Geklaute Kreditkarten Daten

RexCH · 14.01.2014, 19:54

Hallo

Zu meiner Situation und daraus folgenden Fragen ist folgendes zu sagen.

Mitte Dezember letztes Jahres habe ich gemerkt, dass meine Kreditkarte Zahlungen aufweist, die nicht von mir sind. Ich habe sie dann sperren lassen. Kurz darauf wurden die Beträge wieder gutgeschrieben. Soweit so gut.

Als Grund könnte ich mir vorstellen, da ich bei Adobe Kunde bin, der die kostenpflichtige Creative Cloud benutzt (PS CC & Co) und wie viele ja wissen, wurden diese vor kurzer Zeit gehackt. Dabei wurden ja Kundendaten geklaut. Ich selber wurde von Adobe auch angeschrieben.

Als zweiten Grund könnte ich mir auch vorstellen, als ich das Datum der ersten Fremdbuchung kontrollierte, dass die Ursache daran liegt könnte, dass ich an diesem Tag bei Origin (Publisher PC Games) einen Kauf über die Kreditkarte tätigte.

Auf dem PC ist ein Virenscanner installiert (Norton Internet Security). Ein Fullscan hat ausser Tracking Cookies nicht angezeigt. Auch der Trojan Remover zeigt nach dem Scan an, dass alles sauber ist.
Auch ist noch eine HW Firewall (Zyxel USG20) im Einsatz.

Anhand eines Betrages hier im Forum habe ich dann noch folgende Aktivitäten unternommen:

- Scan mit gmer
- Scan mit aswMBR
- Scan mit Emisoft AntiMalware
- Scan mit MBAR
- Scan mit OTL
- Scan mit TDSSKiller

Das einzige Tool das angeschlagen hat ist MBAR mit folgenden zwei Einträgen:

Infected: HKLM\SOFTWARE\CLASSES\wr --> [Malware.Trace]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\wr --> [Malware.Trace]

Nach dem Cleanen und nochmaligem Scan fand das Tool dann nichts mehr. Alle anderen Tools haben nichts gefunden.

Eine Kontrolle mit dem Security Task Manager und Autorunshat nichts Verdächtiges angezeigt.
Was mich ein bisschen stutzig macht, sind gewisse Einträge, die mir das Tool 'CurrPort' anzeigt. Die sehen in etwas folgendermassen aus:

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49436
Local Port Name :
Local Address : [meine IP Adresse vom PC]
Remote Port : 443
Remote Port Name : https
Remote Address : 23.21.78.148
Remote Host Name : ec2-23-21-78-148.compute-1.amazonaws.com
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 14.01.2014 18:24:26
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49416
Local Port Name :
Local Address : [meine IP Adresse vom PC]
Remote Port : 443
Remote Port Name : https
Remote Address : 66.117.23.107
Remote Host Name :
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 14.01.2014 18:24:26
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49349
Local Port Name :
Local Address : [meine IP Adresse vom PC]
Remote Port : 443
Remote Port Name : https
Remote Address : 173.194.40.30
Remote Host Name : mil02s06-in-f30.1e100.net
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 14.01.2014 18:24:26
Module Filename :
Remote IP Country :
Window Title :
==================================================

Bei den Einträgen mit beim Punkt 'Remote Host Name', wo amazon... drin steht, ist teilweise beim Eintrag 'Process Name' ersichtlich, dass es von Adobe kommt oder mit Adobe zu tun hat.
Kann es sein, dass das Cookies sind?

Es ist mir bewusst, das einige Tools, wie natürlich der Virenscanner, Logitech, Adobe, Google, Office, Windows etc. regelmässig die Verbindung nach Hause suchen, aber bei gewissen Einträgen bin ich irgendwie stutzig, da ich sie nicht kenne, auch wenn sie berechtigt sind.

Ich bin der einzige der die Kreditkarte benutzt, habe nie auf komische E-Mails reagiert, die auffordern solche Daten zu Kontrollzwecken einzugeben und habe auch keine unbekannte Anhänge geöffnet.
Ich schaue auch immer, ob Seiten, bei denen man die KK Daten eingeben muss, die Seite verschlüsselt wird und das Zertifikat gültig ist.

Jetzt habe ich natürlich eine neue Kreditkarte mit einer neuen Nummer, kontrolliere jeden Tag mehrmals online meinen Stand der Kreditkarte, habe aber natürlich immer noch ein flaues Gefühl im Magen.

Kann mir evtl. jemand sagen, was für Einträge das sind, die mir 'CurrPort' teilweise anzeigt. Oder sind allenfalls die beiden Einträge vom Scan mit MBAR schuld daran?

Bin kurz vor dem Entscheid, den PC neu zu installieren, aber wenn es sich verhindern lässt, würde ich es gerne.

Vielen Dank für Eure Hilfe.

Gruss RexCH

schrauber · 14.01.2014, 21:48

Zu den Einträgen kann ich so nichts sagen, aber das Logfile von GMER würde ich gern sehen, ebenso das:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

RexCH · 14.01.2014, 22:30

Hallo

Danke für die rasche Antwort.

Hier mal das Log vom GMER:

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2014-01-14 22:15:26
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002f Samsung_SSD_840_Series rev.DXT07B0Q 232.89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Marcel\AppData\Local\Temp\pgldapob.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[4220] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506     00007ff806f7169a 4 bytes [F7, 06, F8, 7F]
.text   C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[4220] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514     00007ff806f716a2 4 bytes [F7, 06, F8, 7F]
.text   C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[4220] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118        00007ff806f7181a 4 bytes [F7, 06, F8, 7F]
.text   C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[4220] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142        00007ff806f71832 4 bytes [F7, 06, F8, 7F]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [672:3756]                                                                        fffff960008324d0
Thread  C:\WINDOWS\system32\csrss.exe [672:3980]                                                                        fffff960008324d0

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                               -774218636
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bdc0f9715                                     
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bdc0f9715@002248878346                        0xAA 0xC6 0x17 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bdc0f9715@0022488784fd                        0x9E 0x2E 0x80 0xFB ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bdc0f9715@00224887ab48                        0x57 0xB1 0x37 0xB7 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bdc0f9715@00224887ac81                        0x8C 0x06 0xF0 0x3B ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings                                       
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0001                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0001@BackupContext                    0x02 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0001@Bluetooth_UniqueID               {00000000-0000-0000-0000-000000000000}#00224887AB48_00000000
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0001@ConnectionCount                  0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0002                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0002@BackupContext                    0x02 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0002@ConnectionCount                  0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0003                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0003@BackupContext                    0x02 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0003@ConnectionCount                  0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004@BackupContext                    0x02 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004@Bluetooth_UniqueID               {00000000-0000-0000-0000-000000000000}#002248878346_00000000
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004@ConnectionCount                  0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0005                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0005@BackupContext                    0x02 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0005@ConnectionCount                  0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0007                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0007@BackupContext                    0x02 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0007@Bluetooth_UniqueID               {00000000-0000-0000-0000-000000000000}#00224887AC81_00000000
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0007@ConnectionCount                  0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0008                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0008@BackupContext                    0x02 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0008@ConnectionCount                  0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0009                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0009@BackupContext                    0x02 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0009@Bluetooth_UniqueID               {00000000-0000-0000-0000-000000000000}#0022488784FD_00000000
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0009@ConnectionCount                  0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0010                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0010@BackupContext                    0x02 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0010@ConnectionCount                  0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0011                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0011@BackupContext                    0x02 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0011@ConnectionCount                  0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0012                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0012@BackupContext                    0x02 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0012@ConnectionCount                  0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0013                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0013@BackupContext                    0x02 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0013@ConnectionCount                  0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\vdrv1000@ServiceBinary                                                   C:\WINDOWS\system32\drivers\VDRV1000.SYS
Reg     HKLM\SYSTEM\CurrentControlSet\Services\vdrv1000@Group                                                           SCSI Miniport
Reg     HKLM\SYSTEM\CurrentControlSet\Services\vdrv1000@ImagePath                                                       \SystemRoot\System32\drivers\vdrv1000.sys
Reg     HKLM\SYSTEM\CurrentControlSet\Services\vdrv1000@ErrorControl                                                    1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\vdrv1000@Start                                                           1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\vdrv1000@Type                                                            1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\vdrv1000@Tag                                                             91
Reg     HKLM\SYSTEM\CurrentControlSet\Services\vdrv1000@Owners                                                          oem27.inf?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\vdrv1000\Enum                                                            
Reg     HKLM\SYSTEM\CurrentControlSet\Services\vdrv1000\Enum@Count                                                      1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\vdrv1000\Enum@NextInstance                                               1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\vdrv1000\Enum@0                                                          {C317464A-8106-4e30-83E6-1825448A5FC3}\VDRV1_HWID\1&21a742e4&1&01
Reg     HKLM\SYSTEM\CurrentControlSet\Services\vdrv1000\parameters                                                      
Reg     HKLM\SYSTEM\CurrentControlSet\Services\vdrv1000\parameters\pnpinterface                                         
Reg     HKLM\SYSTEM\CurrentControlSet\Services\vdrv1000\parameters\pnpinterface@0                                       1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\vdrv1000\security                                                        
Reg     HKLM\SYSTEM\CurrentControlSet\Services\vdrv1000                                                                 
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw                                                              0x64 0x62 0x03 0x00 ...
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask                                                          0x64 0x62 0x03 0x00 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE7CD045-E861-484F-8273-0445EE161910}\iexplore@Count  1004
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\iexplore@Count  802
Reg     HKCU\Software\Microsoft\Windows\Windows Error Reporting@LastRateLimitedDumpGenerationTime                       0xAA 0x6C 0xF9 0x96 ...
Reg     HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation                                     C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_aswMBR.exe_fec0d633129cf6e86968137fe450c7f1853cc_ad166db1_02dadd95

---- EOF - GMER 2.1 ----

Und hier vom FRST:

[CODE]
FRST Logfile:
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-01-2014 02
Ran by Marcel (administrator) on PC22 on 14-01-2014 22:15:43
Running from C:\Users\Marcel\Desktop
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official downoad link fo FRST:
Farbar Recovery Scan Tool Download Link Download Now 32-Bit Version 
Farbar Recovery Scan Tool Download Link Download Now 32-Bit Version 
Any other download link is unpermitted or outdated.
The tutorial for FRST can be find here: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(H+H Software GmbH) C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
( ) C:\Program Files (x86)\Datacolor\Spyder4Elite\Utility\SpyderUtility.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(H+H Software GmbH) C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(H+H Software GmbH) C:\Program Files (x86)\Virtual CD v10\System\vc10tray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-21] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM\...\Run: [ACPW06DE] - C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe [1234120 2012-12-17] (ACD Systems)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1655296 2010-09-05] (Dominik Reichl)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2013-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [VC10Player] - C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe [416696 2012-10-25] (H+H Software GmbH)
HKLM-x32\...\Run: [WebResearchStartupInit] - C:\Program Files (x86)\Web-Recherche\WRGet.exe [144936 2013-10-19] (macropool GmbH)
HKLM-x32\...\Run: [PowerDVD13Agent] - C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe [517144 2013-07-29] (CyberLink Corp.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
MountPoints2: {73c6e62c-38c7-11e3-be99-001bdc0f9715} - "Y:\start.exe" 
Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.steg-electronics.ch
SearchScopes: HKLM - DefaultScope {D0F5A88A-076C-4F36-96FE-E3F520C7A8EC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&pc=MASBJ
SearchScopes: HKLM - {D0F5A88A-076C-4F36-96FE-E3F520C7A8EC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&pc=MASBJ
SearchScopes: HKLM-x32 - DefaultScope {D0F5A88A-076C-4F36-96FE-E3F520C7A8EC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&pc=MASBJ
SearchScopes: HKLM-x32 - {D0F5A88A-076C-4F36-96FE-E3F520C7A8EC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&pc=MASBJ
SearchScopes: HKCU - DefaultScope {D0F5A88A-076C-4F36-96FE-E3F520C7A8EC} URL = 
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Web-Recherche-Browserhilfsobjekt - {255215E2-87DC-4819-8724-D0B4C94DBEF5} - C:\Program Files (x86)\Web-Recherche\WRShell.dll (macropool GmbH)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Web-Recherche-Symbolleiste - {8F0F47B1-7D4B-4834-A981-91E2A3DCE069} - C:\Program Files (x86)\Web-Recherche\WRShell.dll (macropool GmbH)
Toolbar: HKLM-x32 - Web-Recherche-Bearbeitungsleiste - {5338DF6C-3B3B-4E38-8B31-7B99986627B2} - C:\Program Files (x86)\Web-Recherche\WRShell.dll (macropool GmbH)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\..\Interfaces\{522061EF-C526-498E-826D-9444826486DA}: [NameServer]8.8.8.8,8.8.4.4

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-05-29]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-09-05]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2013-12-10]

==================== Services (Whitelisted) =================

U4 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-07-29] (CyberLink)
U4 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [327432 2013-07-29] (CyberLink)
U2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
U2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-11-02] (Microsoft Corporation)
U2 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2155848 2011-11-15] ()
U2 VC10SecS; C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe [145336 2012-10-25] (H+H Software GmbH)
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
U2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [613688 2013-02-08] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
U3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20140110.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)
U3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
U3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
U3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-22] (Symantec Corporation)
U3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-22] (Symantec Corporation)
U3 HH10Help.sys; C:\WINDOWS\system32\drivers\HH10Help.sys [24088 2009-07-09] (H+H Software GmbH)
U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
U3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20140113.001\IDSvia64.sys [521944 2013-12-13] (Symantec Corporation)
U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
U3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140114.002\ENG64.SYS [126040 2013-08-30] (Symantec Corporation)
U3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140114.002\EX64.SYS [2099288 2013-08-30] (Symantec Corporation)
U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
U0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
U3 Spyder4; C:\Windows\System32\drivers\dccmtr.sys [15360 2011-06-02] (Datacolor)
U3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
U3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
U3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
U3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
U0 SymELAM; C:\Windows\System32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
U3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
U3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
U1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
U2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-07-29] (CyberLink Corp.)
U4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [x]
U4 NvStUSB; \SystemRoot\System32\drivers\nvstusb.sys [x]
U3 PORTMON; \??\C:\Users\Marcel\AppData\Local\Temp\_wsicc\PORTMSYS.SYS [x]
U5 vdrv1000; C:\Windows\System32\Drivers\vdrv1000.sys [223256 2011-04-19] (H+H Software GmbH)
U3 pgldapob; \??\C:\Users\Marcel\AppData\Local\Temp\pgldapob.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-14 22:15 - 2014-01-14 22:15 - 00017824 _____ C:\Users\Marcel\Desktop\FRST.txt
2014-01-14 22:07 - 2014-01-14 22:07 - 00000000 ____D C:\FRST
2014-01-14 22:06 - 2014-01-14 22:07 - 02076160 _____ (Farbar) C:\Users\Marcel\Desktop\FRST64.exe
2014-01-14 18:35 - 2014-01-14 18:39 - 00000000 ____D C:\ProgramData\SecTaskMan
2014-01-14 18:35 - 2014-01-14 18:35 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2014-01-14 18:19 - 2014-01-14 18:19 - 00000533 _____ C:\Users\Marcel\Desktop\Galileo Video Training Photoshop CC Grundlagen (Y) 0 Bytes.lnk
2014-01-10 17:49 - 2014-01-10 17:49 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2014-01-10 17:31 - 2014-01-10 17:39 - 00000000 ____D C:\Program Files (x86)\NirSoft Utilities
2014-01-10 17:30 - 2014-01-10 17:31 - 00000000 ____D C:\Program Files (x86)\Sysinternals Suite
2014-01-10 17:28 - 2014-01-10 17:28 - 00000848 _____ C:\Users\Marcel\Desktop\WSCC.lnk
2014-01-10 17:28 - 2014-01-10 17:28 - 00000000 ____D C:\WSCC
2014-01-10 17:25 - 2011-05-11 16:28 - 03324928 _____ (KirySoft) C:\wscc.exe
2014-01-10 17:25 - 2011-05-11 15:29 - 00001816 _____ C:\wscc.readme.txt
2014-01-10 17:25 - 2011-01-18 23:27 - 00002640 _____ C:\wscc.license.txt
2014-01-10 17:21 - 2014-01-10 17:22 - 00000000 ____D C:\Users\Marcel\Desktop\Games
2014-01-10 16:53 - 2014-01-10 16:53 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\Malwarebytes
2014-01-10 16:52 - 2014-01-10 16:52 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Marcel\Desktop\mbam-setup-1.75.0.1300.exe
2014-01-10 16:52 - 2014-01-10 16:52 - 00001150 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-10 16:52 - 2014-01-10 16:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-10 16:52 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-01-10 16:12 - 2014-01-10 16:23 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-10 16:11 - 2014-01-10 16:11 - 00001357 _____ C:\Users\Marcel\Desktop\mbar.exe.lnk
2014-01-09 22:39 - 2014-01-09 22:39 - 04745728 _____ (AVAST Software) C:\Users\Marcel\Desktop\aswMBR.exe
2014-01-09 22:29 - 2014-01-09 22:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-09 22:28 - 2014-01-10 16:23 - 00000000 ____D C:\Program Files (x86)\mbar
2014-01-09 22:28 - 2014-01-10 16:11 - 00089304 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-09 22:14 - 2014-01-09 22:14 - 00377856 _____ C:\Users\Marcel\Desktop\gmer_2.1.19163.exe
2013-12-29 16:54 - 2013-12-29 16:54 - 00000000 ____D C:\ProgramData\Licenses
2013-12-29 16:50 - 2013-12-29 16:50 - 00001168 _____ C:\Users\Public\Desktop\Trojan Remover.lnk
2013-12-29 16:47 - 2013-12-29 16:47 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-12-29 16:47 - 2006-06-19 13:01 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztvcabinet.dll
2013-12-29 16:47 - 2006-05-25 15:52 - 00162304 _____ C:\WINDOWS\SysWOW64\ztvunrar36.dll
2013-12-29 16:47 - 2005-08-26 01:50 - 00077312 _____ C:\WINDOWS\SysWOW64\ztvunace26.dll
2013-12-29 16:47 - 2002-03-06 01:00 - 00075264 _____ C:\WINDOWS\SysWOW64\unacev2.dll
2013-12-29 16:45 - 2013-12-29 16:53 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2013-12-29 16:45 - 2013-12-29 16:45 - 00000000 ____D C:\Users\Marcel\Documents\Simply Super Software
2013-12-29 16:45 - 2013-12-29 16:45 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\Simply Super Software
2013-12-29 16:45 - 2003-02-02 19:06 - 00153088 _____ C:\WINDOWS\SysWOW64\UNRAR3.dll
2013-12-21 17:48 - 2013-12-21 17:48 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\Red Alert 3 Uprising
2013-12-21 17:20 - 2013-12-21 17:20 - 00001346 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2013-12-17 21:57 - 2013-12-17 21:57 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\Command and Conquer 4
2013-12-17 21:57 - 2013-12-17 21:57 - 00000000 ____D C:\Users\Marcel\AppData\Local\Electronic_Arts_Inc
2013-12-16 18:31 - 2013-11-12 00:41 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-16 18:31 - 2013-11-12 00:40 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-16 18:31 - 2013-11-12 00:27 - 00701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2013-12-16 18:31 - 2013-11-12 00:24 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-12-16 18:31 - 2013-11-11 03:48 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2013-12-16 18:31 - 2013-11-09 12:55 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-12-16 18:31 - 2013-11-09 07:37 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2013-12-16 18:31 - 2013-11-09 06:56 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2013-12-16 18:31 - 2013-11-08 11:26 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2013-12-16 18:31 - 2013-11-08 05:43 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2013-12-16 18:31 - 2013-11-08 05:28 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-12-16 18:31 - 2013-11-08 05:26 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-12-16 18:31 - 2013-11-08 05:16 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2013-12-16 18:31 - 2013-11-08 05:15 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2013-12-16 18:31 - 2013-11-08 05:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2013-12-16 18:31 - 2013-11-08 04:41 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2013-12-16 18:31 - 2013-11-08 04:14 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2013-12-16 18:31 - 2013-11-05 15:19 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2013-12-16 18:31 - 2013-11-05 15:03 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2013-12-16 18:31 - 2013-11-05 14:57 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2013-12-16 18:31 - 2013-11-05 14:33 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2013-12-16 18:31 - 2013-11-05 14:32 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2013-12-16 18:31 - 2013-11-04 18:13 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-12-16 18:31 - 2013-11-04 18:13 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2013-12-16 18:31 - 2013-11-04 14:07 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2013-12-16 18:31 - 2013-11-04 12:50 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-12-16 18:31 - 2013-11-04 11:32 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2013-12-16 18:31 - 2013-11-04 03:28 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2013-12-16 18:31 - 2013-11-04 02:30 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-12-16 18:31 - 2013-11-01 12:39 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2013-12-16 18:31 - 2013-11-01 07:08 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2013-12-16 18:31 - 2013-11-01 06:57 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2013-12-16 18:31 - 2013-10-31 01:58 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-12-16 18:31 - 2013-10-31 01:42 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-12-16 18:31 - 2013-10-31 01:33 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2013-12-16 18:31 - 2013-10-31 01:33 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2013-12-16 18:31 - 2013-10-31 01:33 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2013-12-16 18:31 - 2013-10-31 01:33 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2013-12-16 18:31 - 2013-10-26 02:54 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2013-12-16 18:31 - 2013-10-24 10:31 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2013-12-16 18:31 - 2013-10-24 10:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2013-12-16 18:31 - 2013-10-17 12:21 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2013-12-16 18:31 - 2013-10-17 11:36 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2013-12-16 18:31 - 2013-10-05 15:21 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-12-16 18:31 - 2013-10-05 15:21 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2013-12-16 18:31 - 2013-10-05 13:05 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2013-12-16 18:31 - 2013-10-05 13:05 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll

==================== One Month Modified Files and Folders =======

2014-01-14 22:15 - 2014-01-14 22:15 - 00017824 _____ C:\Users\Marcel\Desktop\FRST.txt
2014-01-14 22:07 - 2014-01-14 22:07 - 00000000 ____D C:\FRST
2014-01-14 22:07 - 2014-01-14 22:06 - 02076160 _____ (Farbar) C:\Users\Marcel\Desktop\FRST64.exe
2014-01-14 22:05 - 2013-11-10 17:49 - 00001120 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-14 22:05 - 2013-11-10 17:49 - 00001116 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-14 22:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-14 18:39 - 2014-01-14 18:35 - 00000000 ____D C:\ProgramData\SecTaskMan
2014-01-14 18:39 - 2013-06-13 20:36 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\KeePass
2014-01-14 18:35 - 2014-01-14 18:35 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2014-01-14 18:19 - 2014-01-14 18:19 - 00000533 _____ C:\Users\Marcel\Desktop\Galileo Video Training Photoshop CC Grundlagen (Y) 0 Bytes.lnk
2014-01-14 18:19 - 2013-10-18 19:44 - 00000000 __RDO C:\Users\Marcel\SkyDrive
2014-01-14 18:19 - 2013-05-29 18:09 - 00000000 ____D C:\Users\Marcel\AppData\Local\Adobe
2014-01-14 18:14 - 2013-09-30 05:14 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-14 18:14 - 2013-09-30 04:56 - 00764340 _____ C:\WINDOWS\system32\perfh007.dat
2014-01-14 18:14 - 2013-09-30 04:56 - 00159160 _____ C:\WINDOWS\system32\perfc007.dat
2014-01-14 18:10 - 2013-10-31 19:57 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-14 18:10 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-13 21:32 - 2013-05-29 17:48 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2953995348-1952454828-3364095664-1002
2014-01-13 20:26 - 2013-10-18 19:25 - 01573954 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-12 17:22 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2014-01-12 17:18 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2014-01-12 17:15 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2014-01-10 18:56 - 2013-10-31 12:20 - 00000000 ____D C:\ProgramData\Package Cache
2014-01-10 18:56 - 2013-10-31 12:10 - 00000000 ____D C:\ProgramData\Western Digital
2014-01-10 17:49 - 2014-01-10 17:49 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2014-01-10 17:39 - 2014-01-10 17:31 - 00000000 ____D C:\Program Files (x86)\NirSoft Utilities
2014-01-10 17:31 - 2014-01-10 17:30 - 00000000 ____D C:\Program Files (x86)\Sysinternals Suite
2014-01-10 17:28 - 2014-01-10 17:28 - 00000848 _____ C:\Users\Marcel\Desktop\WSCC.lnk
2014-01-10 17:28 - 2014-01-10 17:28 - 00000000 ____D C:\WSCC
2014-01-10 17:22 - 2014-01-10 17:21 - 00000000 ____D C:\Users\Marcel\Desktop\Games
2014-01-10 16:53 - 2014-01-10 16:53 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\Malwarebytes
2014-01-10 16:52 - 2014-01-10 16:52 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Marcel\Desktop\mbam-setup-1.75.0.1300.exe
2014-01-10 16:52 - 2014-01-10 16:52 - 00001150 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-10 16:52 - 2014-01-10 16:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-10 16:35 - 2013-08-03 17:58 - 00000000 ____D C:\Users\Marcel\AppData\Local\CrashDumps
2014-01-10 16:23 - 2014-01-10 16:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-10 16:23 - 2014-01-09 22:28 - 00000000 ____D C:\Program Files (x86)\mbar
2014-01-10 16:11 - 2014-01-10 16:11 - 00001357 _____ C:\Users\Marcel\Desktop\mbar.exe.lnk
2014-01-10 16:11 - 2014-01-09 22:28 - 00089304 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-09 22:41 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\ADFS
2014-01-09 22:39 - 2014-01-09 22:39 - 04745728 _____ (AVAST Software) C:\Users\Marcel\Desktop\aswMBR.exe
2014-01-09 22:29 - 2014-01-09 22:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-09 22:14 - 2014-01-09 22:14 - 00377856 _____ C:\Users\Marcel\Desktop\gmer_2.1.19163.exe
2013-12-31 19:56 - 2013-06-03 17:48 - 00007643 _____ C:\Users\Marcel\AppData\Local\resmon.resmoncfg
2013-12-30 18:57 - 2013-09-29 20:04 - 00009024 _____ C:\WINDOWS\PFRO.log
2013-12-29 16:55 - 2013-05-29 17:43 - 00000000 ___RD C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-29 16:54 - 2013-12-29 16:54 - 00000000 ____D C:\ProgramData\Licenses
2013-12-29 16:53 - 2013-12-29 16:45 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2013-12-29 16:50 - 2013-12-29 16:50 - 00001168 _____ C:\Users\Public\Desktop\Trojan Remover.lnk
2013-12-29 16:47 - 2013-12-29 16:47 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-12-29 16:45 - 2013-12-29 16:45 - 00000000 ____D C:\Users\Marcel\Documents\Simply Super Software
2013-12-29 16:45 - 2013-12-29 16:45 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\Simply Super Software
2013-12-29 16:24 - 2013-08-03 16:38 - 00000000 ____D C:\Program Files (x86)\Origin
2013-12-27 11:21 - 2013-07-27 16:46 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-27 11:20 - 2013-04-25 06:42 - 90708896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-21 17:48 - 2013-12-21 17:48 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\Red Alert 3 Uprising
2013-12-21 17:47 - 2013-05-29 20:12 - 00000000 ____D C:\Program Files\Adobe
2013-12-21 17:20 - 2013-12-21 17:20 - 00001346 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2013-12-17 21:57 - 2013-12-17 21:57 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\Command and Conquer 4
2013-12-17 21:57 - 2013-12-17 21:57 - 00000000 ____D C:\Users\Marcel\AppData\Local\Electronic_Arts_Inc
2013-12-17 19:03 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2013-12-17 18:59 - 2013-05-29 18:00 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-12-16 21:51 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2013-12-16 21:51 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2013-12-16 21:51 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2013-12-16 21:51 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager
2013-12-16 21:51 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera
2013-12-16 20:58 - 2013-06-03 13:33 - 00000000 ____D C:\ProgramData\RIBS

Files to move or delete:
====================
C:\ProgramData\PKP_DLbx.DAT
C:\ProgramData\PKP_DLdy.DAT


Some content of TEMP:
====================
C:\Users\Marcel\AppData\Local\Temp\CNC4LauncherUpdate.exe
C:\Users\Marcel\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Marcel\AppData\Local\Temp\CreativeCloudSet-Up.exe
C:\Users\Marcel\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Marcel\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Marcel\AppData\Local\Temp\nvStInst.exe
C:\Users\Marcel\AppData\Local\Temp\SIntf16.dll
C:\Users\Marcel\AppData\Local\Temp\SIntf32.dll
C:\Users\Marcel\AppData\Local\Temp\SIntfNT.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-14 19:25

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-01-2014 02
Ran by Marcel at 2014-01-14 22:19:53
Running from C:\Users\Marcel\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
ACDSee Pro 6 (Version: 6.3.221 - ACD Systems International Inc.)
Acronis*Disk*Director*11*Home (x32 Version: 11.0.2343 - Acronis)
Adobe Acrobat XI Pro (x32 Version: 11.0 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (x32 Version: 11.0.05 - Adobe Systems)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Audition CC (x32 Version: 6.0 - Adobe Systems Incorporated)
Adobe Bridge CC (64 Bit) (x32 Version: 6.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (x32 Version: 2.3.0.322 - Adobe Systems Incorporated)
Adobe Dreamweaver CC (x32 Version: 13 - Adobe Systems Incorporated)
Adobe Edge Animate CC (x32 Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Edge Code CC (x32 Version: 0.94 - Adobe Systems Incorporated)
Adobe Edge Inspect CC (x32 Version: 1.0.408 - Adobe Systems Incorporated)
Adobe Edge Reflow CC Preview (x32 Version: 0.23.10993 - Adobe Systems Incorporated)
Adobe Extension Manager CC (x32 Version: 7.1.1 - Adobe Systems Incorporated)
Adobe Fireworks CS6 (x32 Version: 12.0.1 - Adobe Systems Incorporated)
Adobe Flash Professional CC (x32 Version: 13.0 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CC (x32 Version: 17.0 - Adobe Systems Incorporated)
Adobe InDesign CC (x32 Version: 9.0 - Adobe Systems Incorporated)
Adobe Muse (x32 Version: 5.0 - Adobe Systems Incorporated)
Adobe Muse (x32 Version: 7.1.329 - Adobe Systems Incorporated)
Adobe Muse (x32 Version: 7.1.329 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CC (x32 Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.3 64-bit (Version: 5.3.1 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Scout CC (Version: 1.1.0.354003 - Adobe Systems Incorporated)
Adobe Widget Browser (x32 Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
Adobe® Content Viewer (x32 Version: 3.3.0 - Adobe Systems Incorporated)
Adobe® Content Viewer (x32 Version: 3.3.0 - Adobe Systems Incorporated) Hidden
Anno 1701 (x32 Version: 1.02 - Sunflowers)
Arma 3 Beta (x32 Version:  - Bohemia Interactive)
ArtRage 4 (x32 Version: 4.0.4.0 - Ambient Design)
ArtRage 4 (x32 Version: 4.0.4.0 - Ambient Design) Hidden
Balsamiq Mockups For Desktop (x32 Version: 2.2.13 - Balsamiq SRL)
Balsamiq Mockups For Desktop (x32 Version: 2.2.13 - Balsamiq SRL) Hidden
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Camera Control Pro 2 (x32 Version: 2.16.0 - Nikon)
Capture NX 2 (x32 Version: 2.2.1 - NIKON CORPORATION)
Command & Conquer™ 3 Tiberium Wars and Kane's Wrath (x32 Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ 4 Tiberian Twilight (x32 Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ and The Covert Operations™ (x32 Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (x32 Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Red Alert, Counterstrike and The Aftermath (x32 Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Red Alert™ 3 and Uprising (x32 Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Renegade (x32 Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ The Ultimate Collection Additional Content (x32 Version: 1.0.0.0 - Electronic Arts)
Command & Conquer™ Tiberian Sun™ and Firestorm™ (x32 Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™: Generals and Zero Hour (x32 Version: 1.0.0.0 - Electronic Arts, Inc.)
CyberLink PowerDVD 13 (x32 Version: 13.0.3105.58 - CyberLink Corp.)
CyberLink PowerDVD 13 (x32 Version: 13.0.3105.58 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (x32 Version:  - Blizzard Entertainment)
Die Siedler 7 (x32 Version: 1.12.1396 - Ubisoft)
Dolby Home Theater v4 (x32 Version: 7.2.7000.7 - Dolby Laboratories Inc)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
HP Officejet Pro 251dw Printer - Grundlegende Software für das Gerät (Version: 29.1.973.39397 - Hewlett-Packard Co.)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
KeePass Password Safe 2.13 (x32 Version:  - Dominik Reichl)
Lightroom 5.0 (x32 Version: 5.0 - Adobe Systems Incorporated)
Logitech SetPoint 6.52 (Version: 6.52.74 - Logitech)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 - de-de (Version: 15.0.4551.1011 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Naval War: Arctic Circle (x32 Version:  - TURBO TAPE GAMES)
Nik Collection (x32 Version: 1.1.0.9 - Google)
Nikon Message Center 2 (x32 Version: 2.1.0 - Nikon)
Norton Internet Security (x32 Version: 20.4.0.40 - Symantec Corporation)
NVIDIA Grafiktreiber 331.65 (Version: 331.65 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation)
NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1011 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1011 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1011 - Microsoft Corporation) Hidden
Origin (x32 Version: 9.1.10.2728 - Electronic Arts, Inc.)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photomatix Pro version 4.0.2 (Version: 4.0.2 - HDRsoft Sarl)
Photomatix Pro version 4.2.6 (Version: 4.2.6 - HDRsoft Ltd)
Picture Control Utility (x32 Version: 1.1.5 - Nikon)
Port Royale 3 (x32 Version: 1.3.2.0 - Gaming Minds Studios GmbH)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6449 - Realtek Semiconductor Corp.)
Security Task Manager 1.8d (x32 Version: 1.8d - Neuber Software)
Silent Hunter 5 (x32 Version: 1.2.0 - Ubisoft)
SimCity™ (x32 Version: 1.0.0.0 - Electronic Arts)
Spyder4Elite (x32 Version:  - )
SSD Fresh (x32 Version: 2013 - Abelssoft)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Supreme Commander 2 (x32 Version:  - Gas Powered Games)
SyncToy 2.1 (x64) (Version: 2.1.0 - Microsoft)
Total Commander 64-bit (Remove or Repair) (Version: 8.0 - Ghisler Software GmbH)
TreePad PLUS 7.7.5 (x32 Version:  - )
Trojan Remover 6.8.8 (x32 Version: 6.8.8 - Simply Super Software)
Ubisoft Game Launcher (x32 Version: 1.0.0.0 - UBISOFT)
Virtual CD v10 (x32 Version: 10.50.0 - H+H Software GmbH)
Wacom Tablett (Version: 6.3.5-3 - Wacom Technology Corp.)
Web-Recherche 3 (x32 Version: 3.10.4911 - macropool GmbH)
WebTablet FB Plugin 32 bit (x32 Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (Version: 2.1.0.3 - Wacom Technology Corp.)
WeBuilder 2014 v12.2 (x32 Version: 12.0 - Karlis Blumentals)
WestwoodChat (x32 Version: 1.0.0.0 - WestwoodChat)
WestwoodOnline (x32 Version: 1.0.0.0 - WestwoodOnline)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinZip 17.5 (Version: 17.5.10480 - WinZip Computing, S.L. )

==================== Restore Points  =========================

27-12-2013 10:20:25 Windows Update
04-01-2014 16:27:15 Geplanter Prüfpunkt
09-01-2014 21:40:13 Malwarebytes Anti-Rootkit Restore Point
13-01-2014 19:05:49 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106

==================== Hosts content: ==========================

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {01261B31-8ECF-43E4-B470-3842B19C3B0B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-11-13] (Microsoft Corporation)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {135B14D8-277E-4E2D-A2C9-91C8EB633EDC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-10] (Google Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {27706846-5089-426E-8A8E-F33D1505A59F} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-marcel.scholz@bluewin.ch => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {30E6B604-37CE-4D0B-9098-6650BFC79642} - System32\Tasks\AdobeAAMUpdater-1.0-PC22-Marcel => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {5068B64B-91B3-4498-9E6E-560C421ABF62} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {61E1506D-FDE6-4B10-A0E0-53086239BAB0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-11-13] (Microsoft Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9C22A442-ED2E-4E60-901D-077563967A0F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B02D2CF1-1A01-44EF-898D-9DEAFD5130FB} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E01D75E4-81D6-46E3-8F52-598FA7E48B76} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2013-12-27] (Microsoft Corporation)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {FA9D1121-3727-4E8F-956E-D44B872F6281} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-11-02] (Microsoft Corporation)
Task: {FFBEC3F8-D8E4-4040-ABB3-68F7E03641E4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-10] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-13 12:20 - 2013-12-13 12:20 - 03359600 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2013-05-29 20:23 - 2013-02-08 19:37 - 01185080 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2013-06-16 18:14 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2011-08-09 15:06 - 2012-02-07 13:59 - 00139264 _____ () C:\Program Files (x86)\Datacolor\Spyder4Elite\Utility\SpyderUtility Libs\Appearance Pak.dll
2011-08-09 15:06 - 2012-02-07 13:59 - 00151552 _____ () C:\Program Files (x86)\Datacolor\Spyder4Elite\Utility\SpyderUtility Libs\RegEx.dll
2011-08-09 15:06 - 2012-02-07 13:59 - 12977947 _____ () C:\Program Files (x86)\Datacolor\Spyder4Elite\Utility\SpyderUtility Libs\RBScript.dll
2011-08-09 15:06 - 2012-02-07 13:59 - 00098304 _____ () C:\Program Files (x86)\Datacolor\Spyder4Elite\Utility\SpyderUtility Libs\Shell.dll
2011-08-09 15:06 - 2012-02-07 13:59 - 00761856 _____ () C:\Program Files (x86)\Datacolor\Spyder4Elite\Utility\SpyderUtility Libs\XML.dll
2011-08-09 15:06 - 2012-02-07 13:59 - 00274432 _____ () C:\Program Files (x86)\Datacolor\Spyder4Elite\Utility\SpyderUtility Libs\CGamma.dll
2011-08-09 15:06 - 2012-02-07 13:59 - 00086016 _____ () C:\Program Files (x86)\Datacolor\Spyder4Elite\Utility\SpyderUtility Libs\CSensor.dll
2011-09-22 14:22 - 2012-02-07 13:59 - 00039936 _____ () C:\Program Files (x86)\Datacolor\Spyder4Elite\Utility\SpyderUtility Libs\MBSRegistrationPlugin16724.dll
2011-09-22 14:22 - 2012-02-07 13:59 - 00025600 _____ () C:\Program Files (x86)\Datacolor\Spyder4Elite\Utility\SpyderUtility Libs\MBSPluginVersionPlugin16724.dll
2013-11-13 18:26 - 2013-11-13 18:26 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-12-12 20:46 - 2013-12-12 20:46 - 00359592 _____ () C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
2012-09-23 19:43 - 2012-09-23 19:43 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu
2013-12-19 10:49 - 2013-12-19 10:49 - 32733080 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2013-10-19 15:13 - 2008-08-18 15:08 - 00050688 _____ () C:\Program Files (x86)\Virtual CD v10\System\ogg.dll
2013-10-19 15:13 - 2008-08-18 15:11 - 01237504 _____ () C:\Program Files (x86)\Virtual CD v10\System\vorbis.dll
2013-09-29 16:41 - 2013-07-29 03:50 - 00861960 _____ () C:\Program Files (x86)\CyberLink\PowerDVD13\common\UNO\UNO.dll
2013-09-29 16:41 - 2013-05-02 01:06 - 00081920 _____ () C:\Program Files (x86)\CyberLink\PowerDVD13\Common\koan\_ctypes.pyd
2013-09-29 16:41 - 2013-05-02 01:06 - 00053248 _____ () C:\Program Files (x86)\CyberLink\PowerDVD13\Common\Koan\_socket.pyd
2013-09-29 16:41 - 2013-05-02 01:06 - 00655360 _____ () C:\Program Files (x86)\CyberLink\PowerDVD13\Common\Koan\_ssl.pyd
2013-12-19 10:49 - 2013-12-19 10:49 - 00742808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libglesv2.dll
2013-12-19 10:49 - 2013-12-19 10:49 - 00136600 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9
AlternateDataStreams: C:\Users\Marcel\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: NVIDIA High Definition Audio
Description: NVIDIA High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: NVHDA
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: WPD-Dateisystem-Volumetreiber
Description: WPD-Dateisystem-Volumetreiber
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Microsoft
Service: WUDFWpdFs
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

Der angeforderte Dienst wurde bereits gestartet.

Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.


==================== Memory info =========================== 

Percentage of memory in use: 14%
Total physical RAM: 16333.13 MB
Available physical RAM: 13968.83 MB
Total Pagefile: 18765.13 MB
Available Pagefile: 15718.59 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:232.2 GB) (Free:47.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATEN) (Fixed) (Total:100 GB) (Free:95.32 GB) NTFS
Drive e: (Bilder) (Fixed) (Total:1333.13 GB) (Free:1038.48 GB) NTFS
Drive f: (Ressourcen) (Fixed) (Total:405.47 GB) (Free:320.68 GB) NTFS
Drive r: (Backup_Archiv) (Fixed) (Total:1862.98 GB) (Free:1378.73 GB) NTFS
Drive y: (Video-Training) (CDROM) (Total:5.55 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 3DC07BC3)
Partition 1: (Active) - (Size=700 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 55EACA2A)
Partition 1: (Not Active) - (Size=24 GB) - (Type=27)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=-332215091200) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0005F107)
Partition 1: (Not Active) - (Size=-198659014656) - (Type=07 NTFS)

==================== End Of Log ============================

Gruss RexCH

schrauber · 15.01.2014, 13:26

Alles gut

RexCH · 26.01.2014, 12:01

So, habe jetzt den PC mal neu aufgesetzt. Sicher ist sicher.

Jedenfalls danke für Eure Hilfe.

Gruss RexCH

schrauber · 27.01.2014, 08:38

Gern Geschehen

15.01.2014, 13:26	#4
schrauber /// the machine /// TB-Ausbilder	Geklaute Kreditkarten Daten Alles gut __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

27.01.2014, 08:38	#6
schrauber /// the machine /// TB-Ausbilder	Geklaute Kreditkarten Daten Gern Geschehen __________________ --> Geklaute Kreditkarten Daten

Geklaute Kreditkarten Daten

Log-Analyse und Auswertung: Geklaute Kreditkarten Daten