| |
| |||||||
Log-Analyse und Auswertung: WIN 7: Malware Lollipop mit Malwarebytes entfernt, ist es damit erledigt?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.01.2014, 10:33
| #1 |
| |  WIN 7: Malware Lollipop mit Malwarebytes entfernt, ist es damit erledigt? Hallo Supporter des Trojaner Boards, ich habe mir, scheinbar mit einem Download bei Chip.de, die Malware Lollipop installiert. Mit der Software Malwarebytes habe ich diese erkannt, verschoben und gelöscht. So zumindest sieht es anhand der Log-files aus (beide sind angehängt, einmal davor und einmal danach). Jetzt bin ich mir einfach nicht sicher ob das wirklich ausgereicht hat auch wenn ich keine infizierten Objekte mehr finde. Ich habe alle Log-files anhand eurer Vorgaben erstellen können bis auf GMER, dieser bricht mit einer Fehlermeldung ab, einen Screenshot dazu habe ich ebenfalls erstellt und versuche ihn anzuhängen. Vielen Dank im Voraus für eure Unterstützung Gruß Björn Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 08:22 on 17/01/2014 (*******)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014 03
Ran by ******* (administrator) on ******* on 17-01-2014 08:23:42
Running from D:\Downloads-Firefox
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Spotify Ltd) C:\Users\*******\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(sw4you, Siegfried Weckmann) C:\Program Files (x86)\Hardcopy\hardcopy.exe
(Swyx Solutions AG) C:\Program Files (x86)\SwyxIt!\SwyxIt!.exe
(Dropbox, Inc.) C:\Users\*******\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
() C:\Program Files (x86)\Hardcopy\hcdll2_ex.exe
(Stardock) C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Stardock) C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe
(Swyx Solutions AG) C:\Program Files (x86)\SwyxIt!\CLMgr.exe
(Swyx Solutions AG) C:\Program Files (x86)\SwyxIt!\ODialer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13519432 2013-04-12] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-06-08] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-16] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-01-14] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [684064 2012-07-18] (PDF Complete Inc)
HKLM-x32\...\Run: [RemoteControl10] - c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-14] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111136 2012-11-21] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [493088 2012-11-21] (CyberLink Corp.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Spotify] - C:\Users\*******\AppData\Roaming\Spotify\Spotify.exe [5951488 2013-12-19] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\*******\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-19] (Spotify Ltd)
HKU\Sieling\...\Run: [THPanel] - C:\Program Files (x86)\Thunder Master\THPanel.exe [2050416 2012-07-13] (Palit Microsystems Ltd.)
Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk
ShortcutTarget: Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe ()
Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)
==================== Internet (Whitelisted) ====================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1389777254&from=amt&uid=SamsungXSSDX840XEVOX250GB_S1DBNEADA15636K&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1389777254&from=amt&uid=SamsungXSSDX840XEVOX250GB_S1DBNEADA15636K
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1389777254&from=amt&uid=SamsungXSSDX840XEVOX250GB_S1DBNEADA15636K
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1389777254&from=amt&uid=SamsungXSSDX840XEVOX250GB_S1DBNEADA15636K&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1389777254&from=amt&uid=SamsungXSSDX840XEVOX250GB_S1DBNEADA15636K&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1389777254&from=amt&uid=SamsungXSSDX840XEVOX250GB_S1DBNEADA15636K&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Tcpip\Parameters: [DhcpNameServer] 192.0.0.99 192.0.0.100
FireFox:
========
FF ProfilePath: C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\rsutq5ig.default
FF user.js: detected! => C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\rsutq5ig.default\user.js
FF Homepage: hxxp://pe.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\rsutq5ig.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-06]
FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\rsutq5ig.default\extensions\lightningnewtab@gmail.com.xpi
FF HKCU\...\Firefox\Extensions: [{ec2beeca-9971-43d1-9766-6a9ad543c90c}] - C:\Program Files (x86)\Re-markit\150.xpi
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
==================== Services (Whitelisted) =================
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [508016 2014-01-14] (Cherished Technololgy LIMITED)
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134624 2012-07-18] (PDF Complete Inc)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-04-12] (Realtek Semiconductor)
==================== Drivers (Whitelisted) ====================
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [27456 2012-08-27] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-17 08:23 - 2014-01-17 08:23 - 00000000 ____D C:\FRST
2014-01-17 08:21 - 2014-01-17 08:21 - 00000000 _____ C:\Users\*******\defogger_reenable
2014-01-16 15:35 - 2014-01-16 15:35 - 00000000 ____D C:\Users\*******\AppData\Roaming\Malwarebytes
2014-01-16 15:35 - 2014-01-16 15:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-16 15:35 - 2014-01-16 15:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-16 15:35 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-15 15:03 - 2014-01-15 15:03 - 00003584 _____ C:\Users\*******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-15 14:23 - 2014-01-15 14:23 - 00004808 _____ C:\Windows\SysWOW64\gaeffect.sti
2014-01-15 14:23 - 2014-01-15 14:23 - 00003176 _____ C:\Windows\SysWOW64\gafilter.sti
2014-01-15 14:23 - 2014-01-15 14:23 - 00000513 ____H C:\Windows\SysWOW64\ws344069.ocx
2014-01-15 14:23 - 2014-01-15 14:23 - 00000452 ____H C:\os466477.bin
2014-01-15 14:23 - 2014-01-15 14:23 - 00000000 ____D C:\Windows\PreviewSoft
2014-01-15 14:22 - 2014-01-16 16:00 - 00000229 _____ C:\Windows\ULEAD32.INI
2014-01-15 14:22 - 2014-01-15 14:22 - 00000000 ____D C:\Program Files (x86)\Ulead Systems
2014-01-15 14:21 - 2014-01-15 14:21 - 00000000 ____D C:\Windows\Noslip
2014-01-15 13:37 - 2014-01-15 14:19 - 00000000 ____D C:\Users\*******\Documents\psynetic-gifx
2014-01-15 13:37 - 2014-01-15 13:37 - 00000000 ____D C:\Users\*******\AppData\Local\psynetic-imageconverter
2014-01-15 13:36 - 2014-01-15 13:36 - 00000000 ____D C:\Program Files (x86)\psynetic
2014-01-15 11:28 - 2014-01-15 11:28 - 00000919 _____ C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2014-01-15 11:28 - 2014-01-15 11:28 - 00000000 ____D C:\Program Files\MediaInfo
2014-01-15 11:20 - 2014-01-15 11:20 - 00000000 ____D C:\Users\*******\Documents\SWF to GIF Animator
2014-01-15 10:19 - 2014-01-15 10:19 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
2014-01-15 10:19 - 2009-09-27 09:39 - 00415744 ___SH (The Public) C:\Windows\SysWOW64\avisynth.dll
2014-01-15 10:19 - 2005-07-14 12:31 - 00032256 ___SH C:\Windows\SysWOW64\AVSredirect.dll
2014-01-15 10:19 - 2004-02-22 10:11 - 00764416 ___SH (Abysmal Software) C:\Windows\SysWOW64\devil.dll
2014-01-15 10:19 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\Windows\SysWOW64\yv12vfw.dll
2014-01-15 10:19 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\Windows\SysWOW64\i420vfw.dll
2014-01-15 10:15 - 2014-01-15 10:26 - 00000000 ____D C:\Users\*******\AppData\Local\Mobogenie
2014-01-15 10:15 - 2014-01-15 10:25 - 00000000 ____D C:\Users\*******\AppData\Local\genienext
2014-01-15 10:15 - 2014-01-15 10:15 - 00000000 ____D C:\Users\*******\Documents\Mobogenie
2014-01-15 10:15 - 2014-01-15 10:15 - 00000000 ____D C:\Users\*******\Documents\eRightSoft
2014-01-15 10:15 - 2014-01-15 10:15 - 00000000 ____D C:\Users\*******\AppData\Local\cache
2014-01-15 10:15 - 2014-01-15 10:15 - 00000000 ____D C:\Users\*******\.android
2014-01-15 10:15 - 2014-01-15 10:15 - 00000000 ____D C:\Program Files (x86)\eRightSoft
2014-01-15 10:15 - 2014-01-15 10:15 - 00000000 _____ C:\Users\*******\daemonprocess.txt
2014-01-15 10:15 - 2012-10-05 19:54 - 00188416 __RSH C:\Windows\SysWOW64\winDCE32.dll
2014-01-15 10:15 - 2012-07-11 23:00 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Olepau32.ax
2014-01-15 10:15 - 2011-06-15 23:00 - 00163328 __RSH C:\Windows\SysWOW64\flvDX.dll
2014-01-15 10:15 - 2011-06-14 19:05 - 00121344 __RSH C:\Windows\SysWOW64\TAKDSDecoder.ax
2014-01-15 10:15 - 2011-02-11 10:26 - 00112128 __RSH C:\Windows\SysWOW64\OptimFROG.dll
2014-01-15 10:15 - 2010-01-06 23:00 - 00107520 __RSH C:\Windows\SysWOW64\TAKDSDecoder.dll
2014-01-15 10:15 - 2009-09-27 23:00 - 00143872 __RSH C:\Windows\SysWOW64\AviDX.ax
2014-01-15 10:15 - 2009-08-10 23:00 - 00352768 __RSH C:\Windows\SysWOW64\ac3DX.ax
2014-01-15 10:15 - 2009-03-17 10:38 - 00070656 __RSH C:\Windows\SysWOW64\RLAPEDec.ax
2014-01-15 10:15 - 2009-01-18 17:15 - 00120832 __RSH C:\Windows\SysWOW64\MPCDx.ax
2014-01-15 10:15 - 2009-01-18 12:03 - 00107520 __RSH C:\Windows\SysWOW64\RLMPCDec.ax
2014-01-15 10:15 - 2008-03-16 14:30 - 00216064 __RSH (MONOGRAM Multimedia, s.r.o.) C:\Windows\SysWOW64\nbDX.dll
2014-01-15 10:15 - 2007-02-21 12:47 - 00031232 __RSH (Hans Mayerl) C:\Windows\SysWOW64\msfDX.dll
2014-01-15 10:15 - 2006-08-16 15:53 - 00175104 __RSH () C:\Windows\SysWOW64\CoreAAC.ax
2014-01-15 10:15 - 2006-03-10 20:21 - 00195584 __RSH C:\Windows\SysWOW64\MatroskaDX.ax
2014-01-15 10:15 - 2006-01-12 23:00 - 00123904 __RSH (CoreCodec) C:\Windows\SysWOW64\AVCDX.ax
2014-01-15 10:15 - 2005-11-25 21:46 - 00161792 __RSH (Gabest) C:\Windows\SysWOW64\RealMediaDX.ax
2014-01-15 10:15 - 2005-02-22 17:55 - 00081920 __RSH C:\Windows\SysWOW64\aac_parser.ax
2014-01-15 10:15 - 2005-02-13 00:00 - 00186880 __RSH (RadLight) C:\Windows\SysWOW64\RLOgg.ax
2014-01-15 10:15 - 2005-02-13 00:00 - 00067584 __RSH (RadLight, LLC) C:\Windows\SysWOW64\RLTheoraDec.ax
2014-01-15 10:15 - 2005-02-13 00:00 - 00051712 __RSH C:\Windows\SysWOW64\RLSpeexDec.ax
2014-01-15 10:15 - 2005-02-06 00:00 - 00092672 __RSH (RadLight) C:\Windows\SysWOW64\RLVorbisDec.ax
2014-01-15 10:15 - 2005-01-18 00:26 - 00179200 __RSH (Gabest) C:\Windows\SysWOW64\DiracSplitter.ax
2014-01-15 10:15 - 2004-10-10 09:50 - 00278528 _____ (Real Networks, Inc) C:\Windows\SysWOW64\pncrt.dll
2014-01-15 10:15 - 2004-09-17 04:07 - 00090112 __RSH (-) C:\Windows\SysWOW64\TTADSSplitter.ax
2014-01-15 10:15 - 2004-08-22 11:56 - 00090112 __RSH (-) C:\Windows\SysWOW64\TTADSDecoder.ax
2014-01-15 10:15 - 2004-07-02 16:33 - 00327749 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\drvc.dll
2014-01-15 10:15 - 2004-04-27 16:03 - 00017408 __RSH (RadLight) C:\Windows\SysWOW64\RLOFRDec.ax
2014-01-15 10:15 - 2003-12-07 08:59 - 00097280 __RSH C:\Windows\SysWOW64\FLACDX.ax
2014-01-15 10:14 - 2014-01-16 16:00 - 00000000 ____D C:\Program Files (x86)\SupTab
2014-01-15 10:14 - 2014-01-16 15:59 - 00000000 ____D C:\ProgramData\WPM
2014-01-15 10:14 - 2014-01-15 10:26 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2014-01-15 10:14 - 2014-01-15 10:14 - 00000000 ____D C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-01-15 10:14 - 2014-01-15 10:14 - 00000000 ____D C:\ProgramData\IePluginService
2014-01-15 10:13 - 2014-01-15 10:13 - 00000000 ____D C:\Users\*******\AppData\Local\SwvUpdater
2014-01-15 08:11 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 08:11 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 08:11 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 08:11 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 08:11 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 08:11 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 08:11 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 08:11 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 08:11 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-13 11:56 - 2009-08-19 23:50 - 00024416 ____R (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll
2014-01-10 10:03 - 2014-01-10 10:03 - 00000789 _____ C:\Users\*******\Desktop\Bilderliste - Verknüpfung.lnk
2014-01-10 10:03 - 2014-01-10 10:03 - 00000734 _____ C:\Users\*******\Desktop\Bilder_Kunden - Verknüpfung.lnk
2014-01-10 10:02 - 2013-09-23 08:12 - 00000269 _____ C:\Users\*******\Desktop\Luftfederbaelge.bat
2014-01-10 10:02 - 2013-07-26 10:20 - 00000261 _____ C:\Users\*******\Desktop\bilder-tecdoc.bat
2014-01-10 10:02 - 2013-07-16 14:51 - 00000257 _____ C:\Users\*******\Desktop\QR-Code.bat
2014-01-10 10:02 - 2013-03-04 08:55 - 00000260 _____ C:\Users\*******\Desktop\image_8x12.bat
2014-01-10 10:00 - 2014-01-10 10:49 - 00000264 _____ C:\Users\*******\Desktop\image_8x12_jpgs.bat
2014-01-09 14:45 - 2014-01-09 14:45 - 00000000 ____D C:\Users\*******\Documents\Fragmente
2014-01-08 08:19 - 2014-01-08 08:19 - 00000000 ____D C:\Users\*******\AppData\Local\NVIDIA Corporation
2014-01-08 08:18 - 2014-01-08 08:18 - 00000000 ____D C:\Users\*******\AppData\Local\NVIDIA
2014-01-08 08:18 - 2014-01-08 08:18 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2014-01-08 08:18 - 2013-12-10 03:15 - 00982232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-01-08 08:18 - 2013-12-10 03:14 - 01100248 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-01-08 08:18 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-01-08 08:18 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-01-08 08:18 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-01-08 08:18 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-01-08 08:18 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-01-08 08:18 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 30372640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 22960416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 18222008 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 15877216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 15230352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-01-08 08:17 - 2013-12-19 21:33 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 09700224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 09657464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 02698272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00882464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00879392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00852768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00847648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00479520 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00357152 _____ C:\Windows\system32\NvIFROpenGL.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00314656 _____ C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-01-08 08:17 - 2013-12-05 09:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-01-08 08:17 - 2013-12-05 09:42 - 00035104 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-01-08 08:17 - 2013-12-05 09:42 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-01-08 08:17 - 2013-11-28 14:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-01-08 08:17 - 2013-11-28 14:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-01-08 08:17 - 2013-11-22 09:36 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-01-08 08:16 - 2014-01-08 08:16 - 00000000 ____D C:\NVIDIA
2014-01-02 10:12 - 2014-01-02 10:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 12:20 - 2013-12-19 12:20 - 00590112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-12-19 12:02 - 2014-01-17 07:39 - 00000000 ____D C:\Users\*******\AppData\Roaming\Spotify
2013-12-19 12:02 - 2014-01-02 11:31 - 00000000 ____D C:\Users\*******\AppData\Local\Spotify
2013-12-19 12:02 - 2013-12-19 12:02 - 00001770 _____ C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
==================== One Month Modified Files and Folders =======
2014-01-17 08:23 - 2014-01-17 08:23 - 00000000 ____D C:\FRST
2014-01-17 08:21 - 2014-01-17 08:21 - 00000000 _____ C:\Users\*******\defogger_reenable
2014-01-17 08:21 - 2013-11-26 12:43 - 00000000 ____D C:\Users\*******
2014-01-17 07:46 - 2009-07-14 05:45 - 00016768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-17 07:46 - 2009-07-14 05:45 - 00016768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-17 07:44 - 2013-11-26 18:05 - 00701206 _____ C:\Windows\system32\perfh007.dat
2014-01-17 07:44 - 2013-11-26 18:05 - 00149500 _____ C:\Windows\system32\perfc007.dat
2014-01-17 07:44 - 2009-07-14 06:13 - 01624666 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-17 07:43 - 2013-11-26 10:12 - 01117806 _____ C:\Windows\WindowsUpdate.log
2014-01-17 07:39 - 2013-12-19 12:02 - 00000000 ____D C:\Users\*******\AppData\Roaming\Spotify
2014-01-17 07:39 - 2013-11-28 14:17 - 00000000 ____D C:\Users\*******\AppData\Roaming\Dropbox
2014-01-17 07:39 - 2013-11-26 18:29 - 00000000 ____D C:\ProgramData\PDFC
2014-01-17 07:38 - 2013-11-26 12:36 - 00000128 _____ C:\Windows\system32\config\netlogon.ftl
2014-01-17 07:38 - 2013-11-26 10:31 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-17 07:38 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-17 07:38 - 2009-07-14 05:51 - 00054712 _____ C:\Windows\setupact.log
2014-01-16 16:18 - 2010-11-21 04:47 - 00014138 _____ C:\Windows\PFRO.log
2014-01-16 16:18 - 2009-07-14 05:45 - 05024352 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 16:01 - 2013-11-26 12:44 - 00120480 _____ C:\Users\*******\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-16 16:00 - 2014-01-15 14:22 - 00000229 _____ C:\Windows\ULEAD32.INI
2014-01-16 16:00 - 2014-01-15 10:14 - 00000000 ____D C:\Program Files (x86)\SupTab
2014-01-16 16:00 - 2013-11-26 18:26 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-16 15:59 - 2014-01-15 10:14 - 00000000 ____D C:\ProgramData\WPM
2014-01-16 15:56 - 2013-11-28 14:17 - 00000000 ____D C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-16 15:56 - 2013-11-26 12:43 - 00000000 ___RD C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-16 15:55 - 2013-12-05 11:57 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleFor*******.job
2014-01-16 15:35 - 2014-01-16 15:35 - 00000000 ____D C:\Users\*******\AppData\Roaming\Malwarebytes
2014-01-16 15:35 - 2014-01-16 15:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-16 15:35 - 2014-01-16 15:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-16 15:07 - 2013-12-03 17:45 - 00001456 _____ C:\Users\*******\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2014-01-16 13:18 - 2013-11-26 12:43 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7BA77F9B-408A-4EC5-8B5E-B7B33D6EE6DA}
2014-01-16 11:03 - 2013-12-05 11:57 - 00003204 _____ C:\Windows\System32\Tasks\HPCeeScheduleFor*******
2014-01-16 11:03 - 2013-11-28 12:14 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2014-01-15 15:03 - 2014-01-15 15:03 - 00003584 _____ C:\Users\*******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-15 14:23 - 2014-01-15 14:23 - 00004808 _____ C:\Windows\SysWOW64\gaeffect.sti
2014-01-15 14:23 - 2014-01-15 14:23 - 00003176 _____ C:\Windows\SysWOW64\gafilter.sti
2014-01-15 14:23 - 2014-01-15 14:23 - 00000513 ____H C:\Windows\SysWOW64\ws344069.ocx
2014-01-15 14:23 - 2014-01-15 14:23 - 00000452 ____H C:\os466477.bin
2014-01-15 14:23 - 2014-01-15 14:23 - 00000000 ____D C:\Windows\PreviewSoft
2014-01-15 14:22 - 2014-01-15 14:22 - 00000000 ____D C:\Program Files (x86)\Ulead Systems
2014-01-15 14:21 - 2014-01-15 14:21 - 00000000 ____D C:\Windows\Noslip
2014-01-15 14:19 - 2014-01-15 13:37 - 00000000 ____D C:\Users\*******\Documents\psynetic-gifx
2014-01-15 13:40 - 2013-11-26 13:55 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-15 13:40 - 2013-11-26 11:00 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 13:39 - 2013-11-26 11:00 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 13:37 - 2014-01-15 13:37 - 00000000 ____D C:\Users\*******\AppData\Local\psynetic-imageconverter
2014-01-15 13:36 - 2014-01-15 13:36 - 00000000 ____D C:\Program Files (x86)\psynetic
2014-01-15 13:31 - 2013-11-28 16:27 - 00000000 ____D C:\Users\*******\AppData\Roaming\vlc
2014-01-15 11:28 - 2014-01-15 11:28 - 00000919 _____ C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2014-01-15 11:28 - 2014-01-15 11:28 - 00000000 ____D C:\Program Files\MediaInfo
2014-01-15 11:20 - 2014-01-15 11:20 - 00000000 ____D C:\Users\*******\Documents\SWF to GIF Animator
2014-01-15 10:26 - 2014-01-15 10:15 - 00000000 ____D C:\Users\*******\AppData\Local\Mobogenie
2014-01-15 10:26 - 2014-01-15 10:14 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2014-01-15 10:25 - 2014-01-15 10:15 - 00000000 ____D C:\Users\*******\AppData\Local\genienext
2014-01-15 10:19 - 2014-01-15 10:19 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
2014-01-15 10:15 - 2014-01-15 10:15 - 00000000 ____D C:\Users\*******\Documents\Mobogenie
2014-01-15 10:15 - 2014-01-15 10:15 - 00000000 ____D C:\Users\*******\Documents\eRightSoft
2014-01-15 10:15 - 2014-01-15 10:15 - 00000000 ____D C:\Users\*******\AppData\Local\cache
2014-01-15 10:15 - 2014-01-15 10:15 - 00000000 ____D C:\Users\*******\.android
2014-01-15 10:15 - 2014-01-15 10:15 - 00000000 ____D C:\Program Files (x86)\eRightSoft
2014-01-15 10:15 - 2014-01-15 10:15 - 00000000 _____ C:\Users\*******\daemonprocess.txt
2014-01-15 10:14 - 2014-01-15 10:14 - 00000000 ____D C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-01-15 10:14 - 2014-01-15 10:14 - 00000000 ____D C:\ProgramData\IePluginService
2014-01-15 10:14 - 2013-11-26 12:43 - 00001643 _____ C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-15 10:13 - 2014-01-15 10:13 - 00000000 ____D C:\Users\*******\AppData\Local\SwvUpdater
2014-01-13 09:09 - 2013-11-28 13:36 - 00000000 ____D C:\Users\*******\AppData\Roaming\FileZilla
2014-01-10 10:53 - 2013-12-05 08:13 - 00000000 ____D C:\Bilder_Kunden
2014-01-10 10:53 - 2013-12-05 08:13 - 00000000 _____ C:\Bilderliste.txt
2014-01-10 10:49 - 2014-01-10 10:00 - 00000264 _____ C:\Users\*******\Desktop\image_8x12_jpgs.bat
2014-01-10 10:03 - 2014-01-10 10:03 - 00000789 _____ C:\Users\*******\Desktop\Bilderliste - Verknüpfung.lnk
2014-01-10 10:03 - 2014-01-10 10:03 - 00000734 _____ C:\Users\*******\Desktop\Bilder_Kunden - Verknüpfung.lnk
2014-01-09 14:45 - 2014-01-09 14:45 - 00000000 ____D C:\Users\*******\Documents\Fragmente
2014-01-09 14:45 - 2013-11-26 12:43 - 00000000 ____D C:\Users\*******\AppData\Roaming\Adobe
2014-01-08 08:19 - 2014-01-08 08:19 - 00000000 ____D C:\Users\*******\AppData\Local\NVIDIA Corporation
2014-01-08 08:19 - 2013-11-26 10:31 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2014-01-08 08:18 - 2014-01-08 08:18 - 00000000 ____D C:\Users\*******\AppData\Local\NVIDIA
2014-01-08 08:18 - 2014-01-08 08:18 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2014-01-08 08:18 - 2013-11-26 10:31 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2014-01-08 08:18 - 2013-11-26 10:28 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2014-01-08 08:16 - 2014-01-08 08:16 - 00000000 ____D C:\NVIDIA
2014-01-07 14:42 - 2013-12-02 14:22 - 00000000 ____D C:\Users\*******\AppData\Roaming\ImgBurn
2014-01-03 08:02 - 2013-11-26 11:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-02 11:31 - 2013-12-19 12:02 - 00000000 ____D C:\Users\*******\AppData\Local\Spotify
2014-01-02 10:12 - 2014-01-02 10:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 21:33 - 2014-01-08 08:17 - 30372640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 22960416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 18222008 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 15877216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 15230352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-12-19 21:33 - 2014-01-08 08:17 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 09700224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 09657464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 02698272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 00882464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 00879392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 00852768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 00847648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 00479520 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 00357152 _____ C:\Windows\system32\NvIFROpenGL.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 00314656 _____ C:\Windows\SysWOW64\NvIFROpenGL.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-12-19 21:33 - 2013-11-26 10:30 - 03071656 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-12-19 21:33 - 2013-11-26 10:30 - 01436528 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-12-19 21:33 - 2013-11-26 10:30 - 00023754 _____ C:\Windows\system32\nvinfo.pb
2013-12-19 21:33 - 2013-10-27 09:12 - 18310112 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-12-19 19:53 - 2013-11-26 10:31 - 06671648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-12-19 19:53 - 2013-11-26 10:31 - 03490080 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-12-19 19:53 - 2013-11-26 10:31 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-12-19 19:53 - 2013-11-26 10:31 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-12-19 19:53 - 2013-11-26 10:31 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-12-19 19:53 - 2013-11-26 10:31 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-12-19 12:20 - 2013-12-19 12:20 - 00590112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-12-19 12:02 - 2013-12-19 12:02 - 00001770 _____ C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-12-19 07:56 - 2013-11-29 11:26 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-19 07:56 - 2013-11-29 11:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-19 06:01 - 2013-11-26 10:31 - 03539040 _____ C:\Windows\system32\nvcoproc.bin
Some content of TEMP:
====================
C:\Users\*******\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\*******\AppData\Local\Temp\MSETUP4.EXE
C:\Users\*******\AppData\Local\Temp\nvStInst.exe
C:\Users\*******\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-09 12:11
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2014 03
Ran by ******* at 2014-01-17 08:23:54
Running from D:\Downloads-Firefox
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
2007 Microsoft Office system (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (x32 Version: - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Community Help (x32 Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Design Standard (x32 Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Apple Application Support (x32 Version: 2.3.4 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ByteScout BarCode Generator 3.22.643 (FREEWARE) (x32 Version: - Bytescout Software)
Canon MP Navigator EX 2.1 (x32 Version: - )
Canon Utilities Digital Photo Professional (x32 Version: 3.13.20.0 - Canon Inc.)
Canon Utilities EOS Utility (x32 Version: 2.13.20.0 - Canon Inc.)
Canon Utilities Picture Style Editor (x32 Version: 1.13.20.0 - Canon Inc.)
CanoScan LiDE 700F Scanner Driver (Version: - )
CyberLink Media Suite 10 (x32 Version: 10.0.1.2106 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.2106 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 3 (x32 Version: 3.0.1.3418 - CyberLink Corp.)
CyberLink PhotoDirector 3 (x32 Version: 3.0.1.3418 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (x32 Version: 8.0.2.2321 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.2.2321 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.2.2329 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.2.2329 - CyberLink Corp.) Hidden
CyberLink PowerDVD (x32 Version: 10.0.7.4721 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.7.4721 - CyberLink Corp.) Hidden
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
EOSInfo (x32 Version: 0.2.0 - astrojargon.net)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Hardcopy (C:\Program Files (x86)\Hardcopy) (x32 Version: 2010.10.01 - www.hardcopy.de)
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Performance Advisor (x32 Version: 1.6.5202 - Hewlett-Packard Company)
HP Support Assistant (x32 Version: 6.1.12.1 - Hewlett-Packard Company)
HP Support Information (x32 Version: 12.00.0000 - Hewlett-Packard)
IePluginService12.27.0.3326 (x32 Version: 12.27.0.3326 - Cherished Technololgy LIMITED)
ImgBurn (x32 Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Control Center (x32 Version: 1.2.1.1010 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Network Connections 18.0.1.0 (Version: 18.0.1.0 - Intel)
Intel(R) Network Connections 18.0.1.0 (Version: 18.0.1.0 - Intel) Hidden
Intel(R) Rapid Storage Technology (x32 Version: 11.5.4.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.5.235 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
MediaInfo 0.7.67 (Version: 0.7.67 - MediaArea.net)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Notepad++ (x32 Version: 6.5.1 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 332.21 (Version: 332.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 332.21 (Version: 332.21 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.21 (Version: 332.21 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3221 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (Version: 1.2.19 - NVIDIA Corporation)
ObjectDock Free (x32 Version: 2.0 - Stardock Corporation)
ObjectDock Free (x32 Version: 2.0 - Stardock Corporation) Hidden
OpenEdge 10.2B Shared Network Installation (x32 Version: 10.2B - PSC)
PDF Complete Corporate Edition (x32 Version: 4.1.9 - PDF Complete, Inc)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
proALPHA 5.1d01 Client (x32 Version: 5.01.04010.51d01.02 - proALPHA Software AG)
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6878 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.5223 - CyberLink Corp.) Hidden
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Spotify (HKCU Version: 0.9.6.81.gd359a796 - Spotify AB)
SUPER © v2013.build.59+Recorder (2013/12/18) Version v2013.buil (x32 Version: v2013.build.59+Recorder - eRightSoft)
SwyxIt! (Version: 7.05.0456.0 - Swyx Solutions AG)
Thunder Master v1.4 (x32 Version: 1.4.0.0 - Palit Microsystems Ltd.)
Ulead GIF Animator 5 Test (x32 Version: - )
Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32 Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player 2.1.1 (Version: 2.1.1 - VideoLAN)
WinMerge 2.14.0 (x32 Version: 2.14.0 - Thingamahoochie Software)
WinRAR 5.01 (64-Bit) (Version: 5.01.0 - win.rar GmbH)
==================== Restore Points =========================
12-12-2013 14:45:20 Windows Update
16-12-2013 15:29:25 Windows Update
20-12-2013 05:39:07 Windows Update
02-01-2014 06:57:18 Windows Update
07-01-2014 06:16:05 Windows Update
08-01-2014 07:18:23 DirectX wurde installiert
10-01-2014 07:07:34 Windows Update
14-01-2014 07:15:34 Windows Update
15-01-2014 12:38:59 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {31A6374E-C5A1-45D3-81B8-0A7D9C5386DB} - System32\Tasks\HPCeeScheduleFor******* => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {483C3812-5853-4787-86DF-1656055863B3} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2012-04-24] (CyberLink)
Task: {638B4DA9-79FF-4642-BFA4-726C555BABEB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-10] (Hewlett-Packard Company)
Task: {7F6B79BF-8C23-4D7E-B6EC-A68ADB6F5D01} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-10] (Hewlett-Packard Company)
Task: {8DCB025C-45FE-4806-AE6D-6278CE31E10D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-10] (Hewlett-Packard Company)
Task: {C2A81EB0-0F97-4C1F-A91B-57F6D9840E8F} - System32\Tasks\AdobeAAMUpdater-1.0-PEQUALITY-******* => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {CE06FC65-91A1-48E2-8697-2056BAE57B7C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: C:\Windows\Tasks\HPCeeScheduleFor*******.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2010-10-04 18:54 - 2010-10-04 18:54 - 00776704 _____ () C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-11-26 12:58 - 2010-04-21 09:59 - 00058880 _____ () C:\Program Files (x86)\Hardcopy\HcDLL2_30_x64.dll
2013-11-26 12:58 - 2010-09-30 09:04 - 00779264 _____ () C:\Program Files (x86)\Hardcopy\HcDllS.dll
2013-11-26 12:58 - 2010-09-30 09:14 - 00055296 _____ () C:\Program Files (x86)\Hardcopy\hardcopy_03.dll
2013-11-26 12:58 - 2010-04-21 10:00 - 00058368 _____ () C:\Program Files (x86)\Hardcopy\HcDLL2_30_Win32.dll
2010-10-04 18:54 - 2010-10-04 18:54 - 00675840 _____ () C:\Program Files (x86)\Stardock\ObjectDockFree\DockShellHook.dll
2013-11-28 10:46 - 2013-11-28 10:46 - 00024576 _____ () C:\Windows\assembly\GAC_MSIL\IpPbxTracing\1.0.0.0__cf78dfa0a74454f8\IpPbxTracing.dll
2010-06-21 05:11 - 2010-06-21 05:11 - 06815744 _____ () C:\Program Files (x86)\SwyxIt!\IpPbxCDSClientLib.XmlSerializers.dll
2013-11-28 10:46 - 2013-11-28 10:46 - 00057344 _____ () C:\Windows\assembly\GAC_MSIL\IpPbxWin32\1.0.0.3__cf78dfa0a74454f8\IpPbxWin32.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\*******\AppData\Roaming\Dropbox\bin\libcef.dll
2013-11-26 18:31 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 20:34 - 2012-06-08 20:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2014-01-13 11:56 - 2013-05-08 02:57 - 02666496 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\PDFMaker\Common\AdobePDFMakerX.dll
2014-01-13 11:56 - 2009-02-27 16:40 - 01421312 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\PDFMaker\Common\AdobePDFMakerX.DEU
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2010-10-04 18:54 - 2010-10-04 18:54 - 00807936 _____ () C:\Program Files (x86)\Stardock\ObjectDockFree\CrashRpt.dll
2010-10-04 18:54 - 2010-10-04 18:54 - 00053760 _____ () C:\Program Files (x86)\Stardock\ObjectDockFree\zlib.dll
2014-01-13 11:56 - 2009-02-27 16:39 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.deu
2014-01-13 11:56 - 2009-02-27 16:32 - 00020480 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
2010-06-21 05:25 - 2010-06-21 05:25 - 00025632 _____ () C:\Program Files (x86)\SwyxIt!\PlantronicsDeviceEventSink.dll
2010-06-21 05:25 - 2010-06-21 05:25 - 00045056 _____ () C:\Program Files (x86)\SwyxIt!\SPLicense.dll
2013-11-26 11:43 - 2013-11-26 11:43 - 00017408 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\34cb55ccd7a575bc17e9335bc1415685\PSIClient.ni.dll
2013-11-26 18:28 - 2013-01-14 18:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-01-02 10:12 - 2014-01-02 10:12 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Generic- M.S./M.S.Pro/HG USB Device
Description: Laufwerk
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardlaufwerke)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Generic- SD/MMC USB Device
Description: Laufwerk
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardlaufwerke)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Generic- SD/MMC USB Device
Description: Laufwerk
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardlaufwerke)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Generic- SM/xD-Picture USB Device
Description: Laufwerk
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardlaufwerke)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Generic- Compact Flash USB Device
Description: Laufwerk
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardlaufwerke)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/17/2014 08:13:19 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (01/17/2014 07:57:33 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/16/2014 03:11:15 PM) (Source: Application Hang) (User: )
Description: Programm CnxClient.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1150
Startzeit: 01cf1296fc720062
Endzeit: 9
Anwendungspfad: N:\CnxClient.exe
Berichts-ID: 0940295c-7eb8-11e3-b4a3-7446a0b2b81e
Error: (01/16/2014 11:17:28 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/15/2014 03:02:37 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/15/2014 03:02:37 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/15/2014 01:45:14 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/15/2014 01:45:14 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/15/2014 01:36:38 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/15/2014 01:36:38 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
System errors:
=============
Error: (01/17/2014 07:39:56 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/16/2014 04:19:27 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/16/2014 04:00:14 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/16/2014 03:56:38 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/16/2014 08:40:17 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (01/16/2014 08:40:16 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (01/16/2014 08:40:15 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (01/16/2014 08:23:57 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/15/2014 02:50:51 PM) (Source: BROWSER) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{CE125754-690B-4D90-AF67-9C96331D20D6}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (01/15/2014 01:49:07 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 11%
Total physical RAM: 24520.34 MB
Available physical RAM: 21715.3 MB
Total Pagefile: 49038.85 MB
Available Pagefile: 46066.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:224.43 GB) (Free:125.01 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.41 GB) (Free:909.07 GB) NTFS
Drive e: (HP_RECOVERY) (Fixed) (Total:7.57 GB) (Free:0.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Daten 1) (Network) (Total:331.44 GB) (Free:0.28 GB) NTFS
Drive g: (Daten 1) (Network) (Total:331.44 GB) (Free:0.28 GB) NTFS
Drive i: () (Network) (Total:331.44 GB) (Free:0.28 GB)
Drive j: (Users2) (Network) (Total:5585.13 GB) (Free:3338.88 GB) ReFS
Drive k: (Users2) (Network) (Total:5585.13 GB) (Free:3338.88 GB) ReFS
Drive l: (Users2) (Network) (Total:5585.13 GB) (Free:3338.88 GB) ReFS
Drive m: (Database) (Network) (Total:80 GB) (Free:10.56 GB) NTFS
Drive n: (System) (Network) (Total:80 GB) (Free:26.93 GB) NTFS
Drive p: (Volume) (Network) (Total:2794.28 GB) (Free:2329.63 GB) NTFS
Drive q: (Daten 1) (Network) (Total:331.44 GB) (Free:0.28 GB) NTFS
Drive r: (Users2) (Network) (Total:5585.13 GB) (Free:3338.88 GB) ReFS
Drive s: () (Network) (Total:331.44 GB) (Free:0.28 GB)
Drive t: () (Network) (Total:331.44 GB) (Free:0.28 GB)
Drive x: (Users1) (Network) (Total:2791 GB) (Free:2162.42 GB) ReFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 47A5854C)
Partition 1: (Active) - (Size=800 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=224 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 869E1BFB)
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 MB) - (Type=27)
==================== End Of Log ============================
Hier die erste Logfile von Malwarebytes zur Zeit des Befalls: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.16.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 ******* :: ******* [Administrator] 16.01.2014 15:36:51 MBAM-log-2014-01-16 (15-54-20).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 474745 Laufzeit: 14 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 2 C:\Users\*******\AppData\Local\Lollipop\Lollipop.exe (Adware.LolliPop.IT) -> 4036 -> Keine Aktion durchgeführt. C:\ProgramData\WPM\wprotectmanager.exe (PUP.Optional.WpManager.A) -> 1572 -> Keine Aktion durchgeführt. Infizierte Speichermodule: 1 C:\Users\*******\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt. Infizierte Registrierungsschlüssel: 19 HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Optional.SoftwareUpdater) -> Keine Aktion durchgeführt. HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Optional.SoftwareUpdater) -> Keine Aktion durchgeführt. HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Optional.SoftwareUpdater) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Optional.SoftwareUpdater) -> Keine Aktion durchgeführt. HKCR\Updater.AmiUpd.1 (PUP.Optional.SoftwareUpdater) -> Keine Aktion durchgeführt. HKCR\Updater.AmiUpd (PUP.Optional.SoftwareUpdater) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lollipop (Adware.LolliPop.IT) -> Keine Aktion durchgeführt. HKLM\SYSTEM\CurrentControlSet\Services\Wpm (PUP.Optional.WpManager.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WPM (PUP.Optional.WpManager.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\nationzoomSoftware (PUP.Optional.NationZoom.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\Chrome\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel (PUP.Optional.ReMarkIt.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fa1edbd5-2df4-43f8-ac31-cacf348a7d3d} (PUP.Optional.ReMarkIt.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{fa1edbd5-2df4-43f8-ac31-cacf348a7d3d} (PUP.Optional.ReMarkIt.A) -> Keine Aktion durchgeführt. HKCR\TypeLib\{ff88a226-e094-43d2-a505-ac87aa1d0db2} (PUP.Optional.ReMarkIt.A) -> Keine Aktion durchgeführt. HKCR\Interface\{c3fa044c-4aa1-4f14-919a-52b45c362f00} (PUP.Optional.ReMarkIt.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FA1EDBD5-2DF4-43F8-AC31-CACF348A7D3D} (PUP.Optional.ReMarkIt.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FA1EDBD5-2DF4-43F8-AC31-CACF348A7D3D} (PUP.Optional.ReMarkIt.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 3 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|lollipop (Adware.LolliPop.IT) -> Daten: "c:\users\*******\appdata\local\lollipop\lollipop.exe" lollipop -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Daten: C:\Windows\SysWOW64\rundll32.exe "C:\Users\*******\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Keine Aktion durchgeführt. HKLM\SYSTEM\CurrentControlSet\Services\Wpm|ImagePath (PUP.Optional.WpManager.A) -> Daten: C:\ProgramData\WPM\wprotectmanager.exe -service -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 9 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.NationZoom.A) -> Bösartig: (hxxp://www.nationzoom.com/?type=hp&ts=1389777254&from=amt&uid=SamsungXSSDX840XEVOX250GB_S1DBNEADA15636K) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. HKCU\Software\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.NationZoom.A) -> Bösartig: (hxxp://www.nationzoom.com/?type=hp&ts=1389777254&from=amt&uid=SamsungXSSDX840XEVOX250GB_S1DBNEADA15636K) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command| (PUP.Optional.NationZoom.A) -> Bösartig: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.nationzoom.com/?type=sc&ts=1389777254&from=amt&uid=SamsungXSSDX840XEVOX250GB_S1DBNEADA15636K) Gut: (firefox.exe) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (PUP.Optional.NationZoom.A) -> Bösartig: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1389777254&from=amt&uid=SamsungXSSDX840XEVOX250GB_S1DBNEADA15636K) Gut: (iexplore.exe) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (PUP.Optional.NationZoom.A) -> Bösartig: (hxxp://www.nationzoom.com/web/?type=ds&ts=1389777254&from=amt&uid=SamsungXSSDX840XEVOX250GB_S1DBNEADA15636K&q={searchTerms}) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.NationZoom.A) -> Bösartig: (hxxp://www.nationzoom.com/?type=hp&ts=1389777254&from=amt&uid=SamsungXSSDX840XEVOX250GB_S1DBNEADA15636K) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bösartig: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Keine Aktion durchgeführt. HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.NationZoom.A) -> Bösartig: (hxxp://www.nationzoom.com/?type=hp&ts=1389777254&from=amt&uid=SamsungXSSDX840XEVOX250GB_S1DBNEADA15636K) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. HKLM\Software\Microsoft\Internet Explorer\Main|Search Page (PUP.Optional.NationZoom) -> Bösartig: (hxxp://www.nationzoom.com/web/?type=ds&ts=1389777254&from=amt&uid=SamsungXSSDX840XEVOX250GB_S1DBNEADA15636K&q={searchTerms}) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 3 C:\Users\*******\AppData\Local\Lollipop (Adware.LolliPop.IT) -> Keine Aktion durchgeführt. C:\Users\*******\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt. C:\Users\*******\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt. Infizierte Dateien: 19 C:\Users\*******\AppData\Local\SwvUpdater\Updater.exe (PUP.Optional.SoftwareUpdater) -> Keine Aktion durchgeführt. C:\Users\*******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4CNIGNP8\sam__2268_il104[1].exe (PUP.Optional.InstallMonetizer) -> Keine Aktion durchgeführt. C:\Users\*******\AppData\Local\Temp\fullpackage_temp1389777249\Baofeng.exe (PUP.Optional.NationZoom.A) -> Keine Aktion durchgeführt. C:\Users\*******\AppData\Local\Temp\fullpackage_temp1389777249\package1.zip (PUP.Optional.NationZoom.A) -> Keine Aktion durchgeführt. C:\Users\*******\AppData\Local\Temp\fullpackage_temp1389777249\UpDate.dll (PUP.Optional.SkyTech.A) -> Keine Aktion durchgeführt. C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Keine Aktion durchgeführt. C:\Users\*******\AppData\Local\Lollipop\lollipop.bat (Adware.LolliPop.IT) -> Keine Aktion durchgeführt. C:\Users\*******\AppData\Local\Lollipop\logo.ico (Adware.LolliPop.IT) -> Keine Aktion durchgeführt. C:\Users\*******\AppData\Local\Lollipop\lollipop.dat (Adware.LolliPop.IT) -> Keine Aktion durchgeführt. C:\Users\*******\AppData\Local\Lollipop\Lollipop.exe (Adware.LolliPop.IT) -> Keine Aktion durchgeführt. C:\Users\*******\AppData\Local\Lollipop\lollipop.lpd (Adware.LolliPop.IT) -> Keine Aktion durchgeführt. C:\Users\*******\AppData\Local\Lollipop\lollipop_cfg.lpd (Adware.LolliPop.IT) -> Keine Aktion durchgeführt. C:\Users\*******\AppData\Local\Lollipop\lollipop_ps.lpd (Adware.LolliPop.IT) -> Keine Aktion durchgeführt. C:\Windows\Tasks\Re-markit Update.job (PUP.Optional.ReMarkIt.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\nationzoom.xml (PUP.Optional.NationZoom.A) -> Keine Aktion durchgeführt. C:\ProgramData\WPM\wprotectmanager.exe (PUP.Optional.WpManager.A) -> Keine Aktion durchgeführt. C:\Users\*******\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt. C:\Users\*******\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt. C:\Users\*******\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt. (Ende) Hier die zweite Logfile, nach der "Säuberung": Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.16.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 ******* :: ******* [Administrator] 17.01.2014 08:27:17 mbam-log-2014-01-17 (08-27-17).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 474306 Laufzeit: 13 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
17.01.2014, 11:35
| #2 |
| /// the machine /// TB-Ausbilder    | WIN 7: Malware Lollipop mit Malwarebytes entfernt, ist es damit erledigt? hi,
__________________Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
17.01.2014, 11:48
| #3 |
| | WIN 7: Malware Lollipop mit Malwarebytes entfernt, ist es damit erledigt? Hallo,
__________________Code:
ATTFilter # AdwCleaner v3.017 - Bericht erstellt am 17/01/2014 um 11:39:41
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername :********
# Gestartet von : D:\Downloads-Firefox\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\Mobogenie
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Users\*******\AppData\Local\genienext
Ordner Gelöscht : C:\Users\*******\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\*******\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\*******\AppData\Local\SwvUpdater
Ordner Gelöscht : C:\Users\*******\Documents\Mobogenie
Datei Gelöscht : C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\rsutq5ig.default\user.js
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\*******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Classes\Applications\lollipop.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\supWPM
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\rsutq5ig.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [4113 octets] - [17/01/2014 11:39:18]
AdwCleaner[S0].txt - [3127 octets] - [17/01/2014 11:39:41]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3187 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x64
Ran by bsieling on 17.01.2014 at 11:41:54,98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\*******\AppData\Roaming\mozilla\firefox\profiles\rsutq5ig.default\minidumps [4 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.01.2014 at 11:44:50,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014 03
Ran by ******* (administrator) on ******* on 17-01-2014 11:45:29
Running from D:\Downloads-Firefox\erste aktion
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Spotify Ltd) C:\Users\*******\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(sw4you, Siegfried Weckmann) C:\Program Files (x86)\Hardcopy\hardcopy.exe
(Swyx Solutions AG) C:\Program Files (x86)\SwyxIt!\SwyxIt!.exe
(Dropbox, Inc.) C:\Users\*******\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Hardcopy\hcdll2_ex.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Stardock) C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
(Stardock) C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe
(Swyx Solutions AG) C:\Program Files (x86)\SwyxIt!\CLMgr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Swyx Solutions AG) C:\Program Files (x86)\SwyxIt!\ODialer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13519432 2013-04-12] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-06-08] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-16] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-01-14] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [684064 2012-07-18] (PDF Complete Inc)
HKLM-x32\...\Run: [RemoteControl10] - c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-14] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111136 2012-11-21] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [493088 2012-11-21] (CyberLink Corp.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Spotify] - C:\Users\*******\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-17] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\*******\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-17] (Spotify Ltd)
HKU\Sieling\...\Run: [THPanel] - C:\Program Files (x86)\Thunder Master\THPanel.exe [2050416 2012-07-13] (Palit Microsystems Ltd.)
Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk
ShortcutTarget: Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe ()
Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)
==================== Internet (Whitelisted) ====================
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Tcpip\Parameters: [DhcpNameServer] 192.0.0.99 192.0.0.100
FireFox:
========
FF ProfilePath: C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\rsutq5ig.default
FF Homepage: hxxp://pe.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\rsutq5ig.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-06]
FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\rsutq5ig.default\extensions\lightningnewtab@gmail.com.xpi
FF HKCU\...\Firefox\Extensions: [{ec2beeca-9971-43d1-9766-6a9ad543c90c}] - C:\Program Files (x86)\Re-markit\150.xpi
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
==================== Services (Whitelisted) =================
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [508016 2014-01-14] (Cherished Technololgy LIMITED)
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134624 2012-07-18] (PDF Complete Inc)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-04-12] (Realtek Semiconductor)
==================== Drivers (Whitelisted) ====================
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [27456 2012-08-27] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-17 11:44 - 2014-01-17 11:44 - 00000838 _____ C:\Users\*******\Desktop\JRT.txt
2014-01-17 11:41 - 2014-01-17 11:41 - 00000000 ____D C:\Windows\ERUNT
2014-01-17 11:38 - 2014-01-17 11:39 - 00000000 ____D C:\AdwCleaner
2014-01-17 08:23 - 2014-01-17 08:23 - 00000000 ____D C:\FRST
2014-01-17 08:21 - 2014-01-17 08:21 - 00000000 _____ C:\Users\*******\defogger_reenable
2014-01-16 15:35 - 2014-01-16 15:35 - 00000000 ____D C:\Users\*******\AppData\Roaming\Malwarebytes
2014-01-16 15:35 - 2014-01-16 15:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-16 15:35 - 2014-01-16 15:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-16 15:35 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-15 15:03 - 2014-01-15 15:03 - 00003584 _____ C:\Users\*******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-15 14:23 - 2014-01-15 14:23 - 00004808 _____ C:\Windows\SysWOW64\gaeffect.sti
2014-01-15 14:23 - 2014-01-15 14:23 - 00003176 _____ C:\Windows\SysWOW64\gafilter.sti
2014-01-15 14:23 - 2014-01-15 14:23 - 00000513 ____H C:\Windows\SysWOW64\ws344069.ocx
2014-01-15 14:23 - 2014-01-15 14:23 - 00000452 ____H C:\os466477.bin
2014-01-15 14:23 - 2014-01-15 14:23 - 00000000 ____D C:\Windows\PreviewSoft
2014-01-15 14:22 - 2014-01-16 16:00 - 00000229 _____ C:\Windows\ULEAD32.INI
2014-01-15 14:22 - 2014-01-15 14:22 - 00000000 ____D C:\Program Files (x86)\Ulead Systems
2014-01-15 14:21 - 2014-01-15 14:21 - 00000000 ____D C:\Windows\Noslip
2014-01-15 13:37 - 2014-01-15 14:19 - 00000000 ____D C:\Users\*******\Documents\psynetic-gifx
2014-01-15 13:37 - 2014-01-15 13:37 - 00000000 ____D C:\Users\*******\AppData\Local\psynetic-imageconverter
2014-01-15 13:36 - 2014-01-15 13:36 - 00000000 ____D C:\Program Files (x86)\psynetic
2014-01-15 11:28 - 2014-01-15 11:28 - 00000919 _____ C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2014-01-15 11:28 - 2014-01-15 11:28 - 00000000 ____D C:\Program Files\MediaInfo
2014-01-15 11:20 - 2014-01-15 11:20 - 00000000 ____D C:\Users\*******\Documents\SWF to GIF Animator
2014-01-15 10:19 - 2014-01-15 10:19 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
2014-01-15 10:19 - 2009-09-27 09:39 - 00415744 ___SH (The Public) C:\Windows\SysWOW64\avisynth.dll
2014-01-15 10:19 - 2005-07-14 12:31 - 00032256 ___SH C:\Windows\SysWOW64\AVSredirect.dll
2014-01-15 10:19 - 2004-02-22 10:11 - 00764416 ___SH (Abysmal Software) C:\Windows\SysWOW64\devil.dll
2014-01-15 10:19 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\Windows\SysWOW64\yv12vfw.dll
2014-01-15 10:19 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\Windows\SysWOW64\i420vfw.dll
2014-01-15 10:15 - 2014-01-15 10:15 - 00000000 ____D C:\Users\*******\Documents\eRightSoft
2014-01-15 10:15 - 2014-01-15 10:15 - 00000000 ____D C:\Users\*******\AppData\Local\cache
2014-01-15 10:15 - 2014-01-15 10:15 - 00000000 ____D C:\Users\*******\.android
2014-01-15 10:15 - 2014-01-15 10:15 - 00000000 ____D C:\Program Files (x86)\eRightSoft
2014-01-15 10:15 - 2014-01-15 10:15 - 00000000 _____ C:\Users\*******\daemonprocess.txt
2014-01-15 10:15 - 2012-10-05 19:54 - 00188416 __RSH C:\Windows\SysWOW64\winDCE32.dll
2014-01-15 10:15 - 2012-07-11 23:00 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Olepau32.ax
2014-01-15 10:15 - 2011-06-15 23:00 - 00163328 __RSH C:\Windows\SysWOW64\flvDX.dll
2014-01-15 10:15 - 2011-06-14 19:05 - 00121344 __RSH C:\Windows\SysWOW64\TAKDSDecoder.ax
2014-01-15 10:15 - 2011-02-11 10:26 - 00112128 __RSH C:\Windows\SysWOW64\OptimFROG.dll
2014-01-15 10:15 - 2010-01-06 23:00 - 00107520 __RSH C:\Windows\SysWOW64\TAKDSDecoder.dll
2014-01-15 10:15 - 2009-09-27 23:00 - 00143872 __RSH C:\Windows\SysWOW64\AviDX.ax
2014-01-15 10:15 - 2009-08-10 23:00 - 00352768 __RSH C:\Windows\SysWOW64\ac3DX.ax
2014-01-15 10:15 - 2009-03-17 10:38 - 00070656 __RSH C:\Windows\SysWOW64\RLAPEDec.ax
2014-01-15 10:15 - 2009-01-18 17:15 - 00120832 __RSH C:\Windows\SysWOW64\MPCDx.ax
2014-01-15 10:15 - 2009-01-18 12:03 - 00107520 __RSH C:\Windows\SysWOW64\RLMPCDec.ax
2014-01-15 10:15 - 2008-03-16 14:30 - 00216064 __RSH (MONOGRAM Multimedia, s.r.o.) C:\Windows\SysWOW64\nbDX.dll
2014-01-15 10:15 - 2007-02-21 12:47 - 00031232 __RSH (Hans Mayerl) C:\Windows\SysWOW64\msfDX.dll
2014-01-15 10:15 - 2006-08-16 15:53 - 00175104 __RSH () C:\Windows\SysWOW64\CoreAAC.ax
2014-01-15 10:15 - 2006-03-10 20:21 - 00195584 __RSH C:\Windows\SysWOW64\MatroskaDX.ax
2014-01-15 10:15 - 2006-01-12 23:00 - 00123904 __RSH (CoreCodec) C:\Windows\SysWOW64\AVCDX.ax
2014-01-15 10:15 - 2005-11-25 21:46 - 00161792 __RSH (Gabest) C:\Windows\SysWOW64\RealMediaDX.ax
2014-01-15 10:15 - 2005-02-22 17:55 - 00081920 __RSH C:\Windows\SysWOW64\aac_parser.ax
2014-01-15 10:15 - 2005-02-13 00:00 - 00186880 __RSH (RadLight) C:\Windows\SysWOW64\RLOgg.ax
2014-01-15 10:15 - 2005-02-13 00:00 - 00067584 __RSH (RadLight, LLC) C:\Windows\SysWOW64\RLTheoraDec.ax
2014-01-15 10:15 - 2005-02-13 00:00 - 00051712 __RSH C:\Windows\SysWOW64\RLSpeexDec.ax
2014-01-15 10:15 - 2005-02-06 00:00 - 00092672 __RSH (RadLight) C:\Windows\SysWOW64\RLVorbisDec.ax
2014-01-15 10:15 - 2005-01-18 00:26 - 00179200 __RSH (Gabest) C:\Windows\SysWOW64\DiracSplitter.ax
2014-01-15 10:15 - 2004-10-10 09:50 - 00278528 _____ (Real Networks, Inc) C:\Windows\SysWOW64\pncrt.dll
2014-01-15 10:15 - 2004-09-17 04:07 - 00090112 __RSH (-) C:\Windows\SysWOW64\TTADSSplitter.ax
2014-01-15 10:15 - 2004-08-22 11:56 - 00090112 __RSH (-) C:\Windows\SysWOW64\TTADSDecoder.ax
2014-01-15 10:15 - 2004-07-02 16:33 - 00327749 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\drvc.dll
2014-01-15 10:15 - 2004-04-27 16:03 - 00017408 __RSH (RadLight) C:\Windows\SysWOW64\RLOFRDec.ax
2014-01-15 10:15 - 2003-12-07 08:59 - 00097280 __RSH C:\Windows\SysWOW64\FLACDX.ax
2014-01-15 10:14 - 2014-01-15 10:14 - 00000000 ____D C:\ProgramData\IePluginService
2014-01-15 08:11 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 08:11 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 08:11 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 08:11 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 08:11 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 08:11 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 08:11 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 08:11 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 08:11 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-13 11:56 - 2009-08-19 23:50 - 00024416 ____R (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll
2014-01-10 10:03 - 2014-01-10 10:03 - 00000789 _____ C:\Users\*******\Desktop\Bilderliste - Verknüpfung.lnk
2014-01-10 10:03 - 2014-01-10 10:03 - 00000734 _____ C:\Users\*******\Desktop\Bilder_Kunden - Verknüpfung.lnk
2014-01-10 10:02 - 2013-09-23 08:12 - 00000269 _____ C:\Users\*******\Desktop\Luftfederbaelge.bat
2014-01-10 10:02 - 2013-07-26 10:20 - 00000261 _____ C:\Users\*******\Desktop\bilder-tecdoc.bat
2014-01-10 10:02 - 2013-07-16 14:51 - 00000257 _____ C:\Users\*******\Desktop\QR-Code.bat
2014-01-10 10:02 - 2013-03-04 08:55 - 00000260 _____ C:\Users\*******\Desktop\image_8x12.bat
2014-01-10 10:00 - 2014-01-10 10:49 - 00000264 _____ C:\Users\*******\Desktop\image_8x12_jpgs.bat
2014-01-09 14:45 - 2014-01-09 14:45 - 00000000 ____D C:\Users\*******\Documents\Fragmente
2014-01-08 08:19 - 2014-01-08 08:19 - 00000000 ____D C:\Users\*******\AppData\Local\NVIDIA Corporation
2014-01-08 08:18 - 2014-01-08 08:18 - 00000000 ____D C:\Users\*******\AppData\Local\NVIDIA
2014-01-08 08:18 - 2014-01-08 08:18 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2014-01-08 08:18 - 2013-12-10 03:15 - 00982232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-01-08 08:18 - 2013-12-10 03:14 - 01100248 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-01-08 08:18 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-01-08 08:18 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-01-08 08:18 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-01-08 08:18 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-01-08 08:18 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-01-08 08:18 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 30372640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 22960416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 18222008 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 15877216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 15230352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-01-08 08:17 - 2013-12-19 21:33 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 09700224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 09657464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 02698272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00882464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00879392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00852768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00847648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00479520 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00357152 _____ C:\Windows\system32\NvIFROpenGL.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00314656 _____ C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-01-08 08:17 - 2013-12-05 09:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-01-08 08:17 - 2013-12-05 09:42 - 00035104 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-01-08 08:17 - 2013-12-05 09:42 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-01-08 08:17 - 2013-11-28 14:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-01-08 08:17 - 2013-11-28 14:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-01-08 08:17 - 2013-11-22 09:36 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-01-08 08:16 - 2014-01-08 08:16 - 00000000 ____D C:\NVIDIA
2014-01-02 10:12 - 2014-01-02 10:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 12:20 - 2013-12-19 12:20 - 00590112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-12-19 12:02 - 2014-01-17 11:40 - 00000000 ____D C:\Users\*******\AppData\Roaming\Spotify
2013-12-19 12:02 - 2014-01-17 11:21 - 00000000 ____D C:\Users\*******\AppData\Local\Spotify
2013-12-19 12:02 - 2013-12-19 12:02 - 00001770 _____ C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
==================== One Month Modified Files and Folders =======
2014-01-17 11:44 - 2014-01-17 11:44 - 00000838 _____ C:\Users\*******\Desktop\JRT.txt
2014-01-17 11:41 - 2014-01-17 11:41 - 00000000 ____D C:\Windows\ERUNT
2014-01-17 11:40 - 2013-12-19 12:02 - 00000000 ____D C:\Users\*******\AppData\Roaming\Spotify
2014-01-17 11:40 - 2013-11-28 14:17 - 00000000 ____D C:\Users\*******\AppData\Roaming\Dropbox
2014-01-17 11:40 - 2013-11-26 18:29 - 00000000 ____D C:\ProgramData\PDFC
2014-01-17 11:40 - 2013-11-26 12:36 - 00000128 _____ C:\Windows\system32\config\netlogon.ftl
2014-01-17 11:40 - 2013-11-26 10:31 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-17 11:40 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-17 11:40 - 2009-07-14 05:51 - 00055048 _____ C:\Windows\setupact.log
2014-01-17 11:39 - 2014-01-17 11:38 - 00000000 ____D C:\AdwCleaner
2014-01-17 11:39 - 2013-11-26 12:43 - 00001003 _____ C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-17 11:39 - 2013-11-26 10:12 - 01134883 _____ C:\Windows\WindowsUpdate.log
2014-01-17 11:21 - 2013-12-19 12:02 - 00000000 ____D C:\Users\*******\AppData\Local\Spotify
2014-01-17 10:11 - 2009-07-14 05:45 - 00016768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-17 10:11 - 2009-07-14 05:45 - 00016768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-17 10:10 - 2013-11-26 18:05 - 00701206 _____ C:\Windows\system32\perfh007.dat
2014-01-17 10:10 - 2013-11-26 18:05 - 00149500 _____ C:\Windows\system32\perfc007.dat
2014-01-17 10:10 - 2009-07-14 06:13 - 01624666 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-17 08:23 - 2014-01-17 08:23 - 00000000 ____D C:\FRST
2014-01-17 08:21 - 2014-01-17 08:21 - 00000000 _____ C:\Users\*******\defogger_reenable
2014-01-17 08:21 - 2013-11-26 12:43 - 00000000 ____D C:\Users\*******
2014-01-16 16:18 - 2010-11-21 04:47 - 00014138 _____ C:\Windows\PFRO.log
2014-01-16 16:18 - 2009-07-14 05:45 - 05024352 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 16:01 - 2013-11-26 12:44 - 00120480 _____ C:\Users\*******\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-16 16:00 - 2014-01-15 14:22 - 00000229 _____ C:\Windows\ULEAD32.INI
2014-01-16 16:00 - 2013-11-26 18:26 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-16 15:56 - 2013-11-28 14:17 - 00000000 ____D C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-16 15:56 - 2013-11-26 12:43 - 00000000 ___RD C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-16 15:55 - 2013-12-05 11:57 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleFor*******.job
2014-01-16 15:35 - 2014-01-16 15:35 - 00000000 ____D C:\Users\*******\AppData\Roaming\Malwarebytes
2014-01-16 15:35 - 2014-01-16 15:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-16 15:35 - 2014-01-16 15:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-16 15:07 - 2013-12-03 17:45 - 00001456 _____ C:\Users\*******\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2014-01-16 13:18 - 2013-11-26 12:43 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7BA77F9B-408A-4EC5-8B5E-B7B33D6EE6DA}
2014-01-16 11:03 - 2013-12-05 11:57 - 00003204 _____ C:\Windows\System32\Tasks\HPCeeScheduleFor*******
2014-01-16 11:03 - 2013-11-28 12:14 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2014-01-15 15:03 - 2014-01-15 15:03 - 00003584 _____ C:\Users\*******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-15 14:23 - 2014-01-15 14:23 - 00004808 _____ C:\Windows\SysWOW64\gaeffect.sti
2014-01-15 14:23 - 2014-01-15 14:23 - 00003176 _____ C:\Windows\SysWOW64\gafilter.sti
2014-01-15 14:23 - 2014-01-15 14:23 - 00000513 ____H C:\Windows\SysWOW64\ws344069.ocx
2014-01-15 14:23 - 2014-01-15 14:23 - 00000452 ____H C:\os466477.bin
2014-01-15 14:23 - 2014-01-15 14:23 - 00000000 ____D C:\Windows\PreviewSoft
2014-01-15 14:22 - 2014-01-15 14:22 - 00000000 ____D C:\Program Files (x86)\Ulead Systems
2014-01-15 14:21 - 2014-01-15 14:21 - 00000000 ____D C:\Windows\Noslip
2014-01-15 14:19 - 2014-01-15 13:37 - 00000000 ____D C:\Users\*******\Documents\psynetic-gifx
2014-01-15 13:40 - 2013-11-26 13:55 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-15 13:40 - 2013-11-26 11:00 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 13:39 - 2013-11-26 11:00 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 13:37 - 2014-01-15 13:37 - 00000000 ____D C:\Users\*******\AppData\Local\psynetic-imageconverter
2014-01-15 13:36 - 2014-01-15 13:36 - 00000000 ____D C:\Program Files (x86)\psynetic
2014-01-15 13:31 - 2013-11-28 16:27 - 00000000 ____D C:\Users\*******\AppData\Roaming\vlc
2014-01-15 11:28 - 2014-01-15 11:28 - 00000919 _____ C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2014-01-15 11:28 - 2014-01-15 11:28 - 00000000 ____D C:\Program Files\MediaInfo
2014-01-15 11:20 - 2014-01-15 11:20 - 00000000 ____D C:\Users\*******\Documents\SWF to GIF Animator
2014-01-15 10:19 - 2014-01-15 10:19 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
2014-01-15 10:15 - 2014-01-15 10:15 - 00000000 ____D C:\Users\*******\Documents\eRightSoft
2014-01-15 10:15 - 2014-01-15 10:15 - 00000000 ____D C:\Users\*******\AppData\Local\cache
2014-01-15 10:15 - 2014-01-15 10:15 - 00000000 ____D C:\Users\*******\.android
2014-01-15 10:15 - 2014-01-15 10:15 - 00000000 ____D C:\Program Files (x86)\eRightSoft
2014-01-15 10:15 - 2014-01-15 10:15 - 00000000 _____ C:\Users\*******\daemonprocess.txt
2014-01-15 10:14 - 2014-01-15 10:14 - 00000000 ____D C:\ProgramData\IePluginService
2014-01-13 09:09 - 2013-11-28 13:36 - 00000000 ____D C:\Users\*******\AppData\Roaming\FileZilla
2014-01-10 10:53 - 2013-12-05 08:13 - 00000000 ____D C:\Bilder_Kunden
2014-01-10 10:53 - 2013-12-05 08:13 - 00000000 _____ C:\Bilderliste.txt
2014-01-10 10:49 - 2014-01-10 10:00 - 00000264 _____ C:\Users\*******\Desktop\image_8x12_jpgs.bat
2014-01-10 10:03 - 2014-01-10 10:03 - 00000789 _____ C:\Users\*******\Desktop\Bilderliste - Verknüpfung.lnk
2014-01-10 10:03 - 2014-01-10 10:03 - 00000734 _____ C:\Users\*******\Desktop\Bilder_Kunden - Verknüpfung.lnk
2014-01-09 14:45 - 2014-01-09 14:45 - 00000000 ____D C:\Users\*******\Documents\Fragmente
2014-01-09 14:45 - 2013-11-26 12:43 - 00000000 ____D C:\Users\*******\AppData\Roaming\Adobe
2014-01-08 08:19 - 2014-01-08 08:19 - 00000000 ____D C:\Users\*******\AppData\Local\NVIDIA Corporation
2014-01-08 08:19 - 2013-11-26 10:31 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2014-01-08 08:18 - 2014-01-08 08:18 - 00000000 ____D C:\Users\*******\AppData\Local\NVIDIA
2014-01-08 08:18 - 2014-01-08 08:18 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2014-01-08 08:18 - 2013-11-26 10:31 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2014-01-08 08:18 - 2013-11-26 10:28 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2014-01-08 08:16 - 2014-01-08 08:16 - 00000000 ____D C:\NVIDIA
2014-01-07 14:42 - 2013-12-02 14:22 - 00000000 ____D C:\Users\*******\AppData\Roaming\ImgBurn
2014-01-03 08:02 - 2013-11-26 11:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-02 10:12 - 2014-01-02 10:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 21:33 - 2014-01-08 08:17 - 30372640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 22960416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 18222008 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 15877216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 15230352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-12-19 21:33 - 2014-01-08 08:17 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 09700224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 09657464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 02698272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 00882464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 00879392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 00852768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 00847648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 00479520 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 00357152 _____ C:\Windows\system32\NvIFROpenGL.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 00314656 _____ C:\Windows\SysWOW64\NvIFROpenGL.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-12-19 21:33 - 2014-01-08 08:17 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-12-19 21:33 - 2013-11-26 10:30 - 03071656 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-12-19 21:33 - 2013-11-26 10:30 - 01436528 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-12-19 21:33 - 2013-11-26 10:30 - 00023754 _____ C:\Windows\system32\nvinfo.pb
2013-12-19 21:33 - 2013-10-27 09:12 - 18310112 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-12-19 19:53 - 2013-11-26 10:31 - 06671648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-12-19 19:53 - 2013-11-26 10:31 - 03490080 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-12-19 19:53 - 2013-11-26 10:31 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-12-19 19:53 - 2013-11-26 10:31 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-12-19 19:53 - 2013-11-26 10:31 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-12-19 19:53 - 2013-11-26 10:31 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-12-19 12:20 - 2013-12-19 12:20 - 00590112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-12-19 12:02 - 2013-12-19 12:02 - 00001770 _____ C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-12-19 07:56 - 2013-11-29 11:26 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-19 07:56 - 2013-11-29 11:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-19 06:01 - 2013-11-26 10:31 - 03539040 _____ C:\Windows\system32\nvcoproc.bin
Some content of TEMP:
====================
C:\Users\*******\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\*******\AppData\Local\Temp\MSETUP4.EXE
C:\Users\*******\AppData\Local\Temp\nvStInst.exe
C:\Users\*******\AppData\Local\Temp\Quarantine.exe
C:\Users\*******\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-09 12:11
==================== End Of Log ============================
--- --- --- |
|
18.01.2014, 07:15
| #4 |
| /// the machine /// TB-Ausbilder | WIN 7: Malware Lollipop mit Malwarebytes entfernt, ist es damit erledigt?ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.01.2014, 08:57
| #5 |
| | WIN 7: Malware Lollipop mit Malwarebytes entfernt, ist es damit erledigt? Hallo, Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f6364b90f8b2f646a23b1b73b307fd06
# engine=16712
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-20 07:41:06
# local_time=2014-01-20 08:41:06 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 247833 141833516 0 0
# scanned=307060
# found=1
# cleaned=0
# scan_time=2046
sh=B0602875E4EF116F0F7263FEA95FD2F8203B30C3 ft=1 fh=36ffc9a8304553cf vn="a variant of Win32/Skintrim.LV trojan" ac=I fn="C:\Users\*******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXLITAPF\download[1].php"
Code:
ATTFilter Results of screen317's Security Check version 0.99.79 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 11.9.900.170 Mozilla Firefox (26.0) ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014 04
Ran by ******* (administrator) on ******* on 20-01-2014 08:55:54
Running from D:\Downloads-Firefox\erste aktion
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Spotify Ltd) C:\Users\*******\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(sw4you, Siegfried Weckmann) C:\Program Files (x86)\Hardcopy\hardcopy.exe
(Swyx Solutions AG) C:\Program Files (x86)\SwyxIt!\SwyxIt!.exe
(Dropbox, Inc.) C:\Users\*******\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
() C:\Program Files (x86)\Hardcopy\hcdll2_ex.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Stardock) C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
(Swyx Solutions AG) C:\Program Files (x86)\SwyxIt!\CLMgr.exe
(Stardock) C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Swyx Solutions AG) C:\Program Files (x86)\SwyxIt!\ODialer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13519432 2013-04-12] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-06-08] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-16] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-01-14] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [684064 2012-07-18] (PDF Complete Inc)
HKLM-x32\...\Run: [RemoteControl10] - c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-14] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111136 2012-11-21] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [493088 2012-11-21] (CyberLink Corp.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Spotify] - C:\Users\*******\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-17] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\*******\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-17] (Spotify Ltd)
MountPoints2: {590c8642-56c2-11e3-abe7-806e6f6e6963} - Z:\autorun.bat
HKU\Sieling\...\Run: [THPanel] - C:\Program Files (x86)\Thunder Master\THPanel.exe [2050416 2012-07-13] (Palit Microsystems Ltd.)
Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk
ShortcutTarget: Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe ()
Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)
==================== Internet (Whitelisted) ====================
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Tcpip\Parameters: [DhcpNameServer] 192.0.0.99 192.0.0.100
FireFox:
========
FF ProfilePath: C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\rsutq5ig.default
FF Homepage: hxxp://pe.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\rsutq5ig.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-06]
FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\rsutq5ig.default\extensions\lightningnewtab@gmail.com.xpi
FF HKCU\...\Firefox\Extensions: [{ec2beeca-9971-43d1-9766-6a9ad543c90c}] - C:\Program Files (x86)\Re-markit\150.xpi
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
==================== Services (Whitelisted) =================
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [508016 2014-01-14] (Cherished Technololgy LIMITED)
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134624 2012-07-18] (PDF Complete Inc)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-04-12] (Realtek Semiconductor)
==================== Drivers (Whitelisted) ====================
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [27456 2012-08-27] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-20 08:05 - 2014-01-20 08:05 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-17 11:44 - 2014-01-17 11:44 - 00000838 _____ C:\Users\*******\Desktop\JRT.txt
2014-01-17 11:41 - 2014-01-17 11:41 - 00000000 ____D C:\Windows\ERUNT
2014-01-17 11:38 - 2014-01-17 11:39 - 00000000 ____D C:\AdwCleaner
2014-01-17 08:23 - 2014-01-20 08:55 - 00000000 ____D C:\FRST
2014-01-17 08:21 - 2014-01-17 08:21 - 00000000 _____ C:\Users\*******\defogger_reenable
2014-01-16 15:35 - 2014-01-16 15:35 - 00000000 ____D C:\Users\*******\AppData\Roaming\Malwarebytes
2014-01-16 15:35 - 2014-01-16 15:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-16 15:35 - 2014-01-16 15:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-16 15:35 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-15 15:03 - 2014-01-15 15:03 - 00003584 _____ C:\Users\*******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-15 14:23 - 2014-01-15 14:23 - 00004808 _____ C:\Windows\SysWOW64\gaeffect.sti
2014-01-15 14:23 - 2014-01-15 14:23 - 00003176 _____ C:\Windows\SysWOW64\gafilter.sti
2014-01-15 14:23 - 2014-01-15 14:23 - 00000513 ____H C:\Windows\SysWOW64\ws344069.ocx
2014-01-15 14:23 - 2014-01-15 14:23 - 00000452 ____H C:\os466477.bin
2014-01-15 14:23 - 2014-01-15 14:23 - 00000000 ____D C:\Windows\PreviewSoft
2014-01-15 14:22 - 2014-01-16 16:00 - 00000229 _____ C:\Windows\ULEAD32.INI
2014-01-15 14:22 - 2014-01-15 14:22 - 00000000 ____D C:\Program Files (x86)\Ulead Systems
2014-01-15 14:21 - 2014-01-15 14:21 - 00000000 ____D C:\Windows\Noslip
2014-01-15 13:37 - 2014-01-15 14:19 - 00000000 ____D C:\Users\*******\Documents\psynetic-gifx
2014-01-15 13:37 - 2014-01-15 13:37 - 00000000 ____D C:\Users\*******\AppData\Local\psynetic-imageconverter
2014-01-15 13:36 - 2014-01-15 13:36 - 00000000 ____D C:\Program Files (x86)\psynetic
2014-01-15 11:28 - 2014-01-15 11:28 - 00000919 _____ C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2014-01-15 11:28 - 2014-01-15 11:28 - 00000000 ____D C:\Program Files\MediaInfo
2014-01-15 11:20 - 2014-01-15 11:20 - 00000000 ____D C:\Users\*******\Documents\SWF to GIF Animator
2014-01-15 10:19 - 2014-01-15 10:19 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
2014-01-15 10:19 - 2009-09-27 09:39 - 00415744 ___SH (The Public) C:\Windows\SysWOW64\avisynth.dll
2014-01-15 10:19 - 2005-07-14 12:31 - 00032256 ___SH C:\Windows\SysWOW64\AVSredirect.dll
2014-01-15 10:19 - 2004-02-22 10:11 - 00764416 ___SH (Abysmal Software) C:\Windows\SysWOW64\devil.dll
2014-01-15 10:19 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\Windows\SysWOW64\yv12vfw.dll
2014-01-15 10:19 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\Windows\SysWOW64\i420vfw.dll
2014-01-15 10:15 - 2014-01-15 10:15 - 00000000 ____D C:\Users\*******\Documents\eRightSoft
2014-01-15 10:15 - 2014-01-15 10:15 - 00000000 ____D C:\Users\*******\AppData\Local\cache
2014-01-15 10:15 - 2014-01-15 10:15 - 00000000 ____D C:\Users\*******\.android
2014-01-15 10:15 - 2014-01-15 10:15 - 00000000 ____D C:\Program Files (x86)\eRightSoft
2014-01-15 10:15 - 2014-01-15 10:15 - 00000000 _____ C:\Users\*******\daemonprocess.txt
2014-01-15 10:15 - 2012-10-05 19:54 - 00188416 __RSH C:\Windows\SysWOW64\winDCE32.dll
2014-01-15 10:15 - 2012-07-11 23:00 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Olepau32.ax
2014-01-15 10:15 - 2011-06-15 23:00 - 00163328 __RSH C:\Windows\SysWOW64\flvDX.dll
2014-01-15 10:15 - 2011-06-14 19:05 - 00121344 __RSH C:\Windows\SysWOW64\TAKDSDecoder.ax
2014-01-15 10:15 - 2011-02-11 10:26 - 00112128 __RSH C:\Windows\SysWOW64\OptimFROG.dll
2014-01-15 10:15 - 2010-01-06 23:00 - 00107520 __RSH C:\Windows\SysWOW64\TAKDSDecoder.dll
2014-01-15 10:15 - 2009-09-27 23:00 - 00143872 __RSH C:\Windows\SysWOW64\AviDX.ax
2014-01-15 10:15 - 2009-08-10 23:00 - 00352768 __RSH C:\Windows\SysWOW64\ac3DX.ax
2014-01-15 10:15 - 2009-03-17 10:38 - 00070656 __RSH C:\Windows\SysWOW64\RLAPEDec.ax
2014-01-15 10:15 - 2009-01-18 17:15 - 00120832 __RSH C:\Windows\SysWOW64\MPCDx.ax
2014-01-15 10:15 - 2009-01-18 12:03 - 00107520 __RSH C:\Windows\SysWOW64\RLMPCDec.ax
2014-01-15 10:15 - 2008-03-16 14:30 - 00216064 __RSH (MONOGRAM Multimedia, s.r.o.) C:\Windows\SysWOW64\nbDX.dll
2014-01-15 10:15 - 2007-02-21 12:47 - 00031232 __RSH (Hans Mayerl) C:\Windows\SysWOW64\msfDX.dll
2014-01-15 10:15 - 2006-08-16 15:53 - 00175104 __RSH () C:\Windows\SysWOW64\CoreAAC.ax
2014-01-15 10:15 - 2006-03-10 20:21 - 00195584 __RSH C:\Windows\SysWOW64\MatroskaDX.ax
2014-01-15 10:15 - 2006-01-12 23:00 - 00123904 __RSH (CoreCodec) C:\Windows\SysWOW64\AVCDX.ax
2014-01-15 10:15 - 2005-11-25 21:46 - 00161792 __RSH (Gabest) C:\Windows\SysWOW64\RealMediaDX.ax
2014-01-15 10:15 - 2005-02-22 17:55 - 00081920 __RSH C:\Windows\SysWOW64\aac_parser.ax
2014-01-15 10:15 - 2005-02-13 00:00 - 00186880 __RSH (RadLight) C:\Windows\SysWOW64\RLOgg.ax
2014-01-15 10:15 - 2005-02-13 00:00 - 00067584 __RSH (RadLight, LLC) C:\Windows\SysWOW64\RLTheoraDec.ax
2014-01-15 10:15 - 2005-02-13 00:00 - 00051712 __RSH C:\Windows\SysWOW64\RLSpeexDec.ax
2014-01-15 10:15 - 2005-02-06 00:00 - 00092672 __RSH (RadLight) C:\Windows\SysWOW64\RLVorbisDec.ax
2014-01-15 10:15 - 2005-01-18 00:26 - 00179200 __RSH (Gabest) C:\Windows\SysWOW64\DiracSplitter.ax
2014-01-15 10:15 - 2004-10-10 09:50 - 00278528 _____ (Real Networks, Inc) C:\Windows\SysWOW64\pncrt.dll
2014-01-15 10:15 - 2004-09-17 04:07 - 00090112 __RSH (-) C:\Windows\SysWOW64\TTADSSplitter.ax
2014-01-15 10:15 - 2004-08-22 11:56 - 00090112 __RSH (-) C:\Windows\SysWOW64\TTADSDecoder.ax
2014-01-15 10:15 - 2004-07-02 16:33 - 00327749 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\drvc.dll
2014-01-15 10:15 - 2004-04-27 16:03 - 00017408 __RSH (RadLight) C:\Windows\SysWOW64\RLOFRDec.ax
2014-01-15 10:15 - 2003-12-07 08:59 - 00097280 __RSH C:\Windows\SysWOW64\FLACDX.ax
2014-01-15 10:14 - 2014-01-15 10:14 - 00000000 ____D C:\ProgramData\IePluginService
2014-01-15 08:11 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 08:11 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 08:11 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 08:11 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 08:11 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 08:11 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 08:11 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 08:11 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 08:11 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-13 11:56 - 2009-08-19 23:50 - 00024416 ____R (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll
2014-01-10 10:03 - 2014-01-10 10:03 - 00000789 _____ C:\Users\*******\Desktop\Bilderliste - Verknüpfung.lnk
2014-01-10 10:03 - 2014-01-10 10:03 - 00000734 _____ C:\Users\*******\Desktop\Bilder_Kunden - Verknüpfung.lnk
2014-01-10 10:02 - 2013-09-23 08:12 - 00000269 _____ C:\Users\*******\Desktop\Luftfederbaelge.bat
2014-01-10 10:02 - 2013-07-26 10:20 - 00000261 _____ C:\Users\*******\Desktop\bilder-tecdoc.bat
2014-01-10 10:02 - 2013-07-16 14:51 - 00000257 _____ C:\Users\*******\Desktop\QR-Code.bat
2014-01-10 10:02 - 2013-03-04 08:55 - 00000260 _____ C:\Users\*******\Desktop\image_8x12.bat
2014-01-10 10:00 - 2014-01-10 10:49 - 00000264 _____ C:\Users\*******\Desktop\image_8x12_jpgs.bat
2014-01-09 14:45 - 2014-01-09 14:45 - 00000000 ____D C:\Users\*******\Documents\Fragmente
2014-01-08 08:19 - 2014-01-08 08:19 - 00000000 ____D C:\Users\*******\AppData\Local\NVIDIA Corporation
2014-01-08 08:18 - 2014-01-08 08:18 - 00000000 ____D C:\Users\*******\AppData\Local\NVIDIA
2014-01-08 08:18 - 2014-01-08 08:18 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2014-01-08 08:18 - 2013-12-10 03:15 - 00982232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-01-08 08:18 - 2013-12-10 03:14 - 01100248 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-01-08 08:18 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-01-08 08:18 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-01-08 08:18 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-01-08 08:18 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-01-08 08:18 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-01-08 08:18 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 30372640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 22960416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 18222008 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 15877216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 15230352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-01-08 08:17 - 2013-12-19 21:33 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 09700224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 09657464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 02698272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00882464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00879392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00852768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00847648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00479520 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00357152 _____ C:\Windows\system32\NvIFROpenGL.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00314656 _____ C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-01-08 08:17 - 2013-12-19 21:33 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-01-08 08:17 - 2013-12-05 09:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-01-08 08:17 - 2013-12-05 09:42 - 00035104 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-01-08 08:17 - 2013-12-05 09:42 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-01-08 08:17 - 2013-11-28 14:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-01-08 08:17 - 2013-11-28 14:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-01-08 08:17 - 2013-11-22 09:36 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-01-08 08:16 - 2014-01-08 08:16 - 00000000 ____D C:\NVIDIA
2014-01-02 10:12 - 2014-01-02 10:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-01-20 08:55 - 2014-01-17 08:23 - 00000000 ____D C:\FRST
2014-01-20 08:05 - 2014-01-20 08:05 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-20 08:04 - 2009-07-14 05:45 - 00016768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-20 08:04 - 2009-07-14 05:45 - 00016768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-20 08:03 - 2013-11-26 18:05 - 00701206 _____ C:\Windows\system32\perfh007.dat
2014-01-20 08:03 - 2013-11-26 18:05 - 00149500 _____ C:\Windows\system32\perfc007.dat
2014-01-20 08:03 - 2009-07-14 06:13 - 01624666 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-20 08:02 - 2013-11-26 12:43 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7BA77F9B-408A-4EC5-8B5E-B7B33D6EE6DA}
2014-01-20 08:01 - 2013-11-26 10:12 - 01156003 _____ C:\Windows\WindowsUpdate.log
2014-01-20 07:58 - 2013-12-19 12:02 - 00000000 ____D C:\Users\*******\AppData\Roaming\Spotify
2014-01-20 07:58 - 2013-11-28 14:17 - 00000000 ____D C:\Users\*******\AppData\Roaming\Dropbox
2014-01-20 07:57 - 2013-11-26 18:29 - 00000000 ____D C:\ProgramData\PDFC
2014-01-20 07:57 - 2013-11-26 12:36 - 00000128 _____ C:\Windows\system32\config\netlogon.ftl
2014-01-20 07:57 - 2013-11-26 10:31 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-20 07:57 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-20 07:57 - 2009-07-14 05:51 - 00055216 _____ C:\Windows\setupact.log
2014-01-17 11:44 - 2014-01-17 11:44 - 00000838 _____ C:\Users\*******\Desktop\JRT.txt
2014-01-17 11:41 - 2014-01-17 11:41 - 00000000 ____D C:\Windows\ERUNT
2014-01-17 11:39 - 2014-01-17 11:38 - 00000000 ____D C:\AdwCleaner
2014-01-17 11:39 - 2013-11-26 12:43 - 00001003 _____ C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-17 11:21 - 2013-12-19 12:02 - 00000000 ____D C:\Users\*******\AppData\Local\Spotify
2014-01-17 08:21 - 2014-01-17 08:21 - 00000000 _____ C:\Users\*******\defogger_reenable
2014-01-17 08:21 - 2013-11-26 12:43 - 00000000 ____D C:\Users\*******
2014-01-16 16:18 - 2010-11-21 04:47 - 00014138 _____ C:\Windows\PFRO.log
2014-01-16 16:18 - 2009-07-14 05:45 - 05024352 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 16:01 - 2013-11-26 12:44 - 00120480 _____ C:\Users\*******\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-16 16:00 - 2014-01-15 14:22 - 00000229 _____ C:\Windows\ULEAD32.INI
2014-01-16 16:00 - 2013-11-26 18:26 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-16 15:56 - 2013-11-28 14:17 - 00000000 ____D C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-16 15:56 - 2013-11-26 12:43 - 00000000 ___RD C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-16 15:55 - 2013-12-05 11:57 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleFor*******.job
2014-01-16 15:35 - 2014-01-16 15:35 - 00000000 ____D C:\Users\*******\AppData\Roaming\Malwarebytes
2014-01-16 15:35 - 2014-01-16 15:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-16 15:35 - 2014-01-16 15:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-16 15:07 - 2013-12-03 17:45 - 00001456 _____ C:\Users\*******\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2014-01-16 11:03 - 2013-12-05 11:57 - 00003204 _____ C:\Windows\System32\Tasks\HPCeeScheduleFor*******
2014-01-16 11:03 - 2013-11-28 12:14 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2014-01-15 15:03 - 2014-01-15 15:03 - 00003584 _____ C:\Users\*******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-15 14:23 - 2014-01-15 14:23 - 00004808 _____ C:\Windows\SysWOW64\gaeffect.sti
2014-01-15 14:23 - 2014-01-15 14:23 - 00003176 _____ C:\Windows\SysWOW64\gafilter.sti
2014-01-15 14:23 - 2014-01-15 14:23 - 00000513 ____H C:\Windows\SysWOW64\ws344069.ocx
2014-01-15 14:23 - 2014-01-15 14:23 - 00000452 ____H C:\os466477.bin
2014-01-15 14:23 - 2014-01-15 14:23 - 00000000 ____D C:\Windows\PreviewSoft
2014-01-15 14:22 - 2014-01-15 14:22 - 00000000 ____D C:\Program Files (x86)\Ulead Systems
2014-01-15 14:21 - 2014-01-15 14:21 - 00000000 ____D C:\Windows\Noslip
2014-01-15 14:19 - 2014-01-15 13:37 - 00000000 ____D C:\Users\*******\Documents\psynetic-gifx
2014-01-15 13:40 - 2013-11-26 13:55 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-15 13:40 - 2013-11-26 11:00 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 13:39 - 2013-11-26 11:00 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 13:37 - 2014-01-15 13:37 - 00000000 ____D C:\Users\*******\AppData\Local\psynetic-imageconverter
2014-01-15 13:36 - 2014-01-15 13:36 - 00000000 ____D C:\Program Files (x86)\psynetic
2014-01-15 13:31 - 2013-11-28 16:27 - 00000000 ____D C:\Users\*******\AppData\Roaming\vlc
2014-01-15 11:28 - 2014-01-15 11:28 - 00000919 _____ C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2014-01-15 11:28 - 2014-01-15 11:28 - 00000000 ____D C:\Program Files\MediaInfo
2014-01-15 11:20 - 2014-01-15 11:20 - 00000000 ____D C:\Users\*******\Documents\SWF to GIF Animator
2014-01-15 10:19 - 2014-01-15 10:19 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
2014-01-15 10:15 - 2014-01-15 10:15 - 00000000 ____D C:\Users\*******\Documents\eRightSoft
2014-01-15 10:15 - 2014-01-15 10:15 - 00000000 ____D C:\Users\*******\AppData\Local\cache
2014-01-15 10:15 - 2014-01-15 10:15 - 00000000 ____D C:\Users\*******\.android
2014-01-15 10:15 - 2014-01-15 10:15 - 00000000 ____D C:\Program Files (x86)\eRightSoft
2014-01-15 10:15 - 2014-01-15 10:15 - 00000000 _____ C:\Users\*******\daemonprocess.txt
2014-01-15 10:14 - 2014-01-15 10:14 - 00000000 ____D C:\ProgramData\IePluginService
2014-01-13 09:09 - 2013-11-28 13:36 - 00000000 ____D C:\Users\*******\AppData\Roaming\FileZilla
2014-01-10 10:53 - 2013-12-05 08:13 - 00000000 ____D C:\Bilder_Kunden
2014-01-10 10:53 - 2013-12-05 08:13 - 00000000 _____ C:\Bilderliste.txt
2014-01-10 10:49 - 2014-01-10 10:00 - 00000264 _____ C:\Users\*******\Desktop\image_8x12_jpgs.bat
2014-01-10 10:03 - 2014-01-10 10:03 - 00000789 _____ C:\Users\*******\Desktop\Bilderliste - Verknüpfung.lnk
2014-01-10 10:03 - 2014-01-10 10:03 - 00000734 _____ C:\Users\*******\Desktop\Bilder_Kunden - Verknüpfung.lnk
2014-01-09 14:45 - 2014-01-09 14:45 - 00000000 ____D C:\Users\*******\Documents\Fragmente
2014-01-09 14:45 - 2013-11-26 12:43 - 00000000 ____D C:\Users\*******\AppData\Roaming\Adobe
2014-01-08 08:19 - 2014-01-08 08:19 - 00000000 ____D C:\Users\*******\AppData\Local\NVIDIA Corporation
2014-01-08 08:19 - 2013-11-26 10:31 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2014-01-08 08:18 - 2014-01-08 08:18 - 00000000 ____D C:\Users\*******\AppData\Local\NVIDIA
2014-01-08 08:18 - 2014-01-08 08:18 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2014-01-08 08:18 - 2013-11-26 10:31 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2014-01-08 08:18 - 2013-11-26 10:28 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2014-01-08 08:16 - 2014-01-08 08:16 - 00000000 ____D C:\NVIDIA
2014-01-07 14:42 - 2013-12-02 14:22 - 00000000 ____D C:\Users\*******\AppData\Roaming\ImgBurn
2014-01-03 08:02 - 2013-11-26 11:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-02 10:12 - 2014-01-02 10:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
Some content of TEMP:
====================
C:\Users\*******\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\*******\AppData\Local\Temp\MSETUP4.EXE
C:\Users\*******\AppData\Local\Temp\nvStInst.exe
C:\Users\*******\AppData\Local\Temp\Quarantine.exe
C:\Users\*******\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-09 12:11
==================== End Of Log ============================
--- --- --- |
|
21.01.2014, 09:26
| #6 |
| /// the machine /// TB-Ausbilder | WIN 7: Malware Lollipop mit Malwarebytes entfernt, ist es damit erledigt? Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> WIN 7: Malware Lollipop mit Malwarebytes entfernt, ist es damit erledigt? |
|
21.01.2014, 10:13
| #7 |
| | WIN 7: Malware Lollipop mit Malwarebytes entfernt, ist es damit erledigt? Nachdem ich die letzten Schritte der Anweisung vollzogen habe und alles geklappt hat, sind wir wohl durch. Danke hxxp://www.trojaner-board.de/148342-vielen-dank-schrauber.htmlhxxp:// |
|
21.01.2014, 17:35
| #8 |
| /// the machine /// TB-Ausbilder | WIN 7: Malware Lollipop mit Malwarebytes entfernt, ist es damit erledigt? Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu WIN 7: Malware Lollipop mit Malwarebytes entfernt, ist es damit erledigt? |
| adblock, adware.lollipop.it, browser, chip.de, excel, iepluginservice, installation, kunde, lightning, lollipop.exe, m.s./m.s.pro/hg, mobogenie, mobogenie entfernen, nationzoom, nationzoom entfernen, pup.optional.installmonetizer, pup.optional.nationzoom, pup.optional.nationzoom.a, pup.optional.nextlive.a, pup.optional.qone8, pup.optional.remarkit.a, pup.optional.skytech.a, pup.optional.softwareupdater, pup.optional.wpmanager.a, pup.software.updater, re-markit, richtlinie, spotify web helper, svchost.exe |
Linear-Darstellung
