| |
| |||||||
Log-Analyse und Auswertung: wie entferne ich " snap.Do " von meinem PC, Deinstallation bisher erfolglosWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.11.2013, 07:46
| #1 |
| |  wie entferne ich " snap.Do " von meinem PC, Deinstallation bisher erfolglos Hallo & recht schönen Dank an den/die Retter(in) , die sich meinem Problem annehmen wollen. Ich muss zugeben, daß ich doch nach Belieben Freeware runterlade, aber meist sehr genau auf die Bedingungen und Buttons achte ....ab und zu rutscht halt doch was durch. Mein Wissen über die erforderlichen Schritte komplett Malwarefree zu sein ist begrenzt. Habe Bitdefender als Internet Security an Bord, ansonsten auch mal Spybot laufen lassen. Was ist passiert: Freeeware "youtube to mp3 " aus dem web runtergeladen. 1) Nach Installation startet Chrome nicht mehr mit Google, sondern mit " snapdo " mit entsprechend umgeleiteten unbrauchbaren Links auf der Ergebnisseite. Dito mit Firefox. 2) snap.do in den jeweiligen Browsereinstellungen entfernt, Standards wieder hergestellt 3) In Systemsteuerung/Programme deinstallieren fanden sich 2 Einträge: a) snap.Do und b) snap.Do Engine etc. (sorry...vergessen). Also b) ließ sich deinstallieren, a) bleibt trotz aller Versuche an Bord 4) Im web gesucht, Trojaner-Board gefunden, registriert und die Empfehlungen - so gut ich konnte -abgearbeitet. Wäre gerne wieder Malware free und danke Euch/Dir schon mal ganz herzlich ... Nun die Logs oder weitere Infos von: 1) Defogger 2) Adw-Cleaner 3) Farbars Recovery Scan Tool 4) Gmer 5) Malwarebytes Anti Malware 6) Eset online Scan zu 1) Defogger - Anweisungen befolgt zu 2) Adw-Cleaner - Cleaning durchgeführt. Log anbei # AdwCleaner v3.012 - Bericht erstellt am 18/11/2013 um 20:05:06 # Updated 11/11/2013 von Xplode # Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits) # Benutzername : Desk 1 - office - DESK1-OFFICE # Gestartet von : C:\Users\Desk 1 - office\Downloads\adwcleaner_3012.exe # Option : Suchen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Browser ] ***** -\\ Internet Explorer v9.0.8112.16520 -\\ Mozilla Firefox v25.0.1 (de) [ Datei : C:\Users\Desk 1 - office\AppData\Roaming\Mozilla\Firefox\Profiles\o55cqaq1.default\prefs.js ] ************************* AdwCleaner[R0].txt - [82382 octets] - [18/11/2013 13:44:23] AdwCleaner[R1].txt - [772 octets] - [18/11/2013 20:05:06] AdwCleaner[S0].txt - [68641 octets] - [18/11/2013 13:50:55] ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [892 octets] ########## zu 3) Farbar Recovery Scan FRST64 durchgeführt. Log anbei Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2013 02 Ran by Desk 1 - office (administrator) on DESK1-OFFICE on 18-11-2013 19:22:46 Running from C:\Users\Desk 1 - office\Downloads Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe () C:\Program Files (x86)\Steganos Internet Anonym VPN\AVPNStarter.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe (DATA BECKER GmbH & Co KG) C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (AVM Berlin) C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (O&O Software GmbH) C:\Program Files\OO Software\DriveLED\oodlag.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (TuneUp Software) C:\Windows\System32\TUProgSt.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files (x86)\Verbindungsassistent\WTGService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe () C:\Users\Desk 1 - office\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe (BitTorrent Inc.) C:\Users\Desk 1 - office\AppData\Roaming\uTorrent\uTorrent.exe (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (AVM Berlin) C:\Program Files (x86)\FRITZ!DSL\StCenter.exe (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe (AVM Berlin) C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 9\TSCHelp.exe (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 9\SnagPriv.exe (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 9\snagiteditor.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe (Microsoft Corporation) C:\Windows\SysWOW64\conime.exe (Microsoft Corporation) C:\PROGRA~2\MICROS~2\Office12\OUTLOOK.EXE (Google Inc.) C:\Users\Desk 1 - office\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Desk 1 - office\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Desk 1 - office\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Desk 1 - office\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Desk 1 - office\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Desk 1 - office\AppData\Local\Google\Chrome\Application\chrome.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Microsoft Corporation) C:\Windows\SysWOW64\NOTEPAD.EXE (Farbar) C:\Users\Desk 1 - office\Downloads\FRST64 (2).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [182808 2008-11-03] (Intel Corporation) HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.Exe [130576 2009-06-17] (Logitech, Inc.) HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403616 2011-12-16] (Acronis) HKLM\...\Run: [Bdagent] - C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1738968 2013-10-30] (Bitdefender) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [138240 2008-01-21] (Microsoft Corporation) HKCU\...\Run: [AutoStartNPSAgent] - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.) HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.) HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Desk 1 - office\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-09] () HKCU\...\Run: [Bitdefender-Geldbörse-Agent] - C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [564256 2013-10-30] (Bitdefender) HKCU\...\Run: [Bitdefender-Geldbörse] - C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1004608 2013-10-30] (Bitdefender) HKCU\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] - C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [621448 2013-10-30] (Bitdefender) HKCU\...\Run: [uTorrent] - C:\Users\Desk 1 - office\AppData\Roaming\uTorrent\uTorrent.exe [900440 2013-11-16] (BitTorrent Inc.) HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-18] (Google Inc.) HKCU\...\Run: [WSHelperSetup.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare) HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-11-06] (Samsung) HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung) HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung) MountPoints2: {1ecff08c-ad26-11de-9287-00248c5ca5fd} - L:\setup_vmc_lite.exe /checkApplicationPresence MountPoints2: {46b38690-5743-11df-b586-001f3f05018d} - H:\LaunchU3.exe -a MountPoints2: {6906a0d6-ad29-11de-bd38-806e6f6e6963} - L:\setup_vmc_lite.exe /checkApplicationPresence MountPoints2: {81496240-46bd-11e3-8317-00248c5ca5fd} - H:\LGAutoRun.exe MountPoints2: {aa418ef1-a2ef-11de-b152-001f3f05018d} - H:\LaunchU3.exe -a MountPoints2: {bf76da5b-a148-11de-9eb0-00248c5ca5fd} - H:\pushinst.exe MountPoints2: {e84dee15-cc77-11df-bce4-001f3f05018d} - H:\AutoRun.exe MountPoints2: {e84dee29-cc77-11df-bce4-001f3f05018d} - H:\AutoRun.exe HKLM-x32\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM-x32\...\Run: [KBD] - C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe [12288 2008-07-21] (Microsoft) HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe [1794048 2008-10-28] (AVM Berlin) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [WSHelperSetup.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare) HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-06] (Samsung Electronics Co., Ltd.) HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088 2009-08-05] (Hewlett-Packard) HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088 2009-08-05] (Hewlett-Packard) HKU\Gast\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088 2009-08-05] (Hewlett-Packard) HKU\Gast\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-18] (Google Inc.) HKU\Gast\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2011-04-16] (Hewlett-Packard Company) HKU\Gast\...\Run: [GMX SMS-Manager] - C:\Program Files (x86)\GMX\GMX SMS-Manager\SMSMngr.exe [3539968 2007-07-19] (1&1 Internet AG) HKU\Gast\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [138240 2008-01-21] (Microsoft Corporation) HKU\Gast\...\Run: [Google Update] - C:\Users\Desk 1 - office\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-18] (Google Inc.) HKU\Gast\...\Run: [AutoStartNPSAgent] - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.) HKU\Gast\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.) HKU\Gast\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.) HKU\Gast\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe HKU\Gast 1\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088 2009-08-05] (Hewlett-Packard) HKU\Gast 1\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-18] (Google Inc.) HKU\Gast 1\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2011-04-16] (Hewlett-Packard Company) HKU\Gast 1\...\Run: [GMX SMS-Manager] - C:\Program Files (x86)\GMX\GMX SMS-Manager\SMSMngr.exe [3539968 2007-07-19] (1&1 Internet AG) HKU\Gast 1\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [138240 2008-01-21] (Microsoft Corporation) HKU\Gast 1\...\Run: [Google Update] - C:\Users\Desk 1 - office\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-18] (Google Inc.) HKU\Gast 1\...\Run: [AutoStartNPSAgent] - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.) HKU\Gast 1\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.) HKU\Gast 1\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.) HKU\Gast 1\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [ ] () AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [ ] () IMEO\skype.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" Startup: C:\Users\Desk 1 - office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe (AVM Berlin) ==================== Internet (Whitelisted) ==================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: HKLM-x32 - (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} - No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {7C638C6B-5B27-4A85-83CB-40250D1E4AC4} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de SearchScopes: HKLM - {CA8FE908-E845-4081-937D-C045FEC0FC98} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 SearchScopes: HKLM - {EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation) BHO: Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO-x32: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation) BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\antispam32\pmbxie.dll (Bitdefender) BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Desk 1 - office\AppData\Roaming\Mozilla\Firefox\Profiles\o55cqaq1.default FF Homepage: about:home FF NetworkProxy: "type", 2 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Bitdefender.com/PasswordManager;version=17.8 - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxnp.dll (Bitdefender) FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @protectdisc.com/NPPDLicenseHelper - C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin-x32: @videolan.org/vlc,version=1.1.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Desk 1 - office\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Desk 1 - office\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Desk 1 - office\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\Desk 1 - office\AppData\Roaming\Mozilla\Firefox\Profiles\o55cqaq1.default\Extensions\staged(15) FF Extension: Microsoft .NET Framework Assistant - C:\Users\Desk 1 - office\AppData\Roaming\Mozilla\Firefox\Profiles\o55cqaq1.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF Extension: No Name - C:\Users\Desk 1 - office\AppData\Roaming\Mozilla\Firefox\Profiles\o55cqaq1.default\Extensions\{9BAE5926-8513-417d-8E47-774955A7C60D}.xpi FF Extension: fireftp - C:\Users\Desk 1 - office\AppData\Roaming\Mozilla\Firefox\Profiles\o55cqaq1.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi FF Extension: Adblock Plus - C:\Users\Desk 1 - office\AppData\Roaming\Mozilla\Firefox\Profiles\o55cqaq1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: downbarconfig - C:\Users\Desk 1 - office\AppData\Roaming\Mozilla\Firefox\Profiles\o55cqaq1.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\ FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\ FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: () - C:\Users\DESK1-~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.2.3.3_0 CHR Extension: (GIFPAL) - C:\Users\DESK1-~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\noohoboklgjeccnihfkbdakbchbhjlch\1.2_0 CHR Extension: (Psykopaint) - C:\Users\DESK1-~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0 CHR Extension: (Gmail) - C:\Users\DESK1-~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx ==================== Services (Whitelisted) ================= R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [364544 2008-10-28] (AVM Berlin) R2 AVPNStarter; C:\Program Files (x86)\Steganos Internet Anonym VPN\AVPNStarter.exe [21504 2009-10-06] () S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77120 2013-10-23] (Bitdefender) S3 becldr3Service; C:\Program Files (x86)\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [176128 2011-04-19] () R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT) R2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [187456 2009-09-16] (DATA BECKER GmbH & Co KG) R2 IGDCTRL; C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE [87344 2007-09-04] (AVM Berlin) R2 O&O DriveLED; C:\Program Files\OO Software\DriveLED\oodlag.exe [610048 2009-09-28] (O&O Software GmbH) R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.) R2 StarMoney 7.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH) S3 Symantec RemoteAssist; C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.) S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [506696 2011-03-01] (TuneUp Software) R2 TuneUp.ProgramStatisticsSvc; C:\Windows\System32\TUProgSt.exe [842056 2011-03-01] (TuneUp Software) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2409272 2013-10-11] (TuneUp Software) R2 TVCapSvc; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2009-04-22] () R2 TVSched; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116104 2009-04-22] () R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2013-10-23] (Bitdefender) R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336 2008-07-04] (Vodafone) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1506736 2013-10-30] (Bitdefender) R2 WTGService; C:\Program Files (x86)\Verbindungsassistent\WTGService.exe [296400 2009-03-03] () R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x] ==================== Drivers (Whitelisted) ==================== S3 61883; C:\Windows\System32\DRIVERS\61883.sys [58496 2008-01-21] (Microsoft Corporation) S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc) S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.) S3 ASPI; C:\Windows\SysWow64\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec) R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2013-07-19] (BitDefender) R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2013-07-19] (BitDefender) S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2008-10-28] (AVM Berlin) R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-02-22] (BitDefender LLC) R1 bdftdif; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys [119888 2011-11-14] (BitDefender LLC) S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-07-23] (BitDefender SRL) R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender) R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT) S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-10-30] () S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2008-10-28] (AVM GmbH) R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-10-07] (BitDefender LLC) S3 hwdatacard; C:\Windows\SysWow64\DRIVERS\ewusbmdm.sys [115328 2008-07-24] (Huawei Technologies Co., Ltd.) S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [59136 2008-05-27] (Generic USB smartcard reader) S3 mod7700; C:\Windows\System32\Drivers\dvb7700all.sys [913408 2009-10-21] (DiBcom) R3 NmPar; C:\Windows\System32\DRIVERS\NmPar.sys [95232 2007-01-10] (Windows (R) Codename Longhorn DDK provider) R3 nmserial; C:\Windows\System32\DRIVERS\nmserial.sys [70144 2007-01-10] (Windows (R) Codename Longhorn DDK provider) R0 OODrvled; C:\Windows\System32\DRIVERS\OODrvled.sys [30216 2009-09-28] (O&O Software GmbH) S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] () S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-12-12] (RapidSolution Software AG) R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-12-12] (RapidSolution Software AG) S3 RTL2832UBDA; C:\Windows\SysWow64\drivers\RTL2832UBDA.sys [225256 2011-05-17] (REALTEK SEMICONDUCTOR Corp.) S3 RTL2832UUSB; C:\Windows\SysWow64\Drivers\RTL2832UUSB.sys [39016 2011-05-17] (REALTEK SEMICONDUCTOR Corp.) S3 RTL2832U_IRHID; C:\Windows\SysWow64\DRIVERS\RTL2832U_IRHID.sys [48488 2011-06-13] (Realtek) S3 ssm_bus; C:\Windows\System32\DRIVERS\ssm_bus.sys [136192 2010-04-27] (MCCI Corporation) S3 ssm_mdfl; C:\Windows\System32\DRIVERS\ssm_mdfl.sys [18944 2010-04-27] (MCCI Corporation) S3 ssm_mdm; C:\Windows\System32\DRIVERS\ssm_mdm.sys [172032 2010-04-27] (MCCI Corporation) S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-10-07] (BitDefender S.R.L.) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software) R0 vidsflt61; C:\Windows\System32\DRIVERS\vsflt61.sys [142944 2012-01-23] (Acronis) R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.) S3 Bulk1528; System32\Drivers\Bulk1528.sys [x] S2 Ca1528av; System32\Drivers\Ca1528av.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 netr7364; system32\DRIVERS\netr7364.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S3 PCD5SRVC{8AAF211B-043E02A9-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [x] U3 pwtcqpog; \??\C:\Users\DESK1-~1\AppData\Local\Temp\pwtcqpog.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-18 19:21 - 2013-11-18 19:21 - 01958026 _____ (Farbar) C:\Users\Desk 1 - office\Downloads\FRST64 (2).exe 2013-11-18 19:20 - 2013-11-18 19:20 - 00050477 _____ C:\Users\Desk 1 - office\Downloads\Defogger (1).exe 2013-11-18 16:15 - 2013-11-18 16:16 - 00377856 _____ C:\Users\Desk 1 - office\Downloads\gmer_2.1.19163.exe 2013-11-18 16:14 - 2013-11-18 16:14 - 00096987 _____ C:\Users\Desk 1 - office\Desktop\FRST.txt 2013-11-18 16:11 - 2013-11-18 16:11 - 01958026 _____ (Farbar) C:\Users\Desk 1 - office\Downloads\FRST64 (1).exe 2013-11-18 16:10 - 2013-11-18 16:10 - 00000492 _____ C:\Users\Desk 1 - office\Downloads\defogger_disable.log 2013-11-18 16:10 - 2013-11-18 16:10 - 00000000 _____ C:\Users\Desk 1 - office\defogger_reenable 2013-11-18 16:09 - 2013-11-18 16:09 - 00050477 _____ C:\Users\Desk 1 - office\Downloads\Defogger.exe 2013-11-18 16:07 - 2013-11-18 17:02 - 00000000 ____D C:\Users\Desk 1 - office\Desktop\T R O - B O A R D 2013-11-18 15:07 - 2013-11-18 15:07 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Roaming\Malwarebytes 2013-11-18 15:06 - 2013-11-18 15:06 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Desk 1 - office\Downloads\mbam-setup-1.75.0.1300.exe 2013-11-18 15:06 - 2013-11-18 15:06 - 00000950 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-11-18 15:06 - 2013-11-18 15:06 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-11-18 15:06 - 2013-11-18 15:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-11-18 15:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-11-18 14:38 - 2013-11-18 14:39 - 00852616 _____ C:\Windows\dd_NET_Framework35_LangPack_MSI0018.txt 2013-11-18 14:37 - 2013-11-18 14:39 - 00076348 _____ C:\Windows\dd_dotnetfx35install_lp.txt 2013-11-18 14:37 - 2013-11-18 14:38 - 00036144 _____ C:\Windows\dd_depcheck_NETFX_EXP_35.txt 2013-11-18 14:37 - 2013-11-18 14:37 - 00000002 _____ C:\Windows\dd_dotnetfx35error_lp.txt 2013-11-18 14:15 - 2013-11-18 14:15 - 02347384 _____ (ESET) C:\Users\Desk 1 - office\Downloads\esetsmartinstaller_enu.exe 2013-11-18 13:59 - 2013-11-18 14:04 - 00000000 ____D C:\Users\Desk 1 - office\Desktop\ADC 2013-11-18 13:44 - 2013-11-18 13:51 - 00000000 ____D C:\AdwCleaner 2013-11-18 13:43 - 2013-11-18 13:43 - 01085542 _____ C:\Users\Desk 1 - office\Downloads\adwcleaner.exe 2013-11-18 13:32 - 2013-11-18 13:35 - 00054660 _____ C:\Users\Desk 1 - office\Downloads\Addition.txt 2013-11-18 13:31 - 2013-11-18 19:22 - 00034271 _____ C:\Users\Desk 1 - office\Downloads\FRST.txt 2013-11-18 13:30 - 2013-11-18 13:30 - 01958026 _____ (Farbar) C:\Users\Desk 1 - office\Downloads\FRST64.exe 2013-11-18 13:30 - 2013-11-18 13:30 - 00000000 ____D C:\FRST 2013-11-18 13:23 - 2013-11-18 13:23 - 00000958 _____ C:\Users\Desk 1 - office\Desktop\PC Speed Maximizer.lnk 2013-11-18 13:22 - 2013-11-18 13:22 - 00665064 _____ C:\Users\Desk 1 - office\Downloads\ZipExtractorSetup.exe 2013-11-16 13:49 - 2013-11-16 13:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-16 12:59 - 2013-11-18 13:51 - 00000234 _____ C:\Users\Desk 1 - office\Desktop\Search.lnk 2013-11-16 12:59 - 2013-11-18 13:51 - 00000234 _____ C:\Users\Desk 1 - office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2013-11-16 12:56 - 2013-11-16 12:56 - 32206488 _____ (DVDVideoSoft Ltd. ) C:\Users\Desk 1 - office\Downloads\FreeYouTubeToMP3Converter (1).exe 2013-11-16 12:56 - 2013-11-16 12:56 - 01128840 _____ (Koyote-Lab Inc) C:\Users\Desk 1 - office\Downloads\FreeVideoConverterSetup-r135-n-bc (1).exe 2013-11-16 08:28 - 2013-11-16 08:29 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{D813AAEA-2103-4530-8636-74782353F0E0} 2013-11-15 19:17 - 2013-11-15 19:17 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{F9C6A41C-77AC-4E59-97C6-054A3911C85C} 2013-11-15 07:16 - 2013-11-15 07:17 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{010717F9-45D1-401C-9113-978A1B238F1C} 2013-11-15 00:04 - 2013-11-15 00:04 - 00000000 ____D C:\Users\Desk 1 - office\{5a89a9ca-6bbd-4fd9-9162-7c78bfe22294} 2013-11-14 23:44 - 2013-11-14 23:44 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf 2013-11-14 23:38 - 2013-08-21 05:31 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll 2013-11-14 23:38 - 2013-08-21 05:31 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll 2013-11-14 23:37 - 2013-08-21 05:31 - 00103576 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys 2013-11-14 23:30 - 2013-11-14 23:30 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log 2013-11-14 23:30 - 2013-11-14 23:30 - 00000000 ____D C:\Users\Public\Documents\CrashDump 2013-11-14 22:57 - 2013-10-30 04:16 - 00233472 _____ (Teruten) C:\Windows\SysWOW64\FsUsbExService.Exe 2013-11-14 22:57 - 2013-10-30 04:16 - 00037344 _____ C:\Windows\SysWOW64\FsUsbExDisk.Sys 2013-11-14 22:57 - 2013-10-30 04:16 - 00037344 _____ C:\Windows\SysWOW64\FsUsbExDisk.Sy_ 2013-11-14 22:57 - 2012-06-26 16:03 - 00110592 _____ () C:\Windows\SysWOW64\FsUsbExDevice.Dll 2013-11-14 22:56 - 2013-11-14 22:56 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\Samsung 2013-11-14 22:55 - 2013-11-14 22:55 - 00001790 _____ C:\Users\Public\Desktop\Samsung Kies.lnk 2013-11-14 22:55 - 2013-11-14 22:55 - 00000000 ____D C:\Users\Desk 1 - office\Documents\samsung 2013-11-14 22:51 - 2012-06-26 16:03 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll 2013-11-14 22:51 - 2012-06-26 16:02 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll 2013-11-14 22:51 - 2012-06-26 16:02 - 00020032 _____ (Devguru Co., Ltd) C:\Windows\SysWOW64\Drivers\dgderdrv.sys 2013-11-14 22:41 - 2013-11-14 22:43 - 93912112 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Desk 1 - office\Downloads\Kies_2.3.2.12064_9_7.exe 2013-11-14 20:03 - 2013-11-14 20:03 - 25987208 _____ (Wondershare ) C:\Users\Desk 1 - office\Downloads\mobiletrans_full1296 (2).exe 2013-11-14 20:02 - 2013-11-14 20:03 - 25987208 _____ (Wondershare ) C:\Users\Desk 1 - office\Downloads\mobiletrans_full1296 (1).exe 2013-11-14 13:47 - 2013-11-14 13:53 - 00000000 ____D C:\Users\Desk 1 - office\Desktop\E L I A S 2013-11-14 12:50 - 2013-11-14 12:50 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{5A0C277D-8809-452E-86EF-AA840C90B220} 2013-11-14 12:24 - 2013-10-13 16:58 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-11-14 12:24 - 2013-10-13 16:09 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-11-14 12:24 - 2013-10-13 15:55 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-11-14 12:24 - 2013-10-13 15:48 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-11-14 12:24 - 2013-10-13 15:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-11-14 12:24 - 2013-10-13 15:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-11-14 12:24 - 2013-10-13 15:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-11-14 12:24 - 2013-10-13 15:44 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-11-14 12:24 - 2013-10-13 15:42 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-11-14 12:24 - 2013-10-13 15:42 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-11-14 12:24 - 2013-10-13 15:42 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-11-14 12:24 - 2013-10-13 15:39 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-11-14 12:24 - 2013-10-13 15:38 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-11-14 12:24 - 2013-10-13 15:36 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-11-14 12:24 - 2013-10-13 15:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-11-14 12:24 - 2013-10-13 15:29 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-11-14 12:24 - 2013-10-13 11:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-11-14 12:24 - 2013-10-13 11:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-11-14 12:24 - 2013-10-13 10:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-11-14 12:24 - 2013-10-13 10:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-11-14 12:24 - 2013-10-13 10:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-11-14 12:24 - 2013-10-13 10:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-11-14 12:24 - 2013-10-13 10:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-11-14 12:24 - 2013-10-13 10:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-11-14 12:24 - 2013-10-13 10:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-11-14 12:24 - 2013-10-13 10:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-11-14 12:24 - 2013-10-13 10:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-11-14 12:24 - 2013-10-13 10:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-11-14 12:24 - 2013-10-13 10:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-11-14 12:24 - 2013-10-13 10:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-11-14 12:24 - 2013-10-13 10:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-11-14 12:24 - 2013-10-13 10:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-11-14 08:56 - 2013-10-11 05:23 - 00781824 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2013-11-14 08:56 - 2013-10-11 05:23 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2013-11-14 08:56 - 2013-10-11 03:29 - 00217074 _____ C:\Windows\system32\WFP.TMF 2013-11-14 08:56 - 2013-10-11 03:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2013-11-14 08:56 - 2013-10-03 16:03 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-11-14 08:56 - 2013-10-03 16:02 - 01278976 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-11-14 08:56 - 2013-10-03 13:46 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2013-11-14 08:56 - 2013-10-03 13:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-11-14 08:56 - 2013-09-04 03:31 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-11-10 07:38 - 2013-11-10 07:38 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{910B1744-DBC4-49B8-8434-CF74BE8D7B92} 2013-11-09 23:48 - 2013-11-09 23:48 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{BD504810-F67F-4300-864B-0BFA11C47435} 2013-11-09 23:47 - 2013-11-09 23:47 - 00001214 _____ C:\Users\Desk 1 - office\Desktop\Windows Live Movie Maker.lnk 2013-11-09 22:24 - 2013-11-09 22:24 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{0AFC0C1D-02AB-498E-8E00-447BF490BF73} 2013-11-09 20:39 - 2013-11-09 20:40 - 00000000 ____D C:\Users\Desk 1 - office\Desktop\Fehelermeldung bei Start 2013-11-09 20:23 - 2013-11-09 20:23 - 00001768 _____ C:\Users\Desk 1 - office\Desktop\Windows Movie Maker.lnk 2013-11-09 14:17 - 2013-11-09 14:17 - 01529368 _____ (NCH Software) C:\Users\Desk 1 - office\Downloads\debutpsetup.exe 2013-11-09 14:17 - 2013-11-09 14:17 - 01528344 _____ (NCH Software) C:\Users\Desk 1 - office\Downloads\debutsetup (1).exe 2013-11-09 14:14 - 2013-11-09 14:14 - 01528344 _____ (NCH Software) C:\Users\Desk 1 - office\Downloads\debutsetup.exe 2013-11-09 13:58 - 2013-11-09 13:58 - 00001124 _____ C:\Users\Public\Desktop\Ashampoo Movie Studio Pro.lnk 2013-11-09 13:58 - 2013-11-09 13:58 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\Ashampoo Movie Studio Pro 2013-11-09 13:49 - 2013-11-09 13:58 - 00000214 _____ C:\Users\Public\Desktop\Your Software Deals.url 2013-11-09 13:49 - 2013-11-09 13:49 - 00001081 _____ C:\Users\Public\Desktop\Ashampoo Movie Studio.lnk 2013-11-09 13:49 - 2013-11-09 13:49 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\Ashampoo Movie Studio 2013-11-09 13:34 - 2013-11-09 13:35 - 171353888 _____ (Ashampoo GmbH & Co. KG ) C:\Users\Desk 1 - office\Downloads\ashampoo_movie_studio_e1.0.9_sm.exe 2013-11-09 13:19 - 2013-11-16 12:58 - 00001076 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2013-11-09 13:19 - 2013-11-09 13:19 - 28892984 _____ (DVDVideoSoft Ltd. ) C:\Users\Desk 1 - office\Downloads\FreeVideoDub2.0.21.827 (1).exe 2013-11-09 13:19 - 2013-11-09 13:19 - 00001199 _____ C:\Users\Public\Desktop\Free Video Dub.lnk 2013-11-09 13:16 - 2013-11-09 13:17 - 28892984 _____ (DVDVideoSoft Ltd. ) C:\Users\Desk 1 - office\Downloads\FreeVideoDub2.0.21.827.exe 2013-11-09 08:51 - 2013-11-09 08:52 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{4842F1D8-1FB0-486A-AE51-17500AA93FDF} 2013-11-09 00:24 - 2013-11-09 00:24 - 00001696 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-11-09 00:23 - 2013-11-09 00:24 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-11-09 00:23 - 2013-11-09 00:24 - 00000000 ____D C:\Program Files\iTunes 2013-11-09 00:17 - 2012-08-21 13:01 - 00033240 ____N (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2013-11-08 21:12 - 2013-11-08 21:12 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\Wondershare 2013-11-08 21:11 - 2013-11-08 21:11 - 00001994 _____ C:\Users\Public\Desktop\Wondershare MobileTrans.lnk 2013-11-08 21:11 - 2013-11-08 21:11 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Roaming\Wondershare 2013-11-08 21:11 - 2013-11-08 21:11 - 00000000 ____D C:\Program Files (x86)\Wondershare 2013-11-08 21:10 - 2013-11-08 21:10 - 25987208 _____ (Wondershare ) C:\Users\Desk 1 - office\Downloads\mobiletrans_full1296.exe 2013-11-08 18:06 - 2013-11-08 18:07 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{FD0B60F3-1B1E-4962-8DE4-B335F91A7ECE} 2013-11-08 06:50 - 2013-11-08 06:53 - 00000000 ____D C:\Users\Desk 1 - office\USB-Stick Elias 2013-11-08 06:06 - 2013-11-08 06:06 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{DD54ED7C-9363-405A-87AD-8DDCE3A61029} 2013-11-08 05:55 - 2013-11-08 05:55 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{814CF359-A4B2-4579-8F55-38EC19C52CE7} 2013-11-07 10:27 - 2013-11-07 10:27 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{F64CEF81-1BE7-49E3-8D17-3838223528EB} 2013-11-06 12:35 - 2013-11-08 21:11 - 00000000 ____D C:\Users\Desk 1 - office\.android 2013-11-06 12:35 - 2013-11-06 12:35 - 00000000 ____D C:\Users\Desk 1 - office\Documents\LG PC Suite 2013-11-06 11:05 - 2013-11-06 11:05 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{44CA7F89-B357-4E77-B263-DF5C8D8BEB45} 2013-11-05 23:04 - 2013-11-05 23:05 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{9CF14ECE-4EAB-404E-BFBE-E376B05EBA1C} 2013-11-05 11:03 - 2013-11-05 11:03 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{931C2D1F-FC7C-4CC3-9AA7-6D16B4CA97E7} 2013-11-05 11:03 - 2013-11-05 11:03 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{1669CBD7-32AC-4E5C-81F1-FB9D7B45DDFA} 2013-11-01 14:16 - 2013-11-01 14:17 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{5B88296B-8CFE-4D40-826A-48505BC41E28} 2013-11-01 14:08 - 2013-11-01 14:08 - 00000000 ____D C:\Windows\de 2013-11-01 14:05 - 2013-11-01 14:05 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2013-11-01 14:03 - 2013-11-01 14:08 - 00000000 ____D C:\Program Files (x86)\Windows Live 2013-11-01 14:02 - 2013-11-01 14:02 - 00000000 ____D C:\Program Files\Windows Live 2013-11-01 14:01 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll 2013-11-01 14:01 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll 2013-11-01 14:01 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll 2013-11-01 14:01 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll 2013-11-01 13:57 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2013-11-01 13:57 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll 2013-11-01 13:13 - 2013-11-01 13:13 - 00003114 ____N C:\Windows\System32\Tasks\{7ED83459-BC89-4685-AF34-B754B9A6E540} 2013-11-01 13:11 - 2013-11-01 13:11 - 03901792 _____ (DataDesign AG) C:\Users\Desk 1 - office\Downloads\DDBAC (1).EXE 2013-11-01 13:07 - 2013-11-01 13:07 - 03901792 _____ (DataDesign AG) C:\Users\Desk 1 - office\Downloads\DDBAC.EXE 2013-11-01 12:44 - 2013-11-01 12:44 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2013-11-01 12:32 - 2013-11-18 14:48 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs 2013-11-01 12:30 - 2013-11-01 12:30 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2013-11-01 12:30 - 2013-11-01 12:30 - 00000000 ____D C:\Windows\SysWOW64\WindowsPowerShell 2013-11-01 12:30 - 2013-11-01 12:30 - 00000000 ____D C:\Windows\system32\WindowsPowerShell 2013-11-01 12:30 - 2013-11-01 12:30 - 00000000 ____D C:\Program Files\Windows Portable Devices 2013-11-01 12:30 - 2013-11-01 12:30 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices 2013-11-01 12:28 - 2013-11-01 12:28 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_07_00.Wdf 2013-11-01 12:24 - 2009-10-01 02:02 - 02537472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll 2013-11-01 12:24 - 2009-10-01 02:02 - 00334848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceApi.dll 2013-11-01 12:24 - 2009-10-01 02:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDShServiceObj.dll 2013-11-01 12:24 - 2009-10-01 02:02 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDShextAutoplay.exe 2013-11-01 12:24 - 2009-10-01 02:01 - 00350208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDSp.dll 2013-11-01 12:24 - 2009-10-01 02:01 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceWMDRM.dll 2013-11-01 12:24 - 2009-10-01 02:01 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceTypes.dll 2013-11-01 12:24 - 2009-10-01 02:01 - 00100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceClassExtension.dll 2013-11-01 12:24 - 2009-10-01 02:01 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceConnectApi.dll 2013-11-01 12:24 - 2009-10-01 01:52 - 02727936 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2013-11-01 12:24 - 2009-10-01 01:52 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll 2013-11-01 12:24 - 2009-10-01 01:52 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\WPDShextAutoplay.exe 2013-11-01 12:24 - 2009-10-01 01:51 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll 2013-11-01 12:24 - 2009-10-01 01:51 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\WPDSp.dll 2013-11-01 12:24 - 2009-10-01 01:51 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtp.dll 2013-11-01 12:24 - 2009-10-01 01:51 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWMDRM.dll 2013-11-01 12:24 - 2009-10-01 01:51 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceTypes.dll 2013-11-01 12:24 - 2009-10-01 01:51 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceClassExtension.dll 2013-11-01 12:24 - 2009-10-01 01:51 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll 2013-11-01 12:24 - 2009-10-01 01:51 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll 2013-11-01 12:24 - 2009-10-01 01:51 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceConnectApi.dll 2013-11-01 12:24 - 2009-10-01 01:51 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtpUS.dll 2013-11-01 12:24 - 2009-10-01 01:51 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WpdUsb.sys 2013-11-01 12:24 - 2009-10-01 01:51 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\BthMtpContextHandler.dll 2013-11-01 12:24 - 2009-10-01 01:51 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\WpdConns.dll 2013-11-01 12:23 - 2009-08-04 09:12 - 01103872 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll 2013-11-01 12:23 - 2009-08-04 09:02 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll 2013-11-01 12:22 - 2013-11-01 12:22 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini 2013-11-01 12:22 - 2013-11-01 12:22 - 00000000 _SHDL C:\Users\UpdatusUser\Vorlagen 2013-11-01 12:22 - 2013-11-01 12:22 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü 2013-11-01 12:22 - 2013-11-01 12:22 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung 2013-11-01 12:22 - 2013-11-01 12:22 - 00000000 _SHDL C:\Users\UpdatusUser\Lokale Einstellungen 2013-11-01 12:22 - 2013-11-01 12:22 - 00000000 _SHDL C:\Users\UpdatusUser\Eigene Dateien 2013-11-01 12:22 - 2013-11-01 12:22 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung 2013-11-01 12:22 - 2013-11-01 12:22 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik 2013-11-01 12:22 - 2013-11-01 12:22 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder 2013-11-01 12:22 - 2013-11-01 12:22 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2013-11-01 12:22 - 2013-11-01 12:22 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf 2013-11-01 12:22 - 2013-11-01 12:22 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten 2013-11-01 12:22 - 2013-11-01 12:22 - 00000000 _SHDL C:\Users\UpdatusUser\Anwendungsdaten 2013-11-01 12:22 - 2013-11-01 12:22 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-11-01 12:22 - 2012-03-06 23:44 - 00063296 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2013-11-01 12:22 - 2011-03-28 18:13 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-11-01 12:22 - 2010-09-09 16:22 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Macromedia 2013-11-01 12:22 - 2009-10-14 23:53 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Microsoft Help 2013-11-01 12:22 - 2009-02-04 20:26 - 00001362 _____ C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite Deluxe.lnk 2013-11-01 12:22 - 2008-01-21 04:20 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2013-11-01 12:22 - 2008-01-21 04:20 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2013-11-01 12:21 - 2013-11-01 12:21 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2013-11-01 12:21 - 2012-03-07 01:08 - 00068928 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2013-11-01 12:21 - 2012-03-07 01:08 - 00061248 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2013-11-01 12:17 - 2013-11-01 12:22 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2013-11-01 12:05 - 2012-07-26 04:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll 2013-11-01 12:05 - 2012-07-26 04:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe 2013-11-01 12:05 - 2012-07-26 04:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll 2013-11-01 12:05 - 2012-07-26 04:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll 2013-11-01 12:05 - 2012-07-26 04:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll 2013-11-01 12:05 - 2012-07-26 03:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys 2013-11-01 12:05 - 2012-07-26 03:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys 2013-11-01 12:05 - 2012-06-02 15:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2013-11-01 12:05 - 2009-07-14 13:19 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll 2013-11-01 12:05 - 2009-07-14 13:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winusb.dll 2013-11-01 12:05 - 2009-07-14 01:06 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys 2013-11-01 12:03 - 2013-11-01 12:05 - 00009141 _____ C:\Windows\system32\lvcoinst.log 2013-11-01 12:01 - 2009-10-09 22:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll 2013-11-01 12:01 - 2009-10-09 22:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrssrv.dll 2013-11-01 12:01 - 2009-10-09 22:56 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrsmgr.dll 2013-11-01 12:01 - 2009-10-09 22:35 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll 2013-11-01 12:01 - 2009-10-09 22:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\winrsmgr.dll 2013-11-01 12:01 - 2009-10-09 22:34 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\winrssrv.dll 2013-11-01 12:00 - 2009-10-09 22:56 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2013-11-01 12:00 - 2009-10-09 22:56 - 00246272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2013-11-01 12:00 - 2009-10-09 22:56 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrscmd.dll 2013-11-01 12:00 - 2009-10-09 22:56 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2013-11-01 12:00 - 2009-10-09 22:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2013-11-01 12:00 - 2009-10-09 22:56 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pwrshplugin.dll 2013-11-01 12:00 - 2009-10-09 22:56 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrs.exe 2013-11-01 12:00 - 2009-10-09 22:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrshost.exe 2013-11-01 12:00 - 2009-10-09 22:56 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe 2013-11-01 12:00 - 2009-10-09 22:55 - 00252416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2013-11-01 12:00 - 2009-10-09 22:55 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtfwd.dll 2013-11-01 12:00 - 2009-10-09 22:55 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wecutil.exe 2013-11-01 12:00 - 2009-10-09 22:55 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wecapi.dll 2013-11-01 12:00 - 2009-10-09 22:55 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll 2013-11-01 12:00 - 2009-10-09 22:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2013-11-01 12:00 - 2009-10-09 22:36 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\pwrshplugin.dll 2013-11-01 12:00 - 2009-10-09 22:35 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2013-11-01 12:00 - 2009-10-09 22:35 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\winrs.exe 2013-11-01 12:00 - 2009-10-09 22:35 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\winrshost.exe 2013-11-01 12:00 - 2009-10-09 22:35 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe 2013-11-01 12:00 - 2009-10-09 22:34 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\winrscmd.dll 2013-11-01 12:00 - 2009-10-09 22:34 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2013-11-01 12:00 - 2009-10-09 22:34 - 00348672 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2013-11-01 12:00 - 2009-10-09 22:34 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\wecsvc.dll 2013-11-01 12:00 - 2009-10-09 22:34 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2013-11-01 12:00 - 2009-10-09 22:34 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\wevtfwd.dll 2013-11-01 12:00 - 2009-10-09 22:34 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\wecutil.exe 2013-11-01 12:00 - 2009-10-09 22:34 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\wecapi.dll 2013-11-01 12:00 - 2009-10-09 22:34 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll 2013-11-01 12:00 - 2009-08-01 07:27 - 00201184 _____ C:\Windows\SysWOW64\winrm.vbs 2013-11-01 12:00 - 2009-08-01 07:27 - 00201184 _____ C:\Windows\system32\winrm.vbs 2013-11-01 12:00 - 2009-07-16 18:30 - 00004675 _____ C:\Windows\SysWOW64\wsmanconfig_schema.xml 2013-11-01 12:00 - 2009-07-16 18:30 - 00004675 _____ C:\Windows\system32\wsmanconfig_schema.xml 2013-11-01 12:00 - 2009-07-16 18:30 - 00002426 _____ C:\Windows\SysWOW64\WsmTxt.xsl 2013-11-01 12:00 - 2009-07-16 18:30 - 00002426 _____ C:\Windows\system32\WsmTxt.xsl 2013-11-01 11:59 - 2009-09-10 03:07 - 03815424 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll 2013-11-01 11:59 - 2009-09-10 03:06 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll 2013-11-01 11:59 - 2009-09-10 03:05 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll 2013-11-01 11:59 - 2009-09-10 03:01 - 03023360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll 2013-11-01 11:59 - 2009-09-10 03:00 - 01164800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll 2013-11-01 11:59 - 2009-09-10 03:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2013-11-01 11:37 - 2009-09-10 16:27 - 00372736 ____N (Microsoft Corporation) C:\Windows\system32\unregmp2.exe 2013-11-01 11:37 - 2009-09-10 15:58 - 00310784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unregmp2.exe 2013-11-01 11:36 - 2010-01-25 13:10 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2013-11-01 11:36 - 2010-01-25 13:00 - 00471552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll 2013-11-01 11:36 - 2010-01-25 13:00 - 00471552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll 2013-11-01 11:35 - 2013-04-17 14:04 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll 2013-11-01 11:35 - 2013-04-17 13:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-11-01 11:35 - 2012-11-22 05:22 - 00456192 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll 2013-11-01 11:35 - 2012-11-22 04:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shlwapi.dll 2013-11-01 11:35 - 2011-06-15 17:16 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll 2013-11-01 11:35 - 2011-06-15 17:12 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll 2013-11-01 11:35 - 2011-02-22 15:47 - 00479744 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2013-11-01 11:35 - 2011-02-22 15:13 - 00288768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2013-11-01 11:35 - 2010-01-25 13:10 - 00539136 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2013-11-01 11:35 - 2010-01-25 13:10 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2013-11-01 11:35 - 2010-01-25 13:10 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2013-11-01 11:35 - 2010-01-25 13:08 - 00460288 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2013-11-01 11:35 - 2010-01-25 13:00 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll 2013-11-01 11:35 - 2010-01-25 13:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll 2013-11-01 11:35 - 2010-01-25 12:58 - 00332288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2013-11-01 11:35 - 2010-01-25 09:29 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2013-11-01 11:35 - 2010-01-25 09:29 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2013-11-01 11:35 - 2010-01-25 09:29 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2013-11-01 11:35 - 2010-01-25 09:29 - 00409600 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2013-11-01 11:35 - 2010-01-25 09:21 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe 2013-11-01 11:35 - 2010-01-25 09:21 - 00518144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe 2013-11-01 11:35 - 2010-01-25 09:21 - 00347136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe 2013-11-01 11:35 - 2010-01-25 09:21 - 00346624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe 2013-11-01 11:35 - 2009-10-23 18:30 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl 2013-11-01 11:35 - 2009-10-23 18:10 - 00714240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl 2013-11-01 11:30 - 2011-03-12 23:52 - 01653760 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll 2013-11-01 11:30 - 2011-03-12 22:55 - 00876032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll 2013-11-01 11:30 - 2011-03-03 16:59 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Apphlpdm.dll 2013-11-01 11:30 - 2011-03-03 16:40 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Apphlpdm.dll 2013-11-01 11:30 - 2011-03-03 15:00 - 04240384 _____ (Microsoft) C:\Windows\system32\GameUXLegacyGDFs.dll 2013-11-01 11:30 - 2011-03-03 14:35 - 04240384 _____ (Microsoft) C:\Windows\SysWOW64\GameUXLegacyGDFs.dll 2013-11-01 11:30 - 2010-08-26 18:42 - 01927680 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll 2013-11-01 11:30 - 2010-08-26 17:34 - 01696256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll 2013-11-01 11:19 - 2013-11-01 11:19 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{ECDC1088-901B-444C-9A34-67ED243FD902} 2013-11-01 11:01 - 2013-11-08 22:18 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\Windows Live 2013-11-01 11:01 - 2013-11-01 11:01 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{03032F73-6BE2-4B18-BABD-59A967F49698} 2013-11-01 08:50 - 2013-11-01 08:52 - 230365032 _____ (Microsoft Corporation) C:\Users\Desk 1 - office\Downloads\wlsetup-all.exe 2013-10-30 23:22 - 2013-10-30 23:22 - 00000980 ____N C:\Users\Desk 1 - office\Desktop\FUJIdirekt Bestellsoftware.lnk 2013-10-30 21:35 - 2013-10-30 21:35 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_lgandnetadb_01005.Wdf 2013-10-30 20:37 - 2013-11-06 12:31 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Roaming\LG Electronics 2013-10-30 20:25 - 2013-10-30 20:25 - 00001043 _____ C:\Users\Public\Desktop\LG PC Suite.lnk 2013-10-30 20:20 - 2013-10-30 20:20 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\LG Electronics 2013-10-30 20:18 - 2013-10-30 20:20 - 00000000 ____D C:\Program Files (x86)\LG Electronics 2013-10-30 20:12 - 2013-10-30 20:16 - 216317856 _____ (LG Electronics) C:\Users\Desk 1 - office\Downloads\LGPCSuite_Setup.exe 2013-10-29 20:36 - 2013-10-29 20:40 - 938891219 _____ C:\Users\Desk 1 - office\Downloads\iPhone3,1_6.1.3_10B329_Restore(1).ipsw 2013-10-29 20:32 - 2013-10-29 20:36 - 938891219 _____ C:\Users\Desk 1 - office\Downloads\iPhone3,1_6.1.3_10B329_Restore.ipsw 2013-10-29 16:49 - 2013-10-29 16:49 - 00125443 _____ C:\Users\Desk 1 - office\Downloads\130729-Gebuehrenrechner-V-1.0.xlsx ==================== One Month Modified Files and Folders ======= 2013-11-18 19:23 - 2013-11-18 13:31 - 00034271 _____ C:\Users\Desk 1 - office\Downloads\FRST.txt 2013-11-18 19:21 - 2013-11-18 19:21 - 01958026 _____ (Farbar) C:\Users\Desk 1 - office\Downloads\FRST64 (2).exe 2013-11-18 19:20 - 2013-11-18 19:20 - 00050477 _____ C:\Users\Desk 1 - office\Downloads\Defogger (1).exe 2013-11-18 19:19 - 2013-05-29 18:01 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Roaming\uTorrent 2013-11-18 19:00 - 2011-03-01 19:03 - 00000534 _____ C:\Windows\Tasks\1-Klick-Wartung.job 2013-11-18 18:58 - 2012-03-30 06:50 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-18 18:50 - 2012-01-05 10:49 - 00001160 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-318507041-2098409108-3261088412-1000UA.job 2013-11-18 18:48 - 2006-11-02 16:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-18 18:48 - 2006-11-02 16:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-18 18:43 - 2010-01-29 08:28 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-11-18 17:54 - 2012-08-06 10:20 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\9D697D07-4C6B-48A2-8A74-26FDF1983BA4.aplzod 2013-11-18 17:43 - 2010-01-29 08:28 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-11-18 17:10 - 2013-01-28 20:19 - 00002655 _____ C:\Users\Desk 1 - office\Desktop\Microsoft Office Word 2007.lnk 2013-11-18 17:02 - 2013-11-18 16:07 - 00000000 ____D C:\Users\Desk 1 - office\Desktop\T R O - B O A R D 2013-11-18 16:38 - 2009-03-29 07:38 - 01202183 _____ C:\Windows\WindowsUpdate.log 2013-11-18 16:16 - 2013-11-18 16:15 - 00377856 _____ C:\Users\Desk 1 - office\Downloads\gmer_2.1.19163.exe 2013-11-18 16:14 - 2013-11-18 16:14 - 00096987 _____ C:\Users\Desk 1 - office\Desktop\FRST.txt 2013-11-18 16:11 - 2013-11-18 16:11 - 01958026 _____ (Farbar) C:\Users\Desk 1 - office\Downloads\FRST64 (1).exe 2013-11-18 16:10 - 2013-11-18 16:10 - 00000492 _____ C:\Users\Desk 1 - office\Downloads\defogger_disable.log 2013-11-18 16:10 - 2013-11-18 16:10 - 00000000 _____ C:\Users\Desk 1 - office\defogger_reenable 2013-11-18 16:10 - 2009-09-14 16:47 - 00000000 ____D C:\Users\Desk 1 - office 2013-11-18 16:09 - 2013-11-18 16:09 - 00050477 _____ C:\Users\Desk 1 - office\Downloads\Defogger.exe 2013-11-18 15:07 - 2013-11-18 15:07 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Roaming\Malwarebytes 2013-11-18 15:06 - 2013-11-18 15:06 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Desk 1 - office\Downloads\mbam-setup-1.75.0.1300.exe 2013-11-18 15:06 - 2013-11-18 15:06 - 00000950 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-11-18 15:06 - 2013-11-18 15:06 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-11-18 15:06 - 2013-11-18 15:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-11-18 14:53 - 2013-03-05 12:42 - 00000632 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job 2013-11-18 14:48 - 2013-11-01 12:32 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs 2013-11-18 14:48 - 2006-11-02 16:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-18 14:47 - 2011-06-08 14:56 - 00000012 _____ C:\Windows\bthservsdp.dat 2013-11-18 14:47 - 2006-11-02 16:42 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-11-18 14:46 - 2011-03-14 10:54 - 00002794 _____ C:\Windows\System32\Tasks\{3F6B0081-5801-41E8-85C5-EDD8295B30AB} 2013-11-18 14:46 - 2009-09-18 15:12 - 00002896 _____ C:\Windows\System32\Tasks\{BE745501-B048-46B3-94EA-4A14219CB99F} 2013-11-18 14:39 - 2013-11-18 14:38 - 00852616 _____ C:\Windows\dd_NET_Framework35_LangPack_MSI0018.txt 2013-11-18 14:39 - 2013-11-18 14:37 - 00076348 _____ C:\Windows\dd_dotnetfx35install_lp.txt 2013-11-18 14:38 - 2013-11-18 14:37 - 00036144 _____ C:\Windows\dd_depcheck_NETFX_EXP_35.txt 2013-11-18 14:37 - 2013-11-18 14:37 - 00000002 _____ C:\Windows\dd_dotnetfx35error_lp.txt 2013-11-18 14:26 - 2009-09-18 15:12 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Roaming\Skype 2013-11-18 14:25 - 2009-09-18 15:12 - 00000000 ____D C:\ProgramData\Skype 2013-11-18 14:24 - 2011-07-01 05:48 - 00002415 _____ C:\Users\Public\Desktop\Skype.lnk 2013-11-18 14:15 - 2013-11-18 14:15 - 02347384 _____ (ESET) C:\Users\Desk 1 - office\Downloads\esetsmartinstaller_enu.exe 2013-11-18 14:13 - 2011-05-09 16:30 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Roaming\HpUpdate 2013-11-18 14:04 - 2013-11-18 13:59 - 00000000 ____D C:\Users\Desk 1 - office\Desktop\ADC 2013-11-18 13:55 - 2013-09-11 06:21 - 00013352 _____ C:\Windows\system32\spsys.log 2013-11-18 13:54 - 2012-05-16 21:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-11-18 13:54 - 2008-01-21 04:26 - 00645234 _____ C:\Windows\PFRO.log 2013-11-18 13:51 - 2013-11-18 13:44 - 00000000 ____D C:\AdwCleaner 2013-11-18 13:51 - 2013-11-16 12:59 - 00000234 _____ C:\Users\Desk 1 - office\Desktop\Search.lnk 2013-11-18 13:51 - 2013-11-16 12:59 - 00000234 _____ C:\Users\Desk 1 - office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2013-11-18 13:43 - 2013-11-18 13:43 - 01085542 _____ C:\Users\Desk 1 - office\Downloads\adwcleaner.exe 2013-11-18 13:35 - 2013-11-18 13:32 - 00054660 _____ C:\Users\Desk 1 - office\Downloads\Addition.txt 2013-11-18 13:30 - 2013-11-18 13:30 - 01958026 _____ (Farbar) C:\Users\Desk 1 - office\Downloads\FRST64.exe 2013-11-18 13:30 - 2013-11-18 13:30 - 00000000 ____D C:\FRST 2013-11-18 13:23 - 2013-11-18 13:23 - 00000958 _____ C:\Users\Desk 1 - office\Desktop\PC Speed Maximizer.lnk 2013-11-18 13:22 - 2013-11-18 13:22 - 00665064 _____ C:\Users\Desk 1 - office\Downloads\ZipExtractorSetup.exe 2013-11-18 11:28 - 2011-09-08 22:34 - 00003746 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{22F45F49-C28C-4852-AC10-25018A3FD799} 2013-11-16 21:10 - 2009-02-05 03:46 - 00697358 _____ C:\Windows\system32\perfh007.dat 2013-11-16 21:10 - 2009-02-05 03:46 - 00155530 _____ C:\Windows\system32\perfc007.dat 2013-11-16 21:10 - 2006-11-02 13:46 - 01627154 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-16 20:19 - 2013-04-29 10:00 - 00058641 _____ C:\Windows\setupact.log 2013-11-16 20:18 - 2009-10-01 22:20 - 00113152 _____ C:\Users\Desk 1 - office\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-11-16 13:49 - 2013-11-16 13:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-16 13:36 - 2009-09-14 17:08 - 00000680 _____ C:\Users\Desk 1 - office\AppData\Local\d3d9caps.dat 2013-11-16 12:58 - 2013-11-09 13:19 - 00001076 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2013-11-16 12:58 - 2013-05-22 17:59 - 00001369 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2013-11-16 12:58 - 2013-05-22 11:43 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft 2013-11-16 12:57 - 2013-05-22 11:43 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Roaming\DVDVideoSoft 2013-11-16 12:56 - 2013-11-16 12:56 - 32206488 _____ (DVDVideoSoft Ltd. ) C:\Users\Desk 1 - office\Downloads\FreeYouTubeToMP3Converter (1).exe 2013-11-16 12:56 - 2013-11-16 12:56 - 01128840 _____ (Koyote-Lab Inc) C:\Users\Desk 1 - office\Downloads\FreeVideoConverterSetup-r135-n-bc (1).exe 2013-11-16 08:29 - 2013-11-16 08:28 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{D813AAEA-2103-4530-8636-74782353F0E0} 2013-11-15 23:23 - 2011-02-12 20:56 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Roaming\vlc 2013-11-15 22:50 - 2012-01-05 10:49 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-318507041-2098409108-3261088412-1000Core.job 2013-11-15 19:17 - 2013-11-15 19:17 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{F9C6A41C-77AC-4E59-97C6-054A3911C85C} 2013-11-15 13:54 - 2009-09-18 12:57 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log 2013-11-15 07:30 - 2012-01-13 22:14 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\Downloaded Installations 2013-11-15 07:30 - 2009-09-14 17:53 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\Microsoft Help 2013-11-15 07:23 - 2013-09-27 14:48 - 00000000 ___RD C:\Users\Public\Desktop\DVDVideoSoft 2013-11-15 07:17 - 2013-11-15 07:16 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{010717F9-45D1-401C-9113-978A1B238F1C} 2013-11-15 07:17 - 2013-09-11 09:59 - 00002086 _____ C:\Users\Desk 1 - office\Desktop\Google Chrome.lnk 2013-11-15 00:04 - 2013-11-15 00:04 - 00000000 ____D C:\Users\Desk 1 - office\{5a89a9ca-6bbd-4fd9-9162-7c78bfe22294} 2013-11-14 23:44 - 2013-11-14 23:44 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf 2013-11-14 23:30 - 2013-11-14 23:30 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log 2013-11-14 23:30 - 2013-11-14 23:30 - 00000000 ____D C:\Users\Public\Documents\CrashDump 2013-11-14 22:56 - 2013-11-14 22:56 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\Samsung 2013-11-14 22:56 - 2010-01-11 10:56 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Roaming\Samsung 2013-11-14 22:55 - 2013-11-14 22:55 - 00001790 _____ C:\Users\Public\Desktop\Samsung Kies.lnk 2013-11-14 22:55 - 2013-11-14 22:55 - 00000000 ____D C:\Users\Desk 1 - office\Documents\samsung 2013-11-14 22:51 - 2009-02-04 20:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-11-14 22:48 - 2010-05-18 21:23 - 00000000 ____D C:\ProgramData\Samsung 2013-11-14 22:47 - 2010-01-11 10:55 - 00000000 ____D C:\Program Files (x86)\Samsung 2013-11-14 22:43 - 2013-11-14 22:41 - 93912112 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Desk 1 - office\Downloads\Kies_2.3.2.12064_9_7.exe 2013-11-14 20:03 - 2013-11-14 20:03 - 25987208 _____ (Wondershare ) C:\Users\Desk 1 - office\Downloads\mobiletrans_full1296 (2).exe 2013-11-14 20:03 - 2013-11-14 20:02 - 25987208 _____ (Wondershare ) C:\Users\Desk 1 - office\Downloads\mobiletrans_full1296 (1).exe 2013-11-14 13:53 - 2013-11-14 13:47 - 00000000 ____D C:\Users\Desk 1 - office\Desktop\E L I A S 2013-11-14 12:51 - 2006-11-02 14:33 - 00000000 ____D C:\Windows\rescache 2013-11-14 12:50 - 2013-11-14 12:50 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{5A0C277D-8809-452E-86EF-AA840C90B220} 2013-11-14 12:26 - 2009-09-14 17:53 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-11-14 12:24 - 2013-08-15 17:48 - 00000000 ____D C:\Windows\system32\MRT 2013-11-14 12:17 - 2006-11-02 13:35 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2013-11-13 15:54 - 2011-07-31 18:48 - 00000000 ____D C:\Users\Desk 1 - office\Documents\Eigene Scans 2013-11-11 23:35 - 2013-05-29 18:16 - 00000000 ____D C:\Program Files\PeerBlock 2013-11-11 10:03 - 2009-09-14 17:00 - 00003594 _____ C:\Windows\System32\Tasks\HP Health Check 2013-11-10 07:38 - 2013-11-10 07:38 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{910B1744-DBC4-49B8-8434-CF74BE8D7B92} 2013-11-09 23:48 - 2013-11-09 23:48 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{BD504810-F67F-4300-864B-0BFA11C47435} 2013-11-09 23:47 - 2013-11-09 23:47 - 00001214 _____ C:\Users\Desk 1 - office\Desktop\Windows Live Movie Maker.lnk 2013-11-09 22:24 - 2013-11-09 22:24 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{0AFC0C1D-02AB-498E-8E00-447BF490BF73} 2013-11-09 22:06 - 2009-09-14 16:57 - 00000000 ___RD C:\Users\Desk 1 - office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-11-09 21:51 - 2012-11-07 13:34 - 00000000 ___RD C:\Users\Desk 1 - office\Dropbox 2013-11-09 21:51 - 2012-11-07 13:29 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Roaming\Dropbox 2013-11-09 20:40 - 2013-11-09 20:39 - 00000000 ____D C:\Users\Desk 1 - office\Desktop\Fehelermeldung bei Start 2013-11-09 20:23 - 2013-11-09 20:23 - 00001768 _____ C:\Users\Desk 1 - office\Desktop\Windows Movie Maker.lnk 2013-11-09 14:17 - 2013-11-09 14:17 - 01529368 _____ (NCH Software) C:\Users\Desk 1 - office\Downloads\debutpsetup.exe 2013-11-09 14:17 - 2013-11-09 14:17 - 01528344 _____ (NCH Software) C:\Users\Desk 1 - office\Downloads\debutsetup (1).exe 2013-11-09 14:14 - 2013-11-09 14:14 - 01528344 _____ (NCH Software) C:\Users\Desk 1 - office\Downloads\debutsetup.exe 2013-11-09 13:58 - 2013-11-09 13:58 - 00001124 _____ C:\Users\Public\Desktop\Ashampoo Movie Studio Pro.lnk 2013-11-09 13:58 - 2013-11-09 13:58 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\Ashampoo Movie Studio Pro 2013-11-09 13:58 - 2013-11-09 13:49 - 00000214 _____ C:\Users\Public\Desktop\Your Software Deals.url 2013-11-09 13:57 - 2009-09-28 09:58 - 00000000 ____D C:\ProgramData\ashampoo 2013-11-09 13:57 - 2009-09-28 09:37 - 00000000 ____D C:\Program Files (x86)\Ashampoo 2013-11-09 13:49 - 2013-11-09 13:49 - 00001081 _____ C:\Users\Public\Desktop\Ashampoo Movie Studio.lnk 2013-11-09 13:49 - 2013-11-09 13:49 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\Ashampoo Movie Studio 2013-11-09 13:35 - 2013-11-09 13:34 - 171353888 _____ (Ashampoo GmbH & Co. KG ) C:\Users\Desk 1 - office\Downloads\ashampoo_movie_studio_e1.0.9_sm.exe 2013-11-09 13:19 - 2013-11-09 13:19 - 28892984 _____ (DVDVideoSoft Ltd. ) C:\Users\Desk 1 - office\Downloads\FreeVideoDub2.0.21.827 (1).exe 2013-11-09 13:19 - 2013-11-09 13:19 - 00001199 _____ C:\Users\Public\Desktop\Free Video Dub.lnk 2013-11-09 13:17 - 2013-11-09 13:16 - 28892984 _____ (DVDVideoSoft Ltd. ) C:\Users\Desk 1 - office\Downloads\FreeVideoDub2.0.21.827.exe 2013-11-09 08:52 - 2013-11-09 08:51 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{4842F1D8-1FB0-486A-AE51-17500AA93FDF} 2013-11-09 00:24 - 2013-11-09 00:24 - 00001696 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-11-09 00:24 - 2013-11-09 00:23 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-11-09 00:24 - 2013-11-09 00:23 - 00000000 ____D C:\Program Files\iTunes 2013-11-09 00:24 - 2013-06-01 08:14 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-11-09 00:23 - 2013-06-01 08:14 - 00000000 ____D C:\Program Files\iPod 2013-11-09 00:23 - 2011-01-20 09:32 - 00000000 ____D C:\ProgramData\Apple Computer 2013-11-08 22:18 - 2013-11-01 11:01 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\Windows Live 2013-11-08 21:12 - 2013-11-08 21:12 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\Wondershare 2013-11-08 21:11 - 2013-11-08 21:11 - 00001994 _____ C:\Users\Public\Desktop\Wondershare MobileTrans.lnk 2013-11-08 21:11 - 2013-11-08 21:11 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Roaming\Wondershare 2013-11-08 21:11 - 2013-11-08 21:11 - 00000000 ____D C:\Program Files (x86)\Wondershare 2013-11-08 21:11 - 2013-11-06 12:35 - 00000000 ____D C:\Users\Desk 1 - office\.android 2013-11-08 21:10 - 2013-11-08 21:10 - 25987208 _____ (Wondershare ) C:\Users\Desk 1 - office\Downloads\mobiletrans_full1296.exe 2013-11-08 18:07 - 2013-11-08 18:06 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{FD0B60F3-1B1E-4962-8DE4-B335F91A7ECE} 2013-11-08 06:53 - 2013-11-08 06:50 - 00000000 ____D C:\Users\Desk 1 - office\USB-Stick Elias 2013-11-08 06:06 - 2013-11-08 06:06 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{DD54ED7C-9363-405A-87AD-8DDCE3A61029} 2013-11-08 05:55 - 2013-11-08 05:55 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{814CF359-A4B2-4579-8F55-38EC19C52CE7} 2013-11-07 10:27 - 2013-11-07 10:27 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{F64CEF81-1BE7-49E3-8D17-3838223528EB} 2013-11-06 12:35 - 2013-11-06 12:35 - 00000000 ____D C:\Users\Desk 1 - office\Documents\LG PC Suite 2013-11-06 12:31 - 2013-10-30 20:37 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Roaming\LG Electronics 2013-11-06 11:05 - 2013-11-06 11:05 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{44CA7F89-B357-4E77-B263-DF5C8D8BEB45} 2013-11-06 01:10 - 2013-03-05 12:42 - 00000628 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job 2013-11-05 23:05 - 2013-11-05 23:04 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{9CF14ECE-4EAB-404E-BFBE-E376B05EBA1C} 2013-11-05 11:26 - 2012-11-07 13:34 - 00000951 _____ C:\Users\Desk 1 - office\Desktop\Dropbox.lnk 2013-11-05 11:26 - 2012-11-07 13:31 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2013-11-05 11:03 - 2013-11-05 11:03 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{931C2D1F-FC7C-4CC3-9AA7-6D16B4CA97E7} 2013-11-05 11:03 - 2013-11-05 11:03 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{1669CBD7-32AC-4E5C-81F1-FB9D7B45DDFA} 2013-11-04 20:21 - 2009-09-16 18:32 - 00000288 _____ C:\Users\Desk 1 - office\AppData\Roaming\wklnhst.dat 2013-11-04 12:16 - 2006-11-02 16:21 - 00587792 _____ C:\Windows\system32\FNTCACHE.DAT 2013-11-01 20:40 - 2009-09-14 16:57 - 00206376 _____ C:\Users\Desk 1 - office\AppData\Local\GDIPFONTCACHEV1.DAT 2013-11-01 14:17 - 2013-11-01 14:16 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{5B88296B-8CFE-4D40-826A-48505BC41E28} 2013-11-01 14:08 - 2013-11-01 14:08 - 00000000 ____D C:\Windows\de 2013-11-01 14:08 - 2013-11-01 14:03 - 00000000 ____D C:\Program Files (x86)\Windows Live 2013-11-01 14:05 - 2013-11-01 14:05 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2013-11-01 14:02 - 2013-11-01 14:02 - 00000000 ____D C:\Program Files\Windows Live 2013-11-01 14:02 - 2006-11-02 14:33 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-11-01 13:57 - 2013-05-28 10:36 - 00037906 _____ C:\Windows\DirectX.log 2013-11-01 13:14 - 2006-11-02 14:33 - 00000000 ____D C:\Windows\Help 2013-11-01 13:13 - 2013-11-01 13:13 - 00003114 ____N C:\Windows\System32\Tasks\{7ED83459-BC89-4685-AF34-B754B9A6E540} 2013-11-01 13:11 - 2013-11-01 13:11 - 03901792 _____ (DataDesign AG) C:\Users\Desk 1 - office\Downloads\DDBAC (1).EXE 2013-11-01 13:07 - 2013-11-01 13:07 - 03901792 _____ (DataDesign AG) C:\Users\Desk 1 - office\Downloads\DDBAC.EXE 2013-11-01 12:44 - 2013-11-01 12:44 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2013-11-01 12:34 - 2009-02-04 20:12 - 00000000 ____D C:\ProgramData\NVIDIA 2013-11-01 12:30 - 2013-11-01 12:30 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2013-11-01 12:30 - 2013-11-01 12:30 - 00000000 ____D C:\Windows\SysWOW64\WindowsPowerShell 2013-11-01 12:30 - 2013-11-01 12:30 - 00000000 ____D C:\Windows\system32\WindowsPowerShell 2013-11-01 12:30 - 2013-11-01 12:30 - 00000000 ____D C:\Program Files\Windows Portable Devices 2013-11-01 12:30 - 2013-11-01 12:30 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices 2013-11-01 12:30 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\SysWOW64\zh-HK 2013-11-01 12:30 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\SysWOW64\uk-UA 2013-11-01 12:30 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\SysWOW64\tr-TR 2013-11-01 12:30 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\SysWOW64\th-TH 2013-11-01 12:30 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-CS 2013-11-01 12:30 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\SysWOW64\sl-SI 2013-11-01 12:30 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\SysWOW64\sk-SK 2013-11-01 12:30 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\SysWOW64\ro-RO 2013-11-01 12:30 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\SysWOW64\lv-LV 2013-11-01 12:30 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\SysWOW64\lt-LT 2013-11-01 12:30 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\SysWOW64\hr-HR 2013-11-01 12:30 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\SysWOW64\he-IL 2013-11-01 12:30 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\SysWOW64\et-EE 2013-11-01 12:30 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\SysWOW64\bg-BG 2013-11-01 12:30 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\SysWOW64\ar-SA 2013-11-01 12:30 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\system32\zh-HK 2013-11-01 12:30 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\system32\uk-UA 2013-11-01 12:30 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\system32\tr-TR 2013-11-01 12:30 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\system32\th-TH 2013-11-01 12:30 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\system32\sr-Latn-CS 2013-11-01 12:30 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\system32\sl-SI 2013-11-01 12:30 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\system32\sk-SK 2013-11-01 12:30 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\system32\ro-RO 2013-11-01 12:30 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\system32\lv-LV 2013-11-01 12:30 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\system32\lt-LT 2013-11-01 12:30 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\system32\hr-HR 2013-11-01 12:30 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\system32\he-IL 2013-11-01 12:30 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\system32\et-EE 2013-11-01 12:30 - 2006-11-02 14:33 - 00000000 ____D C:\Windows\system32\bg-BG 2013-11-01 12:30 - 2006-11-02 14:33 - 00000000 ____D C:\Windows\system32\ar-SA 2013-11-01 12:30 - 2006-11-02 14:33 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-11-01 12:28 - 2013-11-01 12:28 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_07_00.Wdf 2013-11-01 12:22 - 2013-11-01 12:22 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini 2013-11-01 12:22 - 2013-11-01 12:22 - 00000000 _SHDL C:\Users\UpdatusUser\Vorlagen 2013-11-01 12:22 - 2013-11-01 12:22 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü 2013-11-01 12:22 - 2013-11-01 12:22 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung 2013-11-01 12:22 - 2013-11-01 12:22 - 00000000 _SHDL C:\Users\UpdatusUser\Lokale Einstellungen 2013-11-01 12:22 - 2013-11-01 12:22 - 00000000 _SHDL C:\Users\UpdatusUser\Eigene Dateien 2013-11-01 12:22 - 2013-11-01 12:22 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung 2013-11-01 12:22 - 2013-11-01 12:22 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik 2013-11-01 12:22 - 2013-11-01 12:22 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder 2013-11-01 12:22 - 2013-11-01 12:22 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2013-11-01 12:22 - 2013-11-01 12:22 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf 2013-11-01 12:22 - 2013-11-01 12:22 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten 2013-11-01 12:22 - 2013-11-01 12:22 - 00000000 _SHDL C:\Users\UpdatusUser\Anwendungsdaten 2013-11-01 12:22 - 2013-11-01 12:22 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-11-01 12:22 - 2013-11-01 12:17 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2013-11-01 12:21 - 2013-11-01 12:21 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2013-11-01 12:16 - 2009-10-14 12:24 - 01606224 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-11-01 12:05 - 2013-11-01 12:03 - 00009141 _____ C:\Windows\system32\lvcoinst.log 2013-11-01 12:04 - 2009-09-22 21:27 - 00000000 ____D C:\Program Files\Common Files\Logishrd 2013-11-01 11:19 - 2013-11-01 11:19 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{ECDC1088-901B-444C-9A34-67ED243FD902} 2013-11-01 11:13 - 2009-02-04 20:50 - 00032821 _____ C:\ProgramData\nvModes.001 2013-11-01 11:01 - 2013-11-01 11:01 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\{03032F73-6BE2-4B18-BABD-59A967F49698} 2013-11-01 08:52 - 2013-11-01 08:50 - 230365032 _____ (Microsoft Corporation) C:\Users\Desk 1 - office\Downloads\wlsetup-all.exe 2013-10-30 23:22 - 2013-10-30 23:22 - 00000980 ____N C:\Users\Desk 1 - office\Desktop\FUJIdirekt Bestellsoftware.lnk 2013-10-30 23:20 - 2013-05-28 13:30 - 00000000 ____D C:\Users\Desk 1 - office\Documents\F O T O B U C H 2013-10-30 21:35 - 2013-10-30 21:35 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_lgandnetadb_01005.Wdf 2013-10-30 20:25 - 2013-10-30 20:25 - 00001043 _____ C:\Users\Public\Desktop\LG PC Suite.lnk 2013-10-30 20:20 - 2013-10-30 20:20 - 00000000 ____D C:\Users\Desk 1 - office\AppData\Local\LG Electronics 2013-10-30 20:20 - 2013-10-30 20:18 - 00000000 ____D C:\Program Files (x86)\LG Electronics 2013-10-30 20:16 - 2013-10-30 20:12 - 216317856 _____ (LG Electronics) C:\Users\Desk 1 - office\Downloads\LGPCSuite_Setup.exe 2013-10-30 04:16 - 2013-11-14 22:57 - 00233472 _____ (Teruten) C:\Windows\SysWOW64\FsUsbExService.Exe 2013-10-30 04:16 - 2013-11-14 22:57 - 00037344 _____ C:\Windows\SysWOW64\FsUsbExDisk.Sys 2013-10-30 04:16 - 2013-11-14 22:57 - 00037344 _____ C:\Windows\SysWOW64\FsUsbExDisk.Sy_ 2013-10-29 20:40 - 2013-10-29 20:36 - 938891219 _____ C:\Users\Desk 1 - office\Downloads\iPhone3,1_6.1.3_10B329_Restore(1).ipsw 2013-10-29 20:36 - 2013-10-29 20:32 - 938891219 _____ C:\Users\Desk 1 - office\Downloads\iPhone3,1_6.1.3_10B329_Restore.ipsw 2013-10-29 18:50 - 2013-05-02 14:50 - 00208896 ____N C:\Users\Desk 1 - office\Desktop\U-Zeit - K I D S 2 0 1 3 - 02.05.13.xls 2013-10-29 16:49 - 2013-10-29 16:49 - 00125443 _____ C:\Users\Desk 1 - office\Downloads\130729-Gebuehrenrechner-V-1.0.xlsx 2013-10-29 16:44 - 2013-03-15 08:43 - 00000000 ____D C:\Users\Desk 1 - office\Documents\I M M O B I L I E N - I N F O 2013-10-23 09:12 - 2013-05-22 11:45 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2013 2013-10-23 09:12 - 2009-09-16 19:43 - 00000000 ____D C:\ProgramData\TuneUp Software 2013-10-23 08:29 - 2013-09-29 07:56 - 00000995 _____ C:\Users\Desk 1 - office\Desktop\CopyTransManager - Verknüpfung.lnk Files to move or delete: ==================== C:\Users\Desk 1 - office\AppData\Roaming\desktop.ini C:\ProgramData\PKP_DLes.DAT C:\ProgramData\PKP_DLet.DAT C:\ProgramData\PKP_DLev.DAT Some content of TEMP: ==================== C:\Users\Desk 1 - office\AppData\Local\Temp\MovieStudio.exe C:\Users\Desk 1 - office\AppData\Local\Temp\MovieStudioPro.exe C:\Users\Desk 1 - office\AppData\Local\Temp\Quarantine.exe C:\Users\Desk 1 - office\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-18 14:58 ==================== End Of Log ============================ zu 4) Gmer - Log lies sich mit Save-Button nicht auf Desktop speichern. Hab die Einträge kopiert und in eine Word-Datei abgelegt. Sehr umfangreich, deswegen hiere nicht beigefügt. Reiche ich gerne auf Anfrage nach. zu 5) Malwarebytes Anti Malware Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.11.18.04 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Desk 1 - office :: DESK1-OFFICE [Administrator] 18.11.2013 15:08:05 mbam-log-2013-11-18 (15-08-05).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 297227 Laufzeit: 8 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCU\SOFTWARE\BONANZADEALS (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\BONANZADEALS (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 2 HKLM\SOFTWARE\BonanzaDeals|ChromeCrxPath (PUP.Optional.BonanzaDeals.A) -> Daten: C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx -> Keine Aktion durchgeführt. HKCU\SOFTWARE\BonanzaDeals|ChromeCrxPath (PUP.Optional.BonanzaDeals.A) -> Daten: C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 7 C:\Users\Desk 1 - office\AppData\Local\Temp\mt_ffx\Delta (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Users\Desk 1 - office\AppData\Local\Temp\mt_ffx\Delta\delta (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Users\Desk 1 - office\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.24.6 (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Users\Desk 1 - office\AppData\Local\Temp\ct2481020 (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Desk 1 - office\AppData\Local\Temp\ct2481020\xpi (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Desk 1 - office\AppData\Local\Temp\ct2481020\xpi\defaults (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Desk 1 - office\AppData\Local\Temp\ct2481020\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. Infizierte Dateien: 12 C:\Users\Desk 1 - office\AppData\Local\Temp\is1590112554\7533898_stp\bd.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Users\Desk 1 - office\Documents\PCSUUpdate.exe (PUP.Optional.PCSpeedUp.A) -> Keine Aktion durchgeführt. C:\Users\Desk 1 - office\Downloads\FreeVideoDub2.0.21.827 (1).exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\Desk 1 - office\Downloads\FreeVideoDub2.0.21.827.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\Desk 1 - office\Downloads\FreeYouTubeDownload.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\Desk 1 - office\Downloads\FreeYouTubeToMP3Converter.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\Desk 1 - office\Downloads\Pinnacle_TVCenter_6.4.3 (1).exe (PUP.Optional.Bandoo.A) -> Keine Aktion durchgeführt. C:\Users\Desk 1 - office\Downloads\Pinnacle_TVCenter_6.4.3.exe (PUP.Optional.Bandoo.A) -> Keine Aktion durchgeführt. C:\Users\Desk 1 - office\Downloads\SoftonicDownloader_fuer_ikea-home-planer.exe (PUP.Optional.Softonic.A) -> Keine Aktion durchgeführt. C:\Users\Desk 1 - office\Downloads\SoftonicDownloader_fuer_sweet-home-3d.exe (PUP.Optional.Softonic.A) -> Keine Aktion durchgeführt. C:\Users\Desk 1 - office\Downloads\SoftonicDownloader_fuer_switch-audio-file-converter.exe (PUP.Optional.Softonic.A) -> Keine Aktion durchgeführt. C:\Users\Desk 1 - office\Downloads\ZipExtractorSetup.exe (PUP.Optional.JumpyApps.A) -> Keine Aktion durchgeführt. (Ende) zu 6) Eset Online Scan C:\Users\Desk 1 - office\Downloads\Pinnacle_TVCenter_6.4.3 (1).exe Win32/Adware.1ClickDownload.K Anwendung Gesäubert durch Löschen - in Quarantäne kopiert C:\Users\Desk 1 - office\Downloads\Pinnacle_TVCenter_6.4.3.exe Win32/Adware.1ClickDownload.K Anwendung Gesäubert durch Löschen - in Quarantäne kopiert Nun das wars vorerst. Freu mich auf Eure Antwort. Schöne Grüße Chris |
|
19.11.2013, 07:54
| #2 |
| /// the machine /// TB-Ausbilder    | wie entferne ich " snap.Do " von meinem PC, Deinstallation bisher erfolglos hi,
__________________ So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
19.11.2013, 11:43
| #3 |
| | wie entferne ich " snap.Do " von meinem PC, Deinstallation bisher erfolglos Hallo Schrauber,
__________________ist ja nett ... Danke für die schnelle Antwort. Zunächst: Nur die Gmer-Logdatei ist sehr lange (schon als .docx Datei ca 136 kb). Soll ich sie so wie von Dir beschrieben schicken ? Was ist ein Editor und wo ? Sorry ... :-( Die von Dir vorgeschlagene Software lade ich mal eben runter und schick Dir den Log LG Chris Hallo Schrauber, 1) ... hab den Editor inzwischen als Zubehör von Windows ermittelt :-) und die GMER Log Datei hier rein kopiert (Größe 1.534 kB ... also als .txt noch größer als .docx). Deine Anweisungen hierzu waren nicht auszuführen. Soll ich Dir die als Anhang schicken ? 2) ... Junkware Removal Tool ausgeführt (Rechtsklick d.h. als Administrator ausführen ging nicht)... anbei die Log-Datei: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.8 (11.05.2013:1) OS: Windows (TM) Vista Home Premium x64 Ran by Desk 1 - office on 19.11.2013 at 8:12:27,92 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bonanzadeals Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\bonanzadeals ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" Successfully deleted: [Empty Folder] C:\Users\Desk 1 - office\appdata\local\{010717F9-45D1-401C-9113-978A1B238F1C} Successfully deleted: [Empty Folder] C:\Users\Desk 1 - office\appdata\local\{03032F73-6BE2-4B18-BABD-59A967F49698} Successfully deleted: [Empty Folder] C:\Users\Desk 1 - office\appdata\local\{0AFC0C1D-02AB-498E-8E00-447BF490BF73} Successfully deleted: [Empty Folder] C:\Users\Desk 1 - office\appdata\local\{1669CBD7-32AC-4E5C-81F1-FB9D7B45DDFA} Successfully deleted: [Empty Folder] C:\Users\Desk 1 - office\appdata\local\{44CA7F89-B357-4E77-B263-DF5C8D8BEB45} Successfully deleted: [Empty Folder] C:\Users\Desk 1 - office\appdata\local\{4842F1D8-1FB0-486A-AE51-17500AA93FDF} Successfully deleted: [Empty Folder] C:\Users\Desk 1 - office\appdata\local\{5A0C277D-8809-452E-86EF-AA840C90B220} Successfully deleted: [Empty Folder] C:\Users\Desk 1 - office\appdata\local\{5B88296B-8CFE-4D40-826A-48505BC41E28} Successfully deleted: [Empty Folder] C:\Users\Desk 1 - office\appdata\local\{814CF359-A4B2-4579-8F55-38EC19C52CE7} Successfully deleted: [Empty Folder] C:\Users\Desk 1 - office\appdata\local\{910B1744-DBC4-49B8-8434-CF74BE8D7B92} Successfully deleted: [Empty Folder] C:\Users\Desk 1 - office\appdata\local\{931C2D1F-FC7C-4CC3-9AA7-6D16B4CA97E7} Successfully deleted: [Empty Folder] C:\Users\Desk 1 - office\appdata\local\{9CF14ECE-4EAB-404E-BFBE-E376B05EBA1C} Successfully deleted: [Empty Folder] C:\Users\Desk 1 - office\appdata\local\{BD504810-F67F-4300-864B-0BFA11C47435} Successfully deleted: [Empty Folder] C:\Users\Desk 1 - office\appdata\local\{D813AAEA-2103-4530-8636-74782353F0E0} Successfully deleted: [Empty Folder] C:\Users\Desk 1 - office\appdata\local\{DD54ED7C-9363-405A-87AD-8DDCE3A61029} Successfully deleted: [Empty Folder] C:\Users\Desk 1 - office\appdata\local\{ECDC1088-901B-444C-9A34-67ED243FD902} Successfully deleted: [Empty Folder] C:\Users\Desk 1 - office\appdata\local\{F64CEF81-1BE7-49E3-8D17-3838223528EB} Successfully deleted: [Empty Folder] C:\Users\Desk 1 - office\appdata\local\{F9C6A41C-77AC-4E59-97C6-054A3911C85C} Successfully deleted: [Empty Folder] C:\Users\Desk 1 - office\appdata\local\{FD0B60F3-1B1E-4962-8DE4-B335F91A7ECE} ~~~ FireFox Emptied folder: C:\Users\Desk 1 - office\AppData\Roaming\mozilla\firefox\profiles\o55cqaq1.default\minidumps [31 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 19.11.2013 at 8:26:06,12 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Na denn, hoffe ich hab nicht all zu viel Verwirrung gestiftet ...ich fürchte Du hast es mit einem Anfänger zu tun :-( Schöne Grüße Chris Hallo Schrauber, habe inzwischen snap.do angeschrieben und um Hilfe gebeten ...die haben sich entschuldigt und mir einen Hinweis zur Deinstallation gegeben ...letztlich die ganz normale Deinstallationsroutine (die ja bisher nicht funktionierte) ....aber siehe da ... es ließ sich nun - nach dieser Kontaktaufnahme - problemlos deinstallieren..... anscheinend konnten sie die Widerhaken per Fernsteuerung einklappen ... oder wie ? Wundere mich ja immer wieder. Jedenfalls vorerst kein Handlungsbedarf mehr ....Recht schönen Dank für Deine Mühe. Schöne Grüße Chris |
|
19.11.2013, 14:38
| #4 | |
| /// the machine /// TB-Ausbilder | wie entferne ich " snap.Do " von meinem PC, Deinstallation bisher erfolglosZitat:
 na dann. Schön wenn selbst die Autoren von Adware schnell und kompromisslos ihren Kunden helfen 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu wie entferne ich " snap.Do " von meinem PC, Deinstallation bisher erfolglos |
| adblock, becker, bonjour, chromium, downloader, dvdvideosoft ltd., farbar recovery scan tool, farbars recovery, flash player, google, homepage, iexplore.exe, installation, internet explorer, plug-in, pup.optional.bandoo.a, pup.optional.bonanzadeals.a, pup.optional.conduit.a, pup.optional.delta.a, pup.optional.jumpyapps.a, pup.optional.opencandy, pup.optional.pcspeedup.a, pup.optional.softonic.a, refresh, registrierungsdatenbank, software, starmoney, symantec, tracker |
Linear-Darstellung
