| |
| |||||||
Log-Analyse und Auswertung: LOG-File von AdwCleaner zu TUbeSaver unter Win7 64bitWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
24.11.2013, 11:07
| #1 |
 |  LOG-File von AdwCleaner zu TUbeSaver unter Win7 64bit Im IE 9 32 bit erhalte ich seit einiger Zeit unzählige Werbefenster und Pop-Ups. In der Systemsteuerung fand ich nun die Software TubeSaver. Diese lässt sich jedoch nicht deinstallieren, da sich NIS meldet und den Zugriff verweigert. AdwCleaner bringt mir folgende LOG-Datei: Code:
ATTFilter # AdwCleaner v3.010 - Bericht erstellt am 24/11/2013 um 10:42:30
# Updated 20/10/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : patti - PATTIS
# Gestartet von : C:\Users\patti\Desktop\adwcleaner.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\END
Datei Gefunden : C:\Windows\System32\Tasks\TubeSaver Update
Datei Gefunden : C:\Windows\Tasks\TubeSaver Update.job
Ordner Gefunden C:\Program Files (x86)\Conduit
Ordner Gefunden C:\Program Files (x86)\tubesaver
Ordner Gefunden C:\ProgramData\boost_interprocess
Ordner Gefunden C:\Users\patti\AppData\Local\Conduit
Ordner Gefunden C:\Users\patti\AppData\LocalLow\Conduit
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\smartbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\TubeSaver
Schlüssel Gefunden : [x64] HKCU\Software\APN PIP
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gefunden : HKLM\Software\PIP
Schlüssel Gefunden : HKLM\Software\systweak
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16520
*************************
AdwCleaner[R0].txt - [2792 octets] - [24/11/2013 10:42:30]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2852 octets] ##########
Danke für die Mühe, patti |
|
24.11.2013, 12:30
| #2 |
| /// TB-Ausbilder   | LOG-File von AdwCleaner zu TUbeSaver unter Win7 64bit Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Bitte poste mit deiner nächsten Antwort
|
|
24.11.2013, 14:22
| #3 |
| | LOG-File von AdwCleaner zu TUbeSaver unter Win7 64bit Hallo Matthias,
__________________vielen lieben Dank für deine Mühe. Hier die aktuelle LOG-Datei von AdwCleaner: Code:
ATTFilter # AdwCleaner v3.013 - Bericht erstellt am 24/11/2013 um 14:04:37
# Updated 24/11/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : patti - PATTIS
# Gestartet von : C:\Users\patti\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\tubesaver
Ordner Gelöscht : C:\Users\patti\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\patti\AppData\LocalLow\Conduit
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\Tasks\TubeSaver Update.job
Datei Gelöscht : C:\Windows\System32\Tasks\TubeSaver Update
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\TubeSaver
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\systweak
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16520
*************************
AdwCleaner[R0].txt - [2944 octets] - [24/11/2013 10:42:30]
AdwCleaner[R1].txt - [3182 octets] - [24/11/2013 14:04:07]
AdwCleaner[S0].txt - [3055 octets] - [24/11/2013 14:04:37]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3115 octets] ##########
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2013 03
Ran by patti (administrator) on PATTIS on 24-11-2013 14:10:05
Running from C:\Users\patti\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Cambridge Silicon Radio Limited) P:\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe
(Cambridge Silicon Radio Limited) P:\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
(Cambridge Silicon Radio Limited) P:\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe
(Ellora Assets Corp.) P:\Freemake\Freemake\CaptureLib\CaptureLibService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\nis.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) D:\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(STRATO) P:\Strato_HiDrive\STRATO HiDrive Service.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Cambridge Silicon Radio Limited) P:\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\nis.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Cambridge Silicon Radio Limited) P:\CSR\CSR Harmony Wireless Software Stack\CsrHCRPServer.exe
(Cambridge Silicon Radio Limited) P:\CSR\CSR Harmony Wireless Software Stack\CsrAudioguiCtrl.exe
() P:\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe
(Cambridge Silicon Radio Limited) P:\CSR\CSR Harmony Wireless Software Stack\vksts.exe
(Cambridge Silicon Radio Limited) P:\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe
(Cambridge Silicon Radio Limited) C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe
(Cambridge Silicon Radio Limited) P:\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() P:\Rainlendar2\Rainlendar2.exe
(Samsung) P:\KIES\External\FirmwareUpdate\KiesPDLR.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\FritzDsl.exe
(Logitech Inc.) P:\Logitech_Webcam\LWS\Webcam Software\LWS.exe
(Acronis) P:\TrueImage2012\TrueImageHome\TrueImageMonitor.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
(Acronis) P:\TrueImage2012\TrueImageHome\TimounterMonitor.exe
(Energenie) P:\Gembird\Power Manager\pm.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403688 2012-06-28] (Acronis)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [CsrHCRPServer] - P:\CSR\CSR Harmony Wireless Software Stack\CsrHCRPServer.exe [1134288 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [CsrAudioguiCtrl] - P:\CSR\CSR Harmony Wireless Software Stack\CsrAudioguiCtrl.exe [511696 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [CsrSyncMLServer] - P:\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe [244944 2012-03-22] ()
HKLM\...\Run: [vksts] - P:\CSR\CSR Harmony Wireless Software Stack\vksts.exe [25792 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [HarmonyUserStartup] - P:\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe [39128 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [CSRHarmonySkypePlugin] - C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe [146656 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [TrayApplication] - P:\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe [529616 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [Rainlendar2] - P:\Rainlendar2\Rainlendar2.exe [3931136 2012-07-02] ()
HKCU\...\Run: [] - P:\KIES\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKCU\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden-Rechtschreibpruefung\DKTray.exe [357992 2013-01-29] (Expert System S.p.A.)
MountPoints2: {249405ba-21d4-11e2-b65a-c86000d13906} - H:\LaunchU3.exe -a
MountPoints2: {3fbb328d-5279-11e3-9168-c86000d13906} - "E:\WD Drive Unlock.exe" autoplay=true
HKLM-x32\...\Run: [LWS] - P:\Logitech_Webcam\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - P:\TrueImage2012\TrueImageHome\TrueImageMonitor.exe [5993216 2012-06-28] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] - P:\TrueImage2012\TrueImageHome\TimounterMonitor.exe [1173712 2012-06-28] (Acronis)
HKLM-x32\...\Run: [Power Manager] - P:\Gembird\Power Manager\pm.exe [26848256 2013-02-22] (Energenie)
HKLM-x32\...\Run: [AVMFBoxMonitor] - C:\Program Files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe [1503232 2009-07-06] (AVM Berlin)
HKLM-x32\...\Run: [WD Drive Unlocker] - C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-04-01] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.)
HKU\Familie\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2012-07-02] (Hewlett-Packard Company)
HKU\Familie\...\Run: [Rainlendar2] - P:\Rainlendar2\Rainlendar2.exe [3931136 2012-07-02] ()
HKU\Familie\...\Run: [] - P:\KIES\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKU\Familie\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden-Rechtschreibpruefung\DKTray.exe [357992 2013-01-29] (Expert System S.p.A.)
Startup: C:\Users\patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk
ShortcutTarget: FRITZ!DSL Internet.lnk -> C:\Program Files\FRITZ!DSL\FritzDsl.exe (AVM Berlin)
Startup: C:\Users\patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Users\patti\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe ()
Startup: C:\Users\patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7B5326663995CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coieplg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: TubeSaver - {345458b9-506f-4fcc-803b-d02843989662} - C:\Program Files (x86)\TubeSaver\133.dll No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coieplg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
==================== Services (Whitelisted) =================
R2 BtSwitcherService; P:\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe [64216 2012-03-22] (Cambridge Silicon Radio Limited)
R2 CSRBtAudioService; P:\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe [465624 2012-03-22] (Cambridge Silicon Radio Limited)
R2 CsrBtOBEX-Dienst; P:\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe [1041616 2012-03-22] (Cambridge Silicon Radio Limited)
R2 CsrBtService; P:\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe [825032 2012-03-22] (Cambridge Silicon Radio Limited)
R2 FreemakeVideoCapture; P:\Freemake\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-08-26] (Ellora Assets Corp.)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-08] (NVIDIA Corporation)
R2 StarMoney 9.0 OnlineUpdate; D:\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [663184 2013-10-11] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 STRATO HiDrive Service; P:\Strato_HiDrive\STRATO HiDrive Service.exe [32768 2011-11-15] (STRATO)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-08-14] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-08-14] (Western Digital Technologies, Inc.)
==================== Drivers (Whitelisted) ====================
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [1524824 2013-10-23] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
S3 cpuz135; P:\CPUID\PC Wizard 2012\pcwiz_x64.sys [24368 2012-08-11] (CPUID)
R3 csravrcp; C:\Windows\System32\DRIVERS\csravrcp.sys [26304 2012-03-22] (Cambridge Silicon Radio Limited)
R3 CsrBtPort; C:\Windows\System32\DRIVERS\CsrBtPort.sys [2784968 2012-03-22] (Cambridge Silicon Radio Limited)
R3 csrpan; C:\Windows\System32\DRIVERS\csrpan.sys [39616 2012-03-22] (Cambridge Silicon Radio Limited)
R3 csrserial; C:\Windows\System32\DRIVERS\csrserial.sys [61128 2012-03-22] (Cambridge Silicon Radio Limited)
R3 csrusb; C:\Windows\System32\Drivers\csrusb.sys [47296 2012-03-22] (Cambridge Silicon Radio Limited)
R3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Limited)
R3 csr_bthav; C:\Windows\System32\drivers\csrbthav.sys [99520 2012-03-22] (Cambridge Silicon Radio Limited)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\IPSDefs\20131122.001\IDSvia64.sys [521816 2013-10-28] (Symantec Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\VirusDefs\20131123.001\ENG64.SYS [126040 2013-09-04] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\VirusDefs\20131123.001\EX64.SYS [2099288 2013-09-04] (Symantec Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203672 2013-06-04] (DEVGURU Co., LTD.(www.devguru.co.kr))
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-09-05] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-08-07] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-24 14:08 - 2013-11-24 14:10 - 00018122 _____ C:\Users\patti\Desktop\FRST.txt
2013-11-24 14:08 - 2013-11-24 14:08 - 00003203 _____ C:\Users\patti\Desktop\AdwCleaner[S0].txt
2013-11-24 14:08 - 2013-11-24 14:08 - 00000000 ____D C:\Users\patti\VIRUS
2013-11-24 13:58 - 2013-11-24 14:06 - 00000336 _____ C:\Windows\setupact.log
2013-11-24 13:58 - 2013-11-24 13:58 - 00000000 _____ C:\Windows\setuperr.log
2013-11-24 13:57 - 2013-11-24 13:57 - 00026868 _____ C:\Windows\PFRO.log
2013-11-24 11:53 - 2013-11-24 11:53 - 01958396 _____ (Farbar) C:\Users\patti\Desktop\FRST64.exe
2013-11-24 11:53 - 2013-11-24 11:53 - 00000000 ____D C:\FRST
2013-11-24 10:42 - 2013-11-24 14:04 - 00000000 ____D C:\AdwCleaner
2013-11-24 10:42 - 2013-11-24 14:03 - 01091882 _____ C:\Users\patti\Desktop\adwcleaner.exe
2013-11-20 14:42 - 2013-11-14 12:56 - 30361888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 12613408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-11-20 14:42 - 2013-11-14 12:56 - 11600432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 11514624 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433182.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433182.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 00707360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 00657184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-11-20 14:06 - 2013-11-08 21:47 - 01064224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-11-20 14:06 - 2013-11-08 21:47 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-11-20 14:04 - 2013-09-28 00:01 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-11-20 14:04 - 2013-09-28 00:01 - 00028960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-11-18 19:35 - 2013-11-18 19:35 - 00000000 ____D C:\Program Files\Logitech
2013-11-18 19:14 - 2013-11-18 19:15 - 81855696 _____ (Logitech Inc.) C:\Users\patti\Downloads\setpoint6.61.15_64.exe
2013-11-18 19:13 - 2013-11-18 19:13 - 04116816 _____ (Logitech Inc.) C:\Users\patti\Downloads\unifying210.exe
2013-11-18 19:13 - 2013-11-18 19:13 - 03672832 _____ (Logitech Inc.) C:\Users\patti\Downloads\setpoint6.61.15_smart.exe
2013-11-17 10:39 - 2013-11-17 10:39 - 04313088 _____ (Microsoft Corporation) C:\Users\patti\Downloads\Setup_SportTracks_3.1.5064.exe
2013-11-14 07:08 - 2013-10-13 15:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 07:08 - 2013-10-13 15:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-14 07:08 - 2013-10-13 15:42 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-14 07:08 - 2013-10-13 15:36 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-14 07:08 - 2013-10-13 15:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 07:08 - 2013-10-13 15:29 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 07:08 - 2013-10-13 10:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 07:08 - 2013-10-13 10:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-14 07:08 - 2013-10-13 10:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-14 07:08 - 2013-10-13 10:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-14 07:08 - 2013-10-13 10:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-14 07:08 - 2013-10-13 10:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 07:08 - 2013-10-13 10:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 07:07 - 2013-10-13 16:58 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 07:07 - 2013-10-13 16:09 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 07:07 - 2013-10-13 15:55 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 07:07 - 2013-10-13 15:48 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 07:07 - 2013-10-13 15:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-14 07:07 - 2013-10-13 15:44 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 07:07 - 2013-10-13 15:42 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 07:07 - 2013-10-13 15:42 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-14 07:07 - 2013-10-13 15:39 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 07:07 - 2013-10-13 15:38 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 07:07 - 2013-10-13 11:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 07:07 - 2013-10-13 11:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 07:07 - 2013-10-13 10:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 07:07 - 2013-10-13 10:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 07:07 - 2013-10-13 10:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-14 07:07 - 2013-10-13 10:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 07:07 - 2013-10-13 10:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 07:07 - 2013-10-13 10:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 07:07 - 2013-10-13 10:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 17:34 - 2013-11-13 17:34 - 00001417 _____ C:\Users\patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-11-13 07:04 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-11-13 07:04 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-11-13 07:04 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-11-13 07:04 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-11-13 07:04 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-11-13 07:04 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-11-13 07:04 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-11-13 07:04 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2013-11-13 07:04 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-11-13 07:04 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-11-13 07:04 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-11-13 07:04 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-11-13 07:04 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-11-13 07:04 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-11-13 07:04 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2013-11-13 07:04 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-11-13 07:04 - 2013-10-01 21:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-11-13 07:04 - 2013-10-01 21:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-11-13 07:02 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 07:02 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 07:02 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 07:02 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 07:02 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 07:02 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 07:02 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 07:02 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 07:02 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 07:02 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2013-11-13 07:02 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2013-11-13 07:01 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 07:01 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 07:01 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 07:01 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 07:01 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 07:01 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 07:01 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 07:01 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 07:01 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 07:01 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 07:01 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 07:01 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 07:01 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 07:01 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 07:01 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 07:01 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 07:01 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 07:01 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 07:01 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 07:01 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 07:01 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 06:53 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-11 08:59 - 2013-11-11 08:59 - 00590112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-11-06 17:54 - 2013-11-06 17:54 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_csrserial_01009.Wdf
2013-11-06 17:53 - 2013-11-06 17:55 - 00000000 ____D C:\BluetoothExchangeFolder
2013-11-06 17:53 - 2013-11-06 17:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_csrusb_01009.Wdf
2013-11-06 17:53 - 2013-11-06 17:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_csrpan_01009.Wdf
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Windows\system32\gl-ES
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Windows\system32\fr-CA
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Windows\system32\eu-ES
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Windows\system32\es-cl
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Windows\system32\ca-ES
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Program Files (x86)\CSR
2013-10-27 09:12 - 2013-11-14 12:56 - 15218504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-10-27 09:12 - 2013-10-27 09:12 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433165.dll
2013-10-27 09:12 - 2013-10-27 09:12 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433165.dll
2013-10-26 09:55 - 2013-10-26 09:55 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-10-26 09:55 - 2013-10-26 09:55 - 00000000 ____D C:\Program Files\Realtek
2013-10-26 09:55 - 2013-03-29 20:42 - 03379272 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2013-10-26 09:55 - 2013-03-29 17:04 - 21170176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2013-10-26 09:55 - 2013-03-29 16:52 - 00914992 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2013-10-26 09:55 - 2013-03-29 16:10 - 00449481 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-10-26 09:55 - 2013-03-27 15:57 - 00135240 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2013-10-26 09:55 - 2013-03-26 16:06 - 02797128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2013-10-26 09:55 - 2013-03-26 16:04 - 02734624 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2013-10-26 09:55 - 2013-03-26 14:40 - 03693128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-10-26 09:55 - 2013-03-26 13:38 - 01659464 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2013-10-26 09:55 - 2013-03-25 16:32 - 03180264 _____ C:\Windows\system32\Drivers\rtvienna.dat
2013-10-26 09:55 - 2013-03-23 02:43 - 00208072 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2013-10-26 09:55 - 2013-03-20 12:17 - 09123608 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2013-10-26 09:55 - 2013-03-20 12:16 - 02102040 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2013-10-26 09:55 - 2013-03-20 12:16 - 01900312 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2013-10-26 09:55 - 2013-03-20 12:16 - 00910104 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2013-10-26 09:55 - 2013-03-15 18:34 - 04957976 _____ (A-volute) C:\Windows\system32\RTKSMlfx.dll
2013-10-26 09:55 - 2013-03-15 18:33 - 00887640 _____ (A-Volute) C:\Windows\system32\RTKSMSettingsIPC.dll
2013-10-26 09:55 - 2013-03-12 17:16 - 00613448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2013-10-26 09:55 - 2013-03-08 11:51 - 00904752 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2013-10-26 09:55 - 2013-02-28 12:10 - 14021912 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2013-10-26 09:55 - 2013-02-28 12:10 - 02032408 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2013-10-26 09:55 - 2013-02-27 04:37 - 00823072 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2013-10-26 09:55 - 2013-02-27 04:37 - 00633632 _____ (SRS Labs, Inc.) C:\Windows\system32\sltech64.dll
2013-10-26 09:55 - 2013-02-27 04:37 - 00517408 _____ (SRS Labs, Inc.) C:\Windows\system32\sl3apo64.dll
2013-10-26 09:55 - 2013-02-27 04:37 - 00213792 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2013-10-26 09:55 - 2013-02-21 16:26 - 00858032 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2013-10-26 09:55 - 2013-02-21 16:26 - 00148912 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2013-10-26 09:55 - 2013-02-21 16:25 - 00569256 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2013-10-26 09:55 - 2013-02-20 17:55 - 01284680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2013-10-26 09:55 - 2013-02-19 17:52 - 00991816 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2013-10-26 09:55 - 2013-01-17 18:32 - 00719640 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2013-10-26 09:55 - 2012-12-12 10:17 - 00395208 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2013-10-26 09:55 - 2012-10-02 13:41 - 00501192 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2013-10-26 09:55 - 2012-10-02 13:41 - 00487368 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2013-10-26 09:55 - 2012-10-02 13:41 - 00415688 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2013-10-26 09:55 - 2012-09-10 19:06 - 00612728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2013-10-26 09:55 - 2012-08-31 18:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2013-10-26 09:55 - 2012-08-31 18:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2013-10-26 09:55 - 2012-08-31 18:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2013-10-26 09:55 - 2012-08-31 18:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2013-10-26 09:55 - 2012-08-31 18:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2013-10-26 09:55 - 2012-07-15 20:13 - 00394616 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2013-10-26 09:55 - 2012-06-20 16:26 - 00110592 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-10-26 09:55 - 2012-03-08 10:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2013-10-26 09:55 - 2012-01-30 10:43 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2013-10-26 09:55 - 2012-01-10 09:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2013-10-26 09:55 - 2011-12-20 14:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2013-10-26 09:55 - 2011-11-22 15:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2013-10-26 09:55 - 2011-09-02 13:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2013-10-26 09:55 - 2011-09-02 13:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2013-10-26 09:55 - 2011-09-02 13:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2013-10-26 09:55 - 2011-08-23 16:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2013-10-26 09:55 - 2011-05-31 08:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2013-10-26 09:55 - 2011-05-31 08:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2013-10-26 09:55 - 2011-05-31 08:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2013-10-26 09:55 - 2011-05-31 08:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2013-10-26 09:55 - 2011-05-31 08:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2013-10-26 09:55 - 2011-05-31 08:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2013-10-26 09:55 - 2011-05-31 08:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2013-10-26 09:55 - 2011-05-31 08:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2013-10-26 09:55 - 2011-05-31 08:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2013-10-26 09:55 - 2011-05-31 08:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2013-10-26 09:55 - 2011-05-31 08:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2013-10-26 09:55 - 2011-05-31 08:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2013-10-26 09:55 - 2011-03-17 11:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2013-10-26 09:55 - 2011-03-07 16:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2013-10-26 09:55 - 2010-11-08 06:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2013-10-26 09:55 - 2010-11-08 06:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2013-10-26 09:55 - 2010-11-08 06:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2013-10-26 09:55 - 2010-11-08 06:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2013-10-26 09:55 - 2010-11-08 06:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2013-10-26 09:55 - 2010-11-08 06:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2013-10-26 09:55 - 2010-11-03 17:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2013-10-26 09:55 - 2010-09-27 08:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2013-10-26 09:55 - 2010-07-22 15:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2013-10-26 09:55 - 2009-11-24 08:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2013-10-26 09:55 - 2009-11-24 08:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2013-10-26 09:55 - 2009-11-24 08:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2013-10-26 09:55 - 2009-11-24 08:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2013-10-26 09:39 - 2013-10-26 09:41 - 81891861 _____ (Realtek Semiconductor Corp.) C:\Users\patti\Downloads\64bit_Vista_Win7_Win8_R271.exe
2013-10-26 09:38 - 2013-10-26 09:38 - 06382059 _____ C:\Users\patti\Downloads\3DSoundBack_Beta0.1.zip
2013-10-26 09:27 - 2013-10-26 09:27 - 00000000 ____D C:\Users\patti\AppData\Local\DriverTuner
2013-10-26 09:26 - 2013-10-26 09:26 - 02816072 _____ (LionSea SoftWare ) C:\Users\patti\Downloads\setup.exe
2013-10-26 09:14 - 2013-10-26 09:15 - 81891861 _____ (Realtek Semiconductor Corp.) C:\Users\patti\Downloads\ALC887HDAudioCodecR2.71.exe
==================== One Month Modified Files and Folders =======
2013-11-24 14:10 - 2013-11-24 14:08 - 00018122 _____ C:\Users\patti\Desktop\FRST.txt
2013-11-24 14:09 - 2012-10-23 22:12 - 01171435 _____ C:\Windows\WindowsUpdate.log
2013-11-24 14:08 - 2013-11-24 14:08 - 00003203 _____ C:\Users\patti\Desktop\AdwCleaner[S0].txt
2013-11-24 14:08 - 2013-11-24 14:08 - 00000000 ____D C:\Users\patti\VIRUS
2013-11-24 14:08 - 2012-11-03 08:49 - 00108032 ___SH C:\Users\patti\Thumbs.db
2013-11-24 14:08 - 2012-10-23 22:11 - 00000000 ____D C:\Users\patti
2013-11-24 14:07 - 2012-11-12 22:13 - 00000000 ____D C:\Users\patti\.rainlendar2
2013-11-24 14:07 - 2012-10-24 08:52 - 00336279 _____ C:\Users\patti\DesktopStCenter.txt
2013-11-24 14:06 - 2013-11-24 13:58 - 00000336 _____ C:\Windows\setupact.log
2013-11-24 14:06 - 2013-10-11 16:02 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2013-11-24 14:06 - 2012-10-25 18:51 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-24 14:06 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-24 14:05 - 2011-04-12 08:43 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-11-24 14:05 - 2011-04-12 08:43 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-11-24 14:05 - 2009-07-14 06:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-24 14:05 - 2009-07-14 05:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-24 14:05 - 2009-07-14 05:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-24 14:04 - 2013-11-24 10:42 - 00000000 ____D C:\AdwCleaner
2013-11-24 14:03 - 2013-11-24 10:42 - 01091882 _____ C:\Users\patti\Desktop\adwcleaner.exe
2013-11-24 13:58 - 2013-11-24 13:58 - 00000000 _____ C:\Windows\setuperr.log
2013-11-24 13:57 - 2013-11-24 13:57 - 00026868 _____ C:\Windows\PFRO.log
2013-11-24 11:53 - 2013-11-24 11:53 - 01958396 _____ (Farbar) C:\Users\patti\Desktop\FRST64.exe
2013-11-24 11:53 - 2013-11-24 11:53 - 00000000 ____D C:\FRST
2013-11-24 11:50 - 2013-09-11 15:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-24 11:22 - 2013-10-17 18:41 - 00000000 ____D C:\Users\patti\AppData\Local\CrashDumps
2013-11-24 11:22 - 2012-10-26 16:13 - 00000000 ____D C:\Users\patti\AppData\Roaming\Winamp
2013-11-24 11:22 - 2012-10-23 23:06 - 00000000 ____D C:\Windows\Panther
2013-11-20 19:57 - 2013-04-04 11:50 - 00000000 ____D C:\ProgramData\Duden
2013-11-20 15:56 - 2012-10-31 18:54 - 00000000 ____D C:\Users\patti\AppData\Roaming\MyPhoneExplorer
2013-11-20 14:44 - 2012-10-25 18:51 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-11-20 14:06 - 2012-10-24 05:39 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-11-20 14:06 - 2012-10-24 05:39 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-11-19 18:53 - 2012-11-25 14:51 - 00000173 _____ C:\Users\patti\AppData\Local\msmathematics.qat.patti
2013-11-18 19:36 - 2012-10-23 22:11 - 00000000 ___RD C:\Users\patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-18 19:35 - 2013-11-18 19:35 - 00000000 ____D C:\Program Files\Logitech
2013-11-18 19:35 - 2012-10-24 20:52 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-11-18 19:35 - 2012-10-24 20:52 - 00000000 ____D C:\ProgramData\Logishrd
2013-11-18 19:35 - 2012-10-24 20:52 - 00000000 ____D C:\Program Files\Common Files\Logishrd
2013-11-18 19:18 - 2012-12-24 19:54 - 00000000 ____D C:\ProgramData\Logitech
2013-11-18 19:15 - 2013-11-18 19:14 - 81855696 _____ (Logitech Inc.) C:\Users\patti\Downloads\setpoint6.61.15_64.exe
2013-11-18 19:13 - 2013-11-18 19:13 - 04116816 _____ (Logitech Inc.) C:\Users\patti\Downloads\unifying210.exe
2013-11-18 19:13 - 2013-11-18 19:13 - 03672832 _____ (Logitech Inc.) C:\Users\patti\Downloads\setpoint6.61.15_smart.exe
2013-11-17 16:25 - 2013-09-11 15:38 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-17 16:25 - 2013-03-14 19:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-17 16:25 - 2013-03-14 19:37 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-17 16:25 - 2012-10-31 21:22 - 00000000 ____D C:\Users\patti\AppData\Local\Adobe
2013-11-17 10:39 - 2013-11-17 10:39 - 04313088 _____ (Microsoft Corporation) C:\Users\patti\Downloads\Setup_SportTracks_3.1.5064.exe
2013-11-15 14:18 - 2012-10-23 22:48 - 00000000 ____D C:\Program Files (x86)\Everything
2013-11-14 12:56 - 2013-11-20 14:42 - 30361888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 12613408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-11-14 12:56 - 2013-11-20 14:42 - 11600432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 11514624 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433182.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433182.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 00707360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 00657184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-11-14 12:56 - 2013-10-27 09:12 - 15218504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-11-14 12:56 - 2013-09-11 15:55 - 02697248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-11-14 12:56 - 2012-10-10 20:23 - 18208624 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-11-14 12:56 - 2012-10-10 20:23 - 03069608 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-11-14 12:56 - 2012-02-09 21:43 - 00023754 _____ C:\Windows\system32\nvinfo.pb
2013-11-14 12:56 - 2009-07-13 22:59 - 18293608 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-11-14 07:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-13 21:47 - 2012-10-24 21:29 - 00000000 ____D C:\Users\patti\AppData\Roaming\Skype
2013-11-13 17:34 - 2013-11-13 17:34 - 00001417 _____ C:\Users\patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-11-13 17:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-13 07:05 - 2012-10-24 06:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 07:04 - 2013-07-12 13:03 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 07:02 - 2012-10-24 00:31 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 16:02 - 2012-10-25 18:51 - 06674208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-11-11 16:02 - 2012-10-25 18:51 - 03490080 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-11-11 16:01 - 2012-10-25 18:51 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-11-11 16:01 - 2012-10-25 18:51 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-11-11 16:01 - 2012-10-25 18:51 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-11-11 16:01 - 2012-10-25 18:51 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-11-11 08:59 - 2013-11-11 08:59 - 00590112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-11-08 21:47 - 2013-11-20 14:06 - 01064224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-11-08 21:47 - 2013-11-20 14:06 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-11-06 17:55 - 2013-11-06 17:53 - 00000000 ____D C:\BluetoothExchangeFolder
2013-11-06 17:54 - 2013-11-06 17:54 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_csrserial_01009.Wdf
2013-11-06 17:53 - 2013-11-06 17:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_csrusb_01009.Wdf
2013-11-06 17:53 - 2013-11-06 17:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_csrpan_01009.Wdf
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Windows\system32\gl-ES
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Windows\system32\fr-CA
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Windows\system32\eu-ES
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Windows\system32\es-cl
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Windows\system32\ca-ES
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Program Files (x86)\CSR
2013-11-06 17:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-11-06 17:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\th-TH
2013-11-06 17:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\sk-SK
2013-11-06 17:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\he-IL
2013-11-06 17:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\ar-SA
2013-11-03 20:26 - 2013-10-19 19:06 - 00000000 ____D C:\Users\patti\AppData\Roaming\XnView
2013-10-27 20:00 - 2012-10-24 08:54 - 00000000 ____D C:\Program Files (x86)\FRITZ!Box Monitor
2013-10-27 09:12 - 2013-10-27 09:12 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433165.dll
2013-10-27 09:12 - 2013-10-27 09:12 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433165.dll
2013-10-27 06:26 - 2013-07-13 20:10 - 00000000 ____D C:\ProgramData\PowerManagerDatabase
2013-10-26 09:56 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-26 09:55 - 2013-10-26 09:55 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-10-26 09:55 - 2013-10-26 09:55 - 00000000 ____D C:\Program Files\Realtek
2013-10-26 09:55 - 2012-10-23 22:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-26 09:41 - 2013-10-26 09:39 - 81891861 _____ (Realtek Semiconductor Corp.) C:\Users\patti\Downloads\64bit_Vista_Win7_Win8_R271.exe
2013-10-26 09:38 - 2013-10-26 09:38 - 06382059 _____ C:\Users\patti\Downloads\3DSoundBack_Beta0.1.zip
2013-10-26 09:27 - 2013-10-26 09:27 - 00000000 ____D C:\Users\patti\AppData\Local\DriverTuner
2013-10-26 09:26 - 2013-10-26 09:26 - 02816072 _____ (LionSea SoftWare ) C:\Users\patti\Downloads\setup.exe
2013-10-26 09:15 - 2013-10-26 09:14 - 81891861 _____ (Realtek Semiconductor Corp.) C:\Users\patti\Downloads\ALC887HDAudioCodecR2.71.exe
2013-10-25 16:59 - 2013-03-26 19:46 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-25 16:59 - 2012-10-24 21:29 - 00000000 ____D C:\ProgramData\Skype
Some content of TEMP:
====================
C:\Users\patti\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-20 18:49
==================== End Of Log ============================
--- --- --- und schließlich die Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2013 03
Ran by patti at 2013-11-24 14:10:31
Running from C:\Users\patti\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 7.2.8)
7-Zip 9.25 (x64 edition) (Version: 9.25.00.0)
8500A909_eDocs (x32 Version: 1.00.0000)
8500A909_Help (x32 Version: 1.00.0000)
8500A909a (x32 Version: 140.0.000.000)
Acronis*True*Image*Home 2012 (x32 Version: 15.0.7133)
Adobe AIR (x32 Version: 3.4.0.2710)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152)
Ashampoo Burning Studio 12 v.12.0.1 (x32 Version: 12.0.1)
Ashampoo Burning Studio 12 v.12.0.5 (x32 Version: 12.0.5)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.14.3.0)
ATI Catalyst Install Manager (Version: 3.0.762.0)
AVM FRITZ!Box Monitor (x32)
BPD_DSWizards (x32 Version: 1.00.0000)
bpd_scan (x32 Version: 3.00.0000)
BPDSoftware (x32 Version: 140.0.000.000)
BPDSoftware_Ini (x32 Version: 1.00.0000)
BufferChm (x32 Version: 140.0.213.000)
CameraHelperMsi (x32 Version: 13.51.815.0)
CCleaner (Version: 4.00)
CDex - Open Source Digital Audio CD Extractor (x32 Version: 1.70.4.2009)
CrystalDiskInfo 5.0.5 (x32 Version: 5.0.5)
CrystalDiskMark 3.0.2c (Version: 3.0.2c)
CSR Harmony Wireless Software Stack (Version: 2.1.63.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Destinations (x32 Version: 130.0.0.0)
DeviceDiscovery (x32 Version: 140.0.213.000)
DocMgr (x32 Version: 140.0.65.000)
DocProc (x32 Version: 140.0.100.000)
Duden Patch 3261 (x32 Version: 9.0.0)
Duden-Rechtschreibprüfung PLUS Update (x32 Version: 9.0.0)
eReg (x32 Version: 1.20.138.34)
Everything 1.2.1.371 (x32)
Fax (x32 Version: 140.0.213.000)
Fotogalerie (x32 Version: 16.4.3508.0205)
Free M4a to MP3 Converter 7.2 (x32)
Freemake Video Converter Version 4.0.1 (x32 Version: 4.0.1)
Freemake Youtube Mp3 Converter (x32 Version: 3.5.4)
FRITZ!DSL64 (Version: 2.04.03)
Garmin Communicator Plugin (x32 Version: 4.0.4)
Garmin Communicator Plugin x64 (Version: 4.0.4)
Garmin USB Drivers (x32 Version: 2.3.1.0)
GeForce Experience NvStream Client Components (Version: 1.6.28)
GPBaseService2 (x32 Version: 140.0.212.000)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Officejet Pro 8500 A909 Series (Version: 14.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HPProductAssistant (x32 Version: 140.0.213.000)
HPSSupply (x32 Version: 140.0.212.000)
IrfanView (remove only) (x32 Version: 4.36)
Java 7 Update 9 (64-bit) (Version: 7.0.90)
Junk Mail filter update (x32 Version: 16.4.3508.0205)
LightScribe System Software (x32 Version: 1.18.26.7)
Logitech SetPoint 6.61 (Version: 6.61.15)
Logitech Webcam-Software (x32 Version: 2.51)
LWS Facebook (x32 Version: 13.50.854.0)
LWS Gallery (x32 Version: 13.51.827.0)
LWS Help_main (x32 Version: 13.51.828.0)
LWS Launcher (x32 Version: 13.51.828.0)
LWS Motion Detection (x32 Version: 13.51.815.0)
LWS Pictures And Video (x32 Version: 13.51.815.0)
LWS Twitter (x32 Version: 13.30.1346.0)
LWS Webcam Software (x32 Version: 13.51.815.0)
LWS WLM Plugin (x32 Version: 1.30.1201.0)
LWS YouTube Plugin (x32 Version: 13.31.1038.0)
MarketResearch (x32 Version: 140.0.214.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Flight (x32 Version: 1.0.0005.129)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Mathematics (64-Bit) (Version: 4.0)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.7015.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Movie Maker (x32 Version: 16.4.3508.0205)
MPM (x32 Version: 1.00.0000)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MusicBrainz Picard (x32 Version: 1.1)
MyPhoneExplorer (x32 Version: 1.8.5)
NAVIGON Fresh 3.4.1 (x32 Version: 3.4.1)
Network64 (Version: 140.0.215.000)
Network64 (Version: 140.0.221.000)
Norton Internet Security (x32 Version: 21.1.0.18)
NVIDIA 3D Vision Controller-Treiber 331.82 (Version: 331.82)
NVIDIA 3D Vision Treiber 331.82 (Version: 331.82)
NVIDIA GeForce Experience 1.7.1 (Version: 1.7.1)
NVIDIA Grafiktreiber 331.82 (Version: 331.82)
NVIDIA Install Application (Version: 2.1002.140.952)
NVIDIA LED Visualizer 1.0 (Version: 1.0)
NVIDIA PhysX (x32 Version: 9.13.0725)
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725)
NVIDIA ShadowPlay 9.3.21 (Version: 9.3.21)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3182)
NVIDIA Systemsteuerung 331.82 (Version: 331.82)
NVIDIA Update 9.3.21 (Version: 9.3.21)
NVIDIA Update Components (Version: 9.3.21)
NVIDIA Virtual Audio 1.2.9 (Version: 1.2.9)
OCR Software by I.R.I.S. 14.0 (Version: 14.0)
Opera 12.16 (x32 Version: 12.16.1860)
PC Wizard 2012.2.11 (x32)
PDF-Viewer (Version: 2.5.212.0)
Photo Common (x32 Version: 16.4.3508.0205)
Photo Gallery (x32 Version: 16.4.3508.0205)
PhotoFiltre 7 (HKCU)
Plus Pack für Acronis True Image Home 2012 (x32 Version: 15.0.7133)
Power Manager Version 6.0.0.6 (Version: 6.0.0.6)
ProductContext (x32 Version: 140.0.000.000)
Rainlendar2 (remove only) (x32)
Realtek Ethernet Controller Driver (x32 Version: 7.50.1123.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6873)
Samsung Kies (x32 Version: 2.5.0.12114_1)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.16.0)
Scan (x32 Version: 140.0.167.000)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
SHIELD Streaming (Version: 1.6.53)
Shop for HP Supplies (Version: 14.0)
Sigma Data Center 2.1 (x32 Version: 2.1.0)
Skype™ 6.9 (x32 Version: 6.9.106)
SmartWebPrinting (x32 Version: 140.0.213.000)
SolutionCenter (x32 Version: 140.0.214.000)
SportTracks 3.1 (x32 Version: 3.1.5064)
SSD Fresh (x32 Version: 2013)
StarMoney (x32 Version: 3.0.5.8)
StarMoney (x32 Version: 4.0.0.203)
StarMoney 9.0 (x32 Version: 9.0)
Status (x32 Version: 140.0.256.000)
STRATO HiDrive (remove only) (x32)
StreamTransport version: 1.0.2.2171 (x32)
Toolbox (x32 Version: 140.0.428.000)
TrayApp (x32 Version: 140.0.213.000)
TrueCrypt (x32 Version: 7.1a)
TubeSaver (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 64-Bit Edition
WD Drive Utilities (x32 Version: 1.0.4.11)
WD Quick View (x32 Version: 2.2.0.8)
WD Security (x32 Version: 1.0.4.11)
WD SmartWare (Version: 2.2.0.8)
WD SmartWare Installer (x32 Version: 2.2.0.8)
WebReg (x32 Version: 140.0.213.017)
Win7 Taskbar v2.0 (x32 Version: 2.0)
Winamp (x32 Version: 5.65 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Mail (x32 Version: 16.4.3508.0205)
Windows Live MIME IFilter (Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
Windows Live Writer (x32 Version: 16.4.3508.0205)
Windows Live Writer Resources (x32 Version: 16.4.3508.0205)
WinPcap 4.1.2 (x32 Version: 4.1.0.2001)
XnView 2.05 (x32 Version: 2.05)
==================== Restore Points =========================
13-11-2013 06:02:17 Windows Update
13-11-2013 16:30:00 Windows Modules Installer
14-11-2013 06:07:47 Windows Update
21-11-2013 07:56:42 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0A777C07-19AC-4049-99C4-973E047D53D1} - \TubeSaver Update No Task File
Task: {2DFF05DE-1C97-4BA2-9AFF-630FC5E5BFD7} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {76D59B7C-4712-4B97-9BC3-7C92C9BF3420} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-17] (Adobe Systems Incorporated)
Task: {775476BA-7B80-4B16-B94C-A21C42441BF3} - System32\Tasks\CCleanerSkipUAC => P:\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {8E820F91-6779-4C89-91A8-BDF447F9022A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D0C979C7-A7A9-44E7-AA4E-E35DE00F5E57} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {E4A43FD6-6DAF-492D-BB6F-252A2DDE77AB} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\wscstub.exe [2013-10-08] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2012-10-25 18:51 - 2013-11-11 16:02 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-12-09 23:01 - 2011-12-09 23:01 - 00041472 _____ () P:\MyPhoneExplorer\DLL\mpe_gadget_connector_net.dll
2012-05-16 20:12 - 2012-05-16 20:12 - 00179200 _____ () P:\Rainlendar2\lua52.dll
2012-07-02 08:11 - 2012-07-02 08:11 - 00312320 _____ () P:\Rainlendar2\plugins\iCalendarPlugin.dll
2012-06-17 14:21 - 2012-06-17 14:21 - 00015360 _____ () P:\Rainlendar2\lfs.dll
2007-12-06 10:19 - 2007-12-06 10:19 - 00258560 _____ () C:\Program Files\FRITZ!DSL\C90dll.dll
2013-10-15 18:00 - 2011-01-13 10:44 - 00232800 _____ () D:\StarMoney 9.0\ouservice\PATCHW32.dll
2012-06-28 16:58 - 2012-06-28 16:58 - 00435584 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () P:\Logitech_Webcam\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () P:\Logitech_Webcam\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () P:\Logitech_Webcam\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () P:\Logitech_Webcam\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () P:\Logitech_Webcam\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-06-28 20:46 - 2012-06-28 20:46 - 13005184 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll
2012-06-28 17:34 - 2012-06-28 17:34 - 00018816 _____ () P:\TrueImage2012\TrueImageHome\ti_managers_proxy_stub.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Officejet Pro 8500 A909a
Description: Officejet Pro 8500 A909a
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/24/2013 02:07:51 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (11/24/2013 01:59:51 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (11/24/2013 01:59:21 PM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/24/2013 01:59:21 PM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/24/2013 01:59:21 PM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/24/2013 01:59:21 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Error: (11/24/2013 01:59:21 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/24/2013 01:59:21 PM) (Source: Windows Search Service) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (11/24/2013 01:59:21 PM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/24/2013 01:59:21 PM) (Source: Windows Search Service) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (11/24/2013 02:07:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (11/24/2013 02:07:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (11/24/2013 02:07:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (11/24/2013 02:07:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (11/24/2013 02:07:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (11/24/2013 02:07:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (11/24/2013 02:07:43 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801
Error: (11/24/2013 02:07:43 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801
Error: (11/24/2013 02:07:43 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801
Error: (11/24/2013 02:07:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Microsoft Office Sessions:
=========================
Error: (11/24/2013 02:07:51 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/24/2013 01:59:51 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/24/2013 01:59:21 PM) (Source: Windows Search Service)(User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/24/2013 01:59:21 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/24/2013 01:59:21 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/24/2013 01:59:21 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
Error: (11/24/2013 01:59:21 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
Error: (11/24/2013 01:59:21 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (11/24/2013 01:59:21 PM) (Source: Windows Search Service)(User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
Error: (11/24/2013 01:59:21 PM) (Source: Windows Search Service)(User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
4700
==================== Memory info ===========================
Percentage of memory in use: 13%
Total physical RAM: 16382.12 MB
Available physical RAM: 14164.77 MB
Total Pagefile: 20476.3 MB
Available Pagefile: 18126.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.79 GB) (Free:51.71 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATEN) (Fixed) (Total:390.62 GB) (Free:229.14 GB) NTFS
Drive f: (FOTOS) (Fixed) (Total:1524.86 GB) (Free:1352.13 GB) NTFS
Drive m: (MUSIK) (Fixed) (Total:488.28 GB) (Free:401.32 GB) NTFS
Drive p: (PROGRAMME) (Fixed) (Total:390.62 GB) (Free:385.71 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 112 GB) (Disk ID: 6B4D85AD)
Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2795 GB) (Disk ID: C8C36D8F)
Partition: GPT Partition Type
==================== End Of Log ============================
Bekommen habe ich das Ding mit der Software MyPhoneExplorer  Vorab vielen Dank für deine Mühe, patti |
|
25.11.2013, 16:11
| #4 |
| /// TB-Ausbilder | LOG-File von AdwCleaner zu TUbeSaver unter Win7 64bit Servus, Schritt 1 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
Bitte poste mit deiner nächsten Antwort
|
|
25.11.2013, 19:26
| #5 |
| | LOG-File von AdwCleaner zu TUbeSaver unter Win7 64bit Hallo Matthias, habe alle drei Programme durchlaufen lassen - wie beschrieben. 1.) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x64
Ran by patti on 25.11.2013 at 16:25:07,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{345458b9-506f-4fcc-803b-d02843989662}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{345458b9-506f-4fcc-803b-d02843989662}
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.11.2013 at 16:33:12,49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2.) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.11.25.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 patti :: PATTIS [Administrator] Schutz: Aktiviert 25.11.2013 17:18:28 MBAM-log-2013-11-25 (17-24-11).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 257812 Laufzeit: 2 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\patti\Downloads\FreemakeVideoConverterSetup.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\patti\Downloads\MyPhoneExplorer_Setup_v1.8.5.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\patti\Downloads\winamp565_full_emusic-7plus_de-de.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. (Ende) 3.) Code:
ATTFilter Zoek.exe Version 4.0.0.5 Updated 24-November-2013
Tool run by patti on 25.11.2013 at 17:34:33,30.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\patti\Desktop\zoek\zoek.exe [Script inserted]
==== System Restore Info ======================
25.11.2013 17:35:07 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3965852666-880147142-4208818141-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} deleted successfully
HKEY_USERS\S-1-5-21-3965852666-880147142-4208818141-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} deleted successfully
HKEY_USERS\S-1-5-21-3965852666-880147142-4208818141-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} deleted successfully
HKEY_USERS\S-1-5-21-3965852666-880147142-4208818141-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} deleted successfully
HKEY_USERS\S-1-5-21-3965852666-880147142-4208818141-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{345458B9-506F-4FCC-803B-D02843989662} deleted successfully
HKEY_USERS\S-1-5-21-3965852666-880147142-4208818141-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{345458B9-506F-4FCC-803B-D02843989662} deleted successfully
HKEY_USERS\S-1-5-21-3965852666-880147142-4208818141-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{345458B9-506F-4FCC-803B-D02843989662} deleted successfully
HKEY_USERS\S-1-5-21-3965852666-880147142-4208818141-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{345458B9-506F-4FCC-803B-D02843989662} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-3965852666-880147142-4208818141-1000\Software\Mozilla\Firefox\Extensions\{af9433c0-d475-48fd-8223-97aab85432eb} deleted successfully
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
"C:\Users\patti\AppData\Roaming\FRITZ" not found
C:\ProgramData\Package Cache deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.1.3\IPSFF" [09.10.2013 18:32]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [24.10.2012 08:34]
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bpegkgagfojjbcpkihigfmkojdmmimdf - P:\Freemake\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx[16.08.2013 06:36]
ehgldbbpchgpcfagfpfjgoomddhccfgh - P:\Freemake\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx[16.08.2013 06:36]
jbolfgndggfhhpbnkgnpjkfhinclbigj - P:\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx[08.05.2013 02:24]
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx[06.10.2013 04:26]
ojcdnngpmbenohhjlickdajclhbcaada - C:\Program Files (x86)\TubeSaver\133.crx[]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
Nothing found to reset
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ojcdnngpmbenohhjlickdajclhbcaada deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Familie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Familie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\patti\AppData\Local\Temp\Temporary Internet Files\Content.IE5\HAB0OY2Z will be deleted at reboot
C:\Users\patti\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\patti\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\patti\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\patti\AppData\Local\Temp\Temporary Internet Files\Content.IE5\HAB0OY2Z" not found
==== EOF on 25.11.2013 at 17:51:57,69 ======================
Ich ziehe meinen Hut vor den Menschen, die da durchblicken. Zum Glück gibt es hier einen SPENDE-Button!!! Gruß, patti Hallo Matthias, bei der Installation von zoek.exe wurde eine Datei mitentpackt, die sich 'zoek.scr' nennt. Diese wurde von NIS geblockt. Ich habe daraufhin NIS deaktiviert und zoek vollständig entpackt (3 Dateien). Nachdem ich alles wie beschrieben gemacht habe, habe ich NIS wieder aktiviert. Nun meldet NIS immer wieder, dass zoek.exe vom Virenscanner erkannt, isoliert und entfernt wurde mit dem Klammervermerk: Suspicious.Cloud.2 und Suspicious.Cloud.9 Die Datei zoek.exe wurde nun von NIS tatsächlich aus dem Ordner gelöscht. Ist das okay??? LG, patti |
|
26.11.2013, 19:09
| #6 |
| /// TB-Ausbilder | LOG-File von AdwCleaner zu TUbeSaver unter Win7 64bit Servus, Zoek brauchen wir nicht, also halb so schlimm. Du brauchst dir aber keine Sorgen machen, das ist ein Fehlalarm von NIS.  Wir spüren die letzten Reste auf, damit wir sie später entfernen können: Schritt 1 Kontrollscan mit FRST Führe wie zuvor beschrieben einen Scan mit FRST aus. Setze dazu eine Haken bei Addition.txt rechts unten und klicke auf Scan. Es werden wieder zwei Logdateien erzeugt. Poste mir diese. Schritt 2 Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop: SystemLook (32 bit) | SystemLook (64 bit)
Gibt es noch Probleme mit Malware? Wenn ja, welche? Wie läuft der Rechner derzeit? Bitte poste mit deiner nächsten Antwort
|
|
26.11.2013, 20:46
| #7 |
| | LOG-File von AdwCleaner zu TUbeSaver unter Win7 64bit Hi Matthias, hier wieder die Log-Dateien: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-11-2013 01
Ran by patti (administrator) on PATTIS on 26-11-2013 20:41:51
Running from C:\Users\patti\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Cambridge Silicon Radio Limited) P:\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe
(Cambridge Silicon Radio Limited) P:\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
(Cambridge Silicon Radio Limited) P:\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe
(Ellora Assets Corp.) P:\Freemake\Freemake\CaptureLib\CaptureLibService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\nis.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) D:\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(STRATO) P:\Strato_HiDrive\STRATO HiDrive Service.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Cambridge Silicon Radio Limited) P:\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\nis.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Cambridge Silicon Radio Limited) P:\CSR\CSR Harmony Wireless Software Stack\CsrHCRPServer.exe
(Cambridge Silicon Radio Limited) P:\CSR\CSR Harmony Wireless Software Stack\CsrAudioguiCtrl.exe
() P:\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe
(Cambridge Silicon Radio Limited) P:\CSR\CSR Harmony Wireless Software Stack\vksts.exe
(Cambridge Silicon Radio Limited) P:\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe
(Cambridge Silicon Radio Limited) C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe
(Cambridge Silicon Radio Limited) P:\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() P:\Rainlendar2\Rainlendar2.exe
(Samsung) P:\KIES\External\FirmwareUpdate\KiesPDLR.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\FritzDsl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
(Logitech Inc.) P:\Logitech_Webcam\LWS\Webcam Software\LWS.exe
(Acronis) P:\TrueImage2012\TrueImageHome\TrueImageMonitor.exe
(Acronis) P:\TrueImage2012\TrueImageHome\TimounterMonitor.exe
(Energenie) P:\Gembird\Power Manager\pm.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403688 2012-06-28] (Acronis)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [CsrHCRPServer] - P:\CSR\CSR Harmony Wireless Software Stack\CsrHCRPServer.exe [1134288 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [CsrAudioguiCtrl] - P:\CSR\CSR Harmony Wireless Software Stack\CsrAudioguiCtrl.exe [511696 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [CsrSyncMLServer] - P:\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe [244944 2012-03-22] ()
HKLM\...\Run: [vksts] - P:\CSR\CSR Harmony Wireless Software Stack\vksts.exe [25792 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [HarmonyUserStartup] - P:\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe [39128 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [CSRHarmonySkypePlugin] - C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe [146656 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [TrayApplication] - P:\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe [529616 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [Rainlendar2] - P:\Rainlendar2\Rainlendar2.exe [3931136 2012-07-02] ()
HKCU\...\Run: [] - P:\KIES\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKCU\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden-Rechtschreibpruefung\DKTray.exe [357992 2013-01-29] (Expert System S.p.A.)
MountPoints2: {249405ba-21d4-11e2-b65a-c86000d13906} - H:\LaunchU3.exe -a
MountPoints2: {3fbb328d-5279-11e3-9168-c86000d13906} - "E:\WD Drive Unlock.exe" autoplay=true
HKLM-x32\...\Run: [LWS] - P:\Logitech_Webcam\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - P:\TrueImage2012\TrueImageHome\TrueImageMonitor.exe [5993216 2012-06-28] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] - P:\TrueImage2012\TrueImageHome\TimounterMonitor.exe [1173712 2012-06-28] (Acronis)
HKLM-x32\...\Run: [Power Manager] - P:\Gembird\Power Manager\pm.exe [26848256 2013-02-22] (Energenie)
HKLM-x32\...\Run: [AVMFBoxMonitor] - C:\Program Files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe [1503232 2009-07-06] (AVM Berlin)
HKLM-x32\...\Run: [WD Drive Unlocker] - C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-04-01] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.)
HKU\Familie\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2012-07-02] (Hewlett-Packard Company)
HKU\Familie\...\Run: [Rainlendar2] - P:\Rainlendar2\Rainlendar2.exe [3931136 2012-07-02] ()
HKU\Familie\...\Run: [] - P:\KIES\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKU\Familie\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden-Rechtschreibpruefung\DKTray.exe [357992 2013-01-29] (Expert System S.p.A.)
Startup: C:\Users\patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk
ShortcutTarget: FRITZ!DSL Internet.lnk -> C:\Program Files\FRITZ!DSL\FritzDsl.exe (AVM Berlin)
Startup: C:\Users\patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Users\patti\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe ()
Startup: C:\Users\patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7B5326663995CE01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coieplg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coieplg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
==================== Services (Whitelisted) =================
R2 BtSwitcherService; P:\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe [64216 2012-03-22] (Cambridge Silicon Radio Limited)
R2 CSRBtAudioService; P:\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe [465624 2012-03-22] (Cambridge Silicon Radio Limited)
R2 CsrBtOBEX-Dienst; P:\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe [1041616 2012-03-22] (Cambridge Silicon Radio Limited)
R2 CsrBtService; P:\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe [825032 2012-03-22] (Cambridge Silicon Radio Limited)
R2 FreemakeVideoCapture; P:\Freemake\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-08-26] (Ellora Assets Corp.)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-08] (NVIDIA Corporation)
R2 StarMoney 9.0 OnlineUpdate; D:\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [663184 2013-10-11] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 STRATO HiDrive Service; P:\Strato_HiDrive\STRATO HiDrive Service.exe [32768 2011-11-15] (STRATO)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-08-14] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-08-14] (Western Digital Technologies, Inc.)
==================== Drivers (Whitelisted) ====================
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [1524824 2013-10-23] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
S3 cpuz135; P:\CPUID\PC Wizard 2012\pcwiz_x64.sys [24368 2012-08-11] (CPUID)
R3 csravrcp; C:\Windows\System32\DRIVERS\csravrcp.sys [26304 2012-03-22] (Cambridge Silicon Radio Limited)
R3 CsrBtPort; C:\Windows\System32\DRIVERS\CsrBtPort.sys [2784968 2012-03-22] (Cambridge Silicon Radio Limited)
R3 csrpan; C:\Windows\System32\DRIVERS\csrpan.sys [39616 2012-03-22] (Cambridge Silicon Radio Limited)
R3 csrserial; C:\Windows\System32\DRIVERS\csrserial.sys [61128 2012-03-22] (Cambridge Silicon Radio Limited)
R3 csrusb; C:\Windows\System32\Drivers\csrusb.sys [47296 2012-03-22] (Cambridge Silicon Radio Limited)
R3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Limited)
R3 csr_bthav; C:\Windows\System32\drivers\csrbthav.sys [99520 2012-03-22] (Cambridge Silicon Radio Limited)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\IPSDefs\20131122.001\IDSvia64.sys [521816 2013-10-28] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\VirusDefs\20131125.003\ENG64.SYS [126040 2013-09-04] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\VirusDefs\20131125.003\EX64.SYS [2099288 2013-09-04] (Symantec Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203672 2013-06-04] (DEVGURU Co., LTD.(www.devguru.co.kr))
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-09-05] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-08-07] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-26 20:41 - 2013-11-26 20:41 - 00018450 _____ C:\Users\patti\Desktop\FRST.txt
2013-11-26 20:40 - 2013-11-26 20:40 - 01958474 _____ (Farbar) C:\Users\patti\Desktop\FRST64.exe
2013-11-26 20:39 - 2013-11-26 20:39 - 01958474 _____ (Farbar) C:\Users\patti\Downloads\FRST64.exe
2013-11-26 20:36 - 2013-11-26 20:38 - 00000000 ____D C:\Users\patti\Desktop\TS_TB
2013-11-25 17:46 - 2013-11-25 17:34 - 00024064 _____ C:\Windows\zoek-delete.exe
2013-11-25 17:34 - 2013-11-25 17:51 - 00007547 _____ C:\zoek-results.log
2013-11-25 17:34 - 2013-11-25 17:44 - 00000000 ____D C:\zoek_backup
2013-11-25 17:16 - 2013-11-25 17:16 - 00000000 ____D C:\Users\patti\AppData\Roaming\Malwarebytes
2013-11-25 17:15 - 2013-11-25 17:15 - 00001127 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-25 17:15 - 2013-11-25 17:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-25 17:15 - 2013-11-25 17:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-25 17:15 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-25 16:25 - 2013-11-25 16:25 - 00000000 ____D C:\Windows\ERUNT
2013-11-25 16:21 - 2013-11-25 16:21 - 01034531 _____ (Thisisu) C:\Users\patti\Desktop\JRT.exe
2013-11-24 14:08 - 2013-11-24 14:08 - 00000000 ____D C:\Users\patti\VIRUS
2013-11-24 13:58 - 2013-11-26 20:22 - 00001680 _____ C:\Windows\setupact.log
2013-11-24 13:58 - 2013-11-24 13:58 - 00000000 _____ C:\Windows\setuperr.log
2013-11-24 13:57 - 2013-11-25 17:49 - 00028476 _____ C:\Windows\PFRO.log
2013-11-24 11:53 - 2013-11-24 11:53 - 00000000 ____D C:\FRST
2013-11-24 10:42 - 2013-11-24 14:47 - 00000000 ____D C:\AdwCleaner
2013-11-24 10:42 - 2013-11-24 14:03 - 01091882 _____ C:\Users\patti\Desktop\adwcleaner.exe
2013-11-20 14:42 - 2013-11-14 12:56 - 30361888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 12613408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-11-20 14:42 - 2013-11-14 12:56 - 11600432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 11514624 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433182.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433182.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 00707360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 00657184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-11-20 14:06 - 2013-11-08 21:47 - 01064224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-11-20 14:06 - 2013-11-08 21:47 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-11-20 14:04 - 2013-09-28 00:01 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-11-20 14:04 - 2013-09-28 00:01 - 00028960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-11-18 19:35 - 2013-11-18 19:35 - 00000000 ____D C:\Program Files\Logitech
2013-11-18 19:14 - 2013-11-18 19:15 - 81855696 _____ (Logitech Inc.) C:\Users\patti\Downloads\setpoint6.61.15_64.exe
2013-11-18 19:13 - 2013-11-18 19:13 - 04116816 _____ (Logitech Inc.) C:\Users\patti\Downloads\unifying210.exe
2013-11-18 19:13 - 2013-11-18 19:13 - 03672832 _____ (Logitech Inc.) C:\Users\patti\Downloads\setpoint6.61.15_smart.exe
2013-11-17 10:39 - 2013-11-17 10:39 - 04313088 _____ (Microsoft Corporation) C:\Users\patti\Downloads\Setup_SportTracks_3.1.5064.exe
2013-11-14 07:08 - 2013-10-13 15:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 07:08 - 2013-10-13 15:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-14 07:08 - 2013-10-13 15:42 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-14 07:08 - 2013-10-13 15:36 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-14 07:08 - 2013-10-13 15:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 07:08 - 2013-10-13 15:29 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 07:08 - 2013-10-13 10:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 07:08 - 2013-10-13 10:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-14 07:08 - 2013-10-13 10:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-14 07:08 - 2013-10-13 10:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-14 07:08 - 2013-10-13 10:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-14 07:08 - 2013-10-13 10:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 07:08 - 2013-10-13 10:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 07:07 - 2013-10-13 16:58 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 07:07 - 2013-10-13 16:09 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 07:07 - 2013-10-13 15:55 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 07:07 - 2013-10-13 15:48 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 07:07 - 2013-10-13 15:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-14 07:07 - 2013-10-13 15:44 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 07:07 - 2013-10-13 15:42 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 07:07 - 2013-10-13 15:42 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-14 07:07 - 2013-10-13 15:39 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 07:07 - 2013-10-13 15:38 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 07:07 - 2013-10-13 11:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 07:07 - 2013-10-13 11:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 07:07 - 2013-10-13 10:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 07:07 - 2013-10-13 10:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 07:07 - 2013-10-13 10:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-14 07:07 - 2013-10-13 10:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 07:07 - 2013-10-13 10:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 07:07 - 2013-10-13 10:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 07:07 - 2013-10-13 10:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 17:34 - 2013-11-13 17:34 - 00001417 _____ C:\Users\patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-11-13 07:04 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-11-13 07:04 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-11-13 07:04 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-11-13 07:04 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-11-13 07:04 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-11-13 07:04 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-11-13 07:04 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-11-13 07:04 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2013-11-13 07:04 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-11-13 07:04 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-11-13 07:04 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-11-13 07:04 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-11-13 07:04 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-11-13 07:04 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-11-13 07:04 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2013-11-13 07:04 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-11-13 07:04 - 2013-10-01 21:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-11-13 07:04 - 2013-10-01 21:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-11-13 07:02 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 07:02 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 07:02 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 07:02 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 07:02 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 07:02 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 07:02 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 07:02 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 07:02 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 07:02 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2013-11-13 07:02 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2013-11-13 07:01 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 07:01 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 07:01 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 07:01 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 07:01 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 07:01 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 07:01 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 07:01 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 07:01 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 07:01 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 07:01 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 07:01 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 07:01 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 07:01 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 07:01 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 07:01 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 07:01 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 07:01 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 07:01 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 07:01 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 07:01 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 06:53 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-11 08:59 - 2013-11-11 08:59 - 00590112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-11-06 17:54 - 2013-11-06 17:54 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_csrserial_01009.Wdf
2013-11-06 17:53 - 2013-11-06 17:55 - 00000000 ____D C:\BluetoothExchangeFolder
2013-11-06 17:53 - 2013-11-06 17:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_csrusb_01009.Wdf
2013-11-06 17:53 - 2013-11-06 17:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_csrpan_01009.Wdf
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Windows\system32\gl-ES
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Windows\system32\fr-CA
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Windows\system32\eu-ES
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Windows\system32\es-cl
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Windows\system32\ca-ES
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Program Files (x86)\CSR
2013-10-27 09:12 - 2013-11-14 12:56 - 15218504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-10-27 09:12 - 2013-10-27 09:12 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433165.dll
2013-10-27 09:12 - 2013-10-27 09:12 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433165.dll
==================== One Month Modified Files and Folders =======
2013-11-26 20:41 - 2013-11-26 20:41 - 00018450 _____ C:\Users\patti\Desktop\FRST.txt
2013-11-26 20:40 - 2013-11-26 20:40 - 01958474 _____ (Farbar) C:\Users\patti\Desktop\FRST64.exe
2013-11-26 20:39 - 2013-11-26 20:39 - 01958474 _____ (Farbar) C:\Users\patti\Downloads\FRST64.exe
2013-11-26 20:38 - 2013-11-26 20:36 - 00000000 ____D C:\Users\patti\Desktop\TS_TB
2013-11-26 20:29 - 2011-04-12 08:43 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-11-26 20:29 - 2011-04-12 08:43 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-11-26 20:29 - 2009-07-14 06:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-26 20:29 - 2009-07-14 05:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-26 20:29 - 2009-07-14 05:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-26 20:25 - 2012-10-23 22:12 - 01222883 _____ C:\Windows\WindowsUpdate.log
2013-11-26 20:23 - 2013-10-11 16:02 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2013-11-26 20:23 - 2012-11-12 22:13 - 00000000 ____D C:\Users\patti\.rainlendar2
2013-11-26 20:23 - 2012-10-24 08:52 - 00339023 _____ C:\Users\patti\DesktopStCenter.txt
2013-11-26 20:22 - 2013-11-24 13:58 - 00001680 _____ C:\Windows\setupact.log
2013-11-26 20:22 - 2012-10-25 18:51 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-26 20:22 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-25 19:50 - 2013-09-11 15:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-25 18:43 - 2012-10-23 22:48 - 00000000 ____D C:\Program Files (x86)\Everything
2013-11-25 17:51 - 2013-11-25 17:34 - 00007547 _____ C:\zoek-results.log
2013-11-25 17:49 - 2013-11-24 13:57 - 00028476 _____ C:\Windows\PFRO.log
2013-11-25 17:44 - 2013-11-25 17:34 - 00000000 ____D C:\zoek_backup
2013-11-25 17:34 - 2013-11-25 17:46 - 00024064 _____ C:\Windows\zoek-delete.exe
2013-11-25 17:16 - 2013-11-25 17:16 - 00000000 ____D C:\Users\patti\AppData\Roaming\Malwarebytes
2013-11-25 17:15 - 2013-11-25 17:15 - 00001127 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-25 17:15 - 2013-11-25 17:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-25 17:15 - 2013-11-25 17:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-25 16:25 - 2013-11-25 16:25 - 00000000 ____D C:\Windows\ERUNT
2013-11-25 16:21 - 2013-11-25 16:21 - 01034531 _____ (Thisisu) C:\Users\patti\Desktop\JRT.exe
2013-11-24 14:47 - 2013-11-24 10:42 - 00000000 ____D C:\AdwCleaner
2013-11-24 14:08 - 2013-11-24 14:08 - 00000000 ____D C:\Users\patti\VIRUS
2013-11-24 14:08 - 2012-11-03 08:49 - 00108032 ___SH C:\Users\patti\Thumbs.db
2013-11-24 14:08 - 2012-10-23 22:11 - 00000000 ____D C:\Users\patti
2013-11-24 14:03 - 2013-11-24 10:42 - 01091882 _____ C:\Users\patti\Desktop\adwcleaner.exe
2013-11-24 13:58 - 2013-11-24 13:58 - 00000000 _____ C:\Windows\setuperr.log
2013-11-24 11:53 - 2013-11-24 11:53 - 00000000 ____D C:\FRST
2013-11-24 11:22 - 2013-10-17 18:41 - 00000000 ____D C:\Users\patti\AppData\Local\CrashDumps
2013-11-24 11:22 - 2012-10-26 16:13 - 00000000 ____D C:\Users\patti\AppData\Roaming\Winamp
2013-11-24 11:22 - 2012-10-23 23:06 - 00000000 ____D C:\Windows\Panther
2013-11-20 19:57 - 2013-04-04 11:50 - 00000000 ____D C:\ProgramData\Duden
2013-11-20 15:56 - 2012-10-31 18:54 - 00000000 ____D C:\Users\patti\AppData\Roaming\MyPhoneExplorer
2013-11-20 14:44 - 2012-10-25 18:51 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-11-20 14:06 - 2012-10-24 05:39 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-11-20 14:06 - 2012-10-24 05:39 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-11-19 18:53 - 2012-11-25 14:51 - 00000173 _____ C:\Users\patti\AppData\Local\msmathematics.qat.patti
2013-11-18 19:36 - 2012-10-23 22:11 - 00000000 ___RD C:\Users\patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-18 19:35 - 2013-11-18 19:35 - 00000000 ____D C:\Program Files\Logitech
2013-11-18 19:35 - 2012-10-24 20:52 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-11-18 19:35 - 2012-10-24 20:52 - 00000000 ____D C:\ProgramData\Logishrd
2013-11-18 19:35 - 2012-10-24 20:52 - 00000000 ____D C:\Program Files\Common Files\Logishrd
2013-11-18 19:18 - 2012-12-24 19:54 - 00000000 ____D C:\ProgramData\Logitech
2013-11-18 19:15 - 2013-11-18 19:14 - 81855696 _____ (Logitech Inc.) C:\Users\patti\Downloads\setpoint6.61.15_64.exe
2013-11-18 19:13 - 2013-11-18 19:13 - 04116816 _____ (Logitech Inc.) C:\Users\patti\Downloads\unifying210.exe
2013-11-18 19:13 - 2013-11-18 19:13 - 03672832 _____ (Logitech Inc.) C:\Users\patti\Downloads\setpoint6.61.15_smart.exe
2013-11-17 16:25 - 2013-09-11 15:38 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-17 16:25 - 2013-03-14 19:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-17 16:25 - 2013-03-14 19:37 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-17 16:25 - 2012-10-31 21:22 - 00000000 ____D C:\Users\patti\AppData\Local\Adobe
2013-11-17 10:39 - 2013-11-17 10:39 - 04313088 _____ (Microsoft Corporation) C:\Users\patti\Downloads\Setup_SportTracks_3.1.5064.exe
2013-11-14 12:56 - 2013-11-20 14:42 - 30361888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 12613408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-11-14 12:56 - 2013-11-20 14:42 - 11600432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 11514624 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433182.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433182.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 00707360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 00657184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-11-14 12:56 - 2013-10-27 09:12 - 15218504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-11-14 12:56 - 2013-09-11 15:55 - 02697248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-11-14 12:56 - 2012-10-10 20:23 - 18208624 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-11-14 12:56 - 2012-10-10 20:23 - 03069608 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-11-14 12:56 - 2012-02-09 21:43 - 00023754 _____ C:\Windows\system32\nvinfo.pb
2013-11-14 12:56 - 2009-07-13 22:59 - 18293608 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-11-14 07:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-13 21:47 - 2012-10-24 21:29 - 00000000 ____D C:\Users\patti\AppData\Roaming\Skype
2013-11-13 17:34 - 2013-11-13 17:34 - 00001417 _____ C:\Users\patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-11-13 17:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-13 07:05 - 2012-10-24 06:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 07:04 - 2013-07-12 13:03 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 07:02 - 2012-10-24 00:31 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 16:02 - 2012-10-25 18:51 - 06674208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-11-11 16:02 - 2012-10-25 18:51 - 03490080 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-11-11 16:01 - 2012-10-25 18:51 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-11-11 16:01 - 2012-10-25 18:51 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-11-11 16:01 - 2012-10-25 18:51 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-11-11 16:01 - 2012-10-25 18:51 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-11-11 08:59 - 2013-11-11 08:59 - 00590112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-11-08 21:47 - 2013-11-20 14:06 - 01064224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-11-08 21:47 - 2013-11-20 14:06 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-11-06 17:55 - 2013-11-06 17:53 - 00000000 ____D C:\BluetoothExchangeFolder
2013-11-06 17:54 - 2013-11-06 17:54 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_csrserial_01009.Wdf
2013-11-06 17:53 - 2013-11-06 17:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_csrusb_01009.Wdf
2013-11-06 17:53 - 2013-11-06 17:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_csrpan_01009.Wdf
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Windows\system32\gl-ES
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Windows\system32\fr-CA
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Windows\system32\eu-ES
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Windows\system32\es-cl
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Windows\system32\ca-ES
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Program Files (x86)\CSR
2013-11-06 17:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-11-06 17:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\th-TH
2013-11-06 17:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\sk-SK
2013-11-06 17:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\he-IL
2013-11-06 17:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\ar-SA
2013-11-03 20:26 - 2013-10-19 19:06 - 00000000 ____D C:\Users\patti\AppData\Roaming\XnView
2013-10-27 20:00 - 2012-10-24 08:54 - 00000000 ____D C:\Program Files (x86)\FRITZ!Box Monitor
2013-10-27 09:12 - 2013-10-27 09:12 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433165.dll
2013-10-27 09:12 - 2013-10-27 09:12 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433165.dll
2013-10-27 06:26 - 2013-07-13 20:10 - 00000000 ____D C:\ProgramData\PowerManagerDatabase
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-20 18:49
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-11-2013 01
Ran by patti at 2013-11-26 20:42:16
Running from C:\Users\patti\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Norton Internet Security (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 7.2.8)
7-Zip 9.25 (x64 edition) (Version: 9.25.00.0)
8500A909_eDocs (x32 Version: 1.00.0000)
8500A909_Help (x32 Version: 1.00.0000)
8500A909a (x32 Version: 140.0.000.000)
Acronis*True*Image*Home 2012 (x32 Version: 15.0.7133)
Adobe AIR (x32 Version: 3.4.0.2710)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152)
Ashampoo Burning Studio 12 v.12.0.1 (x32 Version: 12.0.1)
Ashampoo Burning Studio 12 v.12.0.5 (x32 Version: 12.0.5)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.14.3.0)
ATI Catalyst Install Manager (Version: 3.0.762.0)
AVM FRITZ!Box Monitor (x32)
BPD_DSWizards (x32 Version: 1.00.0000)
bpd_scan (x32 Version: 3.00.0000)
BPDSoftware (x32 Version: 140.0.000.000)
BPDSoftware_Ini (x32 Version: 1.00.0000)
BufferChm (x32 Version: 140.0.213.000)
CameraHelperMsi (x32 Version: 13.51.815.0)
CCleaner (Version: 4.00)
CDex - Open Source Digital Audio CD Extractor (x32 Version: 1.70.4.2009)
CrystalDiskInfo 5.0.5 (x32 Version: 5.0.5)
CrystalDiskMark 3.0.2c (Version: 3.0.2c)
CSR Harmony Wireless Software Stack (Version: 2.1.63.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Destinations (x32 Version: 130.0.0.0)
DeviceDiscovery (x32 Version: 140.0.213.000)
DocMgr (x32 Version: 140.0.65.000)
DocProc (x32 Version: 140.0.100.000)
Duden Patch 3261 (x32 Version: 9.0.0)
Duden-Rechtschreibprüfung PLUS Update (x32 Version: 9.0.0)
eReg (x32 Version: 1.20.138.34)
Everything 1.2.1.371 (x32)
Fax (x32 Version: 140.0.213.000)
Fotogalerie (x32 Version: 16.4.3508.0205)
Free M4a to MP3 Converter 7.2 (x32)
Freemake Video Converter Version 4.0.1 (x32 Version: 4.0.1)
Freemake Youtube Mp3 Converter (x32 Version: 3.5.4)
FRITZ!DSL64 (Version: 2.04.03)
Garmin Communicator Plugin (x32 Version: 4.0.4)
Garmin Communicator Plugin x64 (Version: 4.0.4)
Garmin USB Drivers (x32 Version: 2.3.1.0)
GeForce Experience NvStream Client Components (Version: 1.6.28)
GPBaseService2 (x32 Version: 140.0.212.000)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Officejet Pro 8500 A909 Series (Version: 14.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HPProductAssistant (x32 Version: 140.0.213.000)
HPSSupply (x32 Version: 140.0.212.000)
IrfanView (remove only) (x32 Version: 4.36)
Java 7 Update 9 (64-bit) (Version: 7.0.90)
Junk Mail filter update (x32 Version: 16.4.3508.0205)
LightScribe System Software (x32 Version: 1.18.26.7)
Logitech SetPoint 6.61 (Version: 6.61.15)
Logitech Webcam-Software (x32 Version: 2.51)
LWS Facebook (x32 Version: 13.50.854.0)
LWS Gallery (x32 Version: 13.51.827.0)
LWS Help_main (x32 Version: 13.51.828.0)
LWS Launcher (x32 Version: 13.51.828.0)
LWS Motion Detection (x32 Version: 13.51.815.0)
LWS Pictures And Video (x32 Version: 13.51.815.0)
LWS Twitter (x32 Version: 13.30.1346.0)
LWS Webcam Software (x32 Version: 13.51.815.0)
LWS WLM Plugin (x32 Version: 1.30.1201.0)
LWS YouTube Plugin (x32 Version: 13.31.1038.0)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 140.0.214.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Flight (x32 Version: 1.0.0005.129)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Mathematics (64-Bit) (Version: 4.0)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.7015.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Movie Maker (x32 Version: 16.4.3508.0205)
MPM (x32 Version: 1.00.0000)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MusicBrainz Picard (x32 Version: 1.1)
MyPhoneExplorer (x32 Version: 1.8.5)
NAVIGON Fresh 3.4.1 (x32 Version: 3.4.1)
Network64 (Version: 140.0.215.000)
Network64 (Version: 140.0.221.000)
Norton Internet Security (x32 Version: 21.1.0.18)
NVIDIA 3D Vision Controller-Treiber 331.82 (Version: 331.82)
NVIDIA 3D Vision Treiber 331.82 (Version: 331.82)
NVIDIA GeForce Experience 1.7.1 (Version: 1.7.1)
NVIDIA Grafiktreiber 331.82 (Version: 331.82)
NVIDIA Install Application (Version: 2.1002.140.952)
NVIDIA LED Visualizer 1.0 (Version: 1.0)
NVIDIA PhysX (x32 Version: 9.13.0725)
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725)
NVIDIA ShadowPlay 9.3.21 (Version: 9.3.21)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3182)
NVIDIA Systemsteuerung 331.82 (Version: 331.82)
NVIDIA Update 9.3.21 (Version: 9.3.21)
NVIDIA Update Components (Version: 9.3.21)
NVIDIA Virtual Audio 1.2.9 (Version: 1.2.9)
OCR Software by I.R.I.S. 14.0 (Version: 14.0)
Opera 12.16 (x32 Version: 12.16.1860)
PC Wizard 2012.2.11 (x32)
PDF-Viewer (Version: 2.5.212.0)
Photo Common (x32 Version: 16.4.3508.0205)
Photo Gallery (x32 Version: 16.4.3508.0205)
PhotoFiltre 7 (HKCU)
Plus Pack für Acronis True Image Home 2012 (x32 Version: 15.0.7133)
Power Manager Version 6.0.0.6 (Version: 6.0.0.6)
ProductContext (x32 Version: 140.0.000.000)
Rainlendar2 (remove only) (x32)
Realtek Ethernet Controller Driver (x32 Version: 7.50.1123.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6873)
Samsung Kies (x32 Version: 2.5.0.12114_1)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.16.0)
Scan (x32 Version: 140.0.167.000)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
SHIELD Streaming (Version: 1.6.53)
Shop for HP Supplies (Version: 14.0)
Sigma Data Center 2.1 (x32 Version: 2.1.0)
Skype™ 6.9 (x32 Version: 6.9.106)
SmartWebPrinting (x32 Version: 140.0.213.000)
SolutionCenter (x32 Version: 140.0.214.000)
SportTracks 3.1 (x32 Version: 3.1.5064)
SSD Fresh (x32 Version: 2013)
StarMoney (x32 Version: 3.0.5.8)
StarMoney (x32 Version: 4.0.0.203)
StarMoney 9.0 (x32 Version: 9.0)
Status (x32 Version: 140.0.256.000)
STRATO HiDrive (remove only) (x32)
StreamTransport version: 1.0.2.2171 (x32)
Toolbox (x32 Version: 140.0.428.000)
TrayApp (x32 Version: 140.0.213.000)
TrueCrypt (x32 Version: 7.1a)
TubeSaver (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 64-Bit Edition
WD Drive Utilities (x32 Version: 1.0.4.11)
WD Quick View (x32 Version: 2.2.0.8)
WD Security (x32 Version: 1.0.4.11)
WD SmartWare (Version: 2.2.0.8)
WD SmartWare Installer (x32 Version: 2.2.0.8)
WebReg (x32 Version: 140.0.213.017)
Win7 Taskbar v2.0 (x32 Version: 2.0)
Winamp (x32 Version: 5.65 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Mail (x32 Version: 16.4.3508.0205)
Windows Live MIME IFilter (Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
Windows Live Writer (x32 Version: 16.4.3508.0205)
Windows Live Writer Resources (x32 Version: 16.4.3508.0205)
WinPcap 4.1.2 (x32 Version: 4.1.0.2001)
XnView 2.05 (x32 Version: 2.05)
==================== Restore Points =========================
13-11-2013 16:30:00 Windows Modules Installer
14-11-2013 06:07:47 Windows Update
21-11-2013 07:56:42 Geplanter Prüfpunkt
25-11-2013 16:35:00 zoek.exe restore point
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0A777C07-19AC-4049-99C4-973E047D53D1} - \TubeSaver Update No Task File
Task: {2DFF05DE-1C97-4BA2-9AFF-630FC5E5BFD7} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {76D59B7C-4712-4B97-9BC3-7C92C9BF3420} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-17] (Adobe Systems Incorporated)
Task: {775476BA-7B80-4B16-B94C-A21C42441BF3} - System32\Tasks\CCleanerSkipUAC => P:\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {8E820F91-6779-4C89-91A8-BDF447F9022A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D0C979C7-A7A9-44E7-AA4E-E35DE00F5E57} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {E4A43FD6-6DAF-492D-BB6F-252A2DDE77AB} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\wscstub.exe [2013-10-08] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2011-12-09 23:01 - 2011-12-09 23:01 - 00041472 _____ () P:\MyPhoneExplorer\DLL\mpe_gadget_connector_net.dll
2012-05-16 20:12 - 2012-05-16 20:12 - 00179200 _____ () P:\Rainlendar2\lua52.dll
2012-07-02 08:11 - 2012-07-02 08:11 - 00312320 _____ () P:\Rainlendar2\plugins\iCalendarPlugin.dll
2012-06-17 14:21 - 2012-06-17 14:21 - 00015360 _____ () P:\Rainlendar2\lfs.dll
2007-12-06 10:19 - 2007-12-06 10:19 - 00258560 _____ () C:\Program Files\FRITZ!DSL\C90dll.dll
2013-10-15 18:00 - 2011-01-13 10:44 - 00232800 _____ () D:\StarMoney 9.0\ouservice\PATCHW32.dll
2012-06-28 16:58 - 2012-06-28 16:58 - 00435584 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () P:\Logitech_Webcam\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () P:\Logitech_Webcam\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () P:\Logitech_Webcam\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () P:\Logitech_Webcam\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () P:\Logitech_Webcam\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-06-28 20:46 - 2012-06-28 20:46 - 13005184 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll
2012-06-28 17:34 - 2012-06-28 17:34 - 00018816 _____ () P:\TrueImage2012\TrueImageHome\ti_managers_proxy_stub.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Officejet Pro 8500 A909a
Description: Officejet Pro 8500 A909a
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/26/2013 08:24:17 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (11/26/2013 03:56:52 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (11/25/2013 08:16:15 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (11/25/2013 05:51:10 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (11/25/2013 05:28:08 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (11/25/2013 05:02:03 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
System errors:
=============
Error: (11/26/2013 08:24:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (11/26/2013 08:24:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (11/26/2013 08:24:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (11/26/2013 08:24:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (11/26/2013 08:24:08 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801
Error: (11/26/2013 08:24:08 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801
Error: (11/26/2013 08:23:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (11/26/2013 08:23:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (11/26/2013 08:23:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (11/26/2013 08:23:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Microsoft Office Sessions:
=========================
Error: (11/26/2013 08:24:17 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/26/2013 03:56:52 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/25/2013 08:16:15 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/25/2013 05:51:10 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/25/2013 05:28:08 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/25/2013 05:02:03 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 14%
Total physical RAM: 16382.12 MB
Available physical RAM: 13978.82 MB
Total Pagefile: 20476.3 MB
Available Pagefile: 17932 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.79 GB) (Free:51.56 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATEN) (Fixed) (Total:390.62 GB) (Free:229.15 GB) NTFS
Drive f: (FOTOS) (Fixed) (Total:1524.86 GB) (Free:1352.13 GB) NTFS
Drive m: (MUSIK) (Fixed) (Total:488.28 GB) (Free:401.32 GB) NTFS
Drive p: (PROGRAMME) (Fixed) (Total:390.62 GB) (Free:385.71 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 112 GB) (Disk ID: 6B4D85AD)
Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2795 GB) (Disk ID: C8C36D8F)
Partition: GPT Partition Type
==================== End Of Log ============================
Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 20:48 on 26/11/2013 by patti
Administrator - Elevation successful
========== filefind ==========
Searching for "*TubeSaver*"
C:\AdwCleaner\Quarantine\C\Windows\System32\Tasks\TubeSaver Update.vir --a---- 3020 bytes [09:11 08/09/2013] [13:55 11/09/2013] 93A523803E92CE7E76D67025E7EBD0B7
C:\AdwCleaner\Quarantine\C\Windows\Tasks\TubeSaver Update.job.vir --a---- 372 bytes [09:11 08/09/2013] [12:59 24/11/2013] 4310B0D296F6E0DE50008DA124D8C48B
C:\Users\patti\AppData\Roaming\Microsoft\Windows\Recent\NIS_TubeSaver.jpg.lnk --a---- 583 bytes [12:59 24/11/2013] [13:19 24/11/2013] D47FED858BACB6551E1D81A132AE5992
C:\Users\patti\Desktop\TS_TB\NIS_TubeSaver.jpg --a---- 284602 bytes [10:01 24/11/2013] [10:01 24/11/2013] 1FFB6F1509EDFD23576E866DDC2A29CC
Searching for "*Conduit*"
C:\AdwCleaner\Quarantine\C\Users\patti\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_715912_711772_DE.xml.vir --a---- 179 bytes [21:49 16/11/2012] [21:49 16/11/2012] 11863417B6A776BBFBB2E0D223C6B400
C:\AdwCleaner\Quarantine\C\Users\patti\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=de&browserType=IE&toolbarVersion=6_9_0_16.xml.vir --a---- 11092 bytes [21:49 16/11/2012] [21:49 16/11/2012] DFE1156D289BCE111E7C1EEA48E3EC78
========== folderfind ==========
Searching for "*TubeSaver*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\tubesaver d------ [13:04 24/11/2013]
Searching for "*Conduit*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit d------ [13:04 24/11/2013]
C:\AdwCleaner\Quarantine\C\Users\patti\AppData\LocalLow\Conduit d------ [13:04 24/11/2013]
========== regfind ==========
Searching for "TubeSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{87226588-1919-4e34-9f84-94d5780f3cf9}\1.0\0\win32]
@="C:\Program Files (x86)\TubeSaver\133.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{87226588-1919-4e34-9f84-94d5780f3cf9}\1.0\HELPDIR]
@="C:\Program Files (x86)\TubeSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{87226588-1919-4e34-9f84-94d5780f3cf9}\1.0\0\win32]
@="C:\Program Files (x86)\TubeSaver\133.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{87226588-1919-4e34-9f84-94d5780f3cf9}\1.0\HELPDIR]
@="C:\Program Files (x86)\TubeSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A777C07-19AC-4049-99C4-973E047D53D1}]
"Path"="\TubeSaver Update"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TubeSaver Update]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86b921d3-29b2-4d01-aaa2-91bd329fce97}]
"DisplayName"="TubeSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86b921d3-29b2-4d01-aaa2-91bd329fce97}]
"UninstallString"="C:\Program Files (x86)\TubeSaver\Uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{87226588-1919-4e34-9f84-94d5780f3cf9}\1.0\0\win32]
@="C:\Program Files (x86)\TubeSaver\133.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{87226588-1919-4e34-9f84-94d5780f3cf9}\1.0\HELPDIR]
@="C:\Program Files (x86)\TubeSaver"
Searching for "Conduit"
No data found.
Searching for " "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{AC88CB43-0850-F134-CB04-8D38403E77B3}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
<Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{7A53B0BE-B92D-4e8a-A11F-8E6F9F3C575B}">
<Descriptor descriptorID="{854E435E-3100-4b46-B7E1-19EDEE9FEC59}"/>
<Descriptor descriptorID="{F8635B3A-C121-480a-9090-31DAA90490D0}"/>
</Rating>
<Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{464299D0-6D57-47e8-AA53-A849CBEA12CB}"/>
<Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{9236ED52-B5FE-4227-8EB3-353C0BDABECF}"/>
<Rating ratingSystemID="{EC290BBB-D618-4cb9-9963-1CAAE515443E}" ratingID="{5098B1DF-486F-4e79-A6D6-6E0879A63811}"/>
<Rating ratingSystemID="{B305AB16-9FF2-40f5-A658-C014566500DE}" ratingID="{56DAFE1F-E267-476d-8E69-CB56652CC3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2.70#000A27002342C83E&0#]
"DeviceDesc"="iPod "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_PHILIPS&PROD_SA33XX&REV_0100#400301BC286F4D01400301BC2869C49D&0#]
"DeviceDesc"="SA33xx "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2.70#000A27002342C83E&0#]
"DeviceDesc"="iPod "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_PHILIPS&PROD_SA33XX&REV_0100#400301BC286F4D01400301BC2869C49D&0#]
"DeviceDesc"="SA33xx "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2.70#000A27002342C83E&0#]
"DeviceDesc"="iPod "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_PHILIPS&PROD_SA33XX&REV_0100#400301BC286F4D01400301BC2869C49D&0#]
"DeviceDesc"="SA33xx "
-= EOF =-
- Unter SYSTEMSTEUERUNG, PROGRAMME UND FUNKTIONEN befindet sich nach wie vor der Eintrag 'TubeSaver', wie auch im LOG angegeben. - NIS ist heute noch nicht angesprungen. - IE 9 scheint ohne Pop-Ups zu funktionieren - Ich würde gerne den IE9 deinstallieren und den IE11 64bit installieren (IE nutze ich nur, wenn Opera mal mit Eingabemasken zickt), ebenso möchte ich MyPhoneExplorer deinstallieren und neu installieren. Soll ich damit noch warten? Bislang scheint alles wieder normal zu laufen. Mit welcher Software kann ich mich zukünftig gegen einen erneuten Befall schützen? Vielen lieben Dank erstmal, patti Geändert von patti-berlin (26.11.2013 um 21:00 Uhr) Grund: um Log-File ergänzt |
|
26.11.2013, 21:08
| #8 |
| /// TB-Ausbilder | LOG-File von AdwCleaner zu TUbeSaver unter Win7 64bit Servus, Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern. Im Anschluss daran räumen wir auf und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
Task: {0A777C07-19AC-4049-99C4-973E047D53D1} - \TubeSaver Update No Task File
C:\Users\patti\AppData\Roaming\Microsoft\Windows\Recent\NIS_TubeSaver.jpg.lnk
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{87226588-1919-4e34-9f84-94d5780f3cf9}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{87226588-1919-4e34-9f84-94d5780f3cf9}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86b921d3-29b2-4d01-aaa2-91bd329fce97}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{87226588-1919-4e34-9f84-94d5780f3cf9}" /f
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
27.11.2013, 21:23
| #9 |
| | LOG-File von AdwCleaner zu TUbeSaver unter Win7 64bit Hallo Matthias, weiter geht's ... Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-11-2013
Ran by patti at 2013-11-27 17:47:11 Run:1
Running from C:\Users\patti\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
Task: {0A777C07-19AC-4049-99C4-973E047D53D1} - \TubeSaver Update No Task File
C:\Users\patti\AppData\Roaming\Microsoft\Windows\Recent\NIS_TubeSaver.jpg.lnk
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{87226588-1919-4e34-9f84-94d5780f3cf9}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{87226588-1919-4e34-9f84-94d5780f3cf9}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86b921d3-29b2-4d01-aaa2-91bd329fce97}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{87226588-1919-4e34-9f84-94d5780f3cf9}" /f
end
*****************
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0A777C07-19AC-4049-99C4-973E047D53D1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A777C07-19AC-4049-99C4-973E047D53D1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TubeSaver Update => Key deleted successfully.
C:\Users\patti\AppData\Roaming\Microsoft\Windows\Recent\NIS_TubeSaver.jpg.lnk => Moved successfully.
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{87226588-1919-4e34-9f84-94d5780f3cf9}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{87226588-1919-4e34-9f84-94d5780f3cf9}" /f =========
FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86b921d3-29b2-4d01-aaa2-91bd329fce97}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{87226588-1919-4e34-9f84-94d5780f3cf9}" /f =========
FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.
========= End of Reg: =========
==== End of Fixlog ====
Code:
ATTFilter HitmanPro 3.7.8.208
www.hitmanpro.com
Computer name . . . . : PATTIS
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : pattis\patti
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2013-11-27 18:02:47
Scan mode . . . . . . : Normal
Scan duration . . . . : 1m 18s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 5
Objects scanned . . . : 1.594.576
Files scanned . . . . : 19.123
Remnants scanned . . : 408.356 files / 1.167.097 keys
Potential Unwanted Programs _________________________________________________
HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1\ (Babylon)
HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager\ (Babylon)
Cookies _____________________________________________________________________
C:\Users\patti\AppData\Local\Temp\Cookies\7WG2ZVLD.txt
C:\Users\patti\AppData\Local\Temp\Cookies\BD8ATHFE.txt
C:\Users\patti\AppData\Local\Temp\Cookies\FTSBMZTB.txt
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=823ad81ed6ee1943b928a7cc6f4ec52b
# engine=16048
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-27 08:08:18
# local_time=2013-11-27 09:08:18 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 88 19366 148179483 0 0
# compatibility_mode=5893 16776574 100 94 12016737 137212748 0 0
# scanned=313005
# found=4
# cleaned=0
# scan_time=10212
sh=80708CFB5052708DBEF417C9549EF839FBEF84FA ft=0 fh=0000000000000000 vn="Win32/AdWare.AddLyrics.T application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\tubesaver\133.crx.vir"
sh=21A285ADE25C9606361F9B4C4E90DF7F4FD6D34F ft=1 fh=81e910bfe714ecc8 vn="a variant of Win32/AdWare.AddLyrics.T application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\tubesaver\133.dll.vir"
sh=6A99DB20A031B7FDB27A21A6C1F10858535517FC ft=1 fh=3ce2787df371b09c vn="a variant of Win32/AdWare.AddLyrics.T application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\tubesaver\tbsUd.exe.vir"
sh=8EBBB899E3DDACE331BB6C96616009FDE1FBD105 ft=1 fh=f1e653b0f66ceeac vn="a variant of Win32/AdWare.AddLyrics.W application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\tubesaver\Uninstall.exe.vir"
Code:
ATTFilter Results of screen317's Security Check version 0.99.76 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 11.9.900.152 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe ouservice StarMoneyOnlineUpdate.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Die FW und AV von NIS hatte ich für alle Scans deaktiviert. ESET hat gleich zu Beginn des Scans etwas gefunden: 'AdWare.AddLyrics.T' und 'AdWare.AddLyrics.W'. Was auch immer das nun wieder ist. Oder waren das bloß Dateien aus der Quarantäne von AdwCleaner? Immer wieder lieben Dank für deine Mühe, patti Geändert von patti-berlin (27.11.2013 um 21:27 Uhr) Grund: Etwas nachgetragen ... |
|
28.11.2013, 17:22
| #10 | |
| /// TB-Ausbilder | LOG-File von AdwCleaner zu TUbeSaver unter Win7 64bit Servus, Zitat:
Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Die Reihenfolge ist hier entscheidend.
Schritt 2 Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti-Viren-Programm und zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden. Mozilla Firefox
Performance
Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
29.11.2013, 18:56
| #11 |
| | LOG-File von AdwCleaner zu TUbeSaver unter Win7 64bit Hallo Matthias, Da ich weder Defogger, noch Combofix, benutzt habe, habe ich nur Delfix durchlaufen lassen. Allerdings sind zahlreiche Verzeichnisse erhalten geblieben. Vom Desktop habe ich alles gelöscht. Unter C:\ blieb: zoek_backup -> löschen? AdwCleaner -> löschen? Unter PROGRAMME (x86) blieb: Malwarebytes' Anti-Malware -> davon habe ich mir gleich die Pro-Version gekauft ESET habe ich deinstalliert. DelFix sah so aus: Code:
ATTFilter # DelFix v10.4 - Datei am 28/11/2013 um 21:04:00 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Benutzer : patti - PATTIS
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
~ Aktiviere die Benutzerkontensteuerung ... OK
~ Entferne die Bereinigungsprogramme ...
Gelöscht : C:\FRST
Gelöscht : C:\zoek-results.log
Gelöscht : C:\Users\patti\Desktop\Addition.txt
Gelöscht : C:\Users\patti\Desktop\Addition2.txt
Gelöscht : C:\Users\patti\Desktop\adwcleaner.exe
Gelöscht : C:\Users\patti\Desktop\AdwCleaner[S0].txt
Gelöscht : C:\Users\patti\Desktop\esetsmartinstaller_enu.exe
Gelöscht : C:\Users\patti\Desktop\Fixlog.txt
Gelöscht : C:\Users\patti\Desktop\FRST.txt
Gelöscht : C:\Users\patti\Desktop\FRST2.txt
Gelöscht : C:\Users\patti\Desktop\FRST64.exe
Gelöscht : C:\Users\patti\Desktop\JRT.exe
Gelöscht : C:\Users\patti\Desktop\JRT.txt
Gelöscht : C:\Users\patti\Desktop\JRT2.txt
Gelöscht : C:\Users\patti\Desktop\log.txt
Gelöscht : C:\Users\patti\Desktop\SecurityCheck.exe
Gelöscht : C:\Users\patti\Desktop\SystemLook_x64.exe
Gelöscht : C:\Users\patti\Desktop\zoek-results.txt
Gelöscht : C:\Users\patti\Desktop\zoek.zip
Gelöscht : C:\Users\patti\Downloads\FRST64.exe
Gelöscht : HKLM\SOFTWARE\AdwCleaner
~ Erstelle ein Backup der Registrierungsdatenbank ... OK
~ Lösche die Wiederherstellungspunkte ...
Gelöscht : RP #132 [Windows Modules Installer | 11/13/2013 16:30:00]
Gelöscht : RP #133 [Windows Update | 11/14/2013 06:07:47]
Gelöscht : RP #134 [Geplanter Prüfpunkt | 11/21/2013 07:56:42]
Gelöscht : RP #135 [zoek.exe restore point | 11/25/2013 16:35:00]
Ein neuer Wiederherstellungspunkt wurde erstellt !
~ Stelle die Systemeinstellungen wieder her ... OK
########## - EOF - ##########
Dann habe ich MyPhoneExplorer deinstalliert, von der Herstellerhomepage heruntergeladen, aber sofort hat Malwarbytes Anti-Malware bei dem Versuch der Installation ein Objekt namens Conduit.A aus dem Temp-Ordner in Quarantäne gestellt. Kann ich MyPhoneExplorer jetzt gar nicht mehr installieren (Siehe auch angehängtes Bild)? Code:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.11.28.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16428 patti :: PATTIS [Administrator] Schutz: Aktiviert 29.11.2013 18:47:21 mbam-log-2013-11-29 (18-47-21).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 257551 Laufzeit: 2 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\$RECYCLE.BIN\S-1-5-21-3965852666-880147142-4208818141-1000\$RF7W53W.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) TFC habe ich auch installiert und durchlaufen lassen. Nochmals vielen herzlichen Dank für deine Mühe, Gruß, patti SPENDE ist auf dem Weg  Geändert von patti-berlin (29.11.2013 um 18:57 Uhr) Grund: Bild zugefügt |
|
29.11.2013, 20:52
| #12 |
| /// TB-Ausbilder | LOG-File von AdwCleaner zu TUbeSaver unter Win7 64bit Servus, ja, zoek und AdwCleaner können weg. MyPhoneExplorer von hier laden, dann sollte das gehen. Ich bin froh, dass wir helfen konnten  In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
29.11.2013, 21:37
| #13 |
| | LOG-File von AdwCleaner zu TUbeSaver unter Win7 64bit Hallo Matthias, genau von dort hatte ich den MPE heruntergeladen. Das Problem wird auch im dortigen Forum diskutiert. www.fjsoft.at/forum/viewtopic.php?t=20589 Wirklich, dann zahle ich lieber für Software, als mir so einen Mist andrehen zu lassen. Lädt man das Programm von dort schlägt Malwarebytes' Anti-Malware sofort an - gerade heute probiert. www.fjsoft.at/forum/viewtopic.php?t=20405&highlight=tubesaver MPE hat mich und viele meiner Freunde gerade als User und Spender nach vielen Jahren verloren! Vielen lieben Dank für deine Mühe nochmal. Ich hoffe sehr, nicht auf das Angebot mit der PM zurückkommen zu müssen. Gruß, patti |
|
| Themen zu LOG-File von AdwCleaner zu TUbeSaver unter Win7 64bit |
| 32 bit, appdata, appdatalow, betriebssystem, bingbar, c:\windows, dateien, desktop, explorer, folge, internet explorer, log-datei, log-file, ordner, pup.optional.opencandy, registrierungsdatenbank, software, system32, systemsteuerung, werbefenster, win, win32/adware.addlyrics.t, win32/adware.addlyrics.w, win7, windows, windows 7, zugriff |
und 
und speichere die Logdatei auf Deinem Desktop.
Linear-Darstellung
