339F5DB}" = lport=139 | protocol=6 | dir=in | app=system |
"{7E6793FA-A50C-4EF9-BB7E-4E1F38E284AB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{85F92CF4-C2D8-47DB-9EF0-71E7CD5FA6E5}" = rport=138 | protocol=17 | dir=out | app=system |
"{9F208396-A77A-44E3-9C6B-1F0BB54FF12A}" = lport=137 | protocol=17 | dir=in | app=system |
"{A0388511-25AA-4D35-9F80-F78ABC20CE71}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AC00F4B2-03A0-4162-B5E9-1359D94AECD7}" = rport=445 | protocol=6 | dir=out | app=system |
"{B1E4266C-F3A2-4A76-BE67-7E2D01642C09}" = rport=137 | protocol=17 | dir=out | app=system |
"{BF853237-B7F5-4A2C-B93D-7F4303032217}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C2EE18AE-FC12-4122-BDC8-177E36D27502}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D6A2F78B-C065-48AE-8912-1DFD00F0A5C9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E72414E9-7784-4A30-B89F-05F5C33783BB}" = rport=10243 | protocol=6 | dir=out | app=system |
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027DB729-8992-4FE4-9DD8-58A7AC6BE651}" = dir=in | name=hp printer control |
"{0C05591A-9238-4A1D-AED6-9A1AFBB11496}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{0CF432F0-4FFE-4F0B-B651-E3465D500302}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0D9D7EF4-DB63-4175-8FF6-D2616FEB69DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{12A6FBCF-1CCD-48FE-9C56-019F98C1FAA0}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{14777555-956F-47D7-993A-D472AF732C33}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{1EB804B3-94AD-47AF-9CB0-3764F1ABA454}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{20859E39-FAE7-4EB7-98AC-89F754271DD8}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{21DF9161-2A80-4156-A1EB-2A58D562BE36}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2236FC6B-DC1B-4981-9A96-525EA9CEE2A7}" = dir=out | name=markpad |
"{22971F3B-30F1-4838-8AC7-924A0FDA7B24}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{28BD4296-755B-412D-BAD9-1DC7904E9B2B}" = protocol=6 | dir=in | app=c:\users\santa\appdata\roaming\dropbox\bin\dropbox.exe |
"{2BC61803-8966-4177-ADC2-9F35D6EB708D}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{3538CDF3-BDFF-42CB-AF64-E67605FEAAB1}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{3A49E9EB-7A1D-42CF-A343-20D7AF2BED14}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{469D8B87-0048-4685-B3A8-303ADE675E51}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{4970466E-478E-4B4B-85B5-5B9869855E68}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{4BB6A9DB-485B-4DAA-B0EB-17269824B4A4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4C7F2F77-C433-4E3E-8EFB-887820E110E3}" = dir=out | name=microsoft mahjong |
"{4C8F411F-8215-46E9-86A7-89059315C2E2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4E70F3BA-40A1-4E8E-8772-3CFFCF96055C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4F024861-4F05-4982-BE65-1207B7809425}" = dir=out | name=zattoo live tv |
"{515BF6C9-03CD-41E6-A5CF-097384F10FE7}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{5187ACB3-FF8A-4F15-A69F-CDE17E6571E2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{546A0FEA-EC1D-4819-B3D5-D03A52577106}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{58C20550-7352-46F3-95C2-A49536858BEE}" = protocol=6 | dir=out | app=system |
"{5C307656-20D2-40C2-AD79-4A4A156DCFE0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{61353486-E23E-48B7-9299-F2C382431FFA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{62E92688-C722-49D4-9F83-543CBC6C2E6F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68746105-F548-4015-994E-19B030550E14}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{68DE01C1-BC82-488A-88C7-85A9C56BF944}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{712E3597-2DE4-4FFC-909A-27301688F5C4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{71E9C46B-8A1F-4A02-9EE7-6953B2EB06DF}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{77989DFD-C88A-468A-BB31-2DC0DF9A3C2C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{791D45AE-0DCC-4087-840E-5760D900E96D}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{7F279CB9-8C3B-4A34-90DA-1ABB175A6EED}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{80089ADB-FE50-428D-9C83-5718E7C56EB8}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{8C0B3F93-04A7-4922-9390-028664EF281F}" = dir=out | name=hp printer control |
"{8D2B8401-5AA2-4DC6-B1FD-950FA6CD51F8}" = dir=out | name=wortsuche |
"{904BE012-DA54-43C3-A0A2-9599278432CA}" = dir=in | name=qool |
"{921A3E3E-C41C-4F81-B016-955468619A84}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{923C623D-633C-4DF3-91CA-16C15DED16E2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{92B500F6-C137-4544-BD52-D90D2EF9B44A}" = dir=out | name=google search |
"{94C0ED25-AD1F-4955-BCD3-2D1577EAD9FA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{97B41FB1-87FA-4AB6-BEC4-9E9EF314BA7B}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{9AF7E8C5-E9BF-4768-90BC-1DC3E7087153}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{9B6CEEBC-48EE-41D3-B2D5-BC81BE29155A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9C2DD098-75D2-4308-B95A-1B27C0EAE1CF}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{A31FE256-F40C-4ACA-8CE4-02B48A42C51A}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{A47A4837-7445-4066-B16A-4CBCAF74C088}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{AA71A175-43CE-40CE-BE0C-CCDDAEF43AAA}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{AEE19888-B76D-4E27-AA48-557420B7DDFC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B7B674D5-BA0D-482B-82D7-0DEC5756C9A3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B8A76143-4973-4EE3-92CF-11D0A89F09DB}" = dir=out | name=qool |
"{BC3A60DD-BC1C-4FAB-8474-F91001C870D1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{C3E6E7A3-EA2B-482B-A2D1-3AD58E668163}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{C4E4853F-3746-4426-A321-92B08BF40EED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C628FA0B-2246-4278-A55B-F5BFF54667CD}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{CEB3457F-7E41-405F-96CE-EBE76C6FC8D1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D1C8F549-2F3B-4D32-8E9B-E6B9F6380A8E}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{D411DE5A-CA04-42A1-B098-BF95E9D2EFCB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D49C1D8E-BEE3-4083-8FD3-7A82DBA9F43B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D6798907-2749-47D7-B694-77731C3EAAB3}" = dir=out | name=bubblebreaker |
"{D9887D69-EEB0-4970-8EB3-54AB3A6ADE97}" = dir=out | name=tv-programm |
"{DB21E116-0A65-4759-8076-810ECCAF57FD}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{E62DB4B0-B75A-4A59-951B-DC6A88A05CDC}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E9428011-4376-4A69-B7FD-0BCC6C63906B}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe |
"{EA738C74-D371-4CC9-BAEC-14BF865DD34F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{EC4939F6-495F-413F-9F4B-7B7831E7330D}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{ED8578FE-9501-417C-A54D-E75A1AF5D38B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F9498454-EC8F-4A37-90DD-9E5B6A861F67}" = protocol=17 | dir=in | app=c:\users\santa\appdata\roaming\dropbox\bin\dropbox.exe |
"{FEEC421E-B699-4007-BA33-939589DE98D3}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{FF2802A5-FBC9-4D57-A8A6-7AC6180BAAD4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FF2AD749-CCB8-4CCD-83B6-DD79B59D25E2}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"TCP Query User{4DB8D40E-2A9D-4DAF-808E-AE1BA667A6EB}C:\users\santa\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\santa\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{C1FDC4A8-882D-417F-BB9A-4558F902A2AC}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{27A6ECDF-C27B-47E7-8E62-37F87BC64E1B}C:\users\santa\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\santa\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{2835BC31-F622-448F-B293-E7E7B03376E8}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{088AD1DB-D1D7-469A-AE6C-1EBD766ACB5A}" = Newshosting
"{1593C708-5535-47A4-8C0F-F8D4BE2B4560}" = Intel® PROSet/Wireless WiFi-Software
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{2FE46568-5754-43AE-A289-0A8A7E5BCEAE}" = calibre 64bit
"{49A09C2C-FFF4-478E-B397-5E0979F67F5D}" = Lenovo Patch Utility 64 bit
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6097158B-0184-4140-BEC3-7885794D2571}" = Intel(R) WiDi
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{7B324AC3-57C3-4701-B023-F54D78546BFA}_is1" = Windows Service-Center 2013
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F34ADBE-77C0-47A0-BBC6-B3DA16CE8E68}" = Classic Shell
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9B3F0A88-790D-3AD9-9F96-B19CF2746452}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"BatteryBar" = BatteryBar (remove only)
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"KeyLemon" = KeyLemon
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = Lenovo Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"TeraCopy_is1" = TeraCopy 2.27
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 6.3
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{38EE230F-F631-451F-8800-E29F5E5C9E7D}" = iTunes Library Updater
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA5009F6-E65C-4DBD-92B8-988F0ADD1E99}" = SlimDrivers
"{B78203BF-CF9C-4163-B6C3-B70A27A646EE}" = 8GadgetPack
"{DD2FEA6F-5AC2-46B2-0001-C2A0C077FD2C}" = Simply Good Pictures 2
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E8F27ADF-B1ED-41AF-A7EF-D5E71778480C}" = Lenovo Patch Utility
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.22.18.01
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"ArchiCrypt Live 6_is1" = ArchiCrypt Live Version 6.9.2.10088
"doubleTwist" = doubleTwist
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Foxit Reader_is1" = Foxit Reader
"FreeFileSync" = FreeFileSync 5.12
"Freemake Video Converter_is1" = Freemake Video Converter Version 4.0.1
"Glary Utilities_is1" = Glary Utilities 2.56.0.1822
"Google Chrome" = Google Chrome
"HandBrake" = HandBrake 0.9.9.1
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"ISO Workshop_is1" = ISO Workshop 4.2
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.22
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Network Meter_is1" = Network Meter version 9.1
"Notepad++" = Notepad++
"PdaNet_is1" = PdaNet+ for Android 4.12
"Picasa 3" = Picasa 3
"Q-Dir" = Q-Dir
"Revo Uninstaller" = Revo Uninstaller 1.94
"Secunia PSI" = Secunia PSI (3.0.0.6001)
"TeamViewer 8" = TeamViewer 8
"TrueCrypt" = TrueCrypt
"UseNeXT by Tangysoft_is1" = UseNeXT by Tangysoft
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.6
"Yahoo! Messenger" = Yahoo! Messenger
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MusicManager" = Music Manager
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 13.06.2013 16:37:15 | Computer Name = YpS | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_224.exe,
 Version: 11.7.700.224, Zeitstempel: 0x51a67447  Name des fehlerhaften Moduls: unknown,
 Version: 0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset:
0x6ea42366  ID des fehlerhaften Prozesses: 0x1f8c  Startzeit der fehlerhaften Anwendung:
 0x01ce6875c9b2723c  Pfad der fehlerhaften Anwendung: C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 07fc5b60-d469-11e2-beb4-cc52afe0f613
Vollständiger
 Name des fehlerhaften Pakets:  Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist:
 
Error - 13.06.2013 16:37:22 | Computer Name = YpS | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_224.exe,
 Version: 11.7.700.224, Zeitstempel: 0x51a67447  Name des fehlerhaften Moduls: unknown,
 Version: 0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc00001a5  Fehleroffset:
0x00d149b0  ID des fehlerhaften Prozesses: 0x1884  Startzeit der fehlerhaften Anwendung:
 0x01ce6875ce919903  Pfad der fehlerhaften Anwendung: C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 0c4a10cf-d469-11e2-beb4-cc52afe0f613
Vollständiger
 Name des fehlerhaften Pakets:  Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist:
 
Error - 13.06.2013 16:37:23 | Computer Name = YpS | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_224.exe,
 Version: 11.7.700.224, Zeitstempel: 0x51a67447  Name des fehlerhaften Moduls: unknown,
 Version: 0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset:
0x6ea42366  ID des fehlerhaften Prozesses: 0x1884  Startzeit der fehlerhaften Anwendung:
 0x01ce6875ce919903  Pfad der fehlerhaften Anwendung: C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 0cd6bd5f-d469-11e2-beb4-cc52afe0f613
Vollständiger
 Name des fehlerhaften Pakets:  Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist:
 
Error - 13.06.2013 17:04:13 | Computer Name = YpS | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CxAudMsg64.exe, Version: 1.6.0.0,
 Zeitstempel: 0x4fd1c0c1  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16579,
 Zeitstempel: 0x51637f77  Ausnahmecode: 0xc0000374  Fehleroffset: 0x00000000000ebd59
ID
 des fehlerhaften Prozesses: 0x754  Startzeit der fehlerhaften Anwendung: 0x01ce68480457b5be
Pfad
 der fehlerhaften Anwendung: C:\WINDOWS\system32\CxAudMsg64.exe  Pfad des fehlerhaften
 Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll  Berichtskennung: cc2db026-d46c-11e2-beb4-cc52afe0f613
Vollständiger
 Name des fehlerhaften Pakets:  Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist:
 
Error - 14.06.2013 15:19:25 | Computer Name = YpS | Source = Microsoft-Windows-LocationProvider | ID = 2006
Description = There was an error with the Windows Location Provider database
 
Error - 15.06.2013 01:51:58 | Computer Name = YpS | Source = VSS | ID = 8194
Description =
 
Error - 15.06.2013 06:48:17 | Computer Name = YpS | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.3.21.103,
 Zeitstempel: 0x4f3c6d6c  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578,
 Zeitstempel: 0x515fac6e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000032  ID des fehlerhaften
 Prozesses: 0x28b4  Startzeit der fehlerhaften Anwendung: 0x01ce69b5cda18bea  Pfad der
 fehlerhaften Anwendung: C:\Users\Santa\AppData\Local\Google\Update\GoogleUpdate.exe
Pfad
 des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll  Berichtskennung: 15eccb3d-d5a9-11e2-beb5-cc52afe0f613
Vollständiger
 Name des fehlerhaften Pakets:  Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist:
 
Error - 15.06.2013 07:48:30 | Computer Name = YpS | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.3.21.103,
 Zeitstempel: 0x4f3c6d6c  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578,
 Zeitstempel: 0x515fac6e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000002f  ID des fehlerhaften
 Prozesses: 0x3838  Startzeit der fehlerhaften Anwendung: 0x01ce69be2f66f29e  Pfad der
 fehlerhaften Anwendung: C:\Users\Santa\AppData\Local\Google\Update\GoogleUpdate.exe
Pfad
 des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll  Berichtskennung: 7f2c509e-d5b1-11e2-beb5-cc52afe0f613
Vollständiger
 Name des fehlerhaften Pakets:  Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist:
 
Error - 15.06.2013 08:47:38 | Computer Name = YpS | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GPhotos.scr, Version: 3.9.136.20,
 Zeitstempel: 0x515ae6ae  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578,
 Zeitstempel: 0x515fac6e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000048  ID des fehlerhaften
 Prozesses: 0x3220  Startzeit der fehlerhaften Anwendung: 0x01ce69c676d7072f  Pfad der
 fehlerhaften Anwendung: C:\WINDOWS\SysWOW64\GPhotos.scr  Pfad des fehlerhaften Moduls:
 C:\WINDOWS\SYSTEM32\ntdll.dll  Berichtskennung: c1be7245-d5b9-11e2-beb5-cc52afe0f613
Vollständiger
 Name des fehlerhaften Pakets:  Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist:
 
Error - 15.06.2013 08:48:25 | Computer Name = YpS | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.3.21.103,
 Zeitstempel: 0x4f3c6d6c  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578,
 Zeitstempel: 0x515fac6e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000002f  ID des fehlerhaften
 Prozesses: 0x1e6c  Startzeit der fehlerhaften Anwendung: 0x01ce69c6912b3725  Pfad der
 fehlerhaften Anwendung: C:\Users\Santa\AppData\Local\Google\Update\GoogleUpdate.exe
Pfad
 des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll  Berichtskennung: ddc9ec21-d5b9-11e2-beb5-cc52afe0f613
Vollständiger
 Name des fehlerhaften Pakets:  Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist:
 
[ System Events ]
Error - 09.06.2013 03:17:38 | Computer Name = YpS | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%2
 
Error - 09.06.2013 04:16:01 | Computer Name = YpS | Source = Service Control Manager | ID = 7034
Description = Dienst "Conexant Audio Message Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
 
Error - 09.06.2013 06:44:16 | Computer Name = YpS | Source = DCOM | ID = 10010
Description =
 
Error - 09.06.2013 06:45:01 | Computer Name = YpS | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%2
 
Error - 10.06.2013 12:41:09 | Computer Name = YpS | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%2
 
Error - 11.06.2013 13:08:08 | Computer Name = YpS | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%2
 
Error - 12.06.2013 14:13:45 | Computer Name = YpS | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%2
 
Error - 13.06.2013 11:10:15 | Computer Name = YpS | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%2
 
Error - 13.06.2013 17:04:13 | Computer Name = YpS | Source = Service Control Manager | ID = 7034
Description = Dienst "Conexant Audio Message Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
 
Error - 14.06.2013 15:19:08 | Computer Name = YpS | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%2
 
 
< End of report >
HTML-Code:
OTL logfile created on: 15.06.2013 14:43:15 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = G:\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16599)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 5,75 Gb Available Physical Memory | 72,69% Memory free
9,10 Gb Paging File | 6,93 Gb Available in Paging File | 76,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,43 Gb Total Space | 20,50 Gb Free Space | 27,54% Space Free | Partition Type: NTFS
Drive E: | 379,63 Gb Total Space | 11,30 Gb Free Space | 2,98% Space Free | Partition Type: NTFS
Drive G: | 75,19 Gb Total Space | 16,79 Gb Free Space | 22,32% Space Free | Partition Type: NTFS
Drive H: | 9,77 Gb Total Space | 0,80 Gb Free Space | 8,17% Space Free | Partition Type: NTFS
 
Computer Name: YPS | User Name: Santa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2013.06.15 14:32:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\Desktop\OTL.exe
PRC - [2013.06.15 12:16:53 | 000,055,296 | ---- | M] (Ufasoft) -- C:\Users\Santa\AppData\Roaming\WindowsLogonS\shell.exe
PRC - [2013.06.15 12:16:53 | 000,055,296 | ---- | M] (Ufasoft) -- C:\Users\Santa\AppData\Roaming\WindowsLogonS\macromedia.exe
PRC - [2013.06.07 14:39:25 | 004,150,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013.05.30 01:33:20 | 000,101,888 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2013.04.12 23:27:48 | 000,068,608 | ---- | M] (IvoSoft) -- C:\Programme\Classic Shell\ClassicShellService.exe
PRC - [2012.11.26 16:09:22 | 001,225,312 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2012.08.24 19:33:26 | 000,127,072 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe
PRC - [2012.07.26 05:32:50 | 000,385,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WerFault.exe
PRC - [2012.07.26 05:20:44 | 000,349,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2011.11.10 10:59:36 | 002,594,584 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.11.10 10:59:34 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.09.01 16:23:44 | 000,447,104 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012.11.28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.11.28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.05.25 05:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2013.04.09 06:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:[b]64bit:[/b] - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:[b]64bit:[/b] - [2013.02.02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:[b]64bit:[/b] - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:[b]64bit:[/b] - [2012.12.11 07:22:08 | 000,060,272 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:[b]64bit:[/b] - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:[b]64bit:[/b] - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:[b]64bit:[/b] - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:[b]64bit:[/b] - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:[b]64bit:[/b] - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:[b]64bit:[/b] - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:[b]64bit:[/b] - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:[b]64bit:[/b] - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:[b]64bit:[/b] - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:[b]64bit:[/b] - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:[b]64bit:[/b] - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:[b]64bit:[/b] - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:[b]64bit:[/b] - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:[b]64bit:[/b] - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:[b]64bit:[/b] - [2012.07.26 05:05:12 | 000,331,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:[b]64bit:[/b] - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:[b]64bit:[/b] - [2012.07.26 05:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:[b]64bit:[/b] - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:[b]64bit:[/b] - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:[b]64bit:[/b] - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:[b]64bit:[/b] - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:[b]64bit:[/b] - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:[b]64bit:[/b] - [2012.06.08 18:07:16 | 000,201,376 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:[b]64bit:[/b] - [2000.01.01 02:00:00 | 002,227,992 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Windows\SysNative\BtwRSupportService.exe -- (BcmBtRSupport)
SRV - [2013.06.11 20:09:17 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.07 14:39:25 | 004,150,112 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013.05.30 16:34:34 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.30 01:33:20 | 000,101,888 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2013.04.12 23:27:48 | 000,068,608 | ---- | M] (IvoSoft) [Auto | Running] -- C:\Programme\Classic Shell\ClassicShellService.exe -- (ClassicShellService)
SRV - [2012.12.18 13:30:54 | 000,127,120 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2012.12.14 03:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.11.26 16:09:22 | 001,225,312 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2012.11.26 16:09:20 | 000,659,040 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.11.15 15:51:42 | 000,959,256 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.09.24 17:03:12 | 001,153,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV - [2012.09.24 17:02:54 | 000,272,176 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2012.09.24 17:02:42 | 000,617,776 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2012.09.24 17:02:16 | 000,149,296 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2012.08.24 19:33:26 | 000,127,072 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2011.11.10 10:59:36 | 002,594,584 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.11.10 10:59:34 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.09.01 16:23:44 | 000,447,104 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2013.04.24 01:23:00 | 000,460,528 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:[b]64bit:[/b] - [2013.04.12 17:20:43 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\truecrypt.sys -- (truecrypt)
DRV:[b]64bit:[/b] - [2013.04.09 07:27:43 | 000,284,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:[b]64bit:[/b] - [2013.03.11 02:49:12 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VClone.sys -- (VClone)
DRV:[b]64bit:[/b] - [2013.03.04 14:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:[b]64bit:[/b] - [2013.03.02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:[b]64bit:[/b] - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:[b]64bit:[/b] - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:[b]64bit:[/b] - [2013.03.02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:[b]64bit:[/b] - [2013.02.14 01:51:32 | 000,109,016 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ACLE1764.sys -- (ACLE6Live)
DRV:[b]64bit:[/b] - [2013.02.06 08:42:08 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudbus.sys -- (dg_ssudbus)
DRV:[b]64bit:[/b] - [2013.02.02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:[b]64bit:[/b] - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:[b]64bit:[/b] - [2013.02.02 09:24:50 | 000,117,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthA2DP.sys -- (BthA2DP)
DRV:[b]64bit:[/b] - [2013.02.02 09:24:42 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthHfAud.sys -- (BthHFAud)
DRV:[b]64bit:[/b] - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:[b]64bit:[/b] - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:[b]64bit:[/b] - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:[b]64bit:[/b] - [2012.12.14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2012.12.11 07:22:08 | 000,042,824 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:[b]64bit:[/b] - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:[b]64bit:[/b] - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:[b]64bit:[/b] - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:[b]64bit:[/b] - [2012.10.18 00:19:22 | 000,044,344 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:[b]64bit:[/b] - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:[b]64bit:[/b] - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:[b]64bit:[/b] - [2012.10.09 19:48:50 | 000,035,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:[b]64bit:[/b] - [2012.10.09 19:48:50 | 000,025,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iwdbus.sys -- (iwdbus)
DRV:[b]64bit:[/b] - [2012.10.09 19:48:48 | 000,188,896 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\xHCIPort.sys -- (XHCIPort)
DRV:[b]64bit:[/b] - [2012.10.09 19:48:48 | 000,047,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usb3Hub.sys -- (usb3Hub)
DRV:[b]64bit:[/b] - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:[b]64bit:[/b] - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:[b]64bit:[/b] - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:[b]64bit:[/b] - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:[b]64bit:[/b] - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:[b]64bit:[/b] - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:[b]64bit:[/b] - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:[b]64bit:[/b] - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:[b]64bit:[/b] - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:[b]64bit:[/b] - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:[b]64bit:[/b] - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:[b]64bit:[/b] - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:[b]64bit:[/b] - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:[b]64bit:[/b] - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:[b]64bit:[/b] - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:[b]64bit:[/b] - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2012.07.26 04:30:00 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbser.sys -- (usbser)
DRV:[b]64bit:[/b] - [2012.07.26 04:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:[b]64bit:[/b] - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:[b]64bit:[/b] - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:[b]64bit:[/b] - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:[b]64bit:[/b] - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:[b]64bit:[/b] - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:[b]64bit:[/b] - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:[b]64bit:[/b] - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:[b]64bit:[/b] - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:[b]64bit:[/b] - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:[b]64bit:[/b] - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:[b]64bit:[/b] - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:[b]64bit:[/b] - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:[b]64bit:[/b] - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:[b]64bit:[/b] - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:[b]64bit:[/b] - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2012.07.26 04:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:[b]64bit:[/b] - [2012.07.26 04:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:[b]64bit:[/b] - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:[b]64bit:[/b] - [2012.07.26 04:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:[b]64bit:[/b] - [2012.07.26 04:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:[b]64bit:[/b] - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:[b]64bit:[/b] - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:[b]64bit:[/b] - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:[b]64bit:[/b] - [2012.07.04 14:39:00 | 000,105,472 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\risdxc64.sys -- (risdxc)
DRV:[b]64bit:[/b] - [2012.06.22 06:59:50 | 001,586,848 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:[b]64bit:[/b] - [2012.06.02 16:31:56 | 000,589,824 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:[b]64bit:[/b] - [2012.06.02 16:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)
DRV:[b]64bit:[/b] - [2011.11.25 01:25:52 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pneteth.sys -- (pneteth)
DRV:[b]64bit:[/b] - [2011.09.22 10:49:56 | 000,056,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2011.07.27 20:48:14 | 000,014,952 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\iPodDrv.sys -- (iPodDrv)
DRV:[b]64bit:[/b] - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\psi_mf.sys -- (PSI)
DRV:[b]64bit:[/b] - [2000.01.01 02:00:00 | 000,226,680 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btwavdt.sys -- (btwavdt)
DRV:[b]64bit:[/b] - [2000.01.01 02:00:00 | 000,186,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btwaudio.sys -- (btwaudio)
DRV:[b]64bit:[/b] - [2000.01.01 02:00:00 | 000,169,240 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\bcbtums.sys -- (bcbtums)
DRV:[b]64bit:[/b] - [2000.01.01 02:00:00 | 000,161,144 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btwampfl.sys -- (btwampfl)
DRV:[b]64bit:[/b] - [2000.01.01 02:00:00 | 000,040,248 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btwl2cap.sys -- (btwl2cap)
DRV:[b]64bit:[/b] - [2000.01.01 02:00:00 | 000,020,856 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btwrchid.sys -- (btwrchid)
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE,de;q=0.8,en-US;q=0.5,en;q=0.3
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 7D 4C C7 E0 62 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://web.de/|hxxp://www.google.com/ig?hl=de|https://ksab.kroschu.com/webaccess/index.php|hxxp://www.gizmodo.de/|hxxp://www.focus.de/|hxxp://www.myliveshopping.de/"
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.3
FF - prefs.js..extensions.enabledAddons: musicplayer%40firemediaplayer.com:2.2
FF - prefs.js..extensions.enabledAddons: isreaditlater%40ideashower.com:3.0.1
FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: SkipScreen%40SkipScreen:0.7.0
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.0
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:18.8
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.9
FF - prefs.js..extensions.enabledAddons: %7B677a8f98-fd64-40b0-a883-b8c95d0cbf17%7D:0.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Santa\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Santa\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{59d42255-7f9c-49e5-8e68-a5fd16d06d76}: C:\Program Files\KeyLemon\extension\{59d42255-7f9c-49e5-8e68-a5fd16d06d76}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.02.03 21:18:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Santa\AppData\Roaming\mozilla\Extensions
[2013.06.08 21:21:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Santa\AppData\Roaming\mozilla\Firefox\Profiles\5zat8v2p.default\extensions
[2013.05.30 16:55:07 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Santa\AppData\Roaming\mozilla\Firefox\Profiles\5zat8v2p.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2013.05.30 16:55:07 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Santa\AppData\Roaming\mozilla\Firefox\Profiles\5zat8v2p.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013.05.30 16:55:07 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Santa\AppData\Roaming\mozilla\Firefox\Profiles\5zat8v2p.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.02.03 21:53:47 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Santa\AppData\Roaming\mozilla\firefox\profiles\5zat8v2p.default\extensions\amznUWL2@amazon.com.xpi
[2013.05.30 16:55:07 | 000,363,920 | ---- | M] () (No name found) -- C:\Users\Santa\AppData\Roaming\mozilla\firefox\profiles\5zat8v2p.default\extensions\client@anonymox.net.xpi
[2013.02.03 21:53:47 | 000,223,719 | ---- | M] () (No name found) -- C:\Users\Santa\AppData\Roaming\mozilla\firefox\profiles\5zat8v2p.default\extensions\isreaditlater@ideashower.com.xpi
[2013.02.03 21:53:47 | 000,237,521 | ---- | M] () (No name found) -- C:\Users\Santa\AppData\Roaming\mozilla\firefox\profiles\5zat8v2p.default\extensions\musicplayer@firemediaplayer.com.xpi
[2013.02.03 21:53:47 | 000,071,037 | ---- | M] () (No name found) -- C:\Users\Santa\AppData\Roaming\mozilla\firefox\profiles\5zat8v2p.default\extensions\SkipScreen@SkipScreen.xpi
[2013.02.03 21:53:47 | 000,060,290 | ---- | M] () (No name found) -- C:\Users\Santa\AppData\Roaming\mozilla\firefox\profiles\5zat8v2p.default\extensions\translator@zoli.bod.xpi
[2013.06.08 21:21:34 | 000,020,949 | ---- | M] () (No name found) -- C:\Users\Santa\AppData\Roaming\mozilla\firefox\profiles\5zat8v2p.default\extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi
[2013.05.30 16:10:49 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Santa\AppData\Roaming\mozilla\firefox\profiles\5zat8v2p.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.03 21:53:47 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Santa\AppData\Roaming\mozilla\firefox\profiles\5zat8v2p.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013.04.20 22:00:58 | 000,765,412 | ---- | M] () (No name found) -- C:\Users\Santa\AppData\Roaming\mozilla\firefox\profiles\5zat8v2p.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2013.05.30 16:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.30 16:34:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll
CHR - plugin: doubletwist Plugin 1, 3, 0, 0 (Enabled) = C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\WINDOWS\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YOUZEEK Free Music = C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcgpdkighmjfjlplcighhgamlhkimce\2.0.1_0\
CHR - Extension: YouTube = C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Play Music = C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\5.1_0\
CHR - Extension: Google Mail = C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:[b]64bit:[/b] - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Programme\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Programme\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O4:[b]64bit:[/b] - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe ()
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [KeyLemon LemonScreen] C:\Program Files\KeyLemon\KLLockEngine.exe (KeyLemon)
O4:[b]64bit:[/b] - HKLM..\Run: [KeyLemon Updater] C:\Programme\KeyLemon\KLUpdater.exe (KeyLemon)
O4:[b]64bit:[/b] - HKLM..\Run: [LenovoOptMouseUpdate] C:\Programme\Lenovo\HOTKEY\extapsup.exe (Lenovo Group Limited)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKCU..\Run: [Adobe Flash Updater] C:\ProgramData\svsupdates0\xsytzecrn.exe (Microsoft Corporation)
O4 - HKCU..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [MusicManager] C:\Users\Santa\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKCU..\Run: [NPowerTray] G:\Downloads\NPowerTray.exe ()
O4 - HKCU..\Run: [ShowBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe ()
O4 - HKCU..\RunOnce: [Adobe Flash Updater] C:\ProgramData\svsupdates0\xsytzecrn.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Santa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk = C:\Users\Santa\AppData\Roaming\WindowsLogonS\usft_ext.exe.vbs ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1
O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 File not found
O8:[b]64bit:[/b] - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Programme\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Programme\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A283C47B-98AD-4D34-9552-DCD9CEC0DDA1}: DhcpNameServer = 192.168.178.1
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:[b]64bit:[/b] - HKLM IFEO\mbam.exe: Debugger - mefjb_.exe File not found
O27:[b]64bit:[/b] - HKLM IFEO\mbamgui.exe: Debugger - gxwfo_.exe File not found
O27:[b]64bit:[/b] - HKLM IFEO\MSASCui.exe: Debugger - moyml_.exe File not found
O27:[b]64bit:[/b] - HKLM IFEO\MsMpEng.exe: Debugger - ftdim_.exe File not found
O27:[b]64bit:[/b] - HKLM IFEO\msseces.exe: Debugger - xsljq_.exe File not found
O27 - HKLM IFEO\mbam.exe: Debugger - mefjb_.exe File not found
O27 - HKLM IFEO\mbamgui.exe: Debugger - gxwfo_.exe File not found
O27 - HKLM IFEO\MSASCui.exe: Debugger - moyml_.exe File not found
O27 - HKLM IFEO\MsMpEng.exe: Debugger - ftdim_.exe File not found
O27 - HKLM IFEO\msseces.exe: Debugger - xsljq_.exe File not found
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2013.06.15 14:39:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- G:\Desktop\OTL.exe
[2013.06.15 12:16:52 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Roaming\WindowsLogonS
[2013.06.15 11:46:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\svsupdates0
[2013.06.13 18:32:38 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Local\Newshosting
[2013.06.13 18:32:38 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Local\CrashRpt
[2013.06.13 18:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon
[2013.06.13 18:32:32 | 000,000,000 | ---D | C] -- C:\Program Files\Newshosting
[2013.06.13 18:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Newshosting
[2013.06.13 18:32:27 | 000,000,000 | ---D | C] -- C:\Users\Santa\Downloads
[2013.06.13 18:30:24 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Roaming\Newshosting
[2013.06.09 12:54:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes Library Updater
[2013.06.09 12:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTLU
[2013.06.09 12:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.06.09 12:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.06.09 12:28:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.06.09 12:28:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.06.09 12:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.06.09 09:44:04 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
[2013.06.09 09:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.06.08 22:36:28 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth
[2013.06.08 22:35:16 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Local\Broadcom
[2013.06.08 22:19:32 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\SysWow64\CSVer.dll
[2013.06.08 22:19:23 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Local\pcwServiceCenter
[2013.06.08 22:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[2013.06.08 22:16:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimDrivers
[2013.06.08 22:16:04 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2013.06.08 22:12:34 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Local\SlimWare Utilities Inc
[2013.06.08 21:02:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.06.08 21:01:45 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Talk
[2013.06.08 21:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Talk
[2013.06.08 20:59:05 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Local\Secunia PSI
[2013.06.08 20:59:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2013.06.08 19:54:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2013.06.08 19:54:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2013.06.08 19:48:33 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Roaming\Auslogics
[2013.06.08 19:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC-WELT-ServiceCenter
[2013.06.08 19:46:51 | 000,000,000 | ---D | C] -- C:\Program Files\PC-WELT-ServiceCenter
[2013.06.08 18:32:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\appmgmt
[2013.06.08 16:46:00 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Local\Engelmann_Media
[2013.06.08 16:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2013.06.08 16:34:05 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Roaming\SuperEasy Software
[2013.06.08 16:31:13 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Roaming\Engelmann Media
[2013.06.08 16:31:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HDX4
[2013.06.08 16:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Engelmann Media
[2013.06.08 16:31:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Engelmann Media
[2013.06.08 16:27:57 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Roaming\Q-Dir
[2013.06.08 16:27:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Q-Dir
[2013.06.08 16:27:57 | 000,000,000 | ---D | C] -- G:\Documents\Favorites_Q_Dir
[2013.06.08 16:27:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Q-Dir
[2013.06.06 22:52:08 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Roaming\GlarySoft
[2013.06.06 22:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2013.06.06 22:50:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
[2013.06.05 23:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
[2013.06.04 20:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
[2013.06.04 20:02:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2013.06.04 19:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Bluray Decrypter
[2013.06.04 19:07:29 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2013.06.04 19:07:28 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2013.06.04 13:51:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2013.06.04 13:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Lenovo
[2013.06.04 13:51:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lenovo
[2013.06.04 13:51:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Lenovo
[2013.06.03 17:30:43 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Local\VMLite Workstation
[2013.06.03 17:30:42 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VMLite Workstation
[2013.06.03 17:10:08 | 000,000,000 | ---D | C] -- C:\Users\Santa\VMLites
[2013.06.02 12:38:54 | 000,000,000 | ---D | C] -- C:\Users\Santa\.android
[2013.05.31 22:26:58 | 000,015,360 | ---- | C] (June Fabrics Technology Inc.) -- C:\WINDOWS\SysNative\drivers\pneteth.sys
[2013.05.31 22:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdaNet for Android
[2013.05.31 22:26:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PdaNet for Android
[2013.05.31 22:25:12 | 000,000,000 | ---D | C] -- G:\Desktop\motochopper
[2013.05.31 14:19:48 | 000,000,000 | ---D | C] -- C:\ZOPO
[2013.05.31 12:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SP_FT_Logs
[2013.05.30 20:59:08 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Local\FreemakeVideoConverter
[2013.05.30 20:25:26 | 000,000,000 | ---D | C] -- G:\Documents\Freemake
[2013.05.30 20:25:26 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2013.05.30 20:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2013.05.30 20:25:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2013.05.30 20:25:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
[2013.05.30 19:37:41 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Roaming\HandBrake
[2013.05.30 19:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
[2013.05.30 16:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013.05.30 16:57:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2013.05.30 16:34:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.19 12:54:27 | 000,097,176 | ---- | C] (Elaborate Bytes AG) -- C:\WINDOWS\SysWow64\ElbyCDIO.dll
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2013.06.15 14:44:14 | 000,001,116 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.15 14:41:56 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\SlimDrivers Startup.job
[2013.06.15 14:37:45 | 000,377,856 | ---- | M] () -- G:\Desktop\gmer_2.1.19163.exe
[2013.06.15 14:32:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\Desktop\OTL.exe
[2013.06.15 14:32:03 | 000,050,477 | ---- | M] () -- G:\Desktop\Defogger.exe
[2013.06.15 14:09:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.06.15 14:00:00 | 000,015,547 | ---- | M] () -- C:\Users\Santa\Network_Meter_Data.js
[2013.06.15 13:48:39 | 000,000,916 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000UA.job
[2013.06.15 12:16:57 | 000,001,088 | ---- | M] () -- C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk
[2013.06.15 09:48:00 | 000,000,864 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000Core.job
[2013.06.15 09:44:00 | 000,001,112 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.14 21:27:29 | 001,745,416 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2013.06.14 21:27:29 | 000,753,134 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat
[2013.06.14 21:27:29 | 000,710,244 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2013.06.14 21:27:29 | 000,155,826 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat
[2013.06.14 21:27:29 | 000,132,614 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2013.06.14 21:20:39 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.06.14 21:19:00 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2013.06.14 21:18:38 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.06.14 21:18:38 | 2502,512,639 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.14 00:40:10 | 000,000,026 | ---- | M] () -- C:\Users\Santa\AppData\Roaming\Network Meter_Usage.ini
[2013.06.13 22:23:58 | 000,000,658 | ---- | M] () -- G:\Documents\Breaking Point (German) (2009) AC3 BDRip.nzb
[2013.06.10 18:43:27 | 000,000,853 | ---- | M] () -- C:\Users\Santa\AppData\Roaming\Drives Meter_Settings.ini
[2013.06.09 12:58:20 | 000,000,748 | ---- | M] () -- G:\Documents\2013-06-09.itlu
[2013.06.08 22:34:42 | 000,000,876 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2013.06.08 22:20:10 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\SuperEasyDriverUpdater_UPDATES.job
[2013.06.08 22:16:04 | 000,002,467 | ---- | M] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2013.06.08 20:59:01 | 000,001,109 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.06.08 20:56:39 | 000,053,248 | ---- | M] () -- C:\WINDOWS\SysWow64\zlib.dll
[2013.06.08 20:56:39 | 000,000,749 | ---- | M] () -- C:\Users\Public\Desktop\dMaintenanceConfig.zip
[2013.06.08 20:49:03 | 000,024,576 | ---- | M] () -- C:\WINDOWS\SysNative\FoolishEventLogMsgHelper.dll
[2013.06.08 19:47:38 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\PC-WELT-ServiceCenter.lnk
[2013.06.08 16:28:09 | 000,010,458 | ---- | M] () -- C:\WINDOWS\Q-Dir.ini
[2013.06.08 16:27:57 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\Q-Dir.lnk
[2013.06.05 23:44:36 | 000,000,562 | ---- | M] () -- G:\Documents\Menu Settings.xml
[2013.06.04 20:05:22 | 000,000,021 | ---- | M] () -- C:\Users\Santa\AppData\Roaming\ISOWorkshop.ini
[2013.06.04 19:51:10 | 000,036,446 | ---- | M] () -- G:\Documents\cc_20130604_195103.reg
[2013.06.04 19:13:43 | 000,001,198 | ---- | M] () -- C:\Users\Public\Desktop\ISO Workshop.lnk
[2013.06.01 09:27:30 | 000,001,048 | ---- | M] () -- C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.06.01 09:27:24 | 000,000,930 | ---- | M] () -- G:\Desktop\Dropbox.lnk
[2013.05.30 17:19:36 | 000,001,080 | ---- | M] () -- C:\Users\Santa\AppData\Roaming\Network Meter_Settings.ini
[2013.05.30 17:17:46 | 000,310,216 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013.05.24 15:21:55 | 000,000,572 | R--- | M] () -- C:\WINDOWS\SysWow64\revolution.2012.118.720p-dimension.nfo
[2013.05.19 12:54:27 | 000,097,176 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\SysWow64\ElbyCDIO.dll
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013.06.15 14:37:40 | 000,377,856 | ---- | C] () -- G:\Desktop\gmer_2.1.19163.exe
[2013.06.15 14:31:48 | 000,050,477 | ---- | C] () -- G:\Desktop\Defogger.exe
[2013.06.15 12:16:57 | 000,001,088 | ---- | C] () -- C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk
[2013.06.15 00:21:50 | 000,000,572 | R--- | C] () -- C:\WINDOWS\SysWow64\revolution.2012.118.720p-dimension.nfo
[2013.06.13 22:23:58 | 000,000,658 | ---- | C] () -- G:\Documents\Breaking Point (German) (2009) AC3 BDRip.nzb
[2013.06.09 12:58:19 | 000,000,748 | ---- | C] () -- G:\Documents\2013-06-09.itlu
[2013.06.09 09:43:45 | 000,000,916 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000UA.job
[2013.06.09 09:43:45 | 000,000,864 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000Core.job
[2013.06.09 09:39:34 | 000,001,116 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.09 09:39:34 | 000,001,112 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.08 22:34:26 | 000,000,876 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2013.06.08 22:16:04 | 000,002,467 | ---- | C] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2013.06.08 22:12:36 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\SlimDrivers Startup.job
[2013.06.08 20:59:01 | 000,001,109 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.06.08 20:59:01 | 000,001,072 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013.06.08 20:56:39 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\zlib.dll
[2013.06.08 20:56:39 | 000,000,749 | ---- | C] () -- C:\Users\Public\Desktop\dMaintenanceConfig.zip
[2013.06.08 20:49:03 | 000,024,576 | ---- | C] () -- C:\WINDOWS\SysNative\FoolishEventLogMsgHelper.dll
[2013.06.08 19:47:38 | 000,000,946 | ---- | C] () -- C:\Users\Public\Desktop\PC-WELT-ServiceCenter.lnk
[2013.06.08 16:34:10 | 000,000,334 | ---- | C] () -- C:\WINDOWS\tasks\SuperEasyDriverUpdater_UPDATES.job
[2013.06.08 16:27:57 | 000,001,832 | ---- | C] () -- C:\Users\Public\Desktop\Q-Dir.lnk
[2013.06.08 16:27:46 | 000,010,458 | ---- | C] () -- C:\WINDOWS\Q-Dir.ini
[2013.06.06 22:50:51 | 000,000,334 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2013.06.05 23:44:36 | 000,000,562 | ---- | C] () -- G:\Documents\Menu Settings.xml
[2013.06.04 19:51:06 | 000,036,446 | ---- | C] () -- G:\Documents\cc_20130604_195103.reg
[2013.06.03 17:30:42 | 000,002,241 | ---- | C] () -- C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (Secure).lnk
[2013.05.30 17:17:43 | 000,310,216 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013.05.30 16:03:37 | 000,387,688 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2013.03.31 19:55:28 | 000,006,656 | ---- | C] () -- C:\Users\Santa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.03.31 01:13:10 | 000,000,026 | ---- | C] () -- C:\Users\Santa\AppData\Roaming\Network Meter_Usage.ini
[2013.03.30 17:26:19 | 000,000,368 | ---- | C] () -- C:\Users\Santa\AppData\Roaming\Digital Clock_Settings.ini
[2013.03.30 17:23:06 | 000,015,547 | ---- | C] () -- C:\Users\Santa\Network_Meter_Data.js
[2013.02.10 13:29:17 | 000,057,344 | ---- | C] () -- C:\WINDOWS\SysWow64\ff_vfw.dll
[2013.02.09 16:08:35 | 000,000,021 | ---- | C] () -- C:\Users\Santa\AppData\Roaming\ISOWorkshop.ini
[2013.02.06 00:00:00 | 000,004,853 | ---- | C] () -- C:\ProgramData\Network_Meter_Data.csv
[2013.02.05 23:11:22 | 000,001,080 | ---- | C] () -- C:\Users\Santa\AppData\Roaming\Network Meter_Settings.ini
[2013.02.05 00:41:56 | 000,000,576 | ---- | C] () -- C:\Users\Santa\AppData\Roaming\All CPU MeterV3_Settings.ini
[2013.02.05 00:26:52 | 000,000,853 | ---- | C] () -- C:\Users\Santa\AppData\Roaming\Drives Meter_Settings.ini
[2013.02.05 00:14:24 | 000,727,029 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2013.02.05 00:14:24 | 000,044,083 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2013.02.04 22:33:22 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2013.02.03 21:00:48 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013.02.03 20:59:12 | 000,010,597 | ---- | C] () -- C:\Users\Santa\AppData\Local\Application.xml
[2013.01.30 20:34:47 | 000,000,000 | ---- | C] () -- C:\Users\Santa\defogger_reenable
[2012.12.14 03:42:30 | 000,963,452 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin
[2012.12.14 03:42:30 | 000,064,512 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2012.12.14 03:42:28 | 000,272,928 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin
[2012.10.29 16:44:56 | 000,315,392 | ---- | C] () -- C:\WINDOWS\SysWow64\EMRegSys.dll
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2013.02.14 01:57:59 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\ACLive5
[2013.02.10 12:14:02 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\Amazon
[2013.06.08 19:48:33 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\Auslogics
[2013.06.06 22:55:51 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\BatteryBar
[2013.02.16 22:43:12 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\calibre
[2013.02.03 22:23:15 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\Canneverbe Limited
[2013.06.14 21:20:05 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\Dropbox
[2013.06.08 16:31:13 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\Engelmann Media
[2013.02.06 22:38:22 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\EurekaLog
[2013.05.30 16:57:23 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\Foxit Software
[2013.02.12 18:36:41 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\FreeFileSync
[2013.06.06 23:09:05 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\GlarySoft
[2013.04.12 17:20:24 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\Greenshot
[2013.06.01 12:38:56 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\HandBrake
[2013.02.06 21:02:49 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\IrfanView
[2013.05.30 17:24:12 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\JAM Software
[2013.06.13 22:09:57 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\KeePass
[2013.06.13 18:30:24 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\Newshosting
[2013.06.02 12:36:20 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\Notepad++
[2013.02.03 22:17:34 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\pdfforge
[2013.06.08 16:28:09 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\Q-Dir
[2013.06.08 16:34:05 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\SuperEasy Software
[2013.06.04 16:20:36 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\TeamViewer
[2013.02.03 22:44:28 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\TeraCopy
[2013.06.13 22:24:06 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\UseNeXT
[2013.06.04 19:49:39 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\uTorrent
[2013.06.15 12:16:53 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\WindowsLogonS
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >

schrauber 15.06.2013 14:37
Hi,

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

mamic 15.06.2013 15:06
Hallo Schrauber,
die Antwort kam schneller als erwartet! Super. Hier die scan Ergebnisse:
Gruss
mamic


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013
Ran by Santa (administrator) on 15-06-2013 16:01:13
Running from G:\Desktop
Windows 8 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\WINDOWS\system32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\WINDOWS\system32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\WINDOWS\SysWOW64\SAsrv.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(AddGadgets) G:\Downloads\Gadgets\PCMeter\PCMeterV0.3.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPOSD.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
() G:\Downloads\NPowerTray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Users\Santa\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\Santa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\System32\WScript.exe
(Ufasoft) C:\Users\Santa\AppData\Roaming\WindowsLogonS\shell.exe
(Ufasoft) C:\Users\Santa\AppData\Roaming\WindowsLogonS\macromedia.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [KeyLemon LemonScreen] C:\Program Files\KeyLemon\KLLockEngine.exe atstartup [1004984 2012-12-17] (KeyLemon)
HKLM\...\Run: [KeyLemon Updater] C:\Program Files\KeyLemon\KLUpdater.exe [705464 2012-12-17] (KeyLemon)
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [LenovoOptMouseUpdate] C:\Program Files\Lenovo\HOTKEY\extapsup.exe [250976 2012-08-31] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1371648 2012-05-19] (Microsoft Corporation)
HKCU\...\Run: [NPowerTray] G:\Downloads\NPowerTray.exe [x]
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
HKCU\...\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show [89600 2013-04-11] ()
HKCU\...\Run: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart [3289088 2007-11-21] (Google)
HKCU\...\Run: [Google Update] "C:\Users\Santa\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2013-06-09] (Google Inc.)
HKCU\...\Run: [MusicManager] "C:\Users\Santa\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [7331840 2013-04-24] (Google Inc.)
HKCU\...\Run: [Adobe Flash Updater] "C:\ProgramData\svsupdates0\xsytzecrn.exe" [745472 2013-06-15] (Microsoft Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload [1960448 2013-04-05] (Dominik Reichl)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Flash Updater] "C:\ProgramData\svsupdates0\xsytzecrn.exe" [745472 2013-06-15] (Microsoft Corporation)
IMEO\hijackthis.exe: [Debugger] kbvh_.exe
IMEO\housecalllauncher.exe: [Debugger] snrm_.exe
IMEO\mbam.exe: [Debugger] mefjb_.exe
IMEO\mbamgui.exe: [Debugger] gxwfo_.exe
IMEO\MSASCui.exe: [Debugger] moyml_.exe
IMEO\MsMpEng.exe: [Debugger] ftdim_.exe
IMEO\msseces.exe: [Debugger] xsljq_.exe
IMEO\rstrui.exe: [Debugger] safp_.exe
IMEO\spybotsd.exe: [Debugger] sina_.exe
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Santa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk
ShortcutTarget: Skype.lnk -> C:\Users\Santa\AppData\Roaming\WindowsLogonS\usft_ext.exe.vbs ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: PodcastBHO Class - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler: msdaipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://web.de/|hxxp://www.google.com/ig?hl=de|https://ksab.kroschu.com/webaccess/index.php|hxxp://www.gizmodo.de/|hxxp://www.focus.de/|hxxp://www.myliveshopping.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF Extension: Flagfox - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF Extension: DownloadHelper - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: amznUWL2 - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\amznUWL2@amazon.com.xpi
FF Extension: client - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\client@anonymox.net.xpi
FF Extension: isreaditlater - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\isreaditlater@ideashower.com.xpi
FF Extension: musicplayer - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\musicplayer@firemediaplayer.com.xpi
FF Extension: SkipScreen - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\SkipScreen@SkipScreen.xpi
FF Extension: translator - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\translator@zoli.bod.xpi
FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi
FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
CHR Plugin: (doubletwist Plugin 1, 3, 0, 0) - C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YOUZEEK Free Music) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcgpdkighmjfjlplcighhgamlhkimce\2.0.1_0
CHR Extension: (YouTube) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Play Music) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\5.1_0
CHR Extension: (Gmail) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2227992 2000-01-01] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [331776 2012-07-26] (Microsoft Corporation)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [959256 2012-11-15] (Broadcom Corporation.)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-04-12] (IvoSoft)
R2 CxAudMsg; C:\WINDOWS\system32\CxAudMsg64.exe [201376 2012-06-08] (Conexant Systems Inc.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-05-30] (Freemake)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R1 ACLE6Live; C:\WINDOWS\system32\Drivers\ACLE1764.sys [109016 2013-02-14] (Softwareentwicklung Remus - ArchiCrypt - )
R1 ACLE6Live; C:\WINDOWS\system32\Drivers\ACLE1764.sys [109016 2013-02-14] (Softwareentwicklung Remus - ArchiCrypt - )
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [169240 2000-01-01] (Broadcom Corporation.)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [117632 2013-02-02] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [30720 2013-02-02] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-18] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2013-06-15] ()
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
R3 WinRing0_1_2_0; \??\C:\Users\Santa\AppData\Local\Temp\tmpA2D7.tmp [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-15 16:01 - 2013-06-15 16:01 - 00000000 ____D C:\FRST
2013-06-15 15:09 - 2013-06-15 15:09 - 862801894 ____A C:\Windows\MEMORY.DMP
2013-06-15 12:16 - 2013-06-15 12:16 - 00000000 ____D C:\Users\Santa\AppData\Roaming\WindowsLogonS
2013-06-15 11:46 - 2013-06-15 11:46 - 00000000 __SHD C:\ProgramData\svsupdates0
2013-06-15 00:21 - 2013-05-24 15:21 - 00000572 ___RA C:\Windows\SysWOW64\revolution.2012.118.720p-dimension.nfo
2013-06-13 19:15 - 2013-05-04 09:45 - 02233600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Users\Santa\AppData\Local\Newshosting
2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Users\Santa\AppData\Local\CrashRpt
2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\ProgramData\Caphyon
2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Program Files\Newshosting
2013-06-13 18:30 - 2013-06-13 18:30 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Newshosting
2013-06-13 18:11 - 2013-04-24 01:13 - 01013248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-13 18:11 - 2013-04-24 01:12 - 01569792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-13 18:11 - 2013-04-24 01:12 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-13 18:11 - 2013-04-24 00:56 - 01255936 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-13 18:11 - 2013-04-24 00:55 - 01889280 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-13 18:11 - 2013-04-24 00:55 - 00141312 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-13 18:11 - 2013-04-24 00:55 - 00068096 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-13 17:11 - 2013-04-27 07:20 - 00733184 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 22:23 - 2013-04-03 01:37 - 00025088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 22:23 - 2013-04-03 01:12 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 21:51 - 2013-05-16 00:37 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-06-12 21:51 - 2013-05-16 00:36 - 14320640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 21:51 - 2013-05-16 00:35 - 19230720 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 21:51 - 2013-05-16 00:35 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll
2013-06-12 21:51 - 2013-05-14 15:14 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 21:51 - 2013-05-14 11:23 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 21:51 - 2013-04-29 00:30 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 21:51 - 2013-04-29 00:30 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 21:51 - 2013-04-29 00:30 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 21:51 - 2013-04-29 00:30 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 21:51 - 2013-04-29 00:30 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 21:51 - 2013-04-29 00:30 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 21:51 - 2013-04-29 00:30 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 21:51 - 2013-04-29 00:28 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 21:51 - 2013-04-29 00:28 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 21:51 - 2013-04-29 00:28 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 21:51 - 2013-04-29 00:28 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2013-06-12 21:51 - 2013-04-29 00:28 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 21:51 - 2013-04-29 00:28 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 21:51 - 2013-04-29 00:27 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 21:51 - 2013-04-29 00:27 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 21:51 - 2013-04-29 00:27 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-11 19:21 - 2013-05-16 00:35 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\tssdisai.dll
2013-06-09 12:54 - 2013-06-09 12:54 - 00000000 ____D C:\Program Files (x86)\iTunes Library Updater
2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files\iTunes
2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files\iPod
2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-09 09:43 - 2013-06-15 15:48 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000UA.job
2013-06-09 09:43 - 2013-06-15 09:48 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000Core.job
2013-06-09 09:39 - 2013-06-15 15:44 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-09 09:39 - 2013-06-15 15:10 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-08 22:35 - 2013-06-08 22:35 - 00000000 ____D C:\Users\Santa\AppData\Local\Broadcom
2013-06-08 22:35 - 2000-01-01 02:00 - 00161144 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwampfl.sys
2013-06-08 22:34 - 2000-01-01 02:00 - 02231064 ____A (Broadcom Corporation.) C:\Windows\System32\BcmBtRSupport.dll
2013-06-08 22:34 - 2000-01-01 02:00 - 02227992 ____A (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
2013-06-08 22:34 - 2000-01-01 02:00 - 00226680 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwavdt.sys
2013-06-08 22:34 - 2000-01-01 02:00 - 00186136 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwaudio.sys
2013-06-08 22:34 - 2000-01-01 02:00 - 00169240 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\bcbtums.sys
2013-06-08 22:34 - 2000-01-01 02:00 - 00040248 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwl2cap.sys
2013-06-08 22:34 - 2000-01-01 02:00 - 00020856 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwrchid.sys
2013-06-08 22:28 - 2013-06-08 22:34 - 00000433 ____A C:\Windows\setupact.log
2013-06-08 22:28 - 2013-06-08 22:28 - 00000000 ____A C:\Windows\setuperr.log
2013-06-08 22:20 - 2013-06-09 12:44 - 00000838 ____A C:\Windows\PFRO.log
2013-06-08 22:19 - 2013-06-08 22:19 - 00000000 ____D C:\Users\Santa\AppData\Local\pcwServiceCenter
2013-06-08 22:19 - 2000-01-01 02:00 - 00053248 ____A (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2013-06-08 22:16 - 2013-06-08 22:16 - 00002467 ____A C:\Users\Public\Desktop\SlimDrivers.lnk
2013-06-08 22:16 - 2013-06-08 22:16 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2013-06-08 22:12 - 2013-06-15 15:10 - 00016152 ____A C:\Windows\System32\Drivers\SWDUMon.sys
2013-06-08 22:12 - 2013-06-15 15:10 - 00000418 ____A C:\Windows\Tasks\SlimDrivers Startup.job
2013-06-08 22:12 - 2013-06-08 22:12 - 00000000 ____D C:\Users\Santa\AppData\Local\SlimWare Utilities Inc
2013-06-08 21:02 - 2013-06-08 21:02 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-08 21:02 - 2013-06-08 21:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-08 21:02 - 2013-06-08 21:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-08 21:02 - 2013-06-08 21:02 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-08 21:02 - 2013-06-08 21:02 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-08 21:01 - 2013-06-08 21:01 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-08 21:01 - 2013-06-08 21:01 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-08 21:01 - 2013-06-08 21:01 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-08 21:01 - 2013-06-08 21:01 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-08 21:01 - 2013-06-08 21:01 - 00001168 ____A C:\Users\Santa\Desktop\Google Talk.lnk
2013-06-08 20:59 - 2013-06-15 13:07 - 01083791 ____A C:\Windows\WindowsUpdate.log
2013-06-08 20:59 - 2013-06-08 20:59 - 00000000 ____D C:\Users\Santa\AppData\Local\Secunia PSI
2013-06-08 20:59 - 2013-06-08 20:59 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-06-08 20:56 - 2013-06-08 20:56 - 00053248 ____A C:\Windows\SysWOW64\zlib.dll
2013-06-08 20:56 - 2013-06-08 20:56 - 00000749 ____A C:\Users\Public\Desktop\dMaintenanceConfig.zip
2013-06-08 20:49 - 2013-06-08 20:49 - 00024576 ____A C:\Windows\System32\FoolishEventLogMsgHelper.dll
2013-06-08 19:54 - 2013-06-08 19:54 - 00000000 ____D C:\Program Files (x86)\Auslogics
2013-06-08 19:48 - 2013-06-08 19:48 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Auslogics
2013-06-08 19:47 - 2013-06-08 19:47 - 00000946 ____A C:\Users\Public\Desktop\PC-WELT-ServiceCenter.lnk
2013-06-08 19:46 - 2013-06-08 19:47 - 00000000 ____D C:\Program Files\PC-WELT-ServiceCenter
2013-06-08 18:32 - 2013-06-08 18:32 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-08 16:46 - 2013-06-08 16:46 - 00000000 ____D C:\Users\Santa\AppData\Local\Engelmann_Media
2013-06-08 16:40 - 2013-06-08 16:40 - 00000000 ____D C:\ProgramData\Licenses
2013-06-08 16:34 - 2013-06-08 22:20 - 00000334 ____A C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job
2013-06-08 16:34 - 2013-06-08 16:34 - 00000000 ____D C:\Users\Santa\AppData\Roaming\SuperEasy Software
2013-06-08 16:31 - 2013-06-08 16:31 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Engelmann Media
2013-06-08 16:31 - 2013-06-08 16:31 - 00000000 ____D C:\Program Files (x86)\Engelmann Media
2013-06-08 16:27 - 2013-06-08 16:28 - 00010458 ____A C:\Windows\Q-Dir.ini
2013-06-08 16:27 - 2013-06-08 16:28 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Q-Dir
2013-06-08 16:27 - 2013-06-08 16:27 - 00001832 ____A C:\Users\Public\Desktop\Q-Dir.lnk
2013-06-08 16:27 - 2013-06-08 16:27 - 00000000 ____D C:\Program Files (x86)\Q-Dir
2013-06-06 22:52 - 2013-06-06 23:09 - 00000000 ____D C:\Users\Santa\AppData\Roaming\GlarySoft
2013-06-06 22:50 - 2013-06-15 15:10 - 00000334 ____A C:\Windows\Tasks\GlaryInitialize.job
2013-06-06 22:50 - 2013-06-06 22:50 - 00000000 ____D C:\Program Files (x86)\Glary Utilities
2013-06-04 20:02 - 2013-06-04 20:02 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2013-06-04 19:22 - 2013-06-04 19:22 - 00000000 ____D C:\ProgramData\Bluray Decrypter
2013-06-04 19:07 - 2013-06-04 19:07 - 00000000 ____D C:\Program Files\Handbrake
2013-06-04 13:52 - 2013-05-24 19:05 - 02366320 ____A (Microsoft Corporation) C:\Windows\System32\WudfUpdate_01011.dll
2013-06-04 13:51 - 2013-06-04 13:56 - 00000000 ____D C:\ProgramData\Lenovo
2013-06-04 13:51 - 2013-06-04 13:51 - 00000000 ____D C:\Windows\Downloaded Installations
2013-06-04 13:51 - 2013-06-04 13:51 - 00000000 ____D C:\Program Files\Common Files\Lenovo
2013-06-03 17:30 - 2013-06-03 17:30 - 00000000 ____D C:\Users\Santa\AppData\Local\VMLite Workstation
2013-06-03 17:10 - 2013-06-08 18:29 - 00000000 ____D C:\Users\Santa\VMLites
2013-06-02 12:38 - 2013-06-02 12:38 - 00000000 ____D C:\Users\Santa\.android
2013-05-31 22:26 - 2013-05-31 22:26 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android
2013-05-31 22:26 - 2011-11-25 01:25 - 00015360 ____A (June Fabrics Technology Inc.) C:\Windows\System32\Drivers\pneteth.sys
2013-05-31 14:19 - 2013-05-31 14:19 - 00000000 ____D C:\ZOPO
2013-05-30 20:59 - 2013-05-30 20:59 - 00000000 ____D C:\Users\Santa\AppData\Local\FreemakeVideoConverter
2013-05-30 20:25 - 2013-05-30 20:25 - 00000000 ____D C:\ProgramData\Freemake
2013-05-30 20:25 - 2013-05-30 20:25 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-05-30 19:37 - 2013-06-04 19:07 - 00000827 ____A C:\Users\Santa\Desktop\Handbrake.lnk
2013-05-30 19:37 - 2013-06-01 12:38 - 00000000 ____D C:\Users\Santa\AppData\Roaming\HandBrake
2013-05-30 17:17 - 2013-05-30 17:17 - 00310216 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-30 17:13 - 2013-06-05 00:09 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-30 17:13 - 2013-06-05 00:09 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-30 16:57 - 2013-05-30 16:57 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2013-05-30 16:34 - 2013-06-06 22:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-30 16:04 - 2013-04-08 23:52 - 00106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2013-05-30 16:04 - 2013-04-08 23:51 - 01113600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
2013-05-30 16:04 - 2013-04-08 23:51 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2013-05-30 16:04 - 2013-04-08 23:51 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2013-05-30 16:04 - 2013-04-08 23:51 - 00268800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-05-30 16:04 - 2013-04-08 23:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll
2013-05-30 16:04 - 2013-03-16 00:05 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2013-05-30 16:03 - 2013-04-09 07:33 - 00489576 ____A (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2013-05-30 16:03 - 2013-04-09 07:33 - 00446792 ____A (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2013-05-30 16:03 - 2013-04-09 07:33 - 00253544 ____A (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2013-05-30 16:03 - 2013-04-09 07:27 - 00284424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
2013-05-30 16:03 - 2013-04-09 07:20 - 00306952 ____A (Microsoft Corporation) C:\Windows\System32\kd_02_10ec.dll
2013-05-30 16:03 - 2013-04-09 07:20 - 00086280 ____A (Microsoft Corporation) C:\Windows\System32\kdnet.dll
2013-05-30 16:03 - 2013-04-09 07:18 - 00077960 ____A (Microsoft Corporation) C:\Windows\System32\kdvm.dll
2013-05-30 16:03 - 2013-04-09 07:17 - 01829408 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-05-30 16:03 - 2013-04-09 06:52 - 00816128 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2013-05-30 16:03 - 2013-04-09 06:52 - 00804352 ____A (Microsoft Corporation) C:\Windows\System32\RecoveryDrive.exe
2013-05-30 16:03 - 2013-04-09 06:52 - 00373760 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2013-05-30 16:03 - 2013-04-09 06:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2013-05-30 16:03 - 2013-04-09 06:52 - 00126464 ____A (Microsoft Corporation) C:\Windows\System32\Robocopy.exe
2013-05-30 16:03 - 2013-04-09 06:51 - 14267904 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll
2013-05-30 16:03 - 2013-04-09 06:51 - 13648384 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2013-05-30 16:03 - 2013-04-09 06:51 - 10116096 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll
2013-05-30 16:03 - 2013-04-09 06:51 - 03552768 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2013-05-30 16:03 - 2013-04-09 06:51 - 00595456 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.dll
2013-05-30 16:03 - 2013-04-09 06:51 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-30 16:03 - 2013-04-09 06:51 - 00456704 ____A (Microsoft Corporation) C:\Windows\System32\wpncore.dll
2013-05-30 16:03 - 2013-04-09 06:51 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-05-30 16:03 - 2013-04-09 06:51 - 00367616 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-05-30 16:03 - 2013-04-09 06:51 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wscsvc.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 02107904 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 01285632 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 00745984 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 00435200 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 00422400 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 00414720 ____A (Microsoft Corporation) C:\Windows\System32\GenuineCenter.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mssprxy.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\msshooks.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 01444864 ____A (Microsoft Corporation) C:\Windows\System32\MSAudDecMFT.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 00817152 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 00468992 ____A (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 00281088 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\fhengine.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 00210432 ____A (Microsoft Corporation) C:\Windows\System32\iuilp.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 00196096 ____A (Microsoft Corporation) C:\Windows\System32\dmvdsitf.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\dwmredir.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\fmifs.dll
2013-05-30 16:03 - 2013-04-09 06:48 - 02303488 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-30 16:03 - 2013-04-09 06:48 - 00785408 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2013-05-30 16:03 - 2013-04-09 06:48 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl
2013-05-30 16:03 - 2013-04-09 06:48 - 00169472 ____A (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
2013-05-30 16:03 - 2013-04-09 04:35 - 04038144 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-30 16:03 - 2013-04-09 04:34 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys
2013-05-30 16:03 - 2013-04-09 04:34 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-05-30 16:03 - 2013-04-09 04:34 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2013-05-30 16:03 - 2013-04-09 04:33 - 00623104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2013-05-30 16:03 - 2013-04-09 04:33 - 00060416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
2013-05-30 16:03 - 2013-04-09 04:32 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
2013-05-30 16:03 - 2013-04-09 04:31 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2013-05-30 16:03 - 2013-04-09 04:31 - 00083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
2013-05-30 16:03 - 2013-04-09 01:44 - 00123880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2013-05-30 16:03 - 2013-04-09 01:39 - 01408896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-05-30 16:03 - 2013-04-09 01:37 - 00426024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2013-05-30 16:03 - 2013-04-09 01:37 - 00324368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2013-05-30 16:03 - 2013-04-08 23:52 - 11878912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-05-30 16:03 - 2013-04-08 23:52 - 00670208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2013-05-30 16:03 - 2013-04-08 23:52 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-05-30 16:03 - 2013-04-08 23:52 - 00302592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2013-05-30 16:03 - 2013-04-08 23:52 - 00171008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2013-05-30 16:03 - 2013-04-08 23:51 - 10789888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 02767360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 02035200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 01593344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00659456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00656896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00403968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2013-05-30 16:03 - 2013-04-08 23:51 - 00324096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00214528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00186880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00155648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00035328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2013-05-30 16:03 - 2013-04-05 01:30 - 00503080 ____A (Microsoft Corporation) C:\Windows\System32\ci.dll
2013-05-30 16:03 - 2013-04-03 00:08 - 00387688 ____A C:\Windows\System32\ApnDatabase.xml
2013-05-30 16:03 - 2013-03-30 20:16 - 01403784 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
2013-05-30 16:03 - 2013-03-30 20:16 - 01267424 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2013-05-30 16:03 - 2013-03-29 00:09 - 01217328 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
2013-05-30 16:03 - 2013-03-29 00:09 - 01093880 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2013-05-30 16:03 - 2013-03-16 00:05 - 00298456 ____A (Microsoft Corporation) C:\Windows\System32\rsaenh.dll
2013-05-30 16:03 - 2012-12-13 06:00 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-05-30 16:03 - 2012-12-13 05:59 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-05-30 16:01 - 2013-04-16 04:34 - 01455368 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-30 16:01 - 2013-04-11 08:40 - 06987528 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-05-30 15:59 - 2013-03-22 05:49 - 02382336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2013-05-30 15:59 - 2013-03-22 00:47 - 02851840 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2013-05-30 15:59 - 2013-03-15 02:17 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2013-05-30 15:59 - 2013-03-06 09:10 - 00112872 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-30 15:59 - 2013-03-06 08:31 - 19758592 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-30 15:59 - 2013-03-06 08:31 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-30 15:59 - 2013-03-06 08:29 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-30 15:59 - 2013-03-06 07:03 - 17561600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-30 15:59 - 2013-03-06 07:03 - 00199168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-19 12:54 - 2013-05-19 12:54 - 00097176 ____A (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll

==================== One Month Modified Files and Folders =======

2013-06-15 16:01 - 2013-06-15 16:01 - 00000000 ____D C:\FRST
2013-06-15 16:00 - 2013-03-30 17:23 - 00015614 ____A C:\Users\Santa\Network_Meter_Data.js
2013-06-15 16:00 - 2013-02-03 22:45 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Skype
2013-06-15 16:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\sru
2013-06-15 15:48 - 2013-06-09 09:43 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000UA.job
2013-06-15 15:44 - 2013-06-09 09:39 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-15 15:19 - 2012-07-26 12:27 - 00753134 ____A C:\Windows\System32\perfh007.dat
2013-06-15 15:19 - 2012-07-26 12:27 - 00155826 ____A C:\Windows\System32\perfc007.dat
2013-06-15 15:19 - 2012-07-26 09:28 - 01745416 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-15 15:11 - 2013-02-03 21:35 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Dropbox
2013-06-15 15:10 - 2013-06-09 09:39 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-15 15:10 - 2013-06-08 22:12 - 00016152 ____A C:\Windows\System32\Drivers\SWDUMon.sys
2013-06-15 15:10 - 2013-06-08 22:12 - 00000418 ____A C:\Windows\Tasks\SlimDrivers Startup.job
2013-06-15 15:10 - 2013-06-06 22:50 - 00000334 ____A C:\Windows\Tasks\GlaryInitialize.job
2013-06-15 15:10 - 2012-07-26 09:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-15 15:09 - 2013-06-15 15:09 - 862801894 ____A C:\Windows\MEMORY.DMP
2013-06-15 15:09 - 2013-03-28 14:18 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-15 13:07 - 2013-06-08 20:59 - 01083791 ____A C:\Windows\WindowsUpdate.log
2013-06-15 12:16 - 2013-06-15 12:16 - 00000000 ____D C:\Users\Santa\AppData\Roaming\WindowsLogonS
2013-06-15 11:46 - 2013-06-15 11:46 - 00000000 __SHD C:\ProgramData\svsupdates0
2013-06-15 09:48 - 2013-06-09 09:43 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000Core.job
2013-06-15 02:29 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-06-15 00:18 - 2013-02-09 16:59 - 00000000 ____D C:\Users\Santa\AppData\Roaming\vlc
2013-06-14 00:40 - 2013-03-31 01:13 - 00000026 ____A C:\Users\Santa\AppData\Roaming\Network Meter_Usage.ini
2013-06-14 00:40 - 2012-07-26 07:26 - 00262144 __ASH C:\Windows\System32\config\BBI
2013-06-13 22:24 - 2013-02-03 22:01 - 00000000 ____D C:\Users\Santa\AppData\Roaming\UseNeXT
2013-06-13 22:09 - 2013-02-03 21:45 - 00000000 ____D C:\Users\Santa\AppData\Roaming\KeePass
2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Users\Santa\AppData\Local\Newshosting
2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Users\Santa\AppData\Local\CrashRpt
2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\ProgramData\Caphyon
2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Program Files\Newshosting
2013-06-13 18:32 - 2013-02-03 20:59 - 00000000 ____D C:\users\Santa
2013-06-13 18:30 - 2013-06-13 18:30 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Newshosting
2013-06-13 17:31 - 2013-02-04 22:44 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 20:19 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-06-12 00:22 - 2012-07-26 07:37 - 00000000 ____D C:\Windows\servicing
2013-06-10 18:43 - 2013-02-05 00:26 - 00000853 ____A C:\Users\Santa\AppData\Roaming\Drives Meter_Settings.ini
2013-06-09 12:54 - 2013-06-09 12:54 - 00000000 ____D C:\Program Files (x86)\iTunes Library Updater
2013-06-09 12:44 - 2013-06-08 22:20 - 00000838 ____A C:\Windows\PFRO.log
2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files\iTunes
2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files\iPod
2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-09 09:44 - 2013-02-03 22:16 - 00000000 ____D C:\Users\Santa\AppData\Local\Google
2013-06-09 09:39 - 2013-02-03 22:16 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-08 22:35 - 2013-06-08 22:35 - 00000000 ____D C:\Users\Santa\AppData\Local\Broadcom
2013-06-08 22:34 - 2013-06-08 22:28 - 00000433 ____A C:\Windows\setupact.log
2013-06-08 22:34 - 2013-02-11 01:19 - 00000000 ____D C:\Program Files\Lenovo
2013-06-08 22:28 - 2013-06-08 22:28 - 00000000 ____A C:\Windows\setuperr.log
2013-06-08 22:20 - 2013-06-08 16:34 - 00000334 ____A C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job
2013-06-08 22:19 - 2013-06-08 22:19 - 00000000 ____D C:\Users\Santa\AppData\Local\pcwServiceCenter
2013-06-08 22:19 - 2013-02-03 21:15 - 00000000 ____D C:\Program Files (x86)\Intel
2013-06-08 22:16 - 2013-06-08 22:16 - 00002467 ____A C:\Users\Public\Desktop\SlimDrivers.lnk
2013-06-08 22:16 - 2013-06-08 22:16 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2013-06-08 22:12 - 2013-06-08 22:12 - 00000000 ____D C:\Users\Santa\AppData\Local\SlimWare Utilities Inc
2013-06-08 21:02 - 2013-06-08 21:02 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-08 21:02 - 2013-06-08 21:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-08 21:02 - 2013-06-08 21:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-08 21:02 - 2013-06-08 21:02 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-08 21:02 - 2013-06-08 21:02 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-08 21:02 - 2013-04-12 16:38 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-08 21:02 - 2013-04-12 16:38 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-08 21:01 - 2013-06-08 21:01 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-08 21:01 - 2013-06-08 21:01 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-08 21:01 - 2013-06-08 21:01 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-08 21:01 - 2013-06-08 21:01 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-08 21:01 - 2013-06-08 21:01 - 00001168 ____A C:\Users\Santa\Desktop\Google Talk.lnk
2013-06-08 21:01 - 2013-02-03 22:14 - 01092512 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-08 21:01 - 2013-02-03 22:14 - 00971680 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-08 20:59 - 2013-06-08 20:59 - 00000000 ____D C:\Users\Santa\AppData\Local\Secunia PSI
2013-06-08 20:59 - 2013-06-08 20:59 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-06-08 20:56 - 2013-06-08 20:56 - 00053248 ____A C:\Windows\SysWOW64\zlib.dll
2013-06-08 20:56 - 2013-06-08 20:56 - 00000749 ____A C:\Users\Public\Desktop\dMaintenanceConfig.zip
2013-06-08 20:49 - 2013-06-08 20:49 - 00024576 ____A C:\Windows\System32\FoolishEventLogMsgHelper.dll
2013-06-08 19:54 - 2013-06-08 19:54 - 00000000 ____D C:\Program Files (x86)\Auslogics
2013-06-08 19:48 - 2013-06-08 19:48 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Auslogics
2013-06-08 19:47 - 2013-06-08 19:47 - 00000946 ____A C:\Users\Public\Desktop\PC-WELT-ServiceCenter.lnk
2013-06-08 19:47 - 2013-06-08 19:46 - 00000000 ____D C:\Program Files\PC-WELT-ServiceCenter
2013-06-08 18:32 - 2013-06-08 18:32 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-08 18:29 - 2013-06-03 17:10 - 00000000 ____D C:\Users\Santa\VMLites
2013-06-08 17:48 - 2013-02-03 21:03 - 00000000 ____D C:\Users\Santa\AppData\Local\VirtualStore
2013-06-08 16:46 - 2013-06-08 16:46 - 00000000 ____D C:\Users\Santa\AppData\Local\Engelmann_Media
2013-06-08 16:40 - 2013-06-08 16:40 - 00000000 ____D C:\ProgramData\Licenses
2013-06-08 16:34 - 2013-06-08 16:34 - 00000000 ____D C:\Users\Santa\AppData\Roaming\SuperEasy Software
2013-06-08 16:31 - 2013-06-08 16:31 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Engelmann Media
2013-06-08 16:31 - 2013-06-08 16:31 - 00000000 ____D C:\Program Files (x86)\Engelmann Media
2013-06-08 16:28 - 2013-06-08 16:27 - 00010458 ____A C:\Windows\Q-Dir.ini
2013-06-08 16:28 - 2013-06-08 16:27 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Q-Dir
2013-06-08 16:27 - 2013-06-08 16:27 - 00001832 ____A C:\Users\Public\Desktop\Q-Dir.lnk
2013-06-08 16:27 - 2013-06-08 16:27 - 00000000 ____D C:\Program Files (x86)\Q-Dir
2013-06-06 23:32 - 2013-02-11 01:17 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-06 23:09 - 2013-06-06 22:52 - 00000000 ____D C:\Users\Santa\AppData\Roaming\GlarySoft
2013-06-06 22:55 - 2013-05-30 16:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-06 22:55 - 2013-02-05 00:09 - 00000000 ____D C:\Users\Santa\AppData\Roaming\BatteryBar
2013-06-06 22:50 - 2013-06-06 22:50 - 00000000 ____D C:\Program Files (x86)\Glary Utilities
2013-06-06 18:09 - 2012-01-07 18:24 - 00000000 ____D C:\Users\Santa\dwhelper
2013-06-06 14:16 - 2013-02-05 00:09 - 00000000 ____D C:\Program Files\BatteryBar
2013-06-05 23:50 - 2013-02-03 22:16 - 00000000 ____D C:\Program Files\Classic Shell
2013-06-05 00:09 - 2013-05-30 17:13 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-05 00:09 - 2013-05-30 17:13 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-04 20:05 - 2013-02-09 16:08 - 00000021 ____A C:\Users\Santa\AppData\Roaming\ISOWorkshop.ini
2013-06-04 20:02 - 2013-06-04 20:02 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2013-06-04 19:49 - 2013-02-03 22:17 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-06-04 19:49 - 2013-02-03 22:15 - 00000000 ____D C:\Users\Santa\AppData\Roaming\uTorrent
2013-06-04 19:48 - 2013-02-05 00:10 - 00000000 ____D C:\Program Files\CCleaner
2013-06-04 19:22 - 2013-06-04 19:22 - 00000000 ____D C:\ProgramData\Bluray Decrypter
2013-06-04 19:13 - 2013-02-05 00:37 - 00001198 ____A C:\Users\Public\Desktop\ISO Workshop.lnk
2013-06-04 19:07 - 2013-06-04 19:07 - 00000000 ____D C:\Program Files\Handbrake
2013-06-04 19:07 - 2013-05-30 19:37 - 00000827 ____A C:\Users\Santa\Desktop\Handbrake.lnk
2013-06-04 16:20 - 2013-02-11 01:20 - 00000000 ____D C:\Users\Santa\AppData\Roaming\TeamViewer
2013-06-04 14:04 - 2013-02-11 01:19 - 00000000 ____D C:\Program Files (x86)\Lenovo
2013-06-04 13:56 - 2013-06-04 13:51 - 00000000 ____D C:\ProgramData\Lenovo
2013-06-04 13:51 - 2013-06-04 13:51 - 00000000 ____D C:\Windows\Downloaded Installations
2013-06-04 13:51 - 2013-06-04 13:51 - 00000000 ____D C:\Program Files\Common Files\Lenovo
2013-06-04 13:51 - 2012-07-26 10:12 - 00000000 __RSD C:\Windows\Media
2013-06-03 19:08 - 2013-02-03 22:15 - 00000000 ____D C:\Program Files (x86)\uTorrent
2013-06-03 17:30 - 2013-06-03 17:30 - 00000000 ____D C:\Users\Santa\AppData\Local\VMLite Workstation
2013-06-02 12:38 - 2013-06-02 12:38 - 00000000 ____D C:\Users\Santa\.android
2013-06-02 12:36 - 2013-02-03 22:15 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Notepad++
2013-06-01 12:38 - 2013-05-30 19:37 - 00000000 ____D C:\Users\Santa\AppData\Roaming\HandBrake
2013-05-31 22:26 - 2013-05-31 22:26 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android
2013-05-31 14:19 - 2013-05-31 14:19 - 00000000 ____D C:\ZOPO
2013-05-30 20:59 - 2013-05-30 20:59 - 00000000 ____D C:\Users\Santa\AppData\Local\FreemakeVideoConverter
2013-05-30 20:25 - 2013-05-30 20:25 - 00000000 ____D C:\ProgramData\Freemake
2013-05-30 20:25 - 2013-05-30 20:25 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-05-30 17:24 - 2013-02-06 20:07 - 00000000 ____D C:\Users\Santa\AppData\Roaming\JAM Software
2013-05-30 17:19 - 2013-02-05 23:11 - 00001080 ____A C:\Users\Santa\AppData\Roaming\Network Meter_Settings.ini
2013-05-30 17:17 - 2013-05-30 17:17 - 00310216 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-30 17:12 - 2013-02-03 21:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-30 17:12 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2013-05-30 17:12 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-05-30 16:57 - 2013-05-30 16:57 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2013-05-30 16:57 - 2013-02-12 12:51 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Foxit Software
2013-05-24 19:05 - 2013-06-04 13:52 - 02366320 ____A (Microsoft Corporation) C:\Windows\System32\WudfUpdate_01011.dll
2013-05-24 15:21 - 2013-06-15 00:21 - 00000572 ___RA C:\Windows\SysWOW64\revolution.2012.118.720p-dimension.nfo
2013-05-19 12:54 - 2013-05-19 12:54 - 00097176 ____A (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll
2013-05-16 00:37 - 2013-06-12 21:51 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-05-16 00:36 - 2013-06-12 21:51 - 14320640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-16 00:35 - 2013-06-12 21:51 - 19230720 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 00:35 - 2013-06-12 21:51 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll
2013-05-16 00:35 - 2013-06-11 19:21 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\tssdisai.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-11 20:03

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-06-2013
Ran by Santa at 2013-06-15 16:02:23 Run:
Running from G:\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

µTorrent (Version: 3.3.0.29533)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
8GadgetPack (Version: 5.0.0)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Amazon MP3-Downloader 1.0.17 (Version: 1.0.17)
Anzeige am Bildschirm (Version: 6.67.05)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ArchiCrypt Live Version 6.9.2.10088 (Version: 6.9.2.10088)
Auslogics Disk Defrag (Version: 3.6)
BatteryBar (remove only)
Bonjour (Version: 3.0.0.10)
calibre 64bit (Version: 0.9.27)
CCleaner (Version: 4.02)
CDBurnerXP (Version: 4.5.1.3868)
Classic Shell (Version: 3.6.7)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
Conexant HD Audio (Version: 8.32.43.50)
doubleTwist (Version: 3.2.1.14961)
Dropbox (Version: 2.0.22)
ffdshow [rev 2527] [2008-12-19] (Version: 1.0)
Foxit Reader (Version: 6.0.3.524)
FreeFileSync 5.12 (Version: 5.12)
Freemake Video Converter Version 4.0.1 (Version: 4.0.1)
Glary Utilities 2.56.0.1822 (Version: 2.56.0.1822)
Google Chrome (Version: 27.0.1453.110)
Google Earth (Version: 7.0.3.8542)
Google Talk (remove only)
Google Update Helper (Version: 1.3.21.145)
HandBrake 0.9.9.1 (Version: 0.9.9.1)
ImgBurn (Version: 2.5.7.0)
Intel PROSet Wireless
Intel(R) Management Engine Components (Version: 7.1.21.1134)
Intel(R) Processor Graphics (Version: 9.17.10.2932)
Intel(R) WiDi (Version: 3.5.40.0)
Intel® PROSet/Wireless WiFi-Software (Version: 15.05.6000.1657)
IrfanView (remove only) (Version: 4.35)
ISO Workshop 4.2
iTunes (Version: 11.0.4.4)
iTunes Library Updater (Version: 1.2.2)
Java 7 Update 21 (64-bit) (Version: 7.0.210)
Java 7 Update 21 (Version: 7.0.210)
KeePass Password Safe 2.22
KeyLemon (Version: 2.7.1)
Lenovo Bluetooth with Enhanced Data Rate Software (Version: 12.0.0.4300)
Lenovo Patch Utility (Version: 1.3.2.6)
Lenovo Patch Utility 64 bit (Version: 1.3.2.6)
Lenovo Power Management Driver (Version: 1.66.00.22)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 21.0 (x86 de) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
Music Manager
Network Meter version 9.1 (Version: 9.1)
Newshosting (Version: 1.4.0)
Notepad++ (Version: 6.3.2)
Paint.NET v3.5.10 (Version: 3.60.0)
PdaNet+ for Android 4.12
PDFCreator (Version: 1.6.2)
Picasa 3 (Version: 3.9)
Q-Dir
Revo Uninstaller 1.94 (Version: 1.94)
RICOH_Media_Driver_v2.22.18.01 (Version: 2.22.18.01)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.9.0)
Secunia PSI (3.0.0.6001) (Version: 3.0.0.6001)
Simply Good Pictures 2 (Version: 2.0.12.1210)
Skype™ 6.3 (Version: 6.3.105)
SlimDrivers (Version: 2.2.30085)
TeamViewer 8 (Version: 8.0.18930)
TeraCopy 2.27
ThinkPad UltraNav Driver (Version: 16.2.19.7)
TrueCrypt (Version: 7.1a)
UseNeXT by Tangysoft
VirtualCloneDrive
VLC media player 2.0.6 (Version: 2.0.6)
Windows Service-Center 2013
Yahoo! Messenger

==================== Restore Points  =========================

03-06-2013 15:06:36 Installed VMLite Workstation
05-06-2013 21:50:11 Installed Classic Shell
08-06-2013 14:31:03 Installed Simply Good Pictures 2
08-06-2013 20:17:39 SlimDrivers Installing Drivers
08-06-2013 20:32:26 SlimDrivers Installing Drivers
12-06-2013 20:22:52 Windows Update
15-06-2013 05:51:58 Windows Defender Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/15/2013 03:12:02 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.3.21.103, Zeitstempel: 0x4f3c6d6c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000002e
ID des fehlerhaften Prozesses: 0x1064
Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0
Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1
Pfad des fehlerhaften Moduls: GoogleUpdate.exe2
Berichtskennung: GoogleUpdate.exe3
Vollständiger Name des fehlerhaften Pakets: GoogleUpdate.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GoogleUpdate.exe5

Error: (06/15/2013 03:11:07 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (06/15/2013 03:03:09 PM) (Source: Picasa3) (User: )
Description: Google Photos Screensaver ist abgestürzt. Eine Dump-Datei wurde generiert: C:\Users\Santa\AppData\Local\Temp\Photos_Screensaver_130615-150144.dmp

Error: (06/15/2013 02:48:25 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.3.21.103, Zeitstempel: 0x4f3c6d6c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000002f
ID des fehlerhaften Prozesses: 0x1e6c
Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0
Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1
Pfad des fehlerhaften Moduls: GoogleUpdate.exe2
Berichtskennung: GoogleUpdate.exe3
Vollständiger Name des fehlerhaften Pakets: GoogleUpdate.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GoogleUpdate.exe5

Error: (06/15/2013 02:47:38 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: GPhotos.scr, Version: 3.9.136.20, Zeitstempel: 0x515ae6ae
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000048
ID des fehlerhaften Prozesses: 0x3220
Startzeit der fehlerhaften Anwendung: 0xGPhotos.scr0
Pfad der fehlerhaften Anwendung: GPhotos.scr1
Pfad des fehlerhaften Moduls: GPhotos.scr2
Berichtskennung: GPhotos.scr3
Vollständiger Name des fehlerhaften Pakets: GPhotos.scr4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GPhotos.scr5

Error: (06/15/2013 01:48:30 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.3.21.103, Zeitstempel: 0x4f3c6d6c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000002f
ID des fehlerhaften Prozesses: 0x3838
Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0
Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1
Pfad des fehlerhaften Moduls: GoogleUpdate.exe2
Berichtskennung: GoogleUpdate.exe3
Vollständiger Name des fehlerhaften Pakets: GoogleUpdate.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GoogleUpdate.exe5

Error: (06/15/2013 00:48:17 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.3.21.103, Zeitstempel: 0x4f3c6d6c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000032
ID des fehlerhaften Prozesses: 0x28b4
Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0
Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1
Pfad des fehlerhaften Moduls: GoogleUpdate.exe2
Berichtskennung: GoogleUpdate.exe3
Vollständiger Name des fehlerhaften Pakets: GoogleUpdate.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GoogleUpdate.exe5

Error: (06/15/2013 07:51:58 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {a8aee6a7-3469-42e0-bc55-75ae02fddfd4}

Error: (06/14/2013 09:19:25 PM) (Source: Microsoft-Windows-LocationProvider) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database

Error: (06/13/2013 11:04:13 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: CxAudMsg64.exe, Version: 1.6.0.0, Zeitstempel: 0x4fd1c0c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16579, Zeitstempel: 0x51637f77
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000ebd59
ID des fehlerhaften Prozesses: 0x754
Startzeit der fehlerhaften Anwendung: 0xCxAudMsg64.exe0
Pfad der fehlerhaften Anwendung: CxAudMsg64.exe1
Pfad des fehlerhaften Moduls: CxAudMsg64.exe2
Berichtskennung: CxAudMsg64.exe3
Vollständiger Name des fehlerhaften Pakets: CxAudMsg64.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CxAudMsg64.exe5


System errors:
=============
Error: (06/15/2013 03:10:52 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/15/2013 03:10:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit dem folgenden dienstspezifischen Fehler beendet:
%%2147944153

Error: (06/15/2013 03:10:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Defender-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/15/2013 03:10:15 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?15.?06.?2013 um 14:38:40 unerwartet heruntergefahren.

Error: (06/14/2013 09:19:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/13/2013 11:04:13 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Conexant Audio Message Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/13/2013 05:10:15 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/12/2013 08:13:45 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/11/2013 07:08:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/10/2013 06:41:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2


Microsoft Office Sessions:
=========================
Error: (06/15/2013 03:12:02 PM) (Source: Application Error)(User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.2.9200.16578515fac6ec00000050000002e106401ce69c9d0546b24C:\Users\Santa\AppData\Local\Google\Update\GoogleUpdate.exeC:\WINDOWS\SYSTEM32\ntdll.dll2ab81968-d5bd-11e2-beb7-cc52afe0f613

Error: (06/15/2013 03:11:07 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (06/15/2013 03:03:09 PM) (Source: Picasa3)(User: )
Description: Google Photos Screensaver ist abgestürzt. Eine Dump-Datei wurde generiert: C:\Users\Santa\AppData\Local\Temp\Photos_Screensaver_130615-150144.dmp

Error: (06/15/2013 02:48:25 PM) (Source: Application Error)(User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.2.9200.16578515fac6ec00000050000002f1e6c01ce69c6912b3725C:\Users\Santa\AppData\Local\Google\Update\GoogleUpdate.exeC:\WINDOWS\SYSTEM32\ntdll.dllddc9ec21-d5b9-11e2-beb5-cc52afe0f613

Error: (06/15/2013 02:47:38 PM) (Source: Application Error)(User: )
Description: GPhotos.scr3.9.136.20515ae6aentdll.dll6.2.9200.16578515fac6ec000000500000048322001ce69c676d7072fC:\WINDOWS\SysWOW64\GPhotos.scrC:\WINDOWS\SYSTEM32\ntdll.dllc1be7245-d5b9-11e2-beb5-cc52afe0f613

Error: (06/15/2013 01:48:30 PM) (Source: Application Error)(User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.2.9200.16578515fac6ec00000050000002f383801ce69be2f66f29eC:\Users\Santa\AppData\Local\Google\Update\GoogleUpdate.exeC:\WINDOWS\SYSTEM32\ntdll.dll7f2c509e-d5b1-11e2-beb5-cc52afe0f613

Error: (06/15/2013 00:48:17 PM) (Source: Application Error)(User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.2.9200.16578515fac6ec00000050000003228b401ce69b5cda18beaC:\Users\Santa\AppData\Local\Google\Update\GoogleUpdate.exeC:\WINDOWS\SYSTEM32\ntdll.dll15eccb3d-d5a9-11e2-beb5-cc52afe0f613

Error: (06/15/2013 07:51:58 AM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {a8aee6a7-3469-42e0-bc55-75ae02fddfd4}

Error: (06/14/2013 09:19:25 PM) (Source: Microsoft-Windows-LocationProvider)(User: NT-AUTORITÄT)
Description: -2147024883

Error: (06/13/2013 11:04:13 PM) (Source: Application Error)(User: )
Description: CxAudMsg64.exe1.6.0.04fd1c0c1ntdll.dll6.2.9200.1657951637f77c000037400000000000ebd5975401ce68480457b5beC:\WINDOWS\system32\CxAudMsg64.exeC:\WINDOWS\SYSTEM32\ntdll.dllcc2db026-d46c-11e2-beb4-cc52afe0f613


==================== Memory info ===========================

Percentage of memory in use: 24%
Total physical RAM: 8103.23 MB
Available physical RAM: 6085.42 MB
Total Pagefile: 16295.23 MB
Available Pagefile: 14240.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (SSD) (Fixed) (Total:74.43 GB) (Free:13.19 GB) NTFS (Disk=1 Partition=2)
Drive e: (Volume) (Fixed) (Total:379.63 GB) (Free:11.3 GB) NTFS (Disk=0 Partition=4)
Drive g: (DATA) (Fixed) (Total:75.19 GB) (Free:16.78 GB) NTFS (Disk=0 Partition=2)
Drive h: (W8_Recovery) (Fixed) (Total:9.77 GB) (Free:0.8 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 9D286FA3)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=75 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=380 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 9F478B1E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 15.06.2013 16:07
Fix mit FRST
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
IMEO\hijackthis.exe: [Debugger] kbvh_.exe
IMEO\housecalllauncher.exe: [Debugger] snrm_.exe
IMEO\mbam.exe: [Debugger] mefjb_.exe
IMEO\mbamgui.exe: [Debugger] gxwfo_.exe
IMEO\MSASCui.exe: [Debugger] moyml_.exe
IMEO\MsMpEng.exe: [Debugger] ftdim_.exe
IMEO\msseces.exe: [Debugger] xsljq_.exe
IMEO\rstrui.exe: [Debugger] safp_.exe
IMEO\spybotsd.exe: [Debugger] sina_.exe
R3 WinRing0_1_2_0; \??\C:\Users\Santa\AppData\Local\Temp\tmpA2D7.tmp [x]
2013-06-15 12:16 - 2013-06-15 12:16 - 00000000 ____D C:\Users\Santa\AppData\Roaming\WindowsLogonS
2013-06-15 11:46 - 2013-06-15 11:46 - 00000000 __SHD C:\ProgramData\svsupdates0
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Fix Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

mamic 15.06.2013 16:29
Ausgeführt!
Gruss Manfred

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-06-2013
Ran by Santa at 2013-06-15 17:20:28 Run:1
Running from G:\Desktop
Boot Mode: Normal
==============================================

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\housecalllauncher.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamgui.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe => Key deleted successfully.
WinRing0_1_2_0 => Service deleted successfully.

"C:\Users\Santa\AppData\Roaming\WindowsLogonS" directory move:

C:\Users\Santa\AppData\Roaming\WindowsLogonS\coinutil.dll => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\killer.bat => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\macromedia.exe => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\miner.dll => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\openssl.dll => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\phatk.cl => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\phatk.ptx => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\puts.vbs => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\shell.exe => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\usft_ext.dll => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\usft_ext.exe.vbs => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\shel\compile.bat => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\shel\shell.exe_part2 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\shel\shell.exe_part3 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\shel\shell.exe_part4 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\shel\shell.exe_part5 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\shel\shell.exe_part6 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\compile.bat => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part10 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part11 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part12 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part13 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part14 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part15 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part16 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part17 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part18 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part19 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part2 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part20 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part21 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part22 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part23 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part24 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part25 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part26 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part27 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part28 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part29 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part3 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part30 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part31 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part32 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part33 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part34 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part35 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part4 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part5 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part6 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part7 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part8 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part9 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\macro\compile.bat => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\macro\macromedia.exe_part2 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\macro\macromedia.exe_part3 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\macro\macromedia.exe_part4 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\macro\macromedia.exe_part5 => Moved successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS\macro\macromedia.exe_part6 => Moved successfully.
Could not move "C:\Users\Santa\AppData\Roaming\WindowsLogonS" directory. => Scheduled to move on reboot.


"C:\ProgramData\svsupdates0" directory move:

Could not move C:\ProgramData\svsupdates0\xsytzecrn.exe. => Scheduled to move on reboot.
Could not move "C:\ProgramData\svsupdates0" directory. => Scheduled to move on reboot.


=========== Result of Scheduled Files to move ===========
C:\Users\Santa\AppData\Roaming\WindowsLogonS => Moved successfully.
C:\ProgramData\svsupdates0\xsytzecrn.exe => File could not move.
C:\ProgramData\svsupdates0 => Directory could not move.

==== End of Fixlog ====

schrauber 15.06.2013 17:50
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST Log bitte :)

mamic 15.06.2013 18:55
Good evening!
Alles wie angewiesen durchgeführt, hier die log files!
Gruss
Manfred

Code:
# AdwCleaner v2.303 - Datei am 15/06/2013 um 19:39:10 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 8 Pro with Media Center  (64 bits)
# Benutzer : Santa - YPS
# Bootmodus : Normal
# Ausgeführt unter : G:\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Santa\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\prefs.js

Gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Gelöscht : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir[...]

-\\ Google Chrome v27.0.1453.110

Datei : C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [10552 octets] - [15/06/2013 19:39:10]

########## EOF - C:\AdwCleaner[S1].txt - [10613 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 8 Pro with Media Center x64
Ran by Santa on 15.06.2013 at 19:43:34,33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1236658316-3132239065-196456727-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] "C:\Users\Santa\AppData\Roaming\mozilla\firefox\profiles\5zat8v2p.default\extensions\isreaditlater@ideashower.com.xpi"
Successfully deleted the following from C:\Users\Santa\AppData\Roaming\mozilla\firefox\profiles\5zat8v2p.default\prefs.js

user_pref("extensions.webbooster@iminent.com.install-event-fired", true);
Emptied folder: C:\Users\Santa\AppData\Roaming\mozilla\firefox\profiles\5zat8v2p.default\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.06.2013 at 19:47:13,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013
Ran by Santa (administrator) on 15-06-2013 19:47:42
Running from G:\Desktop
Windows 8 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\WINDOWS\system32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\WINDOWS\system32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\WINDOWS\SysWOW64\SAsrv.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(AddGadgets) G:\Downloads\Gadgets\PCMeter\PCMeterV0.3.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPOSD.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\WINDOWS\System32\LocationNotifications.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
(Google Inc.) C:\Users\Santa\AppData\Local\Google\Update\GoogleUpdate.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\Santa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\System32\WScript.exe
(Ufasoft) C:\FRST\Quarantine\shell.exe
(Ufasoft) C:\FRST\Quarantine\macromedia.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [KeyLemon LemonScreen] C:\Program Files\KeyLemon\KLLockEngine.exe atstartup [1004984 2012-12-17] (KeyLemon)
HKLM\...\Run: [KeyLemon Updater] C:\Program Files\KeyLemon\KLUpdater.exe [705464 2012-12-17] (KeyLemon)
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [LenovoOptMouseUpdate] C:\Program Files\Lenovo\HOTKEY\extapsup.exe [250976 2012-08-31] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1371648 2012-05-19] (Microsoft Corporation)
HKCU\...\Run: [NPowerTray] G:\Downloads\NPowerTray.exe [x]
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
HKCU\...\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show [89600 2013-04-11] ()
HKCU\...\Run: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart [3289088 2007-11-21] (Google)
HKCU\...\Run: [Google Update] "C:\Users\Santa\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2013-06-09] (Google Inc.)
HKCU\...\Run: [MusicManager] "C:\Users\Santa\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [7331840 2013-04-24] (Google Inc.)
HKCU\...\Run: [Adobe Flash Updater] "C:\ProgramData\svsupdates0\xsytzecrn.exe" [745472 2013-06-15] (Microsoft Corporation)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload [1960448 2013-04-05] (Dominik Reichl)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Flash Updater] "C:\ProgramData\svsupdates0\xsytzecrn.exe" [745472 2013-06-15] (Microsoft Corporation)
IMEO\hijackthis.exe: [Debugger] iuznf_.exe
IMEO\housecalllauncher.exe: [Debugger] wtdar_.exe
IMEO\rstrui.exe: [Debugger] bjrwz_.exe
IMEO\spybotsd.exe: [Debugger] wfoqk_.exe
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Santa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk
ShortcutTarget: Skype.lnk -> C:\FRST\Quarantine\usft_ext.exe.vbs ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: PodcastBHO Class - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler: msdaipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File

FireFox:
========
FF ProfilePath: C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default
FF Homepage: hxxp://web.de/|hxxp://www.google.com/ig?hl=de|https://ksab.kroschu.com/webaccess/index.php|hxxp://www.gizmodo.de/|hxxp://www.focus.de/|hxxp://www.myliveshopping.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF Extension: Flagfox - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF Extension: DownloadHelper - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: amznUWL2 - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\amznUWL2@amazon.com.xpi
FF Extension: client - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\client@anonymox.net.xpi
FF Extension: musicplayer - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\musicplayer@firemediaplayer.com.xpi
FF Extension: SkipScreen - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\SkipScreen@SkipScreen.xpi
FF Extension: translator - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\translator@zoli.bod.xpi
FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi
FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
CHR Plugin: (doubletwist Plugin 1, 3, 0, 0) - C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YOUZEEK Free Music) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcgpdkighmjfjlplcighhgamlhkimce\2.0.1_0
CHR Extension: (YouTube) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Play Music) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\5.1_0
CHR Extension: (Gmail) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2227992 2000-01-01] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [331776 2012-07-26] (Microsoft Corporation)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [959256 2012-11-15] (Broadcom Corporation.)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-04-12] (IvoSoft)
R2 CxAudMsg; C:\WINDOWS\system32\CxAudMsg64.exe [201376 2012-06-08] (Conexant Systems Inc.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-05-30] (Freemake)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R1 ACLE6Live; C:\WINDOWS\system32\Drivers\ACLE1764.sys [109016 2013-02-14] (Softwareentwicklung Remus - ArchiCrypt - )
R1 ACLE6Live; C:\WINDOWS\system32\Drivers\ACLE1764.sys [109016 2013-02-14] (Softwareentwicklung Remus - ArchiCrypt - )
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [169240 2000-01-01] (Broadcom Corporation.)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [117632 2013-02-02] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [30720 2013-02-02] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-18] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
R3 WinRing0_1_2_0; \??\C:\Users\Santa\AppData\Local\Temp\tmp786C.tmp [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-15 19:47 - 2013-06-15 19:47 - 00001842 ____A C:\Users\Santa\Desktop\JRT.txt
2013-06-15 19:43 - 2013-06-15 19:43 - 00000000 ____D C:\Windows\ERUNT
2013-06-15 19:43 - 2013-06-15 19:43 - 00000000 ____D C:\JRT
2013-06-15 19:39 - 2013-06-15 19:39 - 00010597 ____A C:\AdwCleaner[S1].txt
2013-06-15 16:01 - 2013-06-15 17:21 - 00000000 ____D C:\FRST
2013-06-15 15:09 - 2013-06-15 15:09 - 862801894 ____A C:\Windows\MEMORY.DMP
2013-06-15 11:46 - 2013-06-15 11:46 - 00000000 __SHD C:\ProgramData\svsupdates0
2013-06-15 00:21 - 2013-05-24 15:21 - 00000572 ___RA C:\Windows\SysWOW64\revolution.2012.118.720p-dimension.nfo
2013-06-13 19:15 - 2013-05-04 09:45 - 02233600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Users\Santa\AppData\Local\Newshosting
2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Users\Santa\AppData\Local\CrashRpt
2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\ProgramData\Caphyon
2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Program Files\Newshosting
2013-06-13 18:30 - 2013-06-13 18:30 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Newshosting
2013-06-13 18:11 - 2013-04-24 01:13 - 01013248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-13 18:11 - 2013-04-24 01:12 - 01569792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-13 18:11 - 2013-04-24 01:12 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-13 18:11 - 2013-04-24 00:56 - 01255936 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-13 18:11 - 2013-04-24 00:55 - 01889280 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-13 18:11 - 2013-04-24 00:55 - 00141312 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-13 18:11 - 2013-04-24 00:55 - 00068096 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-13 17:11 - 2013-04-27 07:20 - 00733184 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 22:23 - 2013-04-03 01:37 - 00025088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 22:23 - 2013-04-03 01:12 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 21:51 - 2013-05-16 00:37 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-06-12 21:51 - 2013-05-16 00:36 - 14320640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 21:51 - 2013-05-16 00:35 - 19230720 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 21:51 - 2013-05-16 00:35 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll
2013-06-12 21:51 - 2013-05-14 15:14 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 21:51 - 2013-05-14 11:23 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 21:51 - 2013-04-29 00:30 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 21:51 - 2013-04-29 00:30 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 21:51 - 2013-04-29 00:30 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 21:51 - 2013-04-29 00:30 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 21:51 - 2013-04-29 00:30 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 21:51 - 2013-04-29 00:30 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 21:51 - 2013-04-29 00:30 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 21:51 - 2013-04-29 00:28 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 21:51 - 2013-04-29 00:28 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 21:51 - 2013-04-29 00:28 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 21:51 - 2013-04-29 00:28 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2013-06-12 21:51 - 2013-04-29 00:28 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 21:51 - 2013-04-29 00:28 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 21:51 - 2013-04-29 00:27 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 21:51 - 2013-04-29 00:27 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 21:51 - 2013-04-29 00:27 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-11 19:21 - 2013-05-16 00:35 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\tssdisai.dll
2013-06-09 12:54 - 2013-06-09 12:54 - 00000000 ____D C:\Program Files (x86)\iTunes Library Updater
2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files\iTunes
2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files\iPod
2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-09 09:43 - 2013-06-15 19:48 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000UA.job
2013-06-09 09:43 - 2013-06-15 09:48 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000Core.job
2013-06-09 09:39 - 2013-06-15 19:44 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-09 09:39 - 2013-06-15 19:40 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-08 22:35 - 2013-06-08 22:35 - 00000000 ____D C:\Users\Santa\AppData\Local\Broadcom
2013-06-08 22:35 - 2000-01-01 02:00 - 00161144 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwampfl.sys
2013-06-08 22:34 - 2000-01-01 02:00 - 02231064 ____A (Broadcom Corporation.) C:\Windows\System32\BcmBtRSupport.dll
2013-06-08 22:34 - 2000-01-01 02:00 - 02227992 ____A (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
2013-06-08 22:34 - 2000-01-01 02:00 - 00226680 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwavdt.sys
2013-06-08 22:34 - 2000-01-01 02:00 - 00186136 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwaudio.sys
2013-06-08 22:34 - 2000-01-01 02:00 - 00169240 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\bcbtums.sys
2013-06-08 22:34 - 2000-01-01 02:00 - 00040248 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwl2cap.sys
2013-06-08 22:34 - 2000-01-01 02:00 - 00020856 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwrchid.sys
2013-06-08 22:28 - 2013-06-08 22:34 - 00000433 ____A C:\Windows\setupact.log
2013-06-08 22:28 - 2013-06-08 22:28 - 00000000 ____A C:\Windows\setuperr.log
2013-06-08 22:20 - 2013-06-15 17:20 - 00001174 ____A C:\Windows\PFRO.log
2013-06-08 22:19 - 2013-06-08 22:19 - 00000000 ____D C:\Users\Santa\AppData\Local\pcwServiceCenter
2013-06-08 22:19 - 2000-01-01 02:00 - 00053248 ____A (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2013-06-08 22:16 - 2013-06-08 22:16 - 00002467 ____A C:\Users\Public\Desktop\SlimDrivers.lnk
2013-06-08 22:16 - 2013-06-08 22:16 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2013-06-08 22:12 - 2013-06-15 19:42 - 00000418 ____A C:\Windows\Tasks\SlimDrivers Startup.job
2013-06-08 22:12 - 2013-06-08 22:12 - 00000000 ____D C:\Users\Santa\AppData\Local\SlimWare Utilities Inc
2013-06-08 21:02 - 2013-06-08 21:02 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-08 21:02 - 2013-06-08 21:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-08 21:02 - 2013-06-08 21:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-08 21:02 - 2013-06-08 21:02 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-08 21:02 - 2013-06-08 21:02 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-08 21:01 - 2013-06-08 21:01 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-08 21:01 - 2013-06-08 21:01 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-08 21:01 - 2013-06-08 21:01 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-08 21:01 - 2013-06-08 21:01 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-08 21:01 - 2013-06-08 21:01 - 00001168 ____A C:\Users\Santa\Desktop\Google Talk.lnk
2013-06-08 20:59 - 2013-06-15 13:07 - 01083791 ____A C:\Windows\WindowsUpdate.log
2013-06-08 20:59 - 2013-06-08 20:59 - 00000000 ____D C:\Users\Santa\AppData\Local\Secunia PSI
2013-06-08 20:59 - 2013-06-08 20:59 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-06-08 20:56 - 2013-06-08 20:56 - 00053248 ____A C:\Windows\SysWOW64\zlib.dll
2013-06-08 20:56 - 2013-06-08 20:56 - 00000749 ____A C:\Users\Public\Desktop\dMaintenanceConfig.zip
2013-06-08 20:49 - 2013-06-08 20:49 - 00024576 ____A C:\Windows\System32\FoolishEventLogMsgHelper.dll
2013-06-08 19:54 - 2013-06-08 19:54 - 00000000 ____D C:\Program Files (x86)\Auslogics
2013-06-08 19:48 - 2013-06-08 19:48 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Auslogics
2013-06-08 19:47 - 2013-06-08 19:47 - 00000946 ____A C:\Users\Public\Desktop\PC-WELT-ServiceCenter.lnk
2013-06-08 19:46 - 2013-06-08 19:47 - 00000000 ____D C:\Program Files\PC-WELT-ServiceCenter
2013-06-08 18:32 - 2013-06-08 18:32 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-08 16:46 - 2013-06-08 16:46 - 00000000 ____D C:\Users\Santa\AppData\Local\Engelmann_Media
2013-06-08 16:40 - 2013-06-08 16:40 - 00000000 ____D C:\ProgramData\Licenses
2013-06-08 16:34 - 2013-06-08 22:20 - 00000334 ____A C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job
2013-06-08 16:34 - 2013-06-08 16:34 - 00000000 ____D C:\Users\Santa\AppData\Roaming\SuperEasy Software
2013-06-08 16:31 - 2013-06-08 16:31 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Engelmann Media
2013-06-08 16:31 - 2013-06-08 16:31 - 00000000 ____D C:\Program Files (x86)\Engelmann Media
2013-06-08 16:27 - 2013-06-08 16:28 - 00010458 ____A C:\Windows\Q-Dir.ini
2013-06-08 16:27 - 2013-06-08 16:28 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Q-Dir
2013-06-08 16:27 - 2013-06-08 16:27 - 00001832 ____A C:\Users\Public\Desktop\Q-Dir.lnk
2013-06-08 16:27 - 2013-06-08 16:27 - 00000000 ____D C:\Program Files (x86)\Q-Dir
2013-06-06 22:52 - 2013-06-06 23:09 - 00000000 ____D C:\Users\Santa\AppData\Roaming\GlarySoft
2013-06-06 22:50 - 2013-06-15 19:40 - 00000334 ____A C:\Windows\Tasks\GlaryInitialize.job
2013-06-06 22:50 - 2013-06-06 22:50 - 00000000 ____D C:\Program Files (x86)\Glary Utilities
2013-06-04 20:02 - 2013-06-04 20:02 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2013-06-04 19:22 - 2013-06-04 19:22 - 00000000 ____D C:\ProgramData\Bluray Decrypter
2013-06-04 19:07 - 2013-06-04 19:07 - 00000000 ____D C:\Program Files\Handbrake
2013-06-04 13:52 - 2013-05-24 19:05 - 02366320 ____A (Microsoft Corporation) C:\Windows\System32\WudfUpdate_01011.dll
2013-06-04 13:51 - 2013-06-04 13:56 - 00000000 ____D C:\ProgramData\Lenovo
2013-06-04 13:51 - 2013-06-04 13:51 - 00000000 ____D C:\Windows\Downloaded Installations
2013-06-04 13:51 - 2013-06-04 13:51 - 00000000 ____D C:\Program Files\Common Files\Lenovo
2013-06-03 17:30 - 2013-06-03 17:30 - 00000000 ____D C:\Users\Santa\AppData\Local\VMLite Workstation
2013-06-03 17:10 - 2013-06-08 18:29 - 00000000 ____D C:\Users\Santa\VMLites
2013-06-02 12:38 - 2013-06-02 12:38 - 00000000 ____D C:\Users\Santa\.android
2013-05-31 22:26 - 2013-05-31 22:26 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android
2013-05-31 22:26 - 2011-11-25 01:25 - 00015360 ____A (June Fabrics Technology Inc.) C:\Windows\System32\Drivers\pneteth.sys
2013-05-31 14:19 - 2013-05-31 14:19 - 00000000 ____D C:\ZOPO
2013-05-30 20:59 - 2013-05-30 20:59 - 00000000 ____D C:\Users\Santa\AppData\Local\FreemakeVideoConverter
2013-05-30 20:25 - 2013-05-30 20:25 - 00000000 ____D C:\ProgramData\Freemake
2013-05-30 20:25 - 2013-05-30 20:25 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-05-30 19:37 - 2013-06-04 19:07 - 00000827 ____A C:\Users\Santa\Desktop\Handbrake.lnk
2013-05-30 19:37 - 2013-06-01 12:38 - 00000000 ____D C:\Users\Santa\AppData\Roaming\HandBrake
2013-05-30 17:17 - 2013-05-30 17:17 - 00310216 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-30 17:13 - 2013-06-05 00:09 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-30 17:13 - 2013-06-05 00:09 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-30 16:57 - 2013-05-30 16:57 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2013-05-30 16:34 - 2013-06-06 22:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-30 16:04 - 2013-04-08 23:52 - 00106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2013-05-30 16:04 - 2013-04-08 23:51 - 01113600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
2013-05-30 16:04 - 2013-04-08 23:51 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2013-05-30 16:04 - 2013-04-08 23:51 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2013-05-30 16:04 - 2013-04-08 23:51 - 00268800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-05-30 16:04 - 2013-04-08 23:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll
2013-05-30 16:04 - 2013-03-16 00:05 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2013-05-30 16:03 - 2013-04-09 07:33 - 00489576 ____A (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2013-05-30 16:03 - 2013-04-09 07:33 - 00446792 ____A (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2013-05-30 16:03 - 2013-04-09 07:33 - 00253544 ____A (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2013-05-30 16:03 - 2013-04-09 07:27 - 00284424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
2013-05-30 16:03 - 2013-04-09 07:20 - 00306952 ____A (Microsoft Corporation) C:\Windows\System32\kd_02_10ec.dll
2013-05-30 16:03 - 2013-04-09 07:20 - 00086280 ____A (Microsoft Corporation) C:\Windows\System32\kdnet.dll
2013-05-30 16:03 - 2013-04-09 07:18 - 00077960 ____A (Microsoft Corporation) C:\Windows\System32\kdvm.dll
2013-05-30 16:03 - 2013-04-09 07:17 - 01829408 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-05-30 16:03 - 2013-04-09 06:52 - 00816128 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2013-05-30 16:03 - 2013-04-09 06:52 - 00804352 ____A (Microsoft Corporation) C:\Windows\System32\RecoveryDrive.exe
2013-05-30 16:03 - 2013-04-09 06:52 - 00373760 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2013-05-30 16:03 - 2013-04-09 06:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2013-05-30 16:03 - 2013-04-09 06:52 - 00126464 ____A (Microsoft Corporation) C:\Windows\System32\Robocopy.exe
2013-05-30 16:03 - 2013-04-09 06:51 - 14267904 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll
2013-05-30 16:03 - 2013-04-09 06:51 - 13648384 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2013-05-30 16:03 - 2013-04-09 06:51 - 10116096 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll
2013-05-30 16:03 - 2013-04-09 06:51 - 03552768 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2013-05-30 16:03 - 2013-04-09 06:51 - 00595456 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.dll
2013-05-30 16:03 - 2013-04-09 06:51 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-30 16:03 - 2013-04-09 06:51 - 00456704 ____A (Microsoft Corporation) C:\Windows\System32\wpncore.dll
2013-05-30 16:03 - 2013-04-09 06:51 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-05-30 16:03 - 2013-04-09 06:51 - 00367616 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-05-30 16:03 - 2013-04-09 06:51 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wscsvc.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 02107904 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 01285632 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 00745984 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 00435200 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 00422400 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 00414720 ____A (Microsoft Corporation) C:\Windows\System32\GenuineCenter.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mssprxy.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\msshooks.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 01444864 ____A (Microsoft Corporation) C:\Windows\System32\MSAudDecMFT.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 00817152 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 00468992 ____A (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 00281088 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\fhengine.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 00210432 ____A (Microsoft Corporation) C:\Windows\System32\iuilp.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 00196096 ____A (Microsoft Corporation) C:\Windows\System32\dmvdsitf.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\dwmredir.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\fmifs.dll
2013-05-30 16:03 - 2013-04-09 06:48 - 02303488 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-30 16:03 - 2013-04-09 06:48 - 00785408 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2013-05-30 16:03 - 2013-04-09 06:48 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl
2013-05-30 16:03 - 2013-04-09 06:48 - 00169472 ____A (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
2013-05-30 16:03 - 2013-04-09 04:35 - 04038144 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-30 16:03 - 2013-04-09 04:34 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys
2013-05-30 16:03 - 2013-04-09 04:34 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-05-30 16:03 - 2013-04-09 04:34 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2013-05-30 16:03 - 2013-04-09 04:33 - 00623104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2013-05-30 16:03 - 2013-04-09 04:33 - 00060416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
2013-05-30 16:03 - 2013-04-09 04:32 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
2013-05-30 16:03 - 2013-04-09 04:31 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2013-05-30 16:03 - 2013-04-09 04:31 - 00083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
2013-05-30 16:03 - 2013-04-09 01:44 - 00123880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2013-05-30 16:03 - 2013-04-09 01:39 - 01408896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-05-30 16:03 - 2013-04-09 01:37 - 00426024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2013-05-30 16:03 - 2013-04-09 01:37 - 00324368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2013-05-30 16:03 - 2013-04-08 23:52 - 11878912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-05-30 16:03 - 2013-04-08 23:52 - 00670208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2013-05-30 16:03 - 2013-04-08 23:52 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-05-30 16:03 - 2013-04-08 23:52 - 00302592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2013-05-30 16:03 - 2013-04-08 23:52 - 00171008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2013-05-30 16:03 - 2013-04-08 23:51 - 10789888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 02767360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 02035200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 01593344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00659456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00656896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00403968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2013-05-30 16:03 - 2013-04-08 23:51 - 00324096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00214528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00186880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00155648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00035328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2013-05-30 16:03 - 2013-04-05 01:30 - 00503080 ____A (Microsoft Corporation) C:\Windows\System32\ci.dll
2013-05-30 16:03 - 2013-04-03 00:08 - 00387688 ____A C:\Windows\System32\ApnDatabase.xml
2013-05-30 16:03 - 2013-03-30 20:16 - 01403784 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
2013-05-30 16:03 - 2013-03-30 20:16 - 01267424 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2013-05-30 16:03 - 2013-03-29 00:09 - 01217328 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
2013-05-30 16:03 - 2013-03-29 00:09 - 01093880 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2013-05-30 16:03 - 2013-03-16 00:05 - 00298456 ____A (Microsoft Corporation) C:\Windows\System32\rsaenh.dll
2013-05-30 16:03 - 2012-12-13 06:00 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-05-30 16:03 - 2012-12-13 05:59 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-05-30 16:01 - 2013-04-16 04:34 - 01455368 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-30 16:01 - 2013-04-11 08:40 - 06987528 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-05-30 15:59 - 2013-03-22 05:49 - 02382336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2013-05-30 15:59 - 2013-03-22 00:47 - 02851840 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2013-05-30 15:59 - 2013-03-15 02:17 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2013-05-30 15:59 - 2013-03-06 09:10 - 00112872 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-30 15:59 - 2013-03-06 08:31 - 19758592 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-30 15:59 - 2013-03-06 08:31 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-30 15:59 - 2013-03-06 08:29 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-30 15:59 - 2013-03-06 07:03 - 17561600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-30 15:59 - 2013-03-06 07:03 - 00199168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-19 12:54 - 2013-05-19 12:54 - 00097176 ____A (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll

==================== One Month Modified Files and Folders =======

2013-06-15 19:48 - 2013-06-09 09:43 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000UA.job
2013-06-15 19:47 - 2013-06-15 19:47 - 00001842 ____A C:\Users\Santa\Desktop\JRT.txt
2013-06-15 19:44 - 2013-06-09 09:39 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-15 19:43 - 2013-06-15 19:43 - 00000000 ____D C:\Windows\ERUNT
2013-06-15 19:43 - 2013-06-15 19:43 - 00000000 ____D C:\JRT
2013-06-15 19:42 - 2013-06-08 22:12 - 00000418 ____A C:\Windows\Tasks\SlimDrivers Startup.job
2013-06-15 19:41 - 2013-02-03 22:45 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Skype
2013-06-15 19:41 - 2013-02-03 21:35 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Dropbox
2013-06-15 19:40 - 2013-06-09 09:39 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-15 19:40 - 2013-06-06 22:50 - 00000334 ____A C:\Windows\Tasks\GlaryInitialize.job
2013-06-15 19:40 - 2012-07-26 09:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-15 19:39 - 2013-06-15 19:39 - 00010597 ____A C:\AdwCleaner[S1].txt
2013-06-15 19:09 - 2013-03-28 14:18 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-15 19:00 - 2013-03-30 17:23 - 00015713 ____A C:\Users\Santa\Network_Meter_Data.js
2013-06-15 19:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\sru
2013-06-15 17:29 - 2012-07-26 12:27 - 00753134 ____A C:\Windows\System32\perfh007.dat
2013-06-15 17:29 - 2012-07-26 12:27 - 00155826 ____A C:\Windows\System32\perfc007.dat
2013-06-15 17:29 - 2012-07-26 09:28 - 01745416 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-15 17:21 - 2013-06-15 16:01 - 00000000 ____D C:\FRST
2013-06-15 17:20 - 2013-06-08 22:20 - 00001174 ____A C:\Windows\PFRO.log
2013-06-15 17:20 - 2013-03-31 01:13 - 00000026 ____A C:\Users\Santa\AppData\Roaming\Network Meter_Usage.ini
2013-06-15 17:20 - 2012-07-26 07:26 - 00262144 __ASH C:\Windows\System32\config\BBI
2013-06-15 15:09 - 2013-06-15 15:09 - 862801894 ____A C:\Windows\MEMORY.DMP
2013-06-15 13:07 - 2013-06-08 20:59 - 01083791 ____A C:\Windows\WindowsUpdate.log
2013-06-15 11:46 - 2013-06-15 11:46 - 00000000 __SHD C:\ProgramData\svsupdates0
2013-06-15 09:48 - 2013-06-09 09:43 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000Core.job
2013-06-15 02:29 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-06-15 00:18 - 2013-02-09 16:59 - 00000000 ____D C:\Users\Santa\AppData\Roaming\vlc
2013-06-13 22:24 - 2013-02-03 22:01 - 00000000 ____D C:\Users\Santa\AppData\Roaming\UseNeXT
2013-06-13 22:09 - 2013-02-03 21:45 - 00000000 ____D C:\Users\Santa\AppData\Roaming\KeePass
2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Users\Santa\AppData\Local\Newshosting
2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Users\Santa\AppData\Local\CrashRpt
2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\ProgramData\Caphyon
2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Program Files\Newshosting
2013-06-13 18:32 - 2013-02-03 20:59 - 00000000 ____D C:\users\Santa
2013-06-13 18:30 - 2013-06-13 18:30 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Newshosting
2013-06-13 17:31 - 2013-02-04 22:44 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 20:19 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-06-12 00:22 - 2012-07-26 07:37 - 00000000 ____D C:\Windows\servicing
2013-06-10 18:43 - 2013-02-05 00:26 - 00000853 ____A C:\Users\Santa\AppData\Roaming\Drives Meter_Settings.ini
2013-06-09 12:54 - 2013-06-09 12:54 - 00000000 ____D C:\Program Files (x86)\iTunes Library Updater
2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files\iTunes
2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files\iPod
2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-09 09:44 - 2013-02-03 22:16 - 00000000 ____D C:\Users\Santa\AppData\Local\Google
2013-06-09 09:39 - 2013-02-03 22:16 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-08 22:35 - 2013-06-08 22:35 - 00000000 ____D C:\Users\Santa\AppData\Local\Broadcom
2013-06-08 22:34 - 2013-06-08 22:28 - 00000433 ____A C:\Windows\setupact.log
2013-06-08 22:34 - 2013-02-11 01:19 - 00000000 ____D C:\Program Files\Lenovo
2013-06-08 22:28 - 2013-06-08 22:28 - 00000000 ____A C:\Windows\setuperr.log
2013-06-08 22:20 - 2013-06-08 16:34 - 00000334 ____A C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job
2013-06-08 22:19 - 2013-06-08 22:19 - 00000000 ____D C:\Users\Santa\AppData\Local\pcwServiceCenter
2013-06-08 22:19 - 2013-02-03 21:15 - 00000000 ____D C:\Program Files (x86)\Intel
2013-06-08 22:16 - 2013-06-08 22:16 - 00002467 ____A C:\Users\Public\Desktop\SlimDrivers.lnk
2013-06-08 22:16 - 2013-06-08 22:16 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2013-06-08 22:12 - 2013-06-08 22:12 - 00000000 ____D C:\Users\Santa\AppData\Local\SlimWare Utilities Inc
2013-06-08 21:02 - 2013-06-08 21:02 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-08 21:02 - 2013-06-08 21:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-08 21:02 - 2013-06-08 21:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-08 21:02 - 2013-06-08 21:02 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-08 21:02 - 2013-06-08 21:02 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-08 21:02 - 2013-04-12 16:38 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-08 21:02 - 2013-04-12 16:38 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-08 21:01 - 2013-06-08 21:01 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-08 21:01 - 2013-06-08 21:01 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-08 21:01 - 2013-06-08 21:01 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-08 21:01 - 2013-06-08 21:01 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-08 21:01 - 2013-06-08 21:01 - 00001168 ____A C:\Users\Santa\Desktop\Google Talk.lnk
2013-06-08 21:01 - 2013-02-03 22:14 - 01092512 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-08 21:01 - 2013-02-03 22:14 - 00971680 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-08 20:59 - 2013-06-08 20:59 - 00000000 ____D C:\Users\Santa\AppData\Local\Secunia PSI
2013-06-08 20:59 - 2013-06-08 20:59 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-06-08 20:56 - 2013-06-08 20:56 - 00053248 ____A C:\Windows\SysWOW64\zlib.dll
2013-06-08 20:56 - 2013-06-08 20:56 - 00000749 ____A C:\Users\Public\Desktop\dMaintenanceConfig.zip
2013-06-08 20:49 - 2013-06-08 20:49 - 00024576 ____A C:\Windows\System32\FoolishEventLogMsgHelper.dll
2013-06-08 19:54 - 2013-06-08 19:54 - 00000000 ____D C:\Program Files (x86)\Auslogics
2013-06-08 19:48 - 2013-06-08 19:48 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Auslogics
2013-06-08 19:47 - 2013-06-08 19:47 - 00000946 ____A C:\Users\Public\Desktop\PC-WELT-ServiceCenter.lnk
2013-06-08 19:47 - 2013-06-08 19:46 - 00000000 ____D C:\Program Files\PC-WELT-ServiceCenter
2013-06-08 18:32 - 2013-06-08 18:32 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-08 18:29 - 2013-06-03 17:10 - 00000000 ____D C:\Users\Santa\VMLites
2013-06-08 17:48 - 2013-02-03 21:03 - 00000000 ____D C:\Users\Santa\AppData\Local\VirtualStore
2013-06-08 16:46 - 2013-06-08 16:46 - 00000000 ____D C:\Users\Santa\AppData\Local\Engelmann_Media
2013-06-08 16:40 - 2013-06-08 16:40 - 00000000 ____D C:\ProgramData\Licenses
2013-06-08 16:34 - 2013-06-08 16:34 - 00000000 ____D C:\Users\Santa\AppData\Roaming\SuperEasy Software
2013-06-08 16:31 - 2013-06-08 16:31 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Engelmann Media
2013-06-08 16:31 - 2013-06-08 16:31 - 00000000 ____D C:\Program Files (x86)\Engelmann Media
2013-06-08 16:28 - 2013-06-08 16:27 - 00010458 ____A C:\Windows\Q-Dir.ini
2013-06-08 16:28 - 2013-06-08 16:27 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Q-Dir
2013-06-08 16:27 - 2013-06-08 16:27 - 00001832 ____A C:\Users\Public\Desktop\Q-Dir.lnk
2013-06-08 16:27 - 2013-06-08 16:27 - 00000000 ____D C:\Program Files (x86)\Q-Dir
2013-06-06 23:32 - 2013-02-11 01:17 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-06 23:09 - 2013-06-06 22:52 - 00000000 ____D C:\Users\Santa\AppData\Roaming\GlarySoft
2013-06-06 22:55 - 2013-05-30 16:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-06 22:55 - 2013-02-05 00:09 - 00000000 ____D C:\Users\Santa\AppData\Roaming\BatteryBar
2013-06-06 22:50 - 2013-06-06 22:50 - 00000000 ____D C:\Program Files (x86)\Glary Utilities
2013-06-06 18:09 - 2012-01-07 18:24 - 00000000 ____D C:\Users\Santa\dwhelper
2013-06-06 14:16 - 2013-02-05 00:09 - 00000000 ____D C:\Program Files\BatteryBar
2013-06-05 23:50 - 2013-02-03 22:16 - 00000000 ____D C:\Program Files\Classic Shell
2013-06-05 00:09 - 2013-05-30 17:13 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-05 00:09 - 2013-05-30 17:13 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-04 20:05 - 2013-02-09 16:08 - 00000021 ____A C:\Users\Santa\AppData\Roaming\ISOWorkshop.ini
2013-06-04 20:02 - 2013-06-04 20:02 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2013-06-04 19:49 - 2013-02-03 22:17 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-06-04 19:49 - 2013-02-03 22:15 - 00000000 ____D C:\Users\Santa\AppData\Roaming\uTorrent
2013-06-04 19:48 - 2013-02-05 00:10 - 00000000 ____D C:\Program Files\CCleaner
2013-06-04 19:22 - 2013-06-04 19:22 - 00000000 ____D C:\ProgramData\Bluray Decrypter
2013-06-04 19:13 - 2013-02-05 00:37 - 00001198 ____A C:\Users\Public\Desktop\ISO Workshop.lnk
2013-06-04 19:07 - 2013-06-04 19:07 - 00000000 ____D C:\Program Files\Handbrake
2013-06-04 19:07 - 2013-05-30 19:37 - 00000827 ____A C:\Users\Santa\Desktop\Handbrake.lnk
2013-06-04 16:20 - 2013-02-11 01:20 - 00000000 ____D C:\Users\Santa\AppData\Roaming\TeamViewer
2013-06-04 14:04 - 2013-02-11 01:19 - 00000000 ____D C:\Program Files (x86)\Lenovo
2013-06-04 13:56 - 2013-06-04 13:51 - 00000000 ____D C:\ProgramData\Lenovo
2013-06-04 13:51 - 2013-06-04 13:51 - 00000000 ____D C:\Windows\Downloaded Installations
2013-06-04 13:51 - 2013-06-04 13:51 - 00000000 ____D C:\Program Files\Common Files\Lenovo
2013-06-04 13:51 - 2012-07-26 10:12 - 00000000 __RSD C:\Windows\Media
2013-06-03 19:08 - 2013-02-03 22:15 - 00000000 ____D C:\Program Files (x86)\uTorrent
2013-06-03 17:30 - 2013-06-03 17:30 - 00000000 ____D C:\Users\Santa\AppData\Local\VMLite Workstation
2013-06-02 12:38 - 2013-06-02 12:38 - 00000000 ____D C:\Users\Santa\.android
2013-06-02 12:36 - 2013-02-03 22:15 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Notepad++
2013-06-01 12:38 - 2013-05-30 19:37 - 00000000 ____D C:\Users\Santa\AppData\Roaming\HandBrake
2013-05-31 22:26 - 2013-05-31 22:26 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android
2013-05-31 14:19 - 2013-05-31 14:19 - 00000000 ____D C:\ZOPO
2013-05-30 20:59 - 2013-05-30 20:59 - 00000000 ____D C:\Users\Santa\AppData\Local\FreemakeVideoConverter
2013-05-30 20:25 - 2013-05-30 20:25 - 00000000 ____D C:\ProgramData\Freemake
2013-05-30 20:25 - 2013-05-30 20:25 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-05-30 17:24 - 2013-02-06 20:07 - 00000000 ____D C:\Users\Santa\AppData\Roaming\JAM Software
2013-05-30 17:19 - 2013-02-05 23:11 - 00001080 ____A C:\Users\Santa\AppData\Roaming\Network Meter_Settings.ini
2013-05-30 17:17 - 2013-05-30 17:17 - 00310216 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-30 17:12 - 2013-02-03 21:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-30 17:12 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2013-05-30 17:12 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-05-30 16:57 - 2013-05-30 16:57 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2013-05-30 16:57 - 2013-02-12 12:51 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Foxit Software
2013-05-24 19:05 - 2013-06-04 13:52 - 02366320 ____A (Microsoft Corporation) C:\Windows\System32\WudfUpdate_01011.dll
2013-05-24 15:21 - 2013-06-15 00:21 - 00000572 ___RA C:\Windows\SysWOW64\revolution.2012.118.720p-dimension.nfo
2013-05-19 12:54 - 2013-05-19 12:54 - 00097176 ____A (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll
2013-05-16 00:37 - 2013-06-12 21:51 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-05-16 00:36 - 2013-06-12 21:51 - 14320640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-16 00:35 - 2013-06-12 21:51 - 19230720 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 00:35 - 2013-06-12 21:51 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll
2013-05-16 00:35 - 2013-06-11 19:21 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\tssdisai.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-11 20:03

==================== End Of Log ============================
--- --- ---

--- --- ---


Hallo Schrauber,
ich musste inzwischen den Laptop neu starten um den Defender wieder zu aktivieren. Vor Neustart war es nicht möglich oder ich hab mich zu dumm angestellt.
Hoffe das verursacht kein weiteres Problem. Prozessor ist noch immer auf 100%

schrauber 15.06.2013 19:30
Supi, noch ein Onlinescan dann sollte es gut sein.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST Log. noch Probleme? :)

mamic 16.06.2013 08:45
Guten Morgen Schrauber,
deine letzten Worte von Gestern "noch Probleme?"
Ja, und es wird eher schlimmer! Eset scan dauerte Stunden da die Platte voll ist und der Virus den grössten Teil der Ressourcen beansprucht. Ich bin dann um 1 ins Bett und habe heute morgen auf deinstallieren gedrückt. Leider war das log file dann auch weg. Sorry, mein Fehler ich hab mich nicht genau an die ANweisung gehalten. Die Funde hatte ich vorher noch gesichert:
Code:
C:\FRST\Quarantine\puts.vbs        VBS/CoinMiner.O trojan
C:\FRST\Quarantine\usft_ext.exe.vbs        VBS/CoinMiner.O trojan
C:\Users\Santa\AppData\Local\Temp\bjrwzmzisdj.exe        VBS/CoinMiner.O trojan
C:\Users\Santa\AppData\Local\Temp\edvldqbrrua.exe        VBS/CoinMiner.O trojan
C:\Users\Santa\AppData\Roaming\WindowsLogonS\puts.vbs        VBS/CoinMiner.O trojan
C:\Users\Santa\AppData\Roaming\WindowsLogonS\usft_ext.exe.vbs        VBS/CoinMiner.O trojan
E:\TempT\Revolution.2012.S01E18.720p.HDTV.X264-DIMENSION\Revolution.2012.S01E18.720p.HDTV.X264-DIMENSION.part01.exe.1        a variant of Win32/Injector.Autoit.MB trojan
H:\Galaxy S2\2012-05\clockworkmod\backup\2012-04-30-16.59.33\data.ext4.tar        Android/Exploit.Lotoor.AN trojan
Nach diese Mail werde ich den eset scan nochmal starten!
Security check läuft nicht bis zum Ende durch, stoppt bei "Performing System Health Check". egal ob als user oder admin gestartet.
Ich kann den Windows-Securitycenter Dienst nicht mehr aktivieren und wenn ich den Status des Defenders prüfen möchte sagt mir Win dass es die MSASCui.exe nicht finden kann.
Ich hoffe du hast noch ein paar gute Ideen?
Gruss Manfred

schrauber 16.06.2013 08:51
Die meisten Funde sind schon in Quarantäne. Mach auf jeden fall noch ein frisches FRST LOg, ausserdem noch das:

Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.



mamic 16.06.2013 09:25
Hallo Schrauber, du scheinst Tag und Nacht hier zu sein! Vielen Dank!
Als ich am Handy gesehen habe was du geantwortet hast habe ich den Eset abgebrochen und den fss scan gestartet. So wie ich das verstehe läuft inzwischen bei mir gar nix mehr (Firewall, Defender,...)
Code:
Farbar Service Scanner Version: 13-06-2013
Ran by Santa (administrator) on 16-06-2013 at 10:13:01
Running from "G:\Downloads"
Windows 8 Pro with Media Center  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
Checking LEGACY_mpsdrv: ATTENTION!=====> Unable to open LEGACY_mpsdrv\0000 registry key. The key does not exist.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is set to Disabled. The default start type is Auto.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Disabled. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-06-13 19:15] - [2013-05-04 09:45] - 2233600 ____A (Microsoft Corporation) D750CE2A52F1B95E654CF2904C88EF1F

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll
[2013-05-30 16:03] - [2013-04-09 06:51] - 0099840 ____A (Microsoft Corporation) 012CFE7F0F95266F554EE3B91EE2128A

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2013-04-12 21:56] - [2013-03-02 04:45] - 3240448 ____A (Microsoft Corporation) 79F95469604B77296346DE7DB463EA2A

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2013-06-13 18:11] - [2013-04-24 00:55] - 0068096 ____A (Microsoft Corporation) AFA426B0E7975CEB21F8B6711EFA8945

C:\Program Files\Windows Defender\MpSvc.dll
[2013-03-28 14:10] - [2013-01-29 01:08] - 1555920 ____A (Microsoft Corporation) 905601FFF40D8DA9FA82CBE77D1F5EB1

C:\Program Files\Windows Defender\MsMpEng.exe
[2013-03-28 14:10] - [2013-01-29 03:57] - 0014920 ____A (Microsoft Corporation) 473B9548568BA927ACE0B77EC208A561

C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
Und hier noch der frische FRST Log

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013
Ran by Santa (administrator) on 16-06-2013 10:22:59
Running from G:\Desktop
Windows 8 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\WINDOWS\system32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\WINDOWS\system32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\WINDOWS\SysWOW64\SAsrv.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(AddGadgets) G:\Downloads\Gadgets\PCMeter\PCMeterV0.3.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPOSD.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
(SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
(Google Inc.) C:\Users\Santa\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\Santa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
(Ufasoft) C:\Users\Santa\AppData\Roaming\WindowsLogonS\shell.exe
(Ufasoft) C:\Users\Santa\AppData\Roaming\WindowsLogonS\macromedia.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [KeyLemon LemonScreen] C:\Program Files\KeyLemon\KLLockEngine.exe atstartup [1004984 2012-12-17] (KeyLemon)
HKLM\...\Run: [KeyLemon Updater] C:\Program Files\KeyLemon\KLUpdater.exe [705464 2012-12-17] (KeyLemon)
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [LenovoOptMouseUpdate] C:\Program Files\Lenovo\HOTKEY\extapsup.exe [250976 2012-08-31] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1371648 2012-05-19] (Microsoft Corporation)
HKCU\...\Run: [NPowerTray] G:\Downloads\NPowerTray.exe [x]
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
HKCU\...\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show [89600 2013-04-11] ()
HKCU\...\Run: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart [3289088 2007-11-21] (Google)
HKCU\...\Run: [Google Update] "C:\Users\Santa\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2013-06-09] (Google Inc.)
HKCU\...\Run: [MusicManager] "C:\Users\Santa\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [7331840 2013-04-24] (Google Inc.)
HKCU\...\Run: [Adobe Flash Updater] "C:\ProgramData\svsupdates0\xsytzecrn.exe" [745472 2013-06-15] (Microsoft Corporation)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload [1960448 2013-04-05] (Dominik Reichl)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Flash Updater] "C:\ProgramData\svsupdates0\xsytzecrn.exe" [745472 2013-06-15] (Microsoft Corporation)
IMEO\hijackthis.exe: [Debugger] cxyqahc_.exe
IMEO\housecalllauncher.exe: [Debugger] sbvhynp_.exe
IMEO\mbam.exe: [Debugger] qs_.exe
IMEO\mbamgui.exe: [Debugger] vf_.exe
IMEO\MSASCui.exe: [Debugger] qs_.exe
IMEO\MsMpEng.exe: [Debugger] zt_.exe
IMEO\msseces.exe: [Debugger] hw_.exe
IMEO\rstrui.exe: [Debugger] xsytzec_.exe
IMEO\spybotsd.exe: [Debugger] ltoazty_.exe
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Santa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk
ShortcutTarget: Skype.lnk -> C:\Users\Santa\AppData\Roaming\WindowsLogonS\usft_ext.exe.vbs ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: PodcastBHO Class - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler: msdaipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default
FF Homepage: hxxp://web.de/|hxxp://www.google.com/ig?hl=de|https://ksab.kroschu.com/webaccess/index.php|hxxp://www.gizmodo.de/|hxxp://www.focus.de/|hxxp://www.myliveshopping.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF Extension: Flagfox - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF Extension: DownloadHelper - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: amznUWL2 - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\amznUWL2@amazon.com.xpi
FF Extension: client - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\client@anonymox.net.xpi
FF Extension: musicplayer - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\musicplayer@firemediaplayer.com.xpi
FF Extension: SkipScreen - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\SkipScreen@SkipScreen.xpi
FF Extension: translator - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\translator@zoli.bod.xpi
FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi
FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
CHR Plugin: (doubletwist Plugin 1, 3, 0, 0) - C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YOUZEEK Free Music) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcgpdkighmjfjlplcighhgamlhkimce\2.0.1_0
CHR Extension: (YouTube) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Play Music) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\5.1_0
CHR Extension: (Gmail) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2227992 2000-01-01] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [331776 2012-07-26] (Microsoft Corporation)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [959256 2012-11-15] (Broadcom Corporation.)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-04-12] (IvoSoft)
R2 CxAudMsg; C:\WINDOWS\system32\CxAudMsg64.exe [201376 2012-06-08] (Conexant Systems Inc.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-05-30] (Freemake)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R1 ACLE6Live; C:\WINDOWS\system32\Drivers\ACLE1764.sys [109016 2013-02-14] (Softwareentwicklung Remus - ArchiCrypt - )
R1 ACLE6Live; C:\WINDOWS\system32\Drivers\ACLE1764.sys [109016 2013-02-14] (Softwareentwicklung Remus - ArchiCrypt - )
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [169240 2000-01-01] (Broadcom Corporation.)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [117632 2013-02-02] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [30720 2013-02-02] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-18] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2013-06-16] ()
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
R3 WinRing0_1_2_0; \??\C:\Users\Santa\AppData\Local\Temp\tmp6282.tmp [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-16 09:49 - 2013-06-16 09:49 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-15 21:47 - 2013-06-16 10:10 - 00000000 ____D C:\Users\Santa\AppData\Roaming\WindowsLogonS
2013-06-15 19:47 - 2013-06-15 19:47 - 00001842 ____A C:\Users\Santa\Desktop\JRT.txt
2013-06-15 19:43 - 2013-06-15 19:43 - 00000000 ____D C:\Windows\ERUNT
2013-06-15 19:43 - 2013-06-15 19:43 - 00000000 ____D C:\JRT
2013-06-15 19:39 - 2013-06-15 19:39 - 00010597 ____A C:\AdwCleaner[S1].txt
2013-06-15 16:01 - 2013-06-15 17:21 - 00000000 ____D C:\FRST
2013-06-15 15:09 - 2013-06-15 15:09 - 862801894 ____A C:\Windows\MEMORY.DMP
2013-06-15 11:46 - 2013-06-15 11:46 - 00000000 __SHD C:\ProgramData\svsupdates0
2013-06-15 00:21 - 2013-05-24 15:21 - 00000572 ___RA C:\Windows\SysWOW64\revolution.2012.118.720p-dimension.nfo
2013-06-13 19:15 - 2013-05-04 09:45 - 02233600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Users\Santa\AppData\Local\Newshosting
2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Users\Santa\AppData\Local\CrashRpt
2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\ProgramData\Caphyon
2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Program Files\Newshosting
2013-06-13 18:30 - 2013-06-13 18:30 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Newshosting
2013-06-13 18:11 - 2013-04-24 01:13 - 01013248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-13 18:11 - 2013-04-24 01:12 - 01569792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-13 18:11 - 2013-04-24 01:12 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-13 18:11 - 2013-04-24 00:56 - 01255936 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-13 18:11 - 2013-04-24 00:55 - 01889280 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-13 18:11 - 2013-04-24 00:55 - 00141312 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-13 18:11 - 2013-04-24 00:55 - 00068096 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-13 17:11 - 2013-04-27 07:20 - 00733184 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 22:23 - 2013-04-03 01:37 - 00025088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 22:23 - 2013-04-03 01:12 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 21:51 - 2013-05-16 00:37 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-06-12 21:51 - 2013-05-16 00:36 - 14320640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 21:51 - 2013-05-16 00:35 - 19230720 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 21:51 - 2013-05-16 00:35 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll
2013-06-12 21:51 - 2013-05-14 15:14 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 21:51 - 2013-05-14 11:23 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 21:51 - 2013-04-29 00:30 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 21:51 - 2013-04-29 00:30 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 21:51 - 2013-04-29 00:30 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 21:51 - 2013-04-29 00:30 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 21:51 - 2013-04-29 00:30 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 21:51 - 2013-04-29 00:30 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 21:51 - 2013-04-29 00:30 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 21:51 - 2013-04-29 00:28 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 21:51 - 2013-04-29 00:28 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 21:51 - 2013-04-29 00:28 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 21:51 - 2013-04-29 00:28 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2013-06-12 21:51 - 2013-04-29 00:28 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 21:51 - 2013-04-29 00:28 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 21:51 - 2013-04-29 00:27 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 21:51 - 2013-04-29 00:27 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 21:51 - 2013-04-29 00:27 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-11 19:21 - 2013-05-16 00:35 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\tssdisai.dll
2013-06-09 12:54 - 2013-06-09 12:54 - 00000000 ____D C:\Program Files (x86)\iTunes Library Updater
2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files\iTunes
2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files\iPod
2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-09 09:43 - 2013-06-16 09:48 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000UA.job
2013-06-09 09:43 - 2013-06-16 09:48 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000Core.job
2013-06-09 09:39 - 2013-06-16 09:44 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-09 09:39 - 2013-06-16 09:44 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-08 22:35 - 2013-06-08 22:35 - 00000000 ____D C:\Users\Santa\AppData\Local\Broadcom
2013-06-08 22:35 - 2000-01-01 02:00 - 00161144 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwampfl.sys
2013-06-08 22:34 - 2000-01-01 02:00 - 02231064 ____A (Broadcom Corporation.) C:\Windows\System32\BcmBtRSupport.dll
2013-06-08 22:34 - 2000-01-01 02:00 - 02227992 ____A (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
2013-06-08 22:34 - 2000-01-01 02:00 - 00226680 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwavdt.sys
2013-06-08 22:34 - 2000-01-01 02:00 - 00186136 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwaudio.sys
2013-06-08 22:34 - 2000-01-01 02:00 - 00169240 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\bcbtums.sys
2013-06-08 22:34 - 2000-01-01 02:00 - 00040248 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwl2cap.sys
2013-06-08 22:34 - 2000-01-01 02:00 - 00020856 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwrchid.sys
2013-06-08 22:28 - 2013-06-08 22:34 - 00000433 ____A C:\Windows\setupact.log
2013-06-08 22:28 - 2013-06-08 22:28 - 00000000 ____A C:\Windows\setuperr.log
2013-06-08 22:20 - 2013-06-15 17:20 - 00001174 ____A C:\Windows\PFRO.log
2013-06-08 22:19 - 2013-06-08 22:19 - 00000000 ____D C:\Users\Santa\AppData\Local\pcwServiceCenter
2013-06-08 22:19 - 2000-01-01 02:00 - 00053248 ____A (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2013-06-08 22:16 - 2013-06-08 22:16 - 00002467 ____A C:\Users\Public\Desktop\SlimDrivers.lnk
2013-06-08 22:16 - 2013-06-08 22:16 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2013-06-08 22:12 - 2013-06-16 09:13 - 00016152 ____A C:\Windows\System32\Drivers\SWDUMon.sys
2013-06-08 22:12 - 2013-06-16 09:13 - 00000418 ____A C:\Windows\Tasks\SlimDrivers Startup.job
2013-06-08 22:12 - 2013-06-08 22:12 - 00000000 ____D C:\Users\Santa\AppData\Local\SlimWare Utilities Inc
2013-06-08 21:02 - 2013-06-08 21:02 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-08 21:02 - 2013-06-08 21:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-08 21:02 - 2013-06-08 21:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-08 21:02 - 2013-06-08 21:02 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-08 21:02 - 2013-06-08 21:02 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-08 21:01 - 2013-06-08 21:01 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-08 21:01 - 2013-06-08 21:01 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-08 21:01 - 2013-06-08 21:01 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-08 21:01 - 2013-06-08 21:01 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-08 21:01 - 2013-06-08 21:01 - 00001168 ____A C:\Users\Santa\Desktop\Google Talk.lnk
2013-06-08 20:59 - 2013-06-15 13:07 - 01083791 ____A C:\Windows\WindowsUpdate.log
2013-06-08 20:59 - 2013-06-08 20:59 - 00000000 ____D C:\Users\Santa\AppData\Local\Secunia PSI
2013-06-08 20:59 - 2013-06-08 20:59 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-06-08 20:56 - 2013-06-08 20:56 - 00053248 ____A C:\Windows\SysWOW64\zlib.dll
2013-06-08 20:56 - 2013-06-08 20:56 - 00000749 ____A C:\Users\Public\Desktop\dMaintenanceConfig.zip
2013-06-08 20:49 - 2013-06-08 20:49 - 00024576 ____A C:\Windows\System32\FoolishEventLogMsgHelper.dll
2013-06-08 19:54 - 2013-06-08 19:54 - 00000000 ____D C:\Program Files (x86)\Auslogics
2013-06-08 19:48 - 2013-06-08 19:48 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Auslogics
2013-06-08 19:47 - 2013-06-08 19:47 - 00000946 ____A C:\Users\Public\Desktop\PC-WELT-ServiceCenter.lnk
2013-06-08 19:46 - 2013-06-08 19:47 - 00000000 ____D C:\Program Files\PC-WELT-ServiceCenter
2013-06-08 18:32 - 2013-06-08 18:32 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-08 16:46 - 2013-06-08 16:46 - 00000000 ____D C:\Users\Santa\AppData\Local\Engelmann_Media
2013-06-08 16:40 - 2013-06-08 16:40 - 00000000 ____D C:\ProgramData\Licenses
2013-06-08 16:34 - 2013-06-08 22:20 - 00000334 ____A C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job
2013-06-08 16:34 - 2013-06-08 16:34 - 00000000 ____D C:\Users\Santa\AppData\Roaming\SuperEasy Software
2013-06-08 16:31 - 2013-06-08 16:31 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Engelmann Media
2013-06-08 16:31 - 2013-06-08 16:31 - 00000000 ____D C:\Program Files (x86)\Engelmann Media
2013-06-08 16:27 - 2013-06-08 16:28 - 00010458 ____A C:\Windows\Q-Dir.ini
2013-06-08 16:27 - 2013-06-08 16:28 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Q-Dir
2013-06-08 16:27 - 2013-06-08 16:27 - 00001832 ____A C:\Users\Public\Desktop\Q-Dir.lnk
2013-06-08 16:27 - 2013-06-08 16:27 - 00000000 ____D C:\Program Files (x86)\Q-Dir
2013-06-06 22:52 - 2013-06-06 23:09 - 00000000 ____D C:\Users\Santa\AppData\Roaming\GlarySoft
2013-06-06 22:50 - 2013-06-16 09:13 - 00000334 ____A C:\Windows\Tasks\GlaryInitialize.job
2013-06-06 22:50 - 2013-06-06 22:50 - 00000000 ____D C:\Program Files (x86)\Glary Utilities
2013-06-04 20:02 - 2013-06-04 20:02 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2013-06-04 19:22 - 2013-06-04 19:22 - 00000000 ____D C:\ProgramData\Bluray Decrypter
2013-06-04 19:07 - 2013-06-04 19:07 - 00000000 ____D C:\Program Files\Handbrake
2013-06-04 13:52 - 2013-05-24 19:05 - 02366320 ____A (Microsoft Corporation) C:\Windows\System32\WudfUpdate_01011.dll
2013-06-04 13:51 - 2013-06-04 13:56 - 00000000 ____D C:\ProgramData\Lenovo
2013-06-04 13:51 - 2013-06-04 13:51 - 00000000 ____D C:\Windows\Downloaded Installations
2013-06-04 13:51 - 2013-06-04 13:51 - 00000000 ____D C:\Program Files\Common Files\Lenovo
2013-06-03 17:30 - 2013-06-03 17:30 - 00000000 ____D C:\Users\Santa\AppData\Local\VMLite Workstation
2013-06-03 17:10 - 2013-06-08 18:29 - 00000000 ____D C:\Users\Santa\VMLites
2013-06-02 12:38 - 2013-06-02 12:38 - 00000000 ____D C:\Users\Santa\.android
2013-05-31 22:26 - 2013-05-31 22:26 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android
2013-05-31 22:26 - 2011-11-25 01:25 - 00015360 ____A (June Fabrics Technology Inc.) C:\Windows\System32\Drivers\pneteth.sys
2013-05-31 14:19 - 2013-05-31 14:19 - 00000000 ____D C:\ZOPO
2013-05-30 20:59 - 2013-05-30 20:59 - 00000000 ____D C:\Users\Santa\AppData\Local\FreemakeVideoConverter
2013-05-30 20:25 - 2013-05-30 20:25 - 00000000 ____D C:\ProgramData\Freemake
2013-05-30 20:25 - 2013-05-30 20:25 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-05-30 19:37 - 2013-06-04 19:07 - 00000827 ____A C:\Users\Santa\Desktop\Handbrake.lnk
2013-05-30 19:37 - 2013-06-01 12:38 - 00000000 ____D C:\Users\Santa\AppData\Roaming\HandBrake
2013-05-30 17:17 - 2013-05-30 17:17 - 00310216 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-30 17:13 - 2013-06-05 00:09 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-30 17:13 - 2013-06-05 00:09 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-30 16:57 - 2013-05-30 16:57 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2013-05-30 16:34 - 2013-06-06 22:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-30 16:04 - 2013-04-08 23:52 - 00106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2013-05-30 16:04 - 2013-04-08 23:51 - 01113600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
2013-05-30 16:04 - 2013-04-08 23:51 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2013-05-30 16:04 - 2013-04-08 23:51 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2013-05-30 16:04 - 2013-04-08 23:51 - 00268800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-05-30 16:04 - 2013-04-08 23:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll
2013-05-30 16:04 - 2013-03-16 00:05 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2013-05-30 16:03 - 2013-04-09 07:33 - 00489576 ____A (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2013-05-30 16:03 - 2013-04-09 07:33 - 00446792 ____A (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2013-05-30 16:03 - 2013-04-09 07:33 - 00253544 ____A (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2013-05-30 16:03 - 2013-04-09 07:27 - 00284424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
2013-05-30 16:03 - 2013-04-09 07:20 - 00306952 ____A (Microsoft Corporation) C:\Windows\System32\kd_02_10ec.dll
2013-05-30 16:03 - 2013-04-09 07:20 - 00086280 ____A (Microsoft Corporation) C:\Windows\System32\kdnet.dll
2013-05-30 16:03 - 2013-04-09 07:18 - 00077960 ____A (Microsoft Corporation) C:\Windows\System32\kdvm.dll
2013-05-30 16:03 - 2013-04-09 07:17 - 01829408 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-05-30 16:03 - 2013-04-09 06:52 - 00816128 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2013-05-30 16:03 - 2013-04-09 06:52 - 00804352 ____A (Microsoft Corporation) C:\Windows\System32\RecoveryDrive.exe
2013-05-30 16:03 - 2013-04-09 06:52 - 00373760 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2013-05-30 16:03 - 2013-04-09 06:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2013-05-30 16:03 - 2013-04-09 06:52 - 00126464 ____A (Microsoft Corporation) C:\Windows\System32\Robocopy.exe
2013-05-30 16:03 - 2013-04-09 06:51 - 14267904 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll
2013-05-30 16:03 - 2013-04-09 06:51 - 13648384 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2013-05-30 16:03 - 2013-04-09 06:51 - 10116096 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll
2013-05-30 16:03 - 2013-04-09 06:51 - 03552768 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2013-05-30 16:03 - 2013-04-09 06:51 - 00595456 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.dll
2013-05-30 16:03 - 2013-04-09 06:51 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-30 16:03 - 2013-04-09 06:51 - 00456704 ____A (Microsoft Corporation) C:\Windows\System32\wpncore.dll
2013-05-30 16:03 - 2013-04-09 06:51 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-05-30 16:03 - 2013-04-09 06:51 - 00367616 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-05-30 16:03 - 2013-04-09 06:51 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wscsvc.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 02107904 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 01285632 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 00745984 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 00435200 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 00422400 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 00414720 ____A (Microsoft Corporation) C:\Windows\System32\GenuineCenter.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mssprxy.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\msshooks.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 01444864 ____A (Microsoft Corporation) C:\Windows\System32\MSAudDecMFT.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 00817152 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 00468992 ____A (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 00281088 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\fhengine.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 00210432 ____A (Microsoft Corporation) C:\Windows\System32\iuilp.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 00196096 ____A (Microsoft Corporation) C:\Windows\System32\dmvdsitf.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\dwmredir.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\fmifs.dll
2013-05-30 16:03 - 2013-04-09 06:48 - 02303488 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-30 16:03 - 2013-04-09 06:48 - 00785408 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2013-05-30 16:03 - 2013-04-09 06:48 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl
2013-05-30 16:03 - 2013-04-09 06:48 - 00169472 ____A (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
2013-05-30 16:03 - 2013-04-09 04:35 - 04038144 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-30 16:03 - 2013-04-09 04:34 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys
2013-05-30 16:03 - 2013-04-09 04:34 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-05-30 16:03 - 2013-04-09 04:34 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2013-05-30 16:03 - 2013-04-09 04:33 - 00623104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2013-05-30 16:03 - 2013-04-09 04:33 - 00060416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
2013-05-30 16:03 - 2013-04-09 04:32 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
2013-05-30 16:03 - 2013-04-09 04:31 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2013-05-30 16:03 - 2013-04-09 04:31 - 00083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
2013-05-30 16:03 - 2013-04-09 01:44 - 00123880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2013-05-30 16:03 - 2013-04-09 01:39 - 01408896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-05-30 16:03 - 2013-04-09 01:37 - 00426024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2013-05-30 16:03 - 2013-04-09 01:37 - 00324368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2013-05-30 16:03 - 2013-04-08 23:52 - 11878912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-05-30 16:03 - 2013-04-08 23:52 - 00670208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2013-05-30 16:03 - 2013-04-08 23:52 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-05-30 16:03 - 2013-04-08 23:52 - 00302592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2013-05-30 16:03 - 2013-04-08 23:52 - 00171008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2013-05-30 16:03 - 2013-04-08 23:51 - 10789888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 02767360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 02035200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 01593344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00659456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00656896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00403968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2013-05-30 16:03 - 2013-04-08 23:51 - 00324096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00214528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00186880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00155648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00035328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2013-05-30 16:03 - 2013-04-05 01:30 - 00503080 ____A (Microsoft Corporation) C:\Windows\System32\ci.dll
2013-05-30 16:03 - 2013-04-03 00:08 - 00387688 ____A C:\Windows\System32\ApnDatabase.xml
2013-05-30 16:03 - 2013-03-30 20:16 - 01403784 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
2013-05-30 16:03 - 2013-03-30 20:16 - 01267424 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2013-05-30 16:03 - 2013-03-29 00:09 - 01217328 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
2013-05-30 16:03 - 2013-03-29 00:09 - 01093880 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2013-05-30 16:03 - 2013-03-16 00:05 - 00298456 ____A (Microsoft Corporation) C:\Windows\System32\rsaenh.dll
2013-05-30 16:03 - 2012-12-13 06:00 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-05-30 16:03 - 2012-12-13 05:59 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-05-30 16:01 - 2013-04-16 04:34 - 01455368 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-30 16:01 - 2013-04-11 08:40 - 06987528 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-05-30 15:59 - 2013-03-22 05:49 - 02382336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2013-05-30 15:59 - 2013-03-22 00:47 - 02851840 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2013-05-30 15:59 - 2013-03-15 02:17 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2013-05-30 15:59 - 2013-03-06 09:10 - 00112872 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-30 15:59 - 2013-03-06 08:31 - 19758592 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-30 15:59 - 2013-03-06 08:31 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-30 15:59 - 2013-03-06 08:29 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-30 15:59 - 2013-03-06 07:03 - 17561600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-30 15:59 - 2013-03-06 07:03 - 00199168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-19 12:54 - 2013-05-19 12:54 - 00097176 ____A (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll

==================== One Month Modified Files and Folders =======

2013-06-16 10:10 - 2013-06-15 21:47 - 00000000 ____D C:\Users\Santa\AppData\Roaming\WindowsLogonS
2013-06-16 10:09 - 2013-03-28 14:18 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-16 10:00 - 2013-03-30 17:23 - 00015975 ____A C:\Users\Santa\Network_Meter_Data.js
2013-06-16 10:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\sru
2013-06-16 09:51 - 2013-02-03 22:45 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Skype
2013-06-16 09:49 - 2013-06-16 09:49 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-16 09:48 - 2013-06-09 09:43 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000UA.job
2013-06-16 09:48 - 2013-06-09 09:43 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000Core.job
2013-06-16 09:44 - 2013-06-09 09:39 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-16 09:44 - 2013-06-09 09:39 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-16 09:21 - 2012-07-26 12:27 - 00753134 ____A C:\Windows\System32\perfh007.dat
2013-06-16 09:21 - 2012-07-26 12:27 - 00155826 ____A C:\Windows\System32\perfc007.dat
2013-06-16 09:21 - 2012-07-26 09:28 - 01745416 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-16 09:14 - 2013-02-03 21:35 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Dropbox
2013-06-16 09:13 - 2013-06-08 22:12 - 00016152 ____A C:\Windows\System32\Drivers\SWDUMon.sys
2013-06-16 09:13 - 2013-06-08 22:12 - 00000418 ____A C:\Windows\Tasks\SlimDrivers Startup.job
2013-06-16 09:13 - 2013-06-06 22:50 - 00000334 ____A C:\Windows\Tasks\GlaryInitialize.job
2013-06-16 09:13 - 2013-03-31 01:13 - 00000026 ____A C:\Users\Santa\AppData\Roaming\Network Meter_Usage.ini
2013-06-16 09:13 - 2012-07-26 09:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-16 09:13 - 2012-07-26 07:26 - 00262144 __ASH C:\Windows\System32\config\BBI
2013-06-15 19:47 - 2013-06-15 19:47 - 00001842 ____A C:\Users\Santa\Desktop\JRT.txt
2013-06-15 19:43 - 2013-06-15 19:43 - 00000000 ____D C:\Windows\ERUNT
2013-06-15 19:43 - 2013-06-15 19:43 - 00000000 ____D C:\JRT
2013-06-15 19:39 - 2013-06-15 19:39 - 00010597 ____A C:\AdwCleaner[S1].txt
2013-06-15 17:21 - 2013-06-15 16:01 - 00000000 ____D C:\FRST
2013-06-15 17:20 - 2013-06-08 22:20 - 00001174 ____A C:\Windows\PFRO.log
2013-06-15 15:09 - 2013-06-15 15:09 - 862801894 ____A C:\Windows\MEMORY.DMP
2013-06-15 13:07 - 2013-06-08 20:59 - 01083791 ____A C:\Windows\WindowsUpdate.log
2013-06-15 11:46 - 2013-06-15 11:46 - 00000000 __SHD C:\ProgramData\svsupdates0
2013-06-15 02:29 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-06-15 00:18 - 2013-02-09 16:59 - 00000000 ____D C:\Users\Santa\AppData\Roaming\vlc
2013-06-13 22:24 - 2013-02-03 22:01 - 00000000 ____D C:\Users\Santa\AppData\Roaming\UseNeXT
2013-06-13 22:09 - 2013-02-03 21:45 - 00000000 ____D C:\Users\Santa\AppData\Roaming\KeePass
2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Users\Santa\AppData\Local\Newshosting
2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Users\Santa\AppData\Local\CrashRpt
2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\ProgramData\Caphyon
2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Program Files\Newshosting
2013-06-13 18:32 - 2013-02-03 20:59 - 00000000 ____D C:\users\Santa
2013-06-13 18:30 - 2013-06-13 18:30 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Newshosting
2013-06-13 17:31 - 2013-02-04 22:44 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 20:19 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-06-12 00:22 - 2012-07-26 07:37 - 00000000 ____D C:\Windows\servicing
2013-06-10 18:43 - 2013-02-05 00:26 - 00000853 ____A C:\Users\Santa\AppData\Roaming\Drives Meter_Settings.ini
2013-06-09 12:54 - 2013-06-09 12:54 - 00000000 ____D C:\Program Files (x86)\iTunes Library Updater
2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files\iTunes
2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files\iPod
2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-09 09:44 - 2013-02-03 22:16 - 00000000 ____D C:\Users\Santa\AppData\Local\Google
2013-06-09 09:39 - 2013-02-03 22:16 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-08 22:35 - 2013-06-08 22:35 - 00000000 ____D C:\Users\Santa\AppData\Local\Broadcom
2013-06-08 22:34 - 2013-06-08 22:28 - 00000433 ____A C:\Windows\setupact.log
2013-06-08 22:34 - 2013-02-11 01:19 - 00000000 ____D C:\Program Files\Lenovo
2013-06-08 22:28 - 2013-06-08 22:28 - 00000000 ____A C:\Windows\setuperr.log
2013-06-08 22:20 - 2013-06-08 16:34 - 00000334 ____A C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job
2013-06-08 22:19 - 2013-06-08 22:19 - 00000000 ____D C:\Users\Santa\AppData\Local\pcwServiceCenter
2013-06-08 22:19 - 2013-02-03 21:15 - 00000000 ____D C:\Program Files (x86)\Intel
2013-06-08 22:16 - 2013-06-08 22:16 - 00002467 ____A C:\Users\Public\Desktop\SlimDrivers.lnk
2013-06-08 22:16 - 2013-06-08 22:16 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2013-06-08 22:12 - 2013-06-08 22:12 - 00000000 ____D C:\Users\Santa\AppData\Local\SlimWare Utilities Inc
2013-06-08 21:02 - 2013-06-08 21:02 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-08 21:02 - 2013-06-08 21:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-08 21:02 - 2013-06-08 21:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-08 21:02 - 2013-06-08 21:02 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-08 21:02 - 2013-06-08 21:02 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-08 21:02 - 2013-04-12 16:38 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-08 21:02 - 2013-04-12 16:38 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-08 21:01 - 2013-06-08 21:01 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-08 21:01 - 2013-06-08 21:01 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-08 21:01 - 2013-06-08 21:01 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-08 21:01 - 2013-06-08 21:01 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-08 21:01 - 2013-06-08 21:01 - 00001168 ____A C:\Users\Santa\Desktop\Google Talk.lnk
2013-06-08 21:01 - 2013-02-03 22:14 - 01092512 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-08 21:01 - 2013-02-03 22:14 - 00971680 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-08 20:59 - 2013-06-08 20:59 - 00000000 ____D C:\Users\Santa\AppData\Local\Secunia PSI
2013-06-08 20:59 - 2013-06-08 20:59 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-06-08 20:56 - 2013-06-08 20:56 - 00053248 ____A C:\Windows\SysWOW64\zlib.dll
2013-06-08 20:56 - 2013-06-08 20:56 - 00000749 ____A C:\Users\Public\Desktop\dMaintenanceConfig.zip
2013-06-08 20:49 - 2013-06-08 20:49 - 00024576 ____A C:\Windows\System32\FoolishEventLogMsgHelper.dll
2013-06-08 19:54 - 2013-06-08 19:54 - 00000000 ____D C:\Program Files (x86)\Auslogics
2013-06-08 19:48 - 2013-06-08 19:48 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Auslogics
2013-06-08 19:47 - 2013-06-08 19:47 - 00000946 ____A C:\Users\Public\Desktop\PC-WELT-ServiceCenter.lnk
2013-06-08 19:47 - 2013-06-08 19:46 - 00000000 ____D C:\Program Files\PC-WELT-ServiceCenter
2013-06-08 18:32 - 2013-06-08 18:32 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-08 18:29 - 2013-06-03 17:10 - 00000000 ____D C:\Users\Santa\VMLites
2013-06-08 17:48 - 2013-02-03 21:03 - 00000000 ____D C:\Users\Santa\AppData\Local\VirtualStore
2013-06-08 16:46 - 2013-06-08 16:46 - 00000000 ____D C:\Users\Santa\AppData\Local\Engelmann_Media
2013-06-08 16:40 - 2013-06-08 16:40 - 00000000 ____D C:\ProgramData\Licenses
2013-06-08 16:34 - 2013-06-08 16:34 - 00000000 ____D C:\Users\Santa\AppData\Roaming\SuperEasy Software
2013-06-08 16:31 - 2013-06-08 16:31 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Engelmann Media
2013-06-08 16:31 - 2013-06-08 16:31 - 00000000 ____D C:\Program Files (x86)\Engelmann Media
2013-06-08 16:28 - 2013-06-08 16:27 - 00010458 ____A C:\Windows\Q-Dir.ini
2013-06-08 16:28 - 2013-06-08 16:27 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Q-Dir
2013-06-08 16:27 - 2013-06-08 16:27 - 00001832 ____A C:\Users\Public\Desktop\Q-Dir.lnk
2013-06-08 16:27 - 2013-06-08 16:27 - 00000000 ____D C:\Program Files (x86)\Q-Dir
2013-06-06 23:32 - 2013-02-11 01:17 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-06 23:09 - 2013-06-06 22:52 - 00000000 ____D C:\Users\Santa\AppData\Roaming\GlarySoft
2013-06-06 22:55 - 2013-05-30 16:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-06 22:55 - 2013-02-05 00:09 - 00000000 ____D C:\Users\Santa\AppData\Roaming\BatteryBar
2013-06-06 22:50 - 2013-06-06 22:50 - 00000000 ____D C:\Program Files (x86)\Glary Utilities
2013-06-06 18:09 - 2012-01-07 18:24 - 00000000 ____D C:\Users\Santa\dwhelper
2013-06-06 14:16 - 2013-02-05 00:09 - 00000000 ____D C:\Program Files\BatteryBar
2013-06-05 23:50 - 2013-02-03 22:16 - 00000000 ____D C:\Program Files\Classic Shell
2013-06-05 00:09 - 2013-05-30 17:13 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-05 00:09 - 2013-05-30 17:13 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-04 20:05 - 2013-02-09 16:08 - 00000021 ____A C:\Users\Santa\AppData\Roaming\ISOWorkshop.ini
2013-06-04 20:02 - 2013-06-04 20:02 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2013-06-04 19:49 - 2013-02-03 22:17 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-06-04 19:49 - 2013-02-03 22:15 - 00000000 ____D C:\Users\Santa\AppData\Roaming\uTorrent
2013-06-04 19:48 - 2013-02-05 00:10 - 00000000 ____D C:\Program Files\CCleaner
2013-06-04 19:22 - 2013-06-04 19:22 - 00000000 ____D C:\ProgramData\Bluray Decrypter
2013-06-04 19:13 - 2013-02-05 00:37 - 00001198 ____A C:\Users\Public\Desktop\ISO Workshop.lnk
2013-06-04 19:07 - 2013-06-04 19:07 - 00000000 ____D C:\Program Files\Handbrake
2013-06-04 19:07 - 2013-05-30 19:37 - 00000827 ____A C:\Users\Santa\Desktop\Handbrake.lnk
2013-06-04 16:20 - 2013-02-11 01:20 - 00000000 ____D C:\Users\Santa\AppData\Roaming\TeamViewer
2013-06-04 14:04 - 2013-02-11 01:19 - 00000000 ____D C:\Program Files (x86)\Lenovo
2013-06-04 13:56 - 2013-06-04 13:51 - 00000000 ____D C:\ProgramData\Lenovo
2013-06-04 13:51 - 2013-06-04 13:51 - 00000000 ____D C:\Windows\Downloaded Installations
2013-06-04 13:51 - 2013-06-04 13:51 - 00000000 ____D C:\Program Files\Common Files\Lenovo
2013-06-04 13:51 - 2012-07-26 10:12 - 00000000 __RSD C:\Windows\Media
2013-06-03 19:08 - 2013-02-03 22:15 - 00000000 ____D C:\Program Files (x86)\uTorrent
2013-06-03 17:30 - 2013-06-03 17:30 - 00000000 ____D C:\Users\Santa\AppData\Local\VMLite Workstation
2013-06-02 12:38 - 2013-06-02 12:38 - 00000000 ____D C:\Users\Santa\.android
2013-06-02 12:36 - 2013-02-03 22:15 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Notepad++
2013-06-01 12:38 - 2013-05-30 19:37 - 00000000 ____D C:\Users\Santa\AppData\Roaming\HandBrake
2013-05-31 22:26 - 2013-05-31 22:26 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android
2013-05-31 14:19 - 2013-05-31 14:19 - 00000000 ____D C:\ZOPO
2013-05-30 20:59 - 2013-05-30 20:59 - 00000000 ____D C:\Users\Santa\AppData\Local\FreemakeVideoConverter
2013-05-30 20:25 - 2013-05-30 20:25 - 00000000 ____D C:\ProgramData\Freemake
2013-05-30 20:25 - 2013-05-30 20:25 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-05-30 17:24 - 2013-02-06 20:07 - 00000000 ____D C:\Users\Santa\AppData\Roaming\JAM Software
2013-05-30 17:19 - 2013-02-05 23:11 - 00001080 ____A C:\Users\Santa\AppData\Roaming\Network Meter_Settings.ini
2013-05-30 17:17 - 2013-05-30 17:17 - 00310216 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-30 17:12 - 2013-02-03 21:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-30 17:12 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2013-05-30 17:12 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-05-30 16:57 - 2013-05-30 16:57 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2013-05-30 16:57 - 2013-02-12 12:51 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Foxit Software
2013-05-24 19:05 - 2013-06-04 13:52 - 02366320 ____A (Microsoft Corporation) C:\Windows\System32\WudfUpdate_01011.dll
2013-05-24 15:21 - 2013-06-15 00:21 - 00000572 ___RA C:\Windows\SysWOW64\revolution.2012.118.720p-dimension.nfo
2013-05-19 12:54 - 2013-05-19 12:54 - 00097176 ____A (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-11 20:03

==================== End Of Log ============================
--- --- ---


Gruss Mamic

schrauber 16.06.2013 09:51
Zitat:
Hallo Schrauber, du scheinst Tag und Nacht hier zu sein! Vielen Dank!
ehm....neeee....ich hab auch noch ein Privatleben.....glaub ich zumindest :D

Das nenn ich mal sauber reinfected :)

Das machen wir jetzt von aussen.
[indent]
Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

mamic 16.06.2013 10:31
Ok, hat geklappt, hier das log: :kaffee:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013
Ran by SYSTEM on 16-06-2013 11:24:54
Running from E:\
Windows 8 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [KeyLemon LemonScreen] C:\Program Files\KeyLemon\KLLockEngine.exe atstartup [1004984 2012-12-17] (KeyLemon)
HKLM\...\Run: [KeyLemon Updater] C:\Program Files\KeyLemon\KLUpdater.exe [705464 2012-12-17] (KeyLemon)
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [LenovoOptMouseUpdate] C:\Program Files\Lenovo\HOTKEY\extapsup.exe [250976 2012-08-31] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload [1960448 2013-04-05] (Dominik Reichl)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Flash Updater] "C:\ProgramData\svsupdates0\xsytzecrn.exe" [745472 2013-06-15] (Microsoft Corporation)
HKU\Santa\...\Run: [NPowerTray] G:\Downloads\NPowerTray.exe [x]
HKU\Santa\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\Santa\...\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show [89600 2013-04-11] ()
HKU\Santa\...\Run: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart [3289088 2007-11-21] (Google)
HKU\Santa\...\Run: [Google Update] "C:\Users\Santa\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2013-06-09] (Google Inc.)
HKU\Santa\...\Run: [MusicManager] "C:\Users\Santa\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [7331840 2013-04-24] (Google Inc.)
HKU\Santa\...\Run: [Adobe Flash Updater] "C:\ProgramData\svsupdates0\xsytzecrn.exe" [745472 2013-06-15] (Microsoft Corporation)
IMEO\hijackthis.exe: [Debugger] cxyqahc_.exe
IMEO\housecalllauncher.exe: [Debugger] sbvhynp_.exe
IMEO\mbam.exe: [Debugger] qs_.exe
IMEO\mbamgui.exe: [Debugger] vf_.exe
IMEO\MSASCui.exe: [Debugger] qs_.exe
IMEO\MsMpEng.exe: [Debugger] zt_.exe
IMEO\msseces.exe: [Debugger] hw_.exe
IMEO\rstrui.exe: [Debugger] xsytzec_.exe
IMEO\spybotsd.exe: [Debugger] ltoazty_.exe
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk
ShortcutTarget: Skype.lnk ->  (No File)

==================== Services (Whitelisted) =================

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2227992 2000-01-01] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [331776 2012-07-26] (Microsoft Corporation)
S2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [959256 2012-11-15] (Broadcom Corporation.)
S2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-04-12] (IvoSoft)
S2 CxAudMsg; C:\WINDOWS\system32\CxAudMsg64.exe [201376 2012-06-08] (Conexant Systems Inc.)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-05-30] (Freemake)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S1 ACLE6Live; C:\WINDOWS\system32\Drivers\ACLE1764.sys [109016 2013-02-14] (Softwareentwicklung Remus - ArchiCrypt - )
S1 ACLE6Live; C:\WINDOWS\system32\Drivers\ACLE1764.sys [109016 2013-02-14] (Softwareentwicklung Remus - ArchiCrypt - )
S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [169240 2000-01-01] (Broadcom Corporation.)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [117632 2013-02-02] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [30720 2013-02-02] (Microsoft Corporation)
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-17] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2013-06-16] ()
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 WinRing0_1_2_0; \??\C:\Users\Santa\AppData\Local\Temp\tmp6282.tmp [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-16 11:22 - 2013-06-16 11:22 - 00000000 ____A C:\Recovery.txt
2013-06-16 08:49 - 2013-06-16 08:49 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-15 20:47 - 2013-06-16 09:10 - 00000000 ____D C:\Users\Santa\AppData\Roaming\WindowsLogonS
2013-06-15 18:47 - 2013-06-15 18:47 - 00001842 ____A C:\Users\Santa\Desktop\JRT.txt
2013-06-15 18:43 - 2013-06-15 18:43 - 00000000 ____D C:\Windows\ERUNT
2013-06-15 18:43 - 2013-06-15 18:43 - 00000000 ____D C:\JRT
2013-06-15 18:39 - 2013-06-15 18:39 - 00010597 ____A C:\AdwCleaner[S1].txt
2013-06-15 15:01 - 2013-06-15 16:21 - 00000000 ____D C:\FRST
2013-06-15 14:09 - 2013-06-15 14:09 - 862801894 ____A C:\Windows\MEMORY.DMP
2013-06-15 10:46 - 2013-06-15 10:46 - 00000000 __SHD C:\ProgramData\svsupdates0
2013-06-14 23:21 - 2013-05-24 14:21 - 00000572 ___RA C:\Windows\SysWOW64\revolution.2012.118.720p-dimension.nfo
2013-06-13 18:15 - 2013-05-04 08:45 - 02233600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-13 17:32 - 2013-06-13 17:32 - 00000000 ____D C:\Users\Santa\AppData\Local\Newshosting
2013-06-13 17:32 - 2013-06-13 17:32 - 00000000 ____D C:\Users\Santa\AppData\Local\CrashRpt
2013-06-13 17:32 - 2013-06-13 17:32 - 00000000 ____D C:\ProgramData\Caphyon
2013-06-13 17:32 - 2013-06-13 17:32 - 00000000 ____D C:\Program Files\Newshosting
2013-06-13 17:30 - 2013-06-13 17:30 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Newshosting
2013-06-13 17:11 - 2013-04-24 00:13 - 01013248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-13 17:11 - 2013-04-24 00:12 - 01569792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-13 17:11 - 2013-04-24 00:12 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-13 17:11 - 2013-04-23 23:56 - 01255936 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-13 17:11 - 2013-04-23 23:55 - 01889280 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-13 17:11 - 2013-04-23 23:55 - 00141312 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-13 17:11 - 2013-04-23 23:55 - 00068096 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-13 16:11 - 2013-04-27 06:20 - 00733184 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 21:23 - 2013-04-03 00:37 - 00025088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 21:23 - 2013-04-03 00:12 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 20:51 - 2013-05-15 23:37 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-06-12 20:51 - 2013-05-15 23:36 - 14320640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 20:51 - 2013-05-15 23:35 - 19230720 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 20:51 - 2013-05-15 23:35 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll
2013-06-12 20:51 - 2013-05-14 14:14 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 20:51 - 2013-05-14 10:23 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 20:51 - 2013-04-28 23:30 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 20:51 - 2013-04-28 23:30 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 20:51 - 2013-04-28 23:30 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 20:51 - 2013-04-28 23:30 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 20:51 - 2013-04-28 23:30 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 20:51 - 2013-04-28 23:30 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 20:51 - 2013-04-28 23:30 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 20:51 - 2013-04-28 23:28 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 20:51 - 2013-04-28 23:28 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 20:51 - 2013-04-28 23:28 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 20:51 - 2013-04-28 23:28 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2013-06-12 20:51 - 2013-04-28 23:28 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 20:51 - 2013-04-28 23:28 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 20:51 - 2013-04-28 23:27 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 20:51 - 2013-04-28 23:27 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 20:51 - 2013-04-28 23:27 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-11 18:21 - 2013-05-15 23:35 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\tssdisai.dll
2013-06-09 11:54 - 2013-06-09 11:54 - 00000000 ____D C:\Program Files (x86)\iTunes Library Updater
2013-06-09 11:28 - 2013-06-09 11:28 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-09 11:28 - 2013-06-09 11:28 - 00000000 ____D C:\Program Files\iTunes
2013-06-09 11:28 - 2013-06-09 11:28 - 00000000 ____D C:\Program Files\iPod
2013-06-09 11:28 - 2013-06-09 11:28 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-09 08:43 - 2013-06-16 09:48 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000UA.job
2013-06-09 08:43 - 2013-06-16 08:48 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000Core.job
2013-06-09 08:39 - 2013-06-16 09:44 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-09 08:39 - 2013-06-16 08:44 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-08 21:35 - 2013-06-08 21:35 - 00000000 ____D C:\Users\Santa\AppData\Local\Broadcom
2013-06-08 21:35 - 2000-01-01 01:00 - 00161144 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwampfl.sys
2013-06-08 21:34 - 2000-01-01 01:00 - 02231064 ____A (Broadcom Corporation.) C:\Windows\System32\BcmBtRSupport.dll
2013-06-08 21:34 - 2000-01-01 01:00 - 02227992 ____A (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
2013-06-08 21:34 - 2000-01-01 01:00 - 00226680 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwavdt.sys
2013-06-08 21:34 - 2000-01-01 01:00 - 00186136 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwaudio.sys
2013-06-08 21:34 - 2000-01-01 01:00 - 00169240 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\bcbtums.sys
2013-06-08 21:34 - 2000-01-01 01:00 - 00040248 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwl2cap.sys
2013-06-08 21:34 - 2000-01-01 01:00 - 00020856 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwrchid.sys
2013-06-08 21:28 - 2013-06-08 21:34 - 00000433 ____A C:\Windows\setupact.log
2013-06-08 21:28 - 2013-06-08 21:28 - 00000000 ____A C:\Windows\setuperr.log
2013-06-08 21:20 - 2013-06-15 16:20 - 00001174 ____A C:\Windows\PFRO.log
2013-06-08 21:19 - 2013-06-08 21:19 - 00000000 ____D C:\Users\Santa\AppData\Local\pcwServiceCenter
2013-06-08 21:19 - 2000-01-01 01:00 - 00053248 ____A (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2013-06-08 21:16 - 2013-06-08 21:16 - 00002467 ____A C:\Users\Public\Desktop\SlimDrivers.lnk
2013-06-08 21:16 - 2013-06-08 21:16 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2013-06-08 21:12 - 2013-06-16 10:18 - 00000418 ____A C:\Windows\Tasks\SlimDrivers Startup.job
2013-06-08 21:12 - 2013-06-16 08:13 - 00016152 ____A C:\Windows\System32\Drivers\SWDUMon.sys
2013-06-08 21:12 - 2013-06-08 21:12 - 00000000 ____D C:\Users\Santa\AppData\Local\SlimWare Utilities Inc
2013-06-08 20:02 - 2013-06-08 20:02 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-08 20:02 - 2013-06-08 20:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-08 20:02 - 2013-06-08 20:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-08 20:02 - 2013-06-08 20:02 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-08 20:02 - 2013-06-08 20:02 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-08 20:01 - 2013-06-08 20:01 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-08 20:01 - 2013-06-08 20:01 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-08 20:01 - 2013-06-08 20:01 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-08 20:01 - 2013-06-08 20:01 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-08 20:01 - 2013-06-08 20:01 - 00001168 ____A C:\Users\Santa\Desktop\Google Talk.lnk
2013-06-08 19:59 - 2013-06-15 12:07 - 01083791 ____A C:\Windows\WindowsUpdate.log
2013-06-08 19:59 - 2013-06-08 19:59 - 00000000 ____D C:\Users\Santa\AppData\Local\Secunia PSI
2013-06-08 19:59 - 2013-06-08 19:59 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-06-08 19:56 - 2013-06-08 19:56 - 00053248 ____A C:\Windows\SysWOW64\zlib.dll
2013-06-08 19:56 - 2013-06-08 19:56 - 00000749 ____A C:\Users\Public\Desktop\dMaintenanceConfig.zip
2013-06-08 19:49 - 2013-06-08 19:49 - 00024576 ____A C:\Windows\System32\FoolishEventLogMsgHelper.dll
2013-06-08 18:54 - 2013-06-08 18:54 - 00000000 ____D C:\Program Files (x86)\Auslogics
2013-06-08 18:48 - 2013-06-08 18:48 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Auslogics
2013-06-08 18:47 - 2013-06-08 18:47 - 00000946 ____A C:\Users\Public\Desktop\PC-WELT-ServiceCenter.lnk
2013-06-08 18:46 - 2013-06-08 18:47 - 00000000 ____D C:\Program Files\PC-WELT-ServiceCenter
2013-06-08 17:32 - 2013-06-08 17:32 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-08 15:46 - 2013-06-08 15:46 - 00000000 ____D C:\Users\Santa\AppData\Local\Engelmann_Media
2013-06-08 15:40 - 2013-06-08 15:40 - 00000000 ____D C:\ProgramData\Licenses
2013-06-08 15:34 - 2013-06-08 21:20 - 00000334 ____A C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job
2013-06-08 15:34 - 2013-06-08 15:34 - 00000000 ____D C:\Users\Santa\AppData\Roaming\SuperEasy Software
2013-06-08 15:31 - 2013-06-08 15:31 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Engelmann Media
2013-06-08 15:31 - 2013-06-08 15:31 - 00000000 ____D C:\Program Files (x86)\Engelmann Media
2013-06-08 15:27 - 2013-06-08 15:28 - 00010458 ____A C:\Windows\Q-Dir.ini
2013-06-08 15:27 - 2013-06-08 15:28 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Q-Dir
2013-06-08 15:27 - 2013-06-08 15:27 - 00001832 ____A C:\Users\Public\Desktop\Q-Dir.lnk
2013-06-08 15:27 - 2013-06-08 15:27 - 00000000 ____D C:\Program Files (x86)\Q-Dir
2013-06-06 21:52 - 2013-06-06 22:09 - 00000000 ____D C:\Users\Santa\AppData\Roaming\GlarySoft
2013-06-06 21:50 - 2013-06-16 08:13 - 00000334 ____A C:\Windows\Tasks\GlaryInitialize.job
2013-06-06 21:50 - 2013-06-06 21:50 - 00000000 ____D C:\Program Files (x86)\Glary Utilities
2013-06-04 19:02 - 2013-06-04 19:02 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2013-06-04 18:22 - 2013-06-04 18:22 - 00000000 ____D C:\ProgramData\Bluray Decrypter
2013-06-04 18:07 - 2013-06-04 18:07 - 00000000 ____D C:\Program Files\Handbrake
2013-06-04 12:52 - 2013-05-24 18:05 - 02366320 ____A (Microsoft Corporation) C:\Windows\System32\WudfUpdate_01011.dll
2013-06-04 12:51 - 2013-06-04 12:56 - 00000000 ____D C:\ProgramData\Lenovo
2013-06-04 12:51 - 2013-06-04 12:51 - 00000000 ____D C:\Windows\Downloaded Installations
2013-06-04 12:51 - 2013-06-04 12:51 - 00000000 ____D C:\Program Files\Common Files\Lenovo
2013-06-03 16:30 - 2013-06-03 16:30 - 00000000 ____D C:\Users\Santa\AppData\Local\VMLite Workstation
2013-06-03 16:10 - 2013-06-08 17:29 - 00000000 ____D C:\Users\Santa\VMLites
2013-06-02 11:38 - 2013-06-02 11:38 - 00000000 ____D C:\Users\Santa\.android
2013-05-31 21:26 - 2013-05-31 21:26 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android
2013-05-31 21:26 - 2011-11-25 00:25 - 00015360 ____A (June Fabrics Technology Inc.) C:\Windows\System32\Drivers\pneteth.sys
2013-05-31 13:19 - 2013-05-31 13:19 - 00000000 ____D C:\ZOPO
2013-05-30 19:59 - 2013-05-30 19:59 - 00000000 ____D C:\Users\Santa\AppData\Local\FreemakeVideoConverter
2013-05-30 19:25 - 2013-05-30 19:25 - 00000000 ____D C:\ProgramData\Freemake
2013-05-30 19:25 - 2013-05-30 19:25 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-05-30 18:37 - 2013-06-04 18:07 - 00000827 ____A C:\Users\Santa\Desktop\Handbrake.lnk
2013-05-30 18:37 - 2013-06-01 11:38 - 00000000 ____D C:\Users\Santa\AppData\Roaming\HandBrake
2013-05-30 16:17 - 2013-05-30 16:17 - 00310216 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-30 16:13 - 2013-06-04 23:09 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-30 16:13 - 2013-06-04 23:09 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-30 15:57 - 2013-05-30 15:57 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2013-05-30 15:34 - 2013-06-06 21:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-30 15:04 - 2013-04-08 22:52 - 00106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2013-05-30 15:04 - 2013-04-08 22:51 - 01113600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
2013-05-30 15:04 - 2013-04-08 22:51 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2013-05-30 15:04 - 2013-04-08 22:51 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2013-05-30 15:04 - 2013-04-08 22:51 - 00268800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-05-30 15:04 - 2013-04-08 22:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll
2013-05-30 15:04 - 2013-03-15 23:05 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2013-05-30 15:03 - 2013-04-09 06:33 - 00489576 ____A (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2013-05-30 15:03 - 2013-04-09 06:33 - 00446792 ____A (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2013-05-30 15:03 - 2013-04-09 06:33 - 00253544 ____A (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2013-05-30 15:03 - 2013-04-09 06:27 - 00284424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
2013-05-30 15:03 - 2013-04-09 06:20 - 00306952 ____A (Microsoft Corporation) C:\Windows\System32\kd_02_10ec.dll
2013-05-30 15:03 - 2013-04-09 06:20 - 00086280 ____A (Microsoft Corporation) C:\Windows\System32\kdnet.dll
2013-05-30 15:03 - 2013-04-09 06:18 - 00077960 ____A (Microsoft Corporation) C:\Windows\System32\kdvm.dll
2013-05-30 15:03 - 2013-04-09 06:17 - 01829408 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-05-30 15:03 - 2013-04-09 05:52 - 00816128 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2013-05-30 15:03 - 2013-04-09 05:52 - 00804352 ____A (Microsoft Corporation) C:\Windows\System32\RecoveryDrive.exe
2013-05-30 15:03 - 2013-04-09 05:52 - 00373760 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2013-05-30 15:03 - 2013-04-09 05:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2013-05-30 15:03 - 2013-04-09 05:52 - 00126464 ____A (Microsoft Corporation) C:\Windows\System32\Robocopy.exe
2013-05-30 15:03 - 2013-04-09 05:51 - 14267904 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll
2013-05-30 15:03 - 2013-04-09 05:51 - 13648384 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2013-05-30 15:03 - 2013-04-09 05:51 - 10116096 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll
2013-05-30 15:03 - 2013-04-09 05:51 - 03552768 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2013-05-30 15:03 - 2013-04-09 05:51 - 00595456 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.dll
2013-05-30 15:03 - 2013-04-09 05:51 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-30 15:03 - 2013-04-09 05:51 - 00456704 ____A (Microsoft Corporation) C:\Windows\System32\wpncore.dll
2013-05-30 15:03 - 2013-04-09 05:51 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-05-30 15:03 - 2013-04-09 05:51 - 00367616 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-05-30 15:03 - 2013-04-09 05:51 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wscsvc.dll
2013-05-30 15:03 - 2013-04-09 05:50 - 02107904 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2013-05-30 15:03 - 2013-04-09 05:50 - 01285632 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2013-05-30 15:03 - 2013-04-09 05:50 - 00745984 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2013-05-30 15:03 - 2013-04-09 05:50 - 00435200 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2013-05-30 15:03 - 2013-04-09 05:50 - 00422400 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-05-30 15:03 - 2013-04-09 05:50 - 00414720 ____A (Microsoft Corporation) C:\Windows\System32\GenuineCenter.dll
2013-05-30 15:03 - 2013-04-09 05:50 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mssprxy.dll
2013-05-30 15:03 - 2013-04-09 05:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2013-05-30 15:03 - 2013-04-09 05:50 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\msshooks.dll
2013-05-30 15:03 - 2013-04-09 05:49 - 01444864 ____A (Microsoft Corporation) C:\Windows\System32\MSAudDecMFT.dll
2013-05-30 15:03 - 2013-04-09 05:49 - 00817152 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2013-05-30 15:03 - 2013-04-09 05:49 - 00468992 ____A (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll
2013-05-30 15:03 - 2013-04-09 05:49 - 00281088 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2013-05-30 15:03 - 2013-04-09 05:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\fhengine.dll
2013-05-30 15:03 - 2013-04-09 05:49 - 00210432 ____A (Microsoft Corporation) C:\Windows\System32\iuilp.dll
2013-05-30 15:03 - 2013-04-09 05:49 - 00196096 ____A (Microsoft Corporation) C:\Windows\System32\dmvdsitf.dll
2013-05-30 15:03 - 2013-04-09 05:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\dwmredir.dll
2013-05-30 15:03 - 2013-04-09 05:49 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\fmifs.dll
2013-05-30 15:03 - 2013-04-09 05:48 - 02303488 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-30 15:03 - 2013-04-09 05:48 - 00785408 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2013-05-30 15:03 - 2013-04-09 05:48 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl
2013-05-30 15:03 - 2013-04-09 05:48 - 00169472 ____A (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
2013-05-30 15:03 - 2013-04-09 03:35 - 04038144 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-30 15:03 - 2013-04-09 03:34 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys
2013-05-30 15:03 - 2013-04-09 03:34 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-05-30 15:03 - 2013-04-09 03:34 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2013-05-30 15:03 - 2013-04-09 03:33 - 00623104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2013-05-30 15:03 - 2013-04-09 03:33 - 00060416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
2013-05-30 15:03 - 2013-04-09 03:32 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
2013-05-30 15:03 - 2013-04-09 03:31 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2013-05-30 15:03 - 2013-04-09 03:31 - 00083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
2013-05-30 15:03 - 2013-04-09 00:44 - 00123880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2013-05-30 15:03 - 2013-04-09 00:39 - 01408896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-05-30 15:03 - 2013-04-09 00:37 - 00426024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2013-05-30 15:03 - 2013-04-09 00:37 - 00324368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2013-05-30 15:03 - 2013-04-08 22:52 - 11878912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-05-30 15:03 - 2013-04-08 22:52 - 00670208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2013-05-30 15:03 - 2013-04-08 22:52 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-05-30 15:03 - 2013-04-08 22:52 - 00302592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2013-05-30 15:03 - 2013-04-08 22:52 - 00171008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2013-05-30 15:03 - 2013-04-08 22:51 - 10789888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-05-30 15:03 - 2013-04-08 22:51 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-05-30 15:03 - 2013-04-08 22:51 - 02767360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2013-05-30 15:03 - 2013-04-08 22:51 - 02035200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-30 15:03 - 2013-04-08 22:51 - 01593344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2013-05-30 15:03 - 2013-04-08 22:51 - 00659456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2013-05-30 15:03 - 2013-04-08 22:51 - 00656896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-05-30 15:03 - 2013-04-08 22:51 - 00403968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2013-05-30 15:03 - 2013-04-08 22:51 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2013-05-30 15:03 - 2013-04-08 22:51 - 00324096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-05-30 15:03 - 2013-04-08 22:51 - 00214528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2013-05-30 15:03 - 2013-04-08 22:51 - 00186880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2013-05-30 15:03 - 2013-04-08 22:51 - 00155648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll
2013-05-30 15:03 - 2013-04-08 22:51 - 00035328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2013-05-30 15:03 - 2013-04-08 22:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2013-05-30 15:03 - 2013-04-05 00:30 - 00503080 ____A (Microsoft Corporation) C:\Windows\System32\ci.dll
2013-05-30 15:03 - 2013-04-02 23:08 - 00387688 ____A C:\Windows\System32\ApnDatabase.xml
2013-05-30 15:03 - 2013-03-30 19:16 - 01403784 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
2013-05-30 15:03 - 2013-03-30 19:16 - 01267424 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2013-05-30 15:03 - 2013-03-28 23:09 - 01217328 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
2013-05-30 15:03 - 2013-03-28 23:09 - 01093880 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2013-05-30 15:03 - 2013-03-15 23:05 - 00298456 ____A (Microsoft Corporation) C:\Windows\System32\rsaenh.dll
2013-05-30 15:03 - 2012-12-13 05:00 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-05-30 15:03 - 2012-12-13 04:59 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-05-30 15:01 - 2013-04-16 03:34 - 01455368 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-30 15:01 - 2013-04-11 07:40 - 06987528 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-05-30 14:59 - 2013-03-22 04:49 - 02382336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2013-05-30 14:59 - 2013-03-21 23:47 - 02851840 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2013-05-30 14:59 - 2013-03-15 01:17 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2013-05-30 14:59 - 2013-03-06 08:10 - 00112872 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-30 14:59 - 2013-03-06 07:31 - 19758592 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-30 14:59 - 2013-03-06 07:31 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-30 14:59 - 2013-03-06 07:29 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-30 14:59 - 2013-03-06 06:03 - 17561600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-30 14:59 - 2013-03-06 06:03 - 00199168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-19 11:54 - 2013-05-19 11:54 - 00097176 ____A (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll

==================== One Month Modified Files and Folders =======

2013-06-16 11:22 - 2013-06-16 11:22 - 00000000 ____A C:\Recovery.txt
2013-06-16 10:20 - 2012-07-26 06:26 - 00262144 __ASH C:\Windows\System32\config\BBI
2013-06-16 10:19 - 2012-07-26 11:27 - 00753134 ____A C:\Windows\System32\perfh007.dat
2013-06-16 10:19 - 2012-07-26 11:27 - 00155826 ____A C:\Windows\System32\perfc007.dat
2013-06-16 10:19 - 2012-07-26 08:28 - 01745416 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-16 10:18 - 2013-06-08 21:12 - 00000418 ____A C:\Windows\Tasks\SlimDrivers Startup.job
2013-06-16 10:18 - 2013-03-31 00:13 - 00000026 ____A C:\Users\Santa\AppData\Roaming\Network Meter_Usage.ini
2013-06-16 10:09 - 2013-03-28 13:18 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-16 10:00 - 2013-03-30 16:23 - 00016009 ____A C:\Users\Santa\Network_Meter_Data.js
2013-06-16 10:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\System32\sru
2013-06-16 09:48 - 2013-06-09 08:43 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000UA.job
2013-06-16 09:44 - 2013-06-09 08:39 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-16 09:10 - 2013-06-15 20:47 - 00000000 ____D C:\Users\Santa\AppData\Roaming\WindowsLogonS
2013-06-16 08:51 - 2013-02-03 21:45 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Skype
2013-06-16 08:49 - 2013-06-16 08:49 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-16 08:48 - 2013-06-09 08:43 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000Core.job
2013-06-16 08:44 - 2013-06-09 08:39 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-16 08:14 - 2013-02-03 20:35 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Dropbox
2013-06-16 08:13 - 2013-06-08 21:12 - 00016152 ____A C:\Windows\System32\Drivers\SWDUMon.sys
2013-06-16 08:13 - 2013-06-06 21:50 - 00000334 ____A C:\Windows\Tasks\GlaryInitialize.job
2013-06-16 08:13 - 2012-07-26 08:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-15 18:47 - 2013-06-15 18:47 - 00001842 ____A C:\Users\Santa\Desktop\JRT.txt
2013-06-15 18:43 - 2013-06-15 18:43 - 00000000 ____D C:\Windows\ERUNT
2013-06-15 18:43 - 2013-06-15 18:43 - 00000000 ____D C:\JRT
2013-06-15 18:39 - 2013-06-15 18:39 - 00010597 ____A C:\AdwCleaner[S1].txt
2013-06-15 16:21 - 2013-06-15 15:01 - 00000000 ____D C:\FRST
2013-06-15 16:20 - 2013-06-08 21:20 - 00001174 ____A C:\Windows\PFRO.log
2013-06-15 14:09 - 2013-06-15 14:09 - 862801894 ____A C:\Windows\MEMORY.DMP
2013-06-15 12:07 - 2013-06-08 19:59 - 01083791 ____A C:\Windows\WindowsUpdate.log
2013-06-15 10:46 - 2013-06-15 10:46 - 00000000 __SHD C:\ProgramData\svsupdates0
2013-06-15 01:29 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2013-06-14 23:18 - 2013-02-09 15:59 - 00000000 ____D C:\Users\Santa\AppData\Roaming\vlc
2013-06-13 21:24 - 2013-02-03 21:01 - 00000000 ____D C:\Users\Santa\AppData\Roaming\UseNeXT
2013-06-13 21:09 - 2013-02-03 20:45 - 00000000 ____D C:\Users\Santa\AppData\Roaming\KeePass
2013-06-13 17:32 - 2013-06-13 17:32 - 00000000 ____D C:\Users\Santa\AppData\Local\Newshosting
2013-06-13 17:32 - 2013-06-13 17:32 - 00000000 ____D C:\Users\Santa\AppData\Local\CrashRpt
2013-06-13 17:32 - 2013-06-13 17:32 - 00000000 ____D C:\ProgramData\Caphyon
2013-06-13 17:32 - 2013-06-13 17:32 - 00000000 ____D C:\Program Files\Newshosting
2013-06-13 17:32 - 2013-02-03 19:59 - 00000000 ____D C:\users\Santa
2013-06-13 17:30 - 2013-06-13 17:30 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Newshosting
2013-06-13 16:31 - 2013-02-04 21:44 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 19:19 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-06-11 23:22 - 2012-07-26 06:37 - 00000000 ____D C:\Windows\servicing
2013-06-10 17:43 - 2013-02-04 23:26 - 00000853 ____A C:\Users\Santa\AppData\Roaming\Drives Meter_Settings.ini
2013-06-09 11:54 - 2013-06-09 11:54 - 00000000 ____D C:\Program Files (x86)\iTunes Library Updater
2013-06-09 11:28 - 2013-06-09 11:28 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-09 11:28 - 2013-06-09 11:28 - 00000000 ____D C:\Program Files\iTunes
2013-06-09 11:28 - 2013-06-09 11:28 - 00000000 ____D C:\Program Files\iPod
2013-06-09 11:28 - 2013-06-09 11:28 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-09 08:44 - 2013-02-03 21:16 - 00000000 ____D C:\Users\Santa\AppData\Local\Google
2013-06-09 08:39 - 2013-02-03 21:16 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-08 21:35 - 2013-06-08 21:35 - 00000000 ____D C:\Users\Santa\AppData\Local\Broadcom
2013-06-08 21:34 - 2013-06-08 21:28 - 00000433 ____A C:\Windows\setupact.log
2013-06-08 21:34 - 2013-02-11 00:19 - 00000000 ____D C:\Program Files\Lenovo
2013-06-08 21:28 - 2013-06-08 21:28 - 00000000 ____A C:\Windows\setuperr.log
2013-06-08 21:20 - 2013-06-08 15:34 - 00000334 ____A C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job
2013-06-08 21:19 - 2013-06-08 21:19 - 00000000 ____D C:\Users\Santa\AppData\Local\pcwServiceCenter
2013-06-08 21:19 - 2013-02-03 20:15 - 00000000 ____D C:\Program Files (x86)\Intel
2013-06-08 21:16 - 2013-06-08 21:16 - 00002467 ____A C:\Users\Public\Desktop\SlimDrivers.lnk
2013-06-08 21:16 - 2013-06-08 21:16 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2013-06-08 21:12 - 2013-06-08 21:12 - 00000000 ____D C:\Users\Santa\AppData\Local\SlimWare Utilities Inc
2013-06-08 20:02 - 2013-06-08 20:02 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-08 20:02 - 2013-06-08 20:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-08 20:02 - 2013-06-08 20:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-08 20:02 - 2013-06-08 20:02 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-08 20:02 - 2013-06-08 20:02 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-08 20:02 - 2013-04-12 15:38 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-08 20:02 - 2013-04-12 15:38 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-08 20:01 - 2013-06-08 20:01 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-08 20:01 - 2013-06-08 20:01 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-08 20:01 - 2013-06-08 20:01 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-08 20:01 - 2013-06-08 20:01 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-08 20:01 - 2013-06-08 20:01 - 00001168 ____A C:\Users\Santa\Desktop\Google Talk.lnk
2013-06-08 20:01 - 2013-02-03 21:14 - 01092512 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-08 20:01 - 2013-02-03 21:14 - 00971680 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-08 19:59 - 2013-06-08 19:59 - 00000000 ____D C:\Users\Santa\AppData\Local\Secunia PSI
2013-06-08 19:59 - 2013-06-08 19:59 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-06-08 19:56 - 2013-06-08 19:56 - 00053248 ____A C:\Windows\SysWOW64\zlib.dll
2013-06-08 19:56 - 2013-06-08 19:56 - 00000749 ____A C:\Users\Public\Desktop\dMaintenanceConfig.zip
2013-06-08 19:49 - 2013-06-08 19:49 - 00024576 ____A C:\Windows\System32\FoolishEventLogMsgHelper.dll
2013-06-08 18:54 - 2013-06-08 18:54 - 00000000 ____D C:\Program Files (x86)\Auslogics
2013-06-08 18:48 - 2013-06-08 18:48 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Auslogics
2013-06-08 18:47 - 2013-06-08 18:47 - 00000946 ____A C:\Users\Public\Desktop\PC-WELT-ServiceCenter.lnk
2013-06-08 18:47 - 2013-06-08 18:46 - 00000000 ____D C:\Program Files\PC-WELT-ServiceCenter
2013-06-08 17:32 - 2013-06-08 17:32 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-08 17:29 - 2013-06-03 16:10 - 00000000 ____D C:\Users\Santa\VMLites
2013-06-08 16:48 - 2013-02-03 20:03 - 00000000 ____D C:\Users\Santa\AppData\Local\VirtualStore
2013-06-08 15:46 - 2013-06-08 15:46 - 00000000 ____D C:\Users\Santa\AppData\Local\Engelmann_Media
2013-06-08 15:40 - 2013-06-08 15:40 - 00000000 ____D C:\ProgramData\Licenses
2013-06-08 15:34 - 2013-06-08 15:34 - 00000000 ____D C:\Users\Santa\AppData\Roaming\SuperEasy Software
2013-06-08 15:31 - 2013-06-08 15:31 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Engelmann Media
2013-06-08 15:31 - 2013-06-08 15:31 - 00000000 ____D C:\Program Files (x86)\Engelmann Media
2013-06-08 15:28 - 2013-06-08 15:27 - 00010458 ____A C:\Windows\Q-Dir.ini
2013-06-08 15:28 - 2013-06-08 15:27 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Q-Dir
2013-06-08 15:27 - 2013-06-08 15:27 - 00001832 ____A C:\Users\Public\Desktop\Q-Dir.lnk
2013-06-08 15:27 - 2013-06-08 15:27 - 00000000 ____D C:\Program Files (x86)\Q-Dir
2013-06-06 22:32 - 2013-02-11 00:17 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-06 22:09 - 2013-06-06 21:52 - 00000000 ____D C:\Users\Santa\AppData\Roaming\GlarySoft
2013-06-06 21:55 - 2013-05-30 15:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-06 21:55 - 2013-02-04 23:09 - 00000000 ____D C:\Users\Santa\AppData\Roaming\BatteryBar
2013-06-06 21:50 - 2013-06-06 21:50 - 00000000 ____D C:\Program Files (x86)\Glary Utilities
2013-06-06 17:09 - 2012-01-07 17:24 - 00000000 ____D C:\Users\Santa\dwhelper
2013-06-06 13:16 - 2013-02-04 23:09 - 00000000 ____D C:\Program Files\BatteryBar
2013-06-05 22:50 - 2013-02-03 21:16 - 00000000 ____D C:\Program Files\Classic Shell
2013-06-04 23:09 - 2013-05-30 16:13 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-04 23:09 - 2013-05-30 16:13 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-04 19:05 - 2013-02-09 15:08 - 00000021 ____A C:\Users\Santa\AppData\Roaming\ISOWorkshop.ini
2013-06-04 19:02 - 2013-06-04 19:02 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2013-06-04 18:49 - 2013-02-03 21:17 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-06-04 18:49 - 2013-02-03 21:15 - 00000000 ____D C:\Users\Santa\AppData\Roaming\uTorrent
2013-06-04 18:48 - 2013-02-04 23:10 - 00000000 ____D C:\Program Files\CCleaner
2013-06-04 18:22 - 2013-06-04 18:22 - 00000000 ____D C:\ProgramData\Bluray Decrypter
2013-06-04 18:13 - 2013-02-04 23:37 - 00001198 ____A C:\Users\Public\Desktop\ISO Workshop.lnk
2013-06-04 18:07 - 2013-06-04 18:07 - 00000000 ____D C:\Program Files\Handbrake
2013-06-04 18:07 - 2013-05-30 18:37 - 00000827 ____A C:\Users\Santa\Desktop\Handbrake.lnk
2013-06-04 15:20 - 2013-02-11 00:20 - 00000000 ____D C:\Users\Santa\AppData\Roaming\TeamViewer
2013-06-04 13:04 - 2013-02-11 00:19 - 00000000 ____D C:\Program Files (x86)\Lenovo
2013-06-04 12:56 - 2013-06-04 12:51 - 00000000 ____D C:\ProgramData\Lenovo
2013-06-04 12:51 - 2013-06-04 12:51 - 00000000 ____D C:\Windows\Downloaded Installations
2013-06-04 12:51 - 2013-06-04 12:51 - 00000000 ____D C:\Program Files\Common Files\Lenovo
2013-06-04 12:51 - 2012-07-26 09:12 - 00000000 __RSD C:\Windows\Media
2013-06-03 18:08 - 2013-02-03 21:15 - 00000000 ____D C:\Program Files (x86)\uTorrent
2013-06-03 16:30 - 2013-06-03 16:30 - 00000000 ____D C:\Users\Santa\AppData\Local\VMLite Workstation
2013-06-02 11:38 - 2013-06-02 11:38 - 00000000 ____D C:\Users\Santa\.android
2013-06-02 11:36 - 2013-02-03 21:15 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Notepad++
2013-06-01 11:38 - 2013-05-30 18:37 - 00000000 ____D C:\Users\Santa\AppData\Roaming\HandBrake
2013-05-31 21:26 - 2013-05-31 21:26 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android
2013-05-31 13:19 - 2013-05-31 13:19 - 00000000 ____D C:\ZOPO
2013-05-30 19:59 - 2013-05-30 19:59 - 00000000 ____D C:\Users\Santa\AppData\Local\FreemakeVideoConverter
2013-05-30 19:25 - 2013-05-30 19:25 - 00000000 ____D C:\ProgramData\Freemake
2013-05-30 19:25 - 2013-05-30 19:25 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-05-30 16:24 - 2013-02-06 19:07 - 00000000 ____D C:\Users\Santa\AppData\Roaming\JAM Software
2013-05-30 16:19 - 2013-02-05 22:11 - 00001080 ____A C:\Users\Santa\AppData\Roaming\Network Meter_Settings.ini
2013-05-30 16:17 - 2013-05-30 16:17 - 00310216 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-30 16:12 - 2013-02-03 20:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-30 16:12 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ToastData
2013-05-30 16:12 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2013-05-30 15:57 - 2013-05-30 15:57 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2013-05-30 15:57 - 2013-02-12 11:51 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Foxit Software
2013-05-24 18:05 - 2013-06-04 12:52 - 02366320 ____A (Microsoft Corporation) C:\Windows\System32\WudfUpdate_01011.dll
2013-05-24 14:21 - 2013-06-14 23:21 - 00000572 ___RA C:\Windows\SysWOW64\revolution.2012.118.720p-dimension.nfo
2013-05-19 11:54 - 2013-05-19 11:54 - 00097176 ____A (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-03 16:06:42
Restore point made on: 2013-06-05 20:20:13
Restore point made on: 2013-06-05 22:50:16
Restore point made on: 2013-06-08 15:31:09
Restore point made on: 2013-06-08 18:51:01
Restore point made on: 2013-06-08 21:17:44
Restore point made on: 2013-06-08 21:32:32
Restore point made on: 2013-06-12 21:22:58
Restore point made on: 2013-06-15 06:52:02

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8103.23 MB
Available physical RAM: 7279.2 MB
Total Pagefile: 8103.23 MB
Available Pagefile: 7287.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (SSD) (Fixed) (Total:74.43 GB) (Free:12.1 GB) NTFS (Disk=1 Partition=2)
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS (Disk=1 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive e: (T_094432277) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32 (Disk=2 Partition=1)
Drive f: (Volume) (Fixed) (Total:379.63 GB) (Free:11.3 GB) NTFS (Disk=0 Partition=4)
Drive g: (DATA) (Fixed) (Total:75.19 GB) (Free:16.83 GB) NTFS (Disk=0 Partition=2)
Drive h: (W8_Recovery) (Fixed) (Total:9.77 GB) (Free:0.8 GB) NTFS (Disk=0 Partition=3)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM_DRV) (Fixed) (Total:1.17 GB) (Free:0.82 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 9D286FA3)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=75 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=380 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 9F478B1E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: 96BD01E5)
Partition 1: (Active) - (Size=2 GB) - (Type=0B)


LastRegBack: 2013-06-11 19:03

==================== End Of Log ============================
--- --- ---

schrauber 16.06.2013 10:50
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
HKU\Santa\...\Run: [Adobe Flash Updater] "C:\ProgramData\svsupdates0\xsytzecrn.exe" [745472 2013-06-15] (Microsoft Corporation)
IMEO\hijackthis.exe: [Debugger] cxyqahc_.exe
IMEO\housecalllauncher.exe: [Debugger] sbvhynp_.exe
IMEO\mbam.exe: [Debugger] qs_.exe
IMEO\mbamgui.exe: [Debugger] vf_.exe
IMEO\MSASCui.exe: [Debugger] qs_.exe
IMEO\MsMpEng.exe: [Debugger] zt_.exe
IMEO\msseces.exe: [Debugger] hw_.exe
IMEO\rstrui.exe: [Debugger] xsytzec_.exe
IMEO\spybotsd.exe: [Debugger] ltoazty_.exe
S3 WinRing0_1_2_0; \??\C:\Users\Santa\AppData\Local\Temp\tmp6282.tmp [x]
2013-06-15 20:47 - 2013-06-16 09:10 - 00000000 ____D C:\Users\Santa\AppData\Roaming\WindowsLogonS
2013-06-15 10:46 - 2013-06-15 10:46 - 00000000 __SHD C:\ProgramData\svsupdates0
2013-06-15 10:46 - 2013-06-15 10:46 - 00000000 __SHD C:\ProgramData\svsupdates0
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Reboot in den normalen Modus und von dort nen frischen FRST Scan bitte.

mamic 16.06.2013 11:10
Hallo Schrauber,
nein, das war's leider noch nicht. :headbang:
Ein paar Sekunden nach dem Hochfahren waren alle Prozessoren wieder auf 100%
Hier die beiden logs:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-06-2013
Ran by SYSTEM at 2013-06-16 11:57:57 Run:2
Running from E:\
Boot Mode: Recovery
==============================================

HKU\Santa\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Flash Updater => Value deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\housecalllauncher.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamgui.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe => Key deleted successfully.
WinRing0_1_2_0 => Service deleted successfully.
C:\Users\Santa\AppData\Roaming\WindowsLogonS => Moved successfully.
C:\ProgramData\svsupdates0 => Moved successfully.
C:\ProgramData\svsupdates0 => File/Directory not found.

==== End of Fixlog ====
Und hier das FRST Log nach dem hochfahren:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013
Ran by Santa (administrator) on 16-06-2013 12:00:47
Running from G:\Desktop
Windows 8 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\WINDOWS\system32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\WINDOWS\system32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\WINDOWS\SysWOW64\SAsrv.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(AddGadgets) G:\Downloads\Gadgets\PCMeter\PCMeterV0.3.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPOSD.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
(SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\WINDOWS\System32\LocationNotifications.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Users\Santa\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\Santa\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\Santa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\WINDOWS\System32\WScript.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Ufasoft) C:\FRST\Quarantine\WindowsLogonS\WindowsLogonS\shell.exe
(Ufasoft) C:\FRST\Quarantine\WindowsLogonS\WindowsLogonS\macromedia.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [KeyLemon LemonScreen] C:\Program Files\KeyLemon\KLLockEngine.exe atstartup [1004984 2012-12-17] (KeyLemon)
HKLM\...\Run: [KeyLemon Updater] C:\Program Files\KeyLemon\KLUpdater.exe [705464 2012-12-17] (KeyLemon)
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [LenovoOptMouseUpdate] C:\Program Files\Lenovo\HOTKEY\extapsup.exe [250976 2012-08-31] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1371648 2012-05-19] (Microsoft Corporation)
HKCU\...\Run: [NPowerTray] G:\Downloads\NPowerTray.exe [x]
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
HKCU\...\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show [89600 2013-04-11] ()
HKCU\...\Run: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart [3289088 2007-11-21] (Google)
HKCU\...\Run: [Google Update] "C:\Users\Santa\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2013-06-09] (Google Inc.)
HKCU\...\Run: [MusicManager] "C:\Users\Santa\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [7331840 2013-04-24] (Google Inc.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload [1960448 2013-04-05] (Dominik Reichl)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Flash Updater] "C:\ProgramData\svsupdates0\xsytzecrn.exe" [x]
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Santa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk
ShortcutTarget: Skype.lnk -> C:\FRST\Quarantine\WindowsLogonS\WindowsLogonS\usft_ext.exe.vbs ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: PodcastBHO Class - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler: msdaipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default
FF Homepage: hxxp://web.de/|hxxp://www.google.com/ig?hl=de|https://ksab.kroschu.com/webaccess/index.php|hxxp://www.gizmodo.de/|hxxp://www.focus.de/|hxxp://www.myliveshopping.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF Extension: Flagfox - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF Extension: DownloadHelper - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: amznUWL2 - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\amznUWL2@amazon.com.xpi
FF Extension: client - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\client@anonymox.net.xpi
FF Extension: musicplayer - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\musicplayer@firemediaplayer.com.xpi
FF Extension: SkipScreen - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\SkipScreen@SkipScreen.xpi
FF Extension: translator - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\translator@zoli.bod.xpi
FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi
FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
CHR Plugin: (doubletwist Plugin 1, 3, 0, 0) - C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YOUZEEK Free Music) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcgpdkighmjfjlplcighhgamlhkimce\2.0.1_0
CHR Extension: (YouTube) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Play Music) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\5.1_0
CHR Extension: (Gmail) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2227992 2000-01-01] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [331776 2012-07-26] (Microsoft Corporation)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [959256 2012-11-15] (Broadcom Corporation.)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-04-12] (IvoSoft)
R2 CxAudMsg; C:\WINDOWS\system32\CxAudMsg64.exe [201376 2012-06-08] (Conexant Systems Inc.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-05-30] (Freemake)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R1 ACLE6Live; C:\WINDOWS\system32\Drivers\ACLE1764.sys [109016 2013-02-14] (Softwareentwicklung Remus - ArchiCrypt - )
R1 ACLE6Live; C:\WINDOWS\system32\Drivers\ACLE1764.sys [109016 2013-02-14] (Softwareentwicklung Remus - ArchiCrypt - )
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [169240 2000-01-01] (Broadcom Corporation.)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [117632 2013-02-02] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [30720 2013-02-02] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-18] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2013-06-16] ()
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
R3 WinRing0_1_2_0; \??\C:\Users\Santa\AppData\Local\Temp\tmp568C.tmp [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-16 09:49 - 2013-06-16 09:49 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-15 19:47 - 2013-06-15 19:47 - 00001842 ____A C:\Users\Santa\Desktop\JRT.txt
2013-06-15 19:43 - 2013-06-15 19:43 - 00000000 ____D C:\Windows\ERUNT
2013-06-15 19:43 - 2013-06-15 19:43 - 00000000 ____D C:\JRT
2013-06-15 19:39 - 2013-06-15 19:39 - 00010597 ____A C:\AdwCleaner[S1].txt
2013-06-15 16:01 - 2013-06-15 17:21 - 00000000 ____D C:\FRST
2013-06-15 15:09 - 2013-06-15 15:09 - 862801894 ____A C:\Windows\MEMORY.DMP
2013-06-15 00:21 - 2013-05-24 15:21 - 00000572 ___RA C:\Windows\SysWOW64\revolution.2012.118.720p-dimension.nfo
2013-06-13 19:15 - 2013-05-04 09:45 - 02233600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Users\Santa\AppData\Local\Newshosting
2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Users\Santa\AppData\Local\CrashRpt
2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\ProgramData\Caphyon
2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Program Files\Newshosting
2013-06-13 18:30 - 2013-06-13 18:30 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Newshosting
2013-06-13 18:11 - 2013-04-24 01:13 - 01013248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-13 18:11 - 2013-04-24 01:12 - 01569792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-13 18:11 - 2013-04-24 01:12 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-13 18:11 - 2013-04-24 00:56 - 01255936 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-13 18:11 - 2013-04-24 00:55 - 01889280 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-13 18:11 - 2013-04-24 00:55 - 00141312 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-13 18:11 - 2013-04-24 00:55 - 00068096 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-13 17:11 - 2013-04-27 07:20 - 00733184 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 22:23 - 2013-04-03 01:37 - 00025088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 22:23 - 2013-04-03 01:12 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 21:51 - 2013-05-16 00:37 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-06-12 21:51 - 2013-05-16 00:36 - 14320640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 21:51 - 2013-05-16 00:35 - 19230720 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 21:51 - 2013-05-16 00:35 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll
2013-06-12 21:51 - 2013-05-14 15:14 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 21:51 - 2013-05-14 11:23 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 21:51 - 2013-04-29 00:30 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 21:51 - 2013-04-29 00:30 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 21:51 - 2013-04-29 00:30 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 21:51 - 2013-04-29 00:30 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 21:51 - 2013-04-29 00:30 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 21:51 - 2013-04-29 00:30 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 21:51 - 2013-04-29 00:30 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 21:51 - 2013-04-29 00:28 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 21:51 - 2013-04-29 00:28 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 21:51 - 2013-04-29 00:28 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 21:51 - 2013-04-29 00:28 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2013-06-12 21:51 - 2013-04-29 00:28 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 21:51 - 2013-04-29 00:28 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 21:51 - 2013-04-29 00:27 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 21:51 - 2013-04-29 00:27 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 21:51 - 2013-04-29 00:27 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-11 19:21 - 2013-05-16 00:35 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\tssdisai.dll
2013-06-09 12:54 - 2013-06-09 12:54 - 00000000 ____D C:\Program Files (x86)\iTunes Library Updater
2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files\iTunes
2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files\iPod
2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-09 09:43 - 2013-06-16 10:48 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000UA.job
2013-06-09 09:43 - 2013-06-16 09:48 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000Core.job
2013-06-09 09:39 - 2013-06-16 11:59 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-09 09:39 - 2013-06-16 10:44 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-08 22:35 - 2013-06-08 22:35 - 00000000 ____D C:\Users\Santa\AppData\Local\Broadcom
2013-06-08 22:35 - 2000-01-01 02:00 - 00161144 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwampfl.sys
2013-06-08 22:34 - 2000-01-01 02:00 - 02231064 ____A (Broadcom Corporation.) C:\Windows\System32\BcmBtRSupport.dll
2013-06-08 22:34 - 2000-01-01 02:00 - 02227992 ____A (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
2013-06-08 22:34 - 2000-01-01 02:00 - 00226680 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwavdt.sys
2013-06-08 22:34 - 2000-01-01 02:00 - 00186136 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwaudio.sys
2013-06-08 22:34 - 2000-01-01 02:00 - 00169240 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\bcbtums.sys
2013-06-08 22:34 - 2000-01-01 02:00 - 00040248 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwl2cap.sys
2013-06-08 22:34 - 2000-01-01 02:00 - 00020856 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwrchid.sys
2013-06-08 22:28 - 2013-06-08 22:34 - 00000433 ____A C:\Windows\setupact.log
2013-06-08 22:28 - 2013-06-08 22:28 - 00000000 ____A C:\Windows\setuperr.log
2013-06-08 22:20 - 2013-06-15 17:20 - 00001174 ____A C:\Windows\PFRO.log
2013-06-08 22:19 - 2013-06-08 22:19 - 00000000 ____D C:\Users\Santa\AppData\Local\pcwServiceCenter
2013-06-08 22:19 - 2000-01-01 02:00 - 00053248 ____A (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2013-06-08 22:16 - 2013-06-08 22:16 - 00002467 ____A C:\Users\Public\Desktop\SlimDrivers.lnk
2013-06-08 22:16 - 2013-06-08 22:16 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2013-06-08 22:12 - 2013-06-16 11:59 - 00016152 ____A C:\Windows\System32\Drivers\SWDUMon.sys
2013-06-08 22:12 - 2013-06-16 11:59 - 00000418 ____A C:\Windows\Tasks\SlimDrivers Startup.job
2013-06-08 22:12 - 2013-06-08 22:12 - 00000000 ____D C:\Users\Santa\AppData\Local\SlimWare Utilities Inc
2013-06-08 21:02 - 2013-06-08 21:02 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-08 21:02 - 2013-06-08 21:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-08 21:02 - 2013-06-08 21:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-08 21:02 - 2013-06-08 21:02 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-08 21:02 - 2013-06-08 21:02 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-08 21:01 - 2013-06-08 21:01 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-08 21:01 - 2013-06-08 21:01 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-08 21:01 - 2013-06-08 21:01 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-08 21:01 - 2013-06-08 21:01 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-08 21:01 - 2013-06-08 21:01 - 00001168 ____A C:\Users\Santa\Desktop\Google Talk.lnk
2013-06-08 20:59 - 2013-06-15 13:07 - 01083791 ____A C:\Windows\WindowsUpdate.log
2013-06-08 20:59 - 2013-06-08 20:59 - 00000000 ____D C:\Users\Santa\AppData\Local\Secunia PSI
2013-06-08 20:59 - 2013-06-08 20:59 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-06-08 20:56 - 2013-06-08 20:56 - 00053248 ____A C:\Windows\SysWOW64\zlib.dll
2013-06-08 20:56 - 2013-06-08 20:56 - 00000749 ____A C:\Users\Public\Desktop\dMaintenanceConfig.zip
2013-06-08 20:49 - 2013-06-08 20:49 - 00024576 ____A C:\Windows\System32\FoolishEventLogMsgHelper.dll
2013-06-08 19:54 - 2013-06-08 19:54 - 00000000 ____D C:\Program Files (x86)\Auslogics
2013-06-08 19:48 - 2013-06-08 19:48 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Auslogics
2013-06-08 19:47 - 2013-06-08 19:47 - 00000946 ____A C:\Users\Public\Desktop\PC-WELT-ServiceCenter.lnk
2013-06-08 19:46 - 2013-06-08 19:47 - 00000000 ____D C:\Program Files\PC-WELT-ServiceCenter
2013-06-08 18:32 - 2013-06-08 18:32 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-08 16:46 - 2013-06-08 16:46 - 00000000 ____D C:\Users\Santa\AppData\Local\Engelmann_Media
2013-06-08 16:40 - 2013-06-08 16:40 - 00000000 ____D C:\ProgramData\Licenses
2013-06-08 16:34 - 2013-06-08 22:20 - 00000334 ____A C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job
2013-06-08 16:34 - 2013-06-08 16:34 - 00000000 ____D C:\Users\Santa\AppData\Roaming\SuperEasy Software
2013-06-08 16:31 - 2013-06-08 16:31 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Engelmann Media
2013-06-08 16:31 - 2013-06-08 16:31 - 00000000 ____D C:\Program Files (x86)\Engelmann Media
2013-06-08 16:27 - 2013-06-08 16:28 - 00010458 ____A C:\Windows\Q-Dir.ini
2013-06-08 16:27 - 2013-06-08 16:28 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Q-Dir
2013-06-08 16:27 - 2013-06-08 16:27 - 00001832 ____A C:\Users\Public\Desktop\Q-Dir.lnk
2013-06-08 16:27 - 2013-06-08 16:27 - 00000000 ____D C:\Program Files (x86)\Q-Dir
2013-06-06 22:52 - 2013-06-06 23:09 - 00000000 ____D C:\Users\Santa\AppData\Roaming\GlarySoft
2013-06-06 22:50 - 2013-06-16 11:59 - 00000334 ____A C:\Windows\Tasks\GlaryInitialize.job
2013-06-06 22:50 - 2013-06-06 22:50 - 00000000 ____D C:\Program Files (x86)\Glary Utilities
2013-06-04 20:02 - 2013-06-04 20:02 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2013-06-04 19:22 - 2013-06-04 19:22 - 00000000 ____D C:\ProgramData\Bluray Decrypter
2013-06-04 19:07 - 2013-06-04 19:07 - 00000000 ____D C:\Program Files\Handbrake
2013-06-04 13:52 - 2013-05-24 19:05 - 02366320 ____A (Microsoft Corporation) C:\Windows\System32\WudfUpdate_01011.dll
2013-06-04 13:51 - 2013-06-04 13:56 - 00000000 ____D C:\ProgramData\Lenovo
2013-06-04 13:51 - 2013-06-04 13:51 - 00000000 ____D C:\Windows\Downloaded Installations
2013-06-04 13:51 - 2013-06-04 13:51 - 00000000 ____D C:\Program Files\Common Files\Lenovo
2013-06-03 17:30 - 2013-06-03 17:30 - 00000000 ____D C:\Users\Santa\AppData\Local\VMLite Workstation
2013-06-03 17:10 - 2013-06-08 18:29 - 00000000 ____D C:\Users\Santa\VMLites
2013-06-02 12:38 - 2013-06-02 12:38 - 00000000 ____D C:\Users\Santa\.android
2013-05-31 22:26 - 2013-05-31 22:26 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android
2013-05-31 22:26 - 2011-11-25 01:25 - 00015360 ____A (June Fabrics Technology Inc.) C:\Windows\System32\Drivers\pneteth.sys
2013-05-31 14:19 - 2013-05-31 14:19 - 00000000 ____D C:\ZOPO
2013-05-30 20:59 - 2013-05-30 20:59 - 00000000 ____D C:\Users\Santa\AppData\Local\FreemakeVideoConverter
2013-05-30 20:25 - 2013-05-30 20:25 - 00000000 ____D C:\ProgramData\Freemake
2013-05-30 20:25 - 2013-05-30 20:25 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-05-30 19:37 - 2013-06-04 19:07 - 00000827 ____A C:\Users\Santa\Desktop\Handbrake.lnk
2013-05-30 19:37 - 2013-06-01 12:38 - 00000000 ____D C:\Users\Santa\AppData\Roaming\HandBrake
2013-05-30 17:17 - 2013-05-30 17:17 - 00310216 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-30 17:13 - 2013-06-05 00:09 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-30 17:13 - 2013-06-05 00:09 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-30 16:57 - 2013-05-30 16:57 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2013-05-30 16:34 - 2013-06-06 22:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-30 16:04 - 2013-04-08 23:52 - 00106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2013-05-30 16:04 - 2013-04-08 23:51 - 01113600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
2013-05-30 16:04 - 2013-04-08 23:51 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2013-05-30 16:04 - 2013-04-08 23:51 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2013-05-30 16:04 - 2013-04-08 23:51 - 00268800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-05-30 16:04 - 2013-04-08 23:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll
2013-05-30 16:04 - 2013-03-16 00:05 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2013-05-30 16:03 - 2013-04-09 07:33 - 00489576 ____A (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2013-05-30 16:03 - 2013-04-09 07:33 - 00446792 ____A (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2013-05-30 16:03 - 2013-04-09 07:33 - 00253544 ____A (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2013-05-30 16:03 - 2013-04-09 07:27 - 00284424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
2013-05-30 16:03 - 2013-04-09 07:20 - 00306952 ____A (Microsoft Corporation) C:\Windows\System32\kd_02_10ec.dll
2013-05-30 16:03 - 2013-04-09 07:20 - 00086280 ____A (Microsoft Corporation) C:\Windows\System32\kdnet.dll
2013-05-30 16:03 - 2013-04-09 07:18 - 00077960 ____A (Microsoft Corporation) C:\Windows\System32\kdvm.dll
2013-05-30 16:03 - 2013-04-09 07:17 - 01829408 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-05-30 16:03 - 2013-04-09 06:52 - 00816128 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2013-05-30 16:03 - 2013-04-09 06:52 - 00804352 ____A (Microsoft Corporation) C:\Windows\System32\RecoveryDrive.exe
2013-05-30 16:03 - 2013-04-09 06:52 - 00373760 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2013-05-30 16:03 - 2013-04-09 06:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2013-05-30 16:03 - 2013-04-09 06:52 - 00126464 ____A (Microsoft Corporation) C:\Windows\System32\Robocopy.exe
2013-05-30 16:03 - 2013-04-09 06:51 - 14267904 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll
2013-05-30 16:03 - 2013-04-09 06:51 - 13648384 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2013-05-30 16:03 - 2013-04-09 06:51 - 10116096 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll
2013-05-30 16:03 - 2013-04-09 06:51 - 03552768 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2013-05-30 16:03 - 2013-04-09 06:51 - 00595456 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.dll
2013-05-30 16:03 - 2013-04-09 06:51 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-30 16:03 - 2013-04-09 06:51 - 00456704 ____A (Microsoft Corporation) C:\Windows\System32\wpncore.dll
2013-05-30 16:03 - 2013-04-09 06:51 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-05-30 16:03 - 2013-04-09 06:51 - 00367616 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-05-30 16:03 - 2013-04-09 06:51 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wscsvc.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 02107904 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 01285632 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 00745984 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 00435200 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 00422400 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 00414720 ____A (Microsoft Corporation) C:\Windows\System32\GenuineCenter.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mssprxy.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2013-05-30 16:03 - 2013-04-09 06:50 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\msshooks.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 01444864 ____A (Microsoft Corporation) C:\Windows\System32\MSAudDecMFT.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 00817152 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 00468992 ____A (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 00281088 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\fhengine.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 00210432 ____A (Microsoft Corporation) C:\Windows\System32\iuilp.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 00196096 ____A (Microsoft Corporation) C:\Windows\System32\dmvdsitf.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\dwmredir.dll
2013-05-30 16:03 - 2013-04-09 06:49 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\fmifs.dll
2013-05-30 16:03 - 2013-04-09 06:48 - 02303488 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-30 16:03 - 2013-04-09 06:48 - 00785408 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2013-05-30 16:03 - 2013-04-09 06:48 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl
2013-05-30 16:03 - 2013-04-09 06:48 - 00169472 ____A (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
2013-05-30 16:03 - 2013-04-09 04:35 - 04038144 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-30 16:03 - 2013-04-09 04:34 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys
2013-05-30 16:03 - 2013-04-09 04:34 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-05-30 16:03 - 2013-04-09 04:34 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2013-05-30 16:03 - 2013-04-09 04:33 - 00623104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2013-05-30 16:03 - 2013-04-09 04:33 - 00060416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
2013-05-30 16:03 - 2013-04-09 04:32 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
2013-05-30 16:03 - 2013-04-09 04:31 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2013-05-30 16:03 - 2013-04-09 04:31 - 00083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
2013-05-30 16:03 - 2013-04-09 01:44 - 00123880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2013-05-30 16:03 - 2013-04-09 01:39 - 01408896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-05-30 16:03 - 2013-04-09 01:37 - 00426024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2013-05-30 16:03 - 2013-04-09 01:37 - 00324368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2013-05-30 16:03 - 2013-04-08 23:52 - 11878912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-05-30 16:03 - 2013-04-08 23:52 - 00670208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2013-05-30 16:03 - 2013-04-08 23:52 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-05-30 16:03 - 2013-04-08 23:52 - 00302592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2013-05-30 16:03 - 2013-04-08 23:52 - 00171008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2013-05-30 16:03 - 2013-04-08 23:51 - 10789888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 02767360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 02035200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 01593344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00659456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00656896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00403968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2013-05-30 16:03 - 2013-04-08 23:51 - 00324096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00214528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00186880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00155648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00035328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2013-05-30 16:03 - 2013-04-08 23:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2013-05-30 16:03 - 2013-04-05 01:30 - 00503080 ____A (Microsoft Corporation) C:\Windows\System32\ci.dll
2013-05-30 16:03 - 2013-04-03 00:08 - 00387688 ____A C:\Windows\System32\ApnDatabase.xml
2013-05-30 16:03 - 2013-03-30 20:16 - 01403784 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
2013-05-30 16:03 - 2013-03-30 20:16 - 01267424 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2013-05-30 16:03 - 2013-03-29 00:09 - 01217328 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
2013-05-30 16:03 - 2013-03-29 00:09 - 01093880 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2013-05-30 16:03 - 2013-03-16 00:05 - 00298456 ____A (Microsoft Corporation) C:\Windows\System32\rsaenh.dll
2013-05-30 16:03 - 2012-12-13 06:00 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-05-30 16:03 - 2012-12-13 05:59 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-05-30 16:01 - 2013-04-16 04:34 - 01455368 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-30 16:01 - 2013-04-11 08:40 - 06987528 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-05-30 15:59 - 2013-03-22 05:49 - 02382336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2013-05-30 15:59 - 2013-03-22 00:47 - 02851840 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2013-05-30 15:59 - 2013-03-15 02:17 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2013-05-30 15:59 - 2013-03-06 09:10 - 00112872 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-30 15:59 - 2013-03-06 08:31 - 19758592 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-30 15:59 - 2013-03-06 08:31 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-30 15:59 - 2013-03-06 08:29 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-30 15:59 - 2013-03-06 07:03 - 17561600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-30 15:59 - 2013-03-06 07:03 - 00199168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-19 12:54 - 2013-05-19 12:54 - 00097176 ____A (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll

==================== One Month Modified Files and Folders =======

2013-06-16 12:00 - 2013-03-30 17:23 - 00016041 ____A C:\Users\Santa\Network_Meter_Data.js
2013-06-16 12:00 - 2013-02-03 22:45 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Skype
2013-06-16 12:00 - 2013-02-03 21:35 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Dropbox
2013-06-16 12:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\sru
2013-06-16 11:59 - 2013-06-09 09:39 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-16 11:59 - 2013-06-08 22:12 - 00016152 ____A C:\Windows\System32\Drivers\SWDUMon.sys
2013-06-16 11:59 - 2013-06-08 22:12 - 00000418 ____A C:\Windows\Tasks\SlimDrivers Startup.job
2013-06-16 11:59 - 2013-06-06 22:50 - 00000334 ____A C:\Windows\Tasks\GlaryInitialize.job
2013-06-16 11:59 - 2012-07-26 09:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-16 11:20 - 2012-07-26 07:26 - 00262144 __ASH C:\Windows\System32\config\BBI
2013-06-16 11:19 - 2012-07-26 12:27 - 00753134 ____A C:\Windows\System32\perfh007.dat
2013-06-16 11:19 - 2012-07-26 12:27 - 00155826 ____A C:\Windows\System32\perfc007.dat
2013-06-16 11:19 - 2012-07-26 09:28 - 01745416 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-16 11:18 - 2013-03-31 01:13 - 00000026 ____A C:\Users\Santa\AppData\Roaming\Network Meter_Usage.ini
2013-06-16 11:09 - 2013-03-28 14:18 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-16 10:48 - 2013-06-09 09:43 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000UA.job
2013-06-16 10:44 - 2013-06-09 09:39 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-16 09:49 - 2013-06-16 09:49 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-16 09:48 - 2013-06-09 09:43 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000Core.job
2013-06-15 19:47 - 2013-06-15 19:47 - 00001842 ____A C:\Users\Santa\Desktop\JRT.txt
2013-06-15 19:43 - 2013-06-15 19:43 - 00000000 ____D C:\Windows\ERUNT
2013-06-15 19:43 - 2013-06-15 19:43 - 00000000 ____D C:\JRT
2013-06-15 19:39 - 2013-06-15 19:39 - 00010597 ____A C:\AdwCleaner[S1].txt
2013-06-15 17:21 - 2013-06-15 16:01 - 00000000 ____D C:\FRST
2013-06-15 17:20 - 2013-06-08 22:20 - 00001174 ____A C:\Windows\PFRO.log
2013-06-15 15:09 - 2013-06-15 15:09 - 862801894 ____A C:\Windows\MEMORY.DMP
2013-06-15 13:07 - 2013-06-08 20:59 - 01083791 ____A C:\Windows\WindowsUpdate.log
2013-06-15 02:29 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-06-15 00:18 - 2013-02-09 16:59 - 00000000 ____D C:\Users\Santa\AppData\Roaming\vlc
2013-06-13 22:24 - 2013-02-03 22:01 - 00000000 ____D C:\Users\Santa\AppData\Roaming\UseNeXT
2013-06-13 22:09 - 2013-02-03 21:45 - 00000000 ____D C:\Users\Santa\AppData\Roaming\KeePass
2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Users\Santa\AppData\Local\Newshosting
2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Users\Santa\AppData\Local\CrashRpt
2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\ProgramData\Caphyon
2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Program Files\Newshosting
2013-06-13 18:32 - 2013-02-03 20:59 - 00000000 ____D C:\users\Santa
2013-06-13 18:30 - 2013-06-13 18:30 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Newshosting
2013-06-13 17:31 - 2013-02-04 22:44 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 20:19 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-06-12 00:22 - 2012-07-26 07:37 - 00000000 ____D C:\Windows\servicing
2013-06-10 18:43 - 2013-02-05 00:26 - 00000853 ____A C:\Users\Santa\AppData\Roaming\Drives Meter_Settings.ini
2013-06-09 12:54 - 2013-06-09 12:54 - 00000000 ____D C:\Program Files (x86)\iTunes Library Updater
2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files\iTunes
2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files\iPod
2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-09 09:44 - 2013-02-03 22:16 - 00000000 ____D C:\Users\Santa\AppData\Local\Google
2013-06-09 09:39 - 2013-02-03 22:16 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-08 22:35 - 2013-06-08 22:35 - 00000000 ____D C:\Users\Santa\AppData\Local\Broadcom
2013-06-08 22:34 - 2013-06-08 22:28 - 00000433 ____A C:\Windows\setupact.log
2013-06-08 22:34 - 2013-02-11 01:19 - 00000000 ____D C:\Program Files\Lenovo
2013-06-08 22:28 - 2013-06-08 22:28 - 00000000 ____A C:\Windows\setuperr.log
2013-06-08 22:20 - 2013-06-08 16:34 - 00000334 ____A C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job
2013-06-08 22:19 - 2013-06-08 22:19 - 00000000 ____D C:\Users\Santa\AppData\Local\pcwServiceCenter
2013-06-08 22:19 - 2013-02-03 21:15 - 00000000 ____D C:\Program Files (x86)\Intel
2013-06-08 22:16 - 2013-06-08 22:16 - 00002467 ____A C:\Users\Public\Desktop\SlimDrivers.lnk
2013-06-08 22:16 - 2013-06-08 22:16 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2013-06-08 22:12 - 2013-06-08 22:12 - 00000000 ____D C:\Users\Santa\AppData\Local\SlimWare Utilities Inc
2013-06-08 21:02 - 2013-06-08 21:02 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-08 21:02 - 2013-06-08 21:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-08 21:02 - 2013-06-08 21:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-08 21:02 - 2013-06-08 21:02 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-08 21:02 - 2013-06-08 21:02 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-08 21:02 - 2013-04-12 16:38 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-08 21:02 - 2013-04-12 16:38 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-08 21:01 - 2013-06-08 21:01 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-08 21:01 - 2013-06-08 21:01 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-08 21:01 - 2013-06-08 21:01 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-08 21:01 - 2013-06-08 21:01 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-08 21:01 - 2013-06-08 21:01 - 00001168 ____A C:\Users\Santa\Desktop\Google Talk.lnk
2013-06-08 21:01 - 2013-02-03 22:14 - 01092512 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-08 21:01 - 2013-02-03 22:14 - 00971680 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-08 20:59 - 2013-06-08 20:59 - 00000000 ____D C:\Users\Santa\AppData\Local\Secunia PSI
2013-06-08 20:59 - 2013-06-08 20:59 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-06-08 20:56 - 2013-06-08 20:56 - 00053248 ____A C:\Windows\SysWOW64\zlib.dll
2013-06-08 20:56 - 2013-06-08 20:56 - 00000749 ____A C:\Users\Public\Desktop\dMaintenanceConfig.zip
2013-06-08 20:49 - 2013-06-08 20:49 - 00024576 ____A C:\Windows\System32\FoolishEventLogMsgHelper.dll
2013-06-08 19:54 - 2013-06-08 19:54 - 00000000 ____D C:\Program Files (x86)\Auslogics
2013-06-08 19:48 - 2013-06-08 19:48 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Auslogics
2013-06-08 19:47 - 2013-06-08 19:47 - 00000946 ____A C:\Users\Public\Desktop\PC-WELT-ServiceCenter.lnk
2013-06-08 19:47 - 2013-06-08 19:46 - 00000000 ____D C:\Program Files\PC-WELT-ServiceCenter
2013-06-08 18:32 - 2013-06-08 18:32 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-08 18:29 - 2013-06-03 17:10 - 00000000 ____D C:\Users\Santa\VMLites
2013-06-08 17:48 - 2013-02-03 21:03 - 00000000 ____D C:\Users\Santa\AppData\Local\VirtualStore
2013-06-08 16:46 - 2013-06-08 16:46 - 00000000 ____D C:\Users\Santa\AppData\Local\Engelmann_Media
2013-06-08 16:40 - 2013-06-08 16:40 - 00000000 ____D C:\ProgramData\Licenses
2013-06-08 16:34 - 2013-06-08 16:34 - 00000000 ____D C:\Users\Santa\AppData\Roaming\SuperEasy Software
2013-06-08 16:31 - 2013-06-08 16:31 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Engelmann Media
2013-06-08 16:31 - 2013-06-08 16:31 - 00000000 ____D C:\Program Files (x86)\Engelmann Media
2013-06-08 16:28 - 2013-06-08 16:27 - 00010458 ____A C:\Windows\Q-Dir.ini
2013-06-08 16:28 - 2013-06-08 16:27 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Q-Dir
2013-06-08 16:27 - 2013-06-08 16:27 - 00001832 ____A C:\Users\Public\Desktop\Q-Dir.lnk
2013-06-08 16:27 - 2013-06-08 16:27 - 00000000 ____D C:\Program Files (x86)\Q-Dir
2013-06-06 23:32 - 2013-02-11 01:17 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-06 23:09 - 2013-06-06 22:52 - 00000000 ____D C:\Users\Santa\AppData\Roaming\GlarySoft
2013-06-06 22:55 - 2013-05-30 16:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-06 22:55 - 2013-02-05 00:09 - 00000000 ____D C:\Users\Santa\AppData\Roaming\BatteryBar
2013-06-06 22:50 - 2013-06-06 22:50 - 00000000 ____D C:\Program Files (x86)\Glary Utilities
2013-06-06 18:09 - 2012-01-07 18:24 - 00000000 ____D C:\Users\Santa\dwhelper
2013-06-06 14:16 - 2013-02-05 00:09 - 00000000 ____D C:\Program Files\BatteryBar
2013-06-05 23:50 - 2013-02-03 22:16 - 00000000 ____D C:\Program Files\Classic Shell
2013-06-05 00:09 - 2013-05-30 17:13 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-05 00:09 - 2013-05-30 17:13 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-04 20:05 - 2013-02-09 16:08 - 00000021 ____A C:\Users\Santa\AppData\Roaming\ISOWorkshop.ini
2013-06-04 20:02 - 2013-06-04 20:02 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2013-06-04 19:49 - 2013-02-03 22:17 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-06-04 19:49 - 2013-02-03 22:15 - 00000000 ____D C:\Users\Santa\AppData\Roaming\uTorrent
2013-06-04 19:48 - 2013-02-05 00:10 - 00000000 ____D C:\Program Files\CCleaner
2013-06-04 19:22 - 2013-06-04 19:22 - 00000000 ____D C:\ProgramData\Bluray Decrypter
2013-06-04 19:13 - 2013-02-05 00:37 - 00001198 ____A C:\Users\Public\Desktop\ISO Workshop.lnk
2013-06-04 19:07 - 2013-06-04 19:07 - 00000000 ____D C:\Program Files\Handbrake
2013-06-04 19:07 - 2013-05-30 19:37 - 00000827 ____A C:\Users\Santa\Desktop\Handbrake.lnk
2013-06-04 16:20 - 2013-02-11 01:20 - 00000000 ____D C:\Users\Santa\AppData\Roaming\TeamViewer
2013-06-04 14:04 - 2013-02-11 01:19 - 00000000 ____D C:\Program Files (x86)\Lenovo
2013-06-04 13:56 - 2013-06-04 13:51 - 00000000 ____D C:\ProgramData\Lenovo
2013-06-04 13:51 - 2013-06-04 13:51 - 00000000 ____D C:\Windows\Downloaded Installations
2013-06-04 13:51 - 2013-06-04 13:51 - 00000000 ____D C:\Program Files\Common Files\Lenovo
2013-06-04 13:51 - 2012-07-26 10:12 - 00000000 __RSD C:\Windows\Media
2013-06-03 19:08 - 2013-02-03 22:15 - 00000000 ____D C:\Program Files (x86)\uTorrent
2013-06-03 17:30 - 2013-06-03 17:30 - 00000000 ____D C:\Users\Santa\AppData\Local\VMLite Workstation
2013-06-02 12:38 - 2013-06-02 12:38 - 00000000 ____D C:\Users\Santa\.android
2013-06-02 12:36 - 2013-02-03 22:15 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Notepad++
2013-06-01 12:38 - 2013-05-30 19:37 - 00000000 ____D C:\Users\Santa\AppData\Roaming\HandBrake
2013-05-31 22:26 - 2013-05-31 22:26 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android
2013-05-31 14:19 - 2013-05-31 14:19 - 00000000 ____D C:\ZOPO
2013-05-30 20:59 - 2013-05-30 20:59 - 00000000 ____D C:\Users\Santa\AppData\Local\FreemakeVideoConverter
2013-05-30 20:25 - 2013-05-30 20:25 - 00000000 ____D C:\ProgramData\Freemake
2013-05-30 20:25 - 2013-05-30 20:25 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-05-30 17:24 - 2013-02-06 20:07 - 00000000 ____D C:\Users\Santa\AppData\Roaming\JAM Software
2013-05-30 17:19 - 2013-02-05 23:11 - 00001080 ____A C:\Users\Santa\AppData\Roaming\Network Meter_Settings.ini
2013-05-30 17:17 - 2013-05-30 17:17 - 00310216 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-30 17:12 - 2013-02-03 21:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-30 17:12 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2013-05-30 17:12 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-05-30 16:57 - 2013-05-30 16:57 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2013-05-30 16:57 - 2013-02-12 12:51 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Foxit Software
2013-05-24 19:05 - 2013-06-04 13:52 - 02366320 ____A (Microsoft Corporation) C:\Windows\System32\WudfUpdate_01011.dll
2013-05-24 15:21 - 2013-06-15 00:21 - 00000572 ___RA C:\Windows\SysWOW64\revolution.2012.118.720p-dimension.nfo
2013-05-19 12:54 - 2013-05-19 12:54 - 00097176 ____A (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-11 20:03

==================== End Of Log ============================
--- --- ---


Gruss
mamic


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:08 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131