| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Internetverbindung über Port 8877 unter WIN 8.1Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
31.01.2014, 15:19
| #16 |
| /// Malwareteam   |  Internetverbindung über Port 8877 unter WIN 8.1 Hallo ich werde das Problem mal intern bei uns durchsprechen. du sagst dass das Problem erst dann auftritt wenn du einen Browser startest. Daher möchte ich die Shortcuts der Programme mal überprüfen Downloade dir bitte Shortcut Cleaner (by Grinler) auf deinen Desktop.
Nachtrag: in deinem ersten Post war die Additions.txt leer. Bitte Scanne das System nochmals mit FRST, setzte dazu den Haken bei Adittions.txt und drücke SCAN. Poste beide Logfiles hier Geändert von Aneri (31.01.2014 um 15:32 Uhr) |
|
31.01.2014, 16:46
| #17 |
 | Internetverbindung über Port 8877 unter WIN 8.1 Hier die Addition.txt
__________________Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2014 01
Ran by rpmarr at 2014-01-31 16:14:49
Running from C:\Users\rpmar_000\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
8GadgetPack (x32 Version: 8.0.1 - Helmut Buhler)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 - Deutsch (x32 Version: 9.5.5 - Adobe Systems Incorporated)
AirPort (x32 Version: 5.6.1.2 - Apple Inc.)
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
ANNO 1404 - Venedig (x32 Version: 2.01.5010 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
ANNO 1404 (x32 Version: 1.03.0000 - Ubisoft)
ANNO 2070 (x32 Version: 1.0.0.0 - Ubisoft)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Ashampoo WinOptimizer 10 v.10.3.0 (x32 Version: 10.03.00 - Ashampoo GmbH & Co. KG)
Avery Wizard 4.0 (x32 Version: 4.0.201 - Avery)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (x32 Version: - )
Canon IJ Network Scan Utility (x32 Version: - )
Canon IJ Network Tool (x32 Version: 3.1.1 - Canon Inc.)
Canon Kurzwahlprogramm (x32 Version: - )
Canon LBP3250 (Version: - )
Canon MP Navigator EX 3.1 (x32 Version: - )
Canon MP630 series Benutzerregistrierung (x32 Version: - )
Canon MP630 series MP Drivers (Version: - )
Canon MX870 series Benutzerregistrierung (x32 Version: - )
Canon MX870 series MP Drivers (Version: - Canon Inc.)
Canon Utilities My Printer (x32 Version: - )
Canon Utilities Solution Menu (x32 Version: - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 1.00.0000 - )
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CD-LabelPrint (x32 Version: - )
Cyberduck 14140 (4.4.3) (x32 Version: 14140 (4.4.3) - )
CyberLink PowerDVD 10 (x32 Version: 10.0.5223.54 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.5223.54 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Das große Franzis Paket Office - Office Vorlagen Teil 1 (x32 Version: - )
Das große Franzis Paket Office - Office Vorlagen Teil 2 (x32 Version: - )
Das große Franzis Paket Office - Office Vorlagen Teil 3 (x32 Version: - )
Deutschland Digital 1.0.0 (x32 Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Die Siedler 7 (x32 Version: 1.12.1396 - Ubisoft)
Dr. Hardware 2013 13.6d (x32 Version: - Peter A. Gebhard)
DriveOnWeb Client Version 11.00.05 2012.06.20 (Version: - abilis GmbH)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (x32 Version: - )
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
HWiNFO64 Version 4.24 (Version: 4.24 - Martin Malík - REALiX)
iCloud (Version: 3.1.0.40 - Apple Inc.)
ImgBurn (x32 Version: 2.5.8.0 - LIGHTNING UK!)
Inkjet Printer/Scanner Extended Survey Program (x32 Version: - )
IrfanView (remove only) (x32 Version: 4.35 - Irfan Skiljan)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 25 (64-bit) (Version: 7.0.250 - Oracle)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LetsTrade Komponenten (x32 Version: - )
Logitech SetPoint 6.61 (Version: 6.61.15 - Logitech)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2013 - de-de (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
Nero 12 (x32 Version: 12.0.02000 - Nero AG)
Nero 12 Content Pack (x32 Version: 12.0.00400 - Nero AG)
Nero 2014 (x32 Version: 15.0.02200 - Nero AG)
Nero Abstract Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero BackItUp (x32 Version: 12.5.11000 - Nero AG) Hidden
Nero BackItUp Help (CHM) (x32 Version: 12.0.13000 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20064 - Nero AG) Hidden
Nero Blu-ray Player Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero Burning Core (x32 Version: 15.0.25001 - Nero AG) Hidden
Nero Burning ROM (x32 Version: 12.5.6000 - Nero AG) Hidden
Nero Burning ROM (x32 Version: 15.0.25001 - Nero AG) Hidden
Nero Burning ROM Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Burning ROM Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden
Nero Cliparts (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.16700 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.23400 - Nero AG) Hidden
Nero CoverDesigner (x32 Version: 12.0.00900 - Nero AG)
Nero CoverDesigner (x32 Version: 12.0.11000 - Nero AG) Hidden
Nero CoverDesigner Help (CHM) (x32 Version: 12.0.2000 - Nero AG) Hidden
Nero Disc Menus 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus 2 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus 3 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc to Device (x32 Version: 15.0.12010 - Nero AG) Hidden
Nero Effects Basic (x32 Version: 15.0.10011 - Nero AG) Hidden
Nero Express (x32 Version: 12.5.7000 - Nero AG) Hidden
Nero Express (x32 Version: 15.0.25001 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 12.0.13000 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden
Nero Family and Events Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Football (Soccer) Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Holiday and Sports Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Image Samples (x32 Version: 15.0.10008 - Nero AG) Hidden
Nero Info (x32 Version: 15.1.0030 - Nero AG) Hidden
Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.2.7000 - Nero AG) Hidden
Nero Launcher (x32 Version: 15.0.12000 - Nero AG) Hidden
Nero MediaHome (x32 Version: 1.22.3600 - Nero AG) Hidden
Nero MediaHome Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden
Nero PiP Effects 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero PiP Effects Basic (x32 Version: 15.0.10008 - Nero AG) Hidden
Nero Platinum Effects 12 (x32 Version: 15.0.10011 - Nero AG) Hidden
Nero Prerequisite Installer 2.0 (x32 Version: 12.0.01000 - Nero AG)
Nero Recode (x32 Version: 12.5.6000 - Nero AG) Hidden
Nero Recode (x32 Version: 15.0.14000 - Nero AG) Hidden
Nero Recode Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero Recode Help (CHM) (x32 Version: 15.0.00018 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.11000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 15.0.2000 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero Retro Film Themes (x32 Version: 12.0.11700 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.15005 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.13300.42.0 - Nero AG) Hidden
Nero Video (x32 Version: 12.5.4000 - Nero AG) Hidden
Nero Video (x32 Version: 15.0.13000 - Nero AG) Hidden
Nero Video Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero Video Help (CHM) (x32 Version: 15.0.00018 - Nero AG) Hidden
Nero Video Samples (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Video Transitions 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NetDrive (x32 Version: 1.3.2.0 - Bdrive Inc.)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (x32 Version: 2.1.0.3 - NETGEAR)
Norton Internet Security (x32 Version: 21.1.0.18 - Symantec Corporation)
Nur Entfernen der CopyTrans Suite möglich (HKCU Version: 2.37 - WindSolutions)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Olympia Chronik 2014 (x32 Version: 1.00.0000 - USM)
Olympia Chronik 2014 (x32 Version: 1.00.0000 - USM) Hidden
PDF24 Creator 6.2.0 (x32 Version: - PDF24.org)
PDF-XChange Editor (Version: 3.0.307.1 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Editor (x32 Version: 3.0.307.1 - Tracker Software Products (Canada) Ltd.)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Sid Meier's Civilization V (x32 Version: - 2K Games, Inc.)
Spybot - Search & Destroy (x32 Version: 2.2.25 - Safer-Networking Ltd.)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
StreamTransport version: 1.0.2.2171 (x32 Version: - )
SW Update (x32 Version: 2.1.3 - Samsung Electronics CO., LTD.)
sysTPL (x32 Version: 1.0.0 - Tlapia)
TechPowerUp GPU-Z (x32 Version: - TechPowerUp)
Top Set 2.00 (x32 Version: 2.00 - Aldarin)
True Image 2013 (x32 Version: 16.0.6514 - Acronis) Hidden
True Image 2013 Plus Pack (x32 Version: 16.0.6514 - Acronis)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden
TuneUp Utilities 2014 (x32 Version: 14.0.1000.221 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3020.2 - TuneUp Software) Hidden
Ubisoft Game Launcher (x32 Version: 1.0.0.0 - UBISOFT)
Updater (x32 Version: 2.6.53 - Creative Island Media, LLC)
VLC media player 2.0.8 (x32 Version: 2.0.8 - VideoLAN)
VLC media player 2.1.1 (Version: 2.1.1 - VideoLAN)
Welcome App (Start-up experience) (x32 Version: 12.0.15000 - Nero AG) Hidden
WhoCrashed 5.00 (Version: - Resplendence Software Projects Sp.)
Win8 x64Components v1.2.9 (Version: 1.2.9 - Shark007)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0 - win.rar GmbH)
WISO Mein Geld 2014 Professional (x32 Version: - Buhl Data Service GmbH)
WISO Mein Geld 2014 Professional (x32 Version: 16.0.1.0 - Buhl Data Service GmbH) Hidden
==================== Restore Points =========================
07-01-2014 08:42:57 Installed Java 7 Update 45
22-01-2014 10:44:06 Geplanter Prüfpunkt
23-01-2014 12:57:04 PDF-XChange Editor
25-01-2014 15:48:46 Installiert Olympia Chronik 2014
==================== Hosts content: ==========================
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {09A3D889-2319-4A9C-B55F-18525B43DC56} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0CCC1B48-4AE5-48A7-A32D-F7A446F26E7B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {13EA85C2-0365-4801-A206-335B60506FA3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {18ACF2B1-539D-4146-8DE0-47ACCB0BCF0D} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {277510B7-E9FD-41C5-A117-EA696DFC67F4} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {32715FC6-3161-482F-93B1-000D4D6277FD} - \RegClean Pro No Task File
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {35BCE9E7-ACAC-42CE-B0A4-694313C8C0A0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-01-23] (Microsoft Corporation)
Task: {386EADA4-D29A-434B-9B59-72B4A57EC46E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3EA2590F-6D23-4803-9EBD-2E69847AACE1} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {49032738-2A03-4DD7-B9DF-2E003EF89811} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {59764A79-6D71-4416-A55F-8AB04A36C97E} - \Advanced System Protector_startup No Task File
Task: {62831809-5F2D-4212-BF8D-ABC143E053AF} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6D8CDB08-6274-451A-A16A-595FF4E7447E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7AB829DF-0465-4987-9A49-C61CFE71EF2E} - \BackgroundContainer Startup Task No Task File
Task: {7BCFE1F4-B102-4A28-BA38-26C859BB0CF2} - System32\Tasks\RunAsStdUser Task => C:\Program Files\NetDrive\netdrive.exe [2013-02-27] (Bdrive Inc.)
Task: {7C740B59-0293-40FF-BFDB-BCE84FF65E9A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14] (Google Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {936F0DDB-0682-4158-ABD4-001D930163BC} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A02DBB75-27DC-466A-8DE9-8B2CA48DCFF7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-22] (Adobe Systems Incorporated)
Task: {A8A71CFB-555A-4BD1-A1CA-CD0978DB8113} - \Advanced System Protector No Task File
Task: {B1946E83-F46E-48CE-981B-1CCC5CC59F17} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Markis_Desktop-rpmarr Markis_Desktop => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-01-17] (Microsoft Corporation)
Task: {B35AFDBD-B259-4D9E-A568-0DE8C2F3B0A9} - \RegClean Pro_UPDATES No Task File
Task: {B4B0CA36-DA5C-42AE-B83D-1BF5ABD4AE43} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {B7D0CDC4-778C-4E4A-BDFF-773F11FCF472} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-11-01] (Samsung Electronics CO., LTD.)
Task: {CB2290CB-8E2D-462D-89A6-D24ADF205C59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14] (Google Inc.)
Task: {CCCC31D9-15B9-4692-B349-403A4AE1E132} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {D914B3CE-795A-400B-B00B-3CDE59B01DCF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DB548322-49B3-47DD-8CC9-38D0B40C6217} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EE5CA13A-D15C-455B-9A97-F1294B0BEA73} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2013-12-18] (TuneUp Software)
Task: {F3B55CF3-3494-4A96-A82E-7B14A9EE6AB4} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG)
Task: {F5951F5F-955F-4713-9AB8-F4A4D4DD5E56} - \RegClean Pro_DEFAULT No Task File
Task: {FBEC5806-6572-4908-9C72-F6A9DA9CFB0A} - System32\Tasks\Digital Sites => C:\Users\RPMAR_~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {FEEAF85E-2059-43C0-B045-AE52158C82CA} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Digital Sites.job => C:\Users\RPMAR_~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-12-04 10:22 - 2011-01-20 17:26 - 00095744 _____ () C:\WINDOWS\system32\easycnp.dll
2013-03-27 21:39 - 2013-03-27 21:39 - 00021824 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\x64\ti_managers_proxy_stub.dll
2013-11-20 09:45 - 2013-11-20 09:45 - 00183808 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\ErrorReporting.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-18 14:42 - 2012-09-21 15:25 - 00380928 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-12-04 10:33 - 2013-12-04 10:33 - 01684480 _____ () C:\Program Files\DriveOnWeb Client\DOWCom.dll
2013-12-04 10:33 - 2013-12-04 10:33 - 02335744 _____ () C:\Program Files\DriveOnWeb Client\DOWCommon.dll
2013-12-04 10:22 - 2005-10-27 17:14 - 00184320 _____ () C:\Program Files\DriveOnWeb Client\bigint.dll
2013-12-04 10:33 - 2013-12-04 10:33 - 01947648 _____ () C:\Program Files\DriveOnWeb Client\DOWServiceDll.dll
2013-12-04 10:22 - 2011-11-08 17:18 - 00868352 _____ () C:\Program Files\DriveOnWeb Client\wdfsResDe.dll
2013-02-18 14:42 - 2012-09-18 09:34 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll
2013-11-18 10:31 - 2013-11-18 10:31 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-12-13 13:18 - 2014-01-17 11:42 - 00359592 _____ () C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
2013-03-27 23:37 - 2013-03-27 23:37 - 13627872 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\rpmar_000\AppData\Roaming\Dropbox\bin\libcef.dll
2013-03-27 21:09 - 2013-03-27 21:09 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2013-11-18 10:32 - 2013-11-18 11:17 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2013-12-13 14:02 - 2014-01-17 11:48 - 00359592 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\c2r32.dll
2014-01-31 14:31 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-01-31 14:31 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-01-31 14:31 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-01-31 14:31 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-01-31 14:31 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\rpmar_000\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Could not start eventlog service, could not read events.
Der angeforderte Dienst wurde bereits gestartet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.
==================== Memory info ===========================
Percentage of memory in use: 24%
Total physical RAM: 16347.32 MB
Available physical RAM: 12273.77 MB
Total Pagefile: 32731.32 MB
Available Pagefile: 27899.9 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:237.96 GB) (Free:51.52 GB) NTFS
Drive d: () (Fixed) (Total:372.61 GB) (Free:124.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Volume) (Fixed) (Total:1863.01 GB) (Free:251.26 GB) NTFS
Drive f: (Volume) (Fixed) (Total:2794.39 GB) (Free:831.63 GB) NTFS
Drive z: () (Network) (Total:929.51 GB) (Free:420.95 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 373 GB) (Disk ID: D3CA27CC)
Partition 1: (Active) - (Size=373 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 238 GB) (Disk ID: 8C18BFF1)
Partition: GPT Partition Type
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 5D334ECE)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 3.
==================== End Of Log ============================
FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by rpmarr (administrator) on MARKIS_DESKTOP on 31-01-2014 16:14:31
Running from C:\Users\rpmar_000\Downloads
Windows 8.1 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Bdrive Inc.) C:\Program Files\NetDrive\ndsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(abilis GmbH) C:\Program Files\DriveOnWeb Client\DriveOnWeb.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Dropbox, Inc.) C:\Users\rpmar_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Tlapia) C:\Program Files (x86)\sysTPL\sysTPL.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2RPK.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNABASWK.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [CNAP2 Launcher] - C:\WINDOWS\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [406944 2008-04-08] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [517912 2013-02-15] (Acronis)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91096 2013-04-22] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-12-20] (cyberlink)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM-x32\...\Run: [AirPort Base Station Agent] - C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [NetDrive] - C:\Program Files\NetDrive\NetDrive.exe [3587072 2013-02-27] (Bdrive Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6405376 2013-03-27] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] - C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105848 2013-01-10] (Acronis)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1815976 2014-01-27] (Valve Corporation)
HKCU\...\Run: [AppleIEDAV] - C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKCU\...\Run: [DriveOnWeb Client] - C:\Program Files\DriveOnWeb Client\DriveOnWeb.exe [1196544 2013-12-04] (abilis GmbH)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-11-14] (Google Inc.)
Startup: C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\rpmar_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk
ShortcutTarget: Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
FireFox:
========
FF ProfilePath: C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default
FF DefaultSearchEngine: Amazon
FF SearchEngineOrder.1: Amazon
FF SelectedSearchEngine: Amazon
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_ff_de_display?ie=UTF8&tagbase=bds-p07&tag=bds-p07-serp-de-ff-21&tbrId=v1_abb-channel-7_dd8d8fc999144474a9c45908a1be2ebb_30_46_20140123_DE_ff_ab_IS0&query=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: iCloud Bookmarks - C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default\Extensions\firefoxdav@icloud.com [2013-12-23]
FF Extension: {1fa09102-1f38-4f83-ba9c-e08baf230c89} - C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default\Extensions\{1fa09102-1f38-4f83-ba9c-e08baf230c89}.xpi [2013-11-07]
FF Extension: Video HTML5 Compiler Pro - C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default\Extensions\{368ac25b-6bc0-40e0-9e17-b88cf8cf1363}.xpi [2013-11-07]
FF Extension: Adblock Plus - C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-11]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-10-17]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-01-28]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Google Docs) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-07]
CHR Extension: (Google Drive) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-07]
CHR Extension: (YouTube) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-07]
CHR Extension: (Google Search) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-07]
CHR Extension: (Norton Identity Protection) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-07]
CHR Extension: (Google Wallet) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07]
CHR Extension: (Gmail) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-07]
CHR HKCU\...\Chrome\Extension: [cfigonhgidedenkkhlilmefgodjpefna] - C:\Users\rpmar_000\AppData\Local\CRE\cfigonhgidedenkkhlilmefgodjpefna.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [cfigonhgidedenkkhlilmefgodjpefna] - C:\Users\rpmar_000\AppData\Local\CRE\cfigonhgidedenkkhlilmefgodjpefna.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-29]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 ndsvc; C:\Program Files\NetDrive\ndsvc.exe [2789376 2013-02-27] (Bdrive Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 sysTPLMonitor.exe; C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe [395888 2013-11-28] (Tlapia)
S2 sysTPLService.exe; C:\Program Files (x86)\sysTPL\sysTPLService.exe [394352 2013-11-28] (Tlapia)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2103096 2013-12-18] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [305200 2012-09-18] ()
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-11-15] ()
R1 avfwot; C:\Windows\system32\DRIVERS\avfwot.sys [126792 2011-01-10] (Avira GmbH)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2014-01-21] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R2 DRHARD64; C:\WINDOWS\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHARD64; C:\WINDOWS\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHMSR64; C:\WINDOWS\system32\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R2 DRHMSR64; C:\WINDOWS\SysWOW64\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R2 easycvfs; C:\WINDOWS\system32\drivers\easycvfs.sys [107912 2010-02-22] ()
R2 easycvfs; C:\WINDOWS\SysWOW64\drivers\easycvfs.sys [110472 2013-12-04] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-28] (Symantec Corporation)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [31136 2013-10-18] (REALiX(tm))
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140130.001\IDSvia64.sys [521944 2014-01-27] (Symantec Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-11-15] ()
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140130.023\ENG64.SYS [126040 2014-01-31] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140130.023\EX64.SYS [2099288 2014-01-31] (Symantec Corporation)
S3 ndfs; C:\Program Files\NetDrive\ndfs.sys [63712 2013-02-09] (Bdrive Inc.)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 NPF; C:\Windows\system32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [47320 2013-07-29] (Realtek Microelectronics)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [29472 2012-09-05] (SerComm Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1501000.012\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-28] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-08-29] (Acronis International GmbH)
S0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2013-08-29] (Acronis)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [130320 2013-04-25] (CyberLink Corp.)
S3 DfSdkS;
S3 DRHARD; \??\C:\WINDOWS\system32\DRIVERS\DRHARD.SYS [x]
S2 sxuptp; \SystemRoot\System32\drivers\sxuptp.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-31 14:35 - 2014-01-31 14:35 - 00000000 ____D C:\Users\rpmar_000\Documents\ProcAlyzer Dumps
2014-01-31 14:31 - 2014-01-31 16:04 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-31 14:31 - 2014-01-31 14:34 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-31 14:31 - 2014-01-31 14:31 - 00001395 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-01-31 14:31 - 2014-01-31 14:31 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2014-01-31 14:31 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-01-31 13:52 - 2014-01-31 13:53 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\rpmar_000\Downloads\spybot-2.2.25.exe
2014-01-31 13:33 - 2014-01-31 13:45 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-31 13:33 - 2014-01-31 13:33 - 00119000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-01-31 13:26 - 2014-01-31 13:45 - 00000000 ____D C:\Users\rpmar_000\Desktop\mbar
2014-01-31 13:24 - 2014-01-31 13:33 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-31 13:23 - 2014-01-31 13:24 - 00000000 ____D C:\Malewarebytes
2014-01-31 13:21 - 2014-01-31 13:21 - 12589848 _____ (Malwarebytes Corp.) C:\Users\rpmar_000\Downloads\mbar-1.07.0.1009.exe
2014-01-30 16:49 - 2014-01-30 14:05 - 02079744 _____ (Farbar) C:\Users\rpmar_000\Desktop\FRST64.exe
2014-01-30 16:08 - 2014-01-30 16:08 - 01804472 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2014-01-30 16:05 - 2014-01-30 16:05 - 00000964 _____ C:\Users\rpmar_000\Desktop\JRT.txt
2014-01-30 16:00 - 2014-01-30 16:00 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-30 16:00 - 2014-01-30 15:59 - 01037068 _____ (Thisisu) C:\Users\rpmar_000\Desktop\JRT.exe
2014-01-30 15:59 - 2014-01-30 15:59 - 01037068 _____ (Thisisu) C:\Users\rpmar_000\Downloads\JRT.exe
2014-01-30 15:50 - 2014-01-30 13:13 - 01166132 _____ C:\Users\rpmar_000\Desktop\adwcleaner.exe
2014-01-30 15:42 - 2014-01-30 21:35 - 00011252 _____ C:\Users\rpmar_000\Documents\Einnahme_Ausgabe.xlsx
2014-01-30 14:17 - 2014-01-31 13:22 - 00000000 ____D C:\Users\rpmar_000\Documents\Malware
2014-01-30 14:08 - 2014-01-30 16:53 - 00071262 _____ C:\Users\rpmar_000\Desktop\FRST.txt
2014-01-30 14:06 - 2014-01-31 16:14 - 00027508 _____ C:\Users\rpmar_000\Downloads\FRST.txt
2014-01-30 14:06 - 2014-01-30 14:06 - 00030470 _____ C:\Users\rpmar_000\Downloads\Addition.txt
2014-01-30 14:06 - 2014-01-30 14:06 - 00000119 _____ C:\Users\rpmar_000\Desktop\Addition.txt
2014-01-30 14:05 - 2014-01-31 16:14 - 00000000 ____D C:\FRST
2014-01-30 14:05 - 2014-01-30 14:05 - 02079744 _____ (Farbar) C:\Users\rpmar_000\Downloads\FRST64.exe
2014-01-30 13:13 - 2014-01-30 13:13 - 01166132 _____ C:\Users\rpmar_000\Downloads\adwcleaner.exe
2014-01-30 08:59 - 2014-01-30 08:59 - 00281136 _____ C:\WINDOWS\Minidump\013014-7265-01.dmp
2014-01-29 20:53 - 2014-01-29 20:53 - 00009538 _____ C:\Users\rpmar_000\Documents\Malware.txt
2014-01-29 16:55 - 2014-01-29 16:55 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-29 16:49 - 2014-01-29 16:49 - 00000000 ____D C:\ProgramData\Websteroids
2014-01-29 16:45 - 2014-01-29 16:45 - 00675048 _____ C:\Users\rpmar_000\Downloads\AdwCleaner_Setup_Download.exe
2014-01-29 16:44 - 2014-01-29 16:44 - 01166132 _____ C:\Users\rpmar_000\Downloads\adwcleaner-3.018.exe
2014-01-29 16:39 - 2014-01-30 14:02 - 00000000 ____D C:\ProgramData\Updater
2014-01-29 16:39 - 2014-01-30 14:02 - 00000000 ____D C:\ProgramData\RHelpers
2014-01-29 16:10 - 2014-01-29 16:10 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\Malwarebytes
2014-01-29 16:09 - 2014-01-30 13:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-29 16:09 - 2014-01-29 16:09 - 00001125 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 16:09 - 2014-01-29 16:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-29 16:09 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-01-29 15:09 - 2014-01-29 15:09 - 00004096 _____ C:\Users\rpmar_000\Desktop\ipdetails.txt
2014-01-29 15:02 - 2014-01-29 15:02 - 00003475 _____ C:\Users\rpmar_000\Desktop\ipdetails1.txt
2014-01-28 18:20 - 2014-01-28 18:20 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-01-28 18:19 - 2014-01-28 18:19 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-01-28 18:19 - 2014-01-28 18:19 - 00008222 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-01-28 18:19 - 2014-01-28 18:19 - 00002597 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-01-28 18:19 - 2014-01-28 18:19 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2014-01-28 18:10 - 2014-01-28 18:15 - 204480336 ____N (Symantec Corporation) C:\Users\rpmar_000\Downloads\NIS-ESD-21.1.0-GE.exe
2014-01-28 17:55 - 2014-01-28 18:47 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\LogMeIn Rescue Applet
2014-01-28 17:55 - 2014-01-28 17:55 - 00002285 _____ C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Symantec.lnk
2014-01-28 15:20 - 2014-01-28 15:28 - 00101386 _____ C:\Users\rpmar_000\Desktop\sfcdetails.txt
2014-01-28 15:08 - 2014-01-28 15:08 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\PackageStaging
2014-01-28 13:00 - 2014-01-28 14:16 - 00051811 _____ C:\Users\rpmar_000\Documents\sfcdetails.txt
2014-01-28 08:55 - 2014-01-28 08:57 - 00216999 _____ C:\Users\rpmar_000\Desktop\ProjStat_GCD_RPMarr.xlsx
2014-01-25 16:49 - 2014-01-25 16:49 - 00000000 ____D C:\WINDOWS\SysWOW64\AIM
2014-01-25 16:49 - 2003-12-04 15:58 - 00000696 _____ C:\WINDOWS\SysWOW64\jetodbc.rsp
2014-01-25 16:49 - 2002-12-11 19:12 - 00760968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSDMOD.DLL
2014-01-25 16:49 - 2002-12-11 19:12 - 00316040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DMOD.DLL
2014-01-25 16:49 - 2002-12-11 19:10 - 00816264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDMOD.DLL
2014-01-25 16:49 - 2002-12-11 17:34 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DMOD.DLL
2014-01-25 16:49 - 2002-12-11 15:16 - 00384512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDMOD.DLL
2014-01-25 16:49 - 2002-08-29 03:43 - 00278559 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMV8DS32.AX
2014-01-25 16:49 - 2002-08-29 03:43 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDS32.AX
2014-01-25 16:49 - 2002-08-29 03:43 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSADDS32.AX
2014-01-25 16:49 - 2002-04-29 19:47 - 00121160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscal.ocx
2014-01-25 16:49 - 2000-06-13 00:00 - 01046288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJET35.DLL
2014-01-25 16:49 - 2000-06-13 00:00 - 00415504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSREPL35.DLL
2014-01-25 16:49 - 1999-03-05 22:15 - 00074000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrclr40.dll
2014-01-25 16:49 - 1999-03-05 22:15 - 00028944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrecr40.dll
2014-01-25 16:49 - 1998-04-24 00:00 - 00368912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBAR332.DLL
2014-01-25 16:49 - 1998-04-24 00:00 - 00148240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJINT35.DLL
2014-01-25 16:49 - 1997-07-01 10:45 - 00250128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSEXCL35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00330000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSEXCH35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00287504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSXBSE35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00252176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSRD2X35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00250128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPDOX35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00166160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSLTUS35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00165648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSTEXT35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00024848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJTER35.DLL
2014-01-25 16:48 - 2014-01-25 16:48 - 00002116 _____ C:\Users\Public\Desktop\Olympia Chronik 2014.lnk
2014-01-25 16:46 - 2014-01-25 16:46 - 00000000 ____D C:\Program Files (x86)\USM
2014-01-25 16:45 - 2014-01-03 11:55 - 24097311 _____ C:\Users\rpmar_000\Downloads\vlc-2.1.2-win32.exe
2014-01-25 16:44 - 2014-01-27 11:45 - 00000000 ____D C:\ProgramData\Ashampoo
2014-01-25 16:44 - 2014-01-25 16:44 - 00002268 _____ C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO10).lnk
2014-01-25 16:44 - 2014-01-25 16:44 - 00001246 _____ C:\Users\Public\Desktop\Ashampoo WinOptimizer 10.lnk
2014-01-25 16:44 - 2014-01-25 16:44 - 00000214 _____ C:\Users\Public\Desktop\Your Software Deals.url
2014-01-25 16:44 - 2014-01-25 16:44 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2014-01-25 16:44 - 2009-08-24 21:13 - 00034304 _____ (mst software GmbH, Germany) C:\WINDOWS\system32\DfSdkBt.exe
2014-01-25 16:37 - 2014-01-28 18:56 - 00000000 ____D C:\Program Files (x86)\Dr. Hardware 2013
2014-01-25 16:37 - 2014-01-25 16:37 - 00000996 _____ C:\Users\rpmar_000\Desktop\Dr. Hardware 2013.lnk
2014-01-25 16:37 - 2014-01-25 16:37 - 00000996 _____ C:\Users\marki_lokal\Desktop\Dr. Hardware 2013.lnk
2014-01-25 16:37 - 2013-07-21 17:41 - 00013760 _____ C:\WINDOWS\SysWOW64\Drivers\DRHMSR64.sys
2014-01-25 16:37 - 2013-07-21 17:41 - 00013760 _____ C:\WINDOWS\system32\Drivers\DRHMSR64.sys
2014-01-25 16:37 - 2011-11-03 18:05 - 00021984 _____ (Licensed for Gebhard Software) C:\WINDOWS\SysWOW64\Drivers\DRHARD64.sys
2014-01-25 16:37 - 2011-11-03 18:05 - 00021984 _____ (Licensed for Gebhard Software) C:\WINDOWS\system32\Drivers\DRHARD64.sys
2014-01-25 15:30 - 2014-01-25 15:30 - 00023489 _____ C:\Users\rpmar_000\Documents\Transsib.txt
2014-01-25 13:29 - 2014-01-25 13:41 - 00000000 ____D C:\Users\rpmar_000\Desktop\Neuer Ordner
2014-01-25 12:09 - 2014-01-25 12:09 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1379490362-2251337210-4251339374-1005
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D C:\Users\marki_lokal\AppData\Roaming\Logitech
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D C:\Users\marki_lokal\AppData\Roaming\ATI
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D C:\Users\marki_lokal\AppData\Local\ATI
2014-01-25 12:04 - 2014-01-25 12:05 - 00000000 ____D C:\Users\marki_lokal\AppData\Local\Packages
2014-01-25 12:04 - 2014-01-25 12:04 - 00001454 _____ C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-25 12:04 - 2014-01-25 12:04 - 00000020 ___SH C:\Users\marki_lokal\ntuser.ini
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Vorlagen
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Startmenü
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Netzwerkumgebung
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Lokale Einstellungen
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Eigene Dateien
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Druckumgebung
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Documents\Eigene Musik
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Documents\Eigene Bilder
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\AppData\Local\Verlauf
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\AppData\Local\Anwendungsdaten
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Anwendungsdaten
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ___RD C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ___RD C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ____D C:\Users\marki_lokal\AppData\Roaming\Adobe
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ____D C:\Users\marki_lokal\AppData\Local\VirtualStore
2014-01-25 12:03 - 2014-01-25 12:04 - 00000000 ____D C:\Users\marki_lokal
2014-01-25 12:03 - 2013-10-17 14:07 - 00000000 ____D C:\Users\marki_lokal\AppData\Local\Microsoft Help
2014-01-25 12:03 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-25 12:03 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-25 12:03 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-01-25 12:03 - 2013-08-22 16:36 - 00000000 ____D C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-25 11:59 - 2014-01-25 11:59 - 00000000 ___HD C:\$SysReset
2014-01-23 13:58 - 2014-01-23 13:58 - 00001058 _____ C:\Users\Public\Desktop\PDF-XChange Editor.lnk
2014-01-23 13:58 - 2014-01-23 13:58 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\Tracker Software
2014-01-23 13:58 - 2014-01-23 13:58 - 00000000 ____D C:\Program Files\Tracker Software
2014-01-23 13:56 - 2014-01-23 13:56 - 00000000 ____D C:\Users\rpmar_000\Documents\PDF-Viewer
2014-01-23 13:54 - 2014-01-23 13:56 - 53393688 _____ C:\Users\rpmar_000\Downloads\PDFXVE3_3.0.307.1.zip
2014-01-23 11:39 - 2014-01-30 15:52 - 00000000 ____D C:\AdwCleaner
2014-01-23 11:27 - 2014-01-23 11:27 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperia Online
2014-01-23 11:27 - 2012-07-25 12:03 - 00016896 _____ C:\WINDOWS\system32\sasnative64.exe
2014-01-23 11:26 - 2014-01-31 15:27 - 00000330 _____ C:\WINDOWS\Tasks\Digital Sites.job
2014-01-23 11:26 - 2014-01-29 16:18 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\DigitalSites
2014-01-23 11:26 - 2014-01-25 11:27 - 00000138 _____ C:\Users\rpmar_000\AppData\Roaming\WB.CFG
2014-01-23 11:26 - 2014-01-23 11:27 - 00002668 _____ C:\WINDOWS\System32\Tasks\Digital Sites
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\ATI
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\ATI
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D C:\ProgramData\ATI
2014-01-23 10:51 - 2014-01-23 13:57 - 00000000 ____D C:\ProgramData\Package Cache
2014-01-23 10:51 - 2014-01-23 10:51 - 00055441 _____ C:\WINDOWS\SysWOW64\CCCInstall_201401231051561539.log
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D C:\Program Files (x86)\Advanced Micro Devices, Inc
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D C:\AMD
2014-01-23 10:48 - 2013-12-09 01:34 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-01-23 10:48 - 2013-12-09 01:04 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-01-23 10:48 - 2013-11-27 16:34 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2014-01-23 10:48 - 2013-11-27 16:27 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-01-23 10:48 - 2013-11-27 15:00 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-01-23 10:48 - 2013-11-27 14:47 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2014-01-23 10:48 - 2013-11-27 13:02 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys
2014-01-23 10:48 - 2013-11-27 11:54 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-01-23 10:48 - 2013-11-27 11:24 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2014-01-23 10:48 - 2013-11-27 11:08 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-01-23 10:48 - 2013-11-27 10:46 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2014-01-23 10:48 - 2013-11-27 10:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2014-01-23 10:48 - 2013-11-27 10:17 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-01-23 10:48 - 2013-11-27 10:10 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2014-01-23 10:48 - 2013-11-27 09:58 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-01-23 10:48 - 2013-11-27 09:56 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2014-01-23 10:48 - 2013-11-27 09:20 - 04106240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-01-23 10:48 - 2013-11-27 05:01 - 00385614 _____ C:\WINDOWS\system32\ApnDatabase.xml
2014-01-23 10:48 - 2013-11-26 14:22 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-01-23 10:48 - 2013-11-26 14:20 - 02131120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-01-23 10:48 - 2013-11-26 14:20 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-01-23 10:48 - 2013-11-26 14:20 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcmde.dll
2014-01-23 10:48 - 2013-11-26 14:20 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-01-23 10:48 - 2013-11-26 12:50 - 01371312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-01-23 10:48 - 2013-11-26 12:44 - 02142936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-01-23 10:48 - 2013-11-26 12:44 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-01-23 10:48 - 2013-11-26 11:13 - 04191232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-01-23 10:48 - 2013-11-26 10:21 - 18577920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-01-23 10:48 - 2013-11-26 09:28 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-01-23 10:48 - 2013-11-25 02:45 - 00142680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-01-23 10:48 - 2013-11-25 02:32 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-01-23 10:48 - 2013-11-25 00:30 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-01-23 10:48 - 2013-11-25 00:28 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-01-23 10:48 - 2013-11-23 13:47 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-01-23 10:48 - 2013-11-23 12:49 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-01-23 10:48 - 2013-11-23 09:19 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-01-23 10:48 - 2013-11-23 08:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
2014-01-23 10:48 - 2013-11-23 08:13 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2014-01-23 10:48 - 2013-11-23 08:08 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-01-23 10:48 - 2013-11-23 05:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-01-23 10:48 - 2013-11-23 04:57 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-01-23 10:48 - 2013-11-23 04:48 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-01-23 10:48 - 2013-11-23 04:25 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-01-23 10:48 - 2013-11-23 04:25 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-01-23 10:48 - 2013-11-23 04:19 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-01-23 10:48 - 2013-11-23 04:15 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-01-23 10:48 - 2013-11-21 07:58 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll
2014-01-23 10:48 - 2013-11-21 07:26 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-01-23 10:48 - 2013-11-16 06:11 - 00764856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-01-23 10:48 - 2013-11-15 19:19 - 00669344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-01-23 10:48 - 2013-11-15 15:59 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2014-01-23 10:48 - 2013-11-15 15:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2014-01-23 10:48 - 2013-11-15 15:08 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-01-23 10:48 - 2013-11-15 14:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-01-23 10:48 - 2013-11-05 21:12 - 02551128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-01-23 10:48 - 2013-10-31 01:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-01-23 10:48 - 2013-10-31 00:41 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-01-23 10:47 - 2013-12-11 08:55 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-01-23 10:47 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-23 10:47 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-23 10:47 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-23 10:47 - 2013-11-27 11:34 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll
2014-01-23 10:47 - 2013-11-27 10:54 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-23 10:47 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-23 10:47 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-23 10:47 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-23 10:47 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-23 10:47 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-23 10:47 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-22 13:28 - 2014-01-22 13:28 - 00003118 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003092 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003090 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003062 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003060 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2014-01-21 15:28 - 2014-01-21 15:29 - 28028590 _____ C:\Users\rpmar_000\Downloads\WIT-Photobox.zip
2014-01-09 11:26 - 2014-01-09 11:27 - 00000000 ____D C:\Users\rpmar_000\Documents\SEPA
2014-01-09 11:24 - 2014-01-09 11:24 - 00001095 _____ C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-01-09 11:24 - 2014-01-09 11:24 - 00001075 _____ C:\Users\Public\Desktop\PDF24 Fax.lnk
2014-01-09 11:24 - 2014-01-09 11:24 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\PDF24
2014-01-09 11:24 - 2014-01-09 11:24 - 00000000 ____D C:\Program Files (x86)\PDF24
2014-01-09 11:23 - 2014-01-09 11:24 - 16189768 _____ (Geek Software GmbH ) C:\Users\rpmar_000\Downloads\pdf24-creator-6.2.0.exe
2014-01-09 10:10 - 2014-01-09 10:10 - 00003442 _____ C:\Users\rpmar_000\Downloads\Antrag (16).xml
2014-01-07 15:46 - 2013-12-19 16:16 - 01812992 _____ C:\Users\rpmar_000\Downloads\ProjStat_GCD_RPMarr_bis_12.12.12.xls
2014-01-07 10:42 - 2014-01-31 14:04 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-07 09:43 - 2014-01-07 09:43 - 00004857 _____ C:\WINDOWS\SysWOW64\jupdate-1.7.0_45-b18.log
2014-01-07 09:43 - 2014-01-07 09:43 - 00000000 ____D C:\ProgramData\Oracle
2014-01-07 09:43 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-01-07 09:43 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-01-07 09:43 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-01-07 09:43 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
==================== One Month Modified Files and Folders =======
2014-01-31 16:14 - 2014-01-30 14:06 - 00027508 _____ C:\Users\rpmar_000\Downloads\FRST.txt
2014-01-31 16:14 - 2014-01-30 14:05 - 00000000 ____D C:\FRST
2014-01-31 16:04 - 2014-01-31 14:31 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-31 16:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-31 15:53 - 2012-11-12 17:23 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-31 15:27 - 2014-01-23 11:26 - 00000330 _____ C:\WINDOWS\Tasks\Digital Sites.job
2014-01-31 15:17 - 2012-11-14 11:32 - 00001146 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-31 15:03 - 2013-12-04 10:22 - 00000000 ____D C:\Program Files\DriveOnWeb Client
2014-01-31 14:53 - 2012-11-12 17:22 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1379490362-2251337210-4251339374-1001
2014-01-31 14:37 - 2012-11-18 10:46 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\Dropbox
2014-01-31 14:35 - 2014-01-31 14:35 - 00000000 ____D C:\Users\rpmar_000\Documents\ProcAlyzer Dumps
2014-01-31 14:34 - 2014-01-31 14:31 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-31 14:31 - 2014-01-31 14:31 - 00001395 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-01-31 14:31 - 2014-01-31 14:31 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2014-01-31 14:29 - 2012-11-12 17:33 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\vlc
2014-01-31 14:29 - 2012-11-12 15:19 - 00000000 ____D C:\Users\rpmar_000\Documents\Outlook-Dateien
2014-01-31 14:12 - 2013-10-17 14:09 - 01828618 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-31 14:07 - 2013-10-17 14:16 - 00000000 __RDO C:\Users\rpmar_000\SkyDrive
2014-01-31 14:06 - 2013-09-30 05:14 - 01812910 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-31 14:06 - 2013-09-30 04:58 - 00782352 _____ C:\WINDOWS\system32\perfh007.dat
2014-01-31 14:06 - 2013-09-30 04:58 - 00164592 _____ C:\WINDOWS\system32\perfc007.dat
2014-01-31 14:06 - 2012-11-12 08:56 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\Packages
2014-01-31 14:05 - 2013-10-22 08:58 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\E7546975-342B-4B7C-A126-4E5CA701679A.aplzod
2014-01-31 14:04 - 2014-01-07 10:42 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-31 14:02 - 2012-11-18 10:51 - 00000000 ___RD C:\Users\rpmar_000\Dropbox
2014-01-31 14:02 - 2012-11-14 11:32 - 00001142 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-31 14:01 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-31 14:01 - 2013-08-22 14:25 - 06553600 ___SH C:\WINDOWS\system32\config\BBI
2014-01-31 14:01 - 2012-12-11 18:25 - 00157716 _____ C:\ndsvc.log
2014-01-31 13:53 - 2014-01-31 13:52 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\rpmar_000\Downloads\spybot-2.2.25.exe
2014-01-31 13:45 - 2014-01-31 13:33 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-31 13:45 - 2014-01-31 13:26 - 00000000 ____D C:\Users\rpmar_000\Desktop\mbar
2014-01-31 13:33 - 2014-01-31 13:33 - 00119000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-01-31 13:33 - 2014-01-31 13:24 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-31 13:32 - 2013-11-12 11:42 - 00000000 ____D C:\Program Files (x86)\sysTPL
2014-01-31 13:27 - 2012-11-12 15:30 - 00000000 ____D C:\Users\rpmar_000\Documents\WISO Mein Geld
2014-01-31 13:24 - 2014-01-31 13:23 - 00000000 ____D C:\Malewarebytes
2014-01-31 13:22 - 2014-01-30 14:17 - 00000000 ____D C:\Users\rpmar_000\Documents\Malware
2014-01-31 13:21 - 2014-01-31 13:21 - 12589848 _____ (Malwarebytes Corp.) C:\Users\rpmar_000\Downloads\mbar-1.07.0.1009.exe
2014-01-30 21:35 - 2014-01-30 15:42 - 00011252 _____ C:\Users\rpmar_000\Documents\Einnahme_Ausgabe.xlsx
2014-01-30 16:53 - 2014-01-30 14:08 - 00071262 _____ C:\Users\rpmar_000\Desktop\FRST.txt
2014-01-30 16:08 - 2014-01-30 16:08 - 01804472 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2014-01-30 16:05 - 2014-01-30 16:05 - 00000964 _____ C:\Users\rpmar_000\Desktop\JRT.txt
2014-01-30 16:00 - 2014-01-30 16:00 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-30 15:59 - 2014-01-30 16:00 - 01037068 _____ (Thisisu) C:\Users\rpmar_000\Desktop\JRT.exe
2014-01-30 15:59 - 2014-01-30 15:59 - 01037068 _____ (Thisisu) C:\Users\rpmar_000\Downloads\JRT.exe
2014-01-30 15:52 - 2014-01-23 11:39 - 00000000 ____D C:\AdwCleaner
2014-01-30 14:06 - 2014-01-30 14:06 - 00030470 _____ C:\Users\rpmar_000\Downloads\Addition.txt
2014-01-30 14:06 - 2014-01-30 14:06 - 00000119 _____ C:\Users\rpmar_000\Desktop\Addition.txt
2014-01-30 14:05 - 2014-01-30 16:49 - 02079744 _____ (Farbar) C:\Users\rpmar_000\Desktop\FRST64.exe
2014-01-30 14:05 - 2014-01-30 14:05 - 02079744 _____ (Farbar) C:\Users\rpmar_000\Downloads\FRST64.exe
2014-01-30 14:03 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2014-01-30 14:02 - 2014-01-29 16:39 - 00000000 ____D C:\ProgramData\Updater
2014-01-30 14:02 - 2014-01-29 16:39 - 00000000 ____D C:\ProgramData\RHelpers
2014-01-30 14:02 - 2013-09-29 20:05 - 00498320 _____ C:\WINDOWS\PFRO.log
2014-01-30 13:38 - 2014-01-29 16:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-30 13:13 - 2014-01-30 15:50 - 01166132 _____ C:\Users\rpmar_000\Desktop\adwcleaner.exe
2014-01-30 13:13 - 2014-01-30 13:13 - 01166132 _____ C:\Users\rpmar_000\Downloads\adwcleaner.exe
2014-01-30 12:11 - 2013-10-17 14:05 - 00000000 ____D C:\Users\rpmar_000
2014-01-30 08:59 - 2014-01-30 08:59 - 00281136 _____ C:\WINDOWS\Minidump\013014-7265-01.dmp
2014-01-30 08:59 - 2013-12-02 10:42 - 2056067440 _____ C:\WINDOWS\MEMORY.DMP
2014-01-30 08:59 - 2013-12-02 10:42 - 00000000 ____D C:\WINDOWS\Minidump
2014-01-30 08:59 - 2013-08-22 15:46 - 00299670 _____ C:\WINDOWS\setupact.log
2014-01-29 20:53 - 2014-01-29 20:53 - 00009538 _____ C:\Users\rpmar_000\Documents\Malware.txt
2014-01-29 16:55 - 2014-01-29 16:55 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-29 16:49 - 2014-01-29 16:49 - 00000000 ____D C:\ProgramData\Websteroids
2014-01-29 16:45 - 2014-01-29 16:45 - 00675048 _____ C:\Users\rpmar_000\Downloads\AdwCleaner_Setup_Download.exe
2014-01-29 16:44 - 2014-01-29 16:44 - 01166132 _____ C:\Users\rpmar_000\Downloads\adwcleaner-3.018.exe
2014-01-29 16:18 - 2014-01-23 11:26 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\DigitalSites
2014-01-29 16:10 - 2014-01-29 16:10 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\Malwarebytes
2014-01-29 16:09 - 2014-01-29 16:09 - 00001125 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 16:09 - 2014-01-29 16:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-29 15:43 - 2013-07-08 15:28 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-29 15:09 - 2014-01-29 15:09 - 00004096 _____ C:\Users\rpmar_000\Desktop\ipdetails.txt
2014-01-29 15:02 - 2014-01-29 15:02 - 00003475 _____ C:\Users\rpmar_000\Desktop\ipdetails1.txt
2014-01-29 11:42 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2014-01-28 18:56 - 2014-01-25 16:37 - 00000000 ____D C:\Program Files (x86)\Dr. Hardware 2013
2014-01-28 18:47 - 2014-01-28 17:55 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\LogMeIn Rescue Applet
2014-01-28 18:46 - 2012-07-26 09:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2014-01-28 18:20 - 2014-01-28 18:20 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-01-28 18:19 - 2014-01-28 18:19 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-01-28 18:19 - 2014-01-28 18:19 - 00008222 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-01-28 18:19 - 2014-01-28 18:19 - 00002597 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-01-28 18:19 - 2014-01-28 18:19 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2014-01-28 18:19 - 2012-12-11 10:33 - 00003234 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2014-01-28 18:19 - 2012-12-11 10:33 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2014-01-28 18:19 - 2012-12-11 10:30 - 00000000 ____D C:\ProgramData\Norton
2014-01-28 18:15 - 2014-01-28 18:10 - 204480336 ____N (Symantec Corporation) C:\Users\rpmar_000\Downloads\NIS-ESD-21.1.0-GE.exe
2014-01-28 17:55 - 2014-01-28 17:55 - 00002285 _____ C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Symantec.lnk
2014-01-28 15:28 - 2014-01-28 15:20 - 00101386 _____ C:\Users\rpmar_000\Desktop\sfcdetails.txt
2014-01-28 15:17 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2014-01-28 15:12 - 2012-12-11 18:25 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\CrashDumps
2014-01-28 15:08 - 2014-01-28 15:08 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\PackageStaging
2014-01-28 14:16 - 2014-01-28 13:00 - 00051811 _____ C:\Users\rpmar_000\Documents\sfcdetails.txt
2014-01-28 08:57 - 2014-01-28 08:55 - 00216999 _____ C:\Users\rpmar_000\Desktop\ProjStat_GCD_RPMarr.xlsx
2014-01-28 08:54 - 2013-01-10 13:28 - 00217029 _____ C:\Users\rpmar_000\Downloads\ProjStat_GCD_RPMarr.xlsx
2014-01-27 17:17 - 2013-12-02 13:48 - 00000000 __SHD C:\Users\rpmar_000\wc
2014-01-27 11:45 - 2014-01-25 16:44 - 00000000 ____D C:\ProgramData\Ashampoo
2014-01-25 16:49 - 2014-01-25 16:49 - 00000000 ____D C:\WINDOWS\SysWOW64\AIM
2014-01-25 16:49 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2014-01-25 16:49 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2014-01-25 16:48 - 2014-01-25 16:48 - 00002116 _____ C:\Users\Public\Desktop\Olympia Chronik 2014.lnk
2014-01-25 16:48 - 2012-11-12 18:38 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-25 16:46 - 2014-01-25 16:46 - 00000000 ____D C:\Program Files (x86)\USM
2014-01-25 16:44 - 2014-01-25 16:44 - 00002268 _____ C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO10).lnk
2014-01-25 16:44 - 2014-01-25 16:44 - 00001246 _____ C:\Users\Public\Desktop\Ashampoo WinOptimizer 10.lnk
2014-01-25 16:44 - 2014-01-25 16:44 - 00000214 _____ C:\Users\Public\Desktop\Your Software Deals.url
2014-01-25 16:44 - 2014-01-25 16:44 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2014-01-25 16:37 - 2014-01-25 16:37 - 00000996 _____ C:\Users\rpmar_000\Desktop\Dr. Hardware 2013.lnk
2014-01-25 16:37 - 2014-01-25 16:37 - 00000996 _____ C:\Users\marki_lokal\Desktop\Dr. Hardware 2013.lnk
2014-01-25 16:31 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Registration
2014-01-25 16:28 - 2012-11-14 12:37 - 00000000 ____D C:\ProgramData\CanonIJPLM
2014-01-25 15:30 - 2014-01-25 15:30 - 00023489 _____ C:\Users\rpmar_000\Documents\Transsib.txt
2014-01-25 13:41 - 2014-01-25 13:29 - 00000000 ____D C:\Users\rpmar_000\Desktop\Neuer Ordner
2014-01-25 12:09 - 2014-01-25 12:09 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1379490362-2251337210-4251339374-1005
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D C:\Users\marki_lokal\AppData\Roaming\Logitech
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D C:\Users\marki_lokal\AppData\Roaming\ATI
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D C:\Users\marki_lokal\AppData\Local\ATI
2014-01-25 12:05 - 2014-01-25 12:04 - 00000000 ____D C:\Users\marki_lokal\AppData\Local\Packages
2014-01-25 12:04 - 2014-01-25 12:04 - 00001454 _____ C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-25 12:04 - 2014-01-25 12:04 - 00000020 ___SH C:\Users\marki_lokal\ntuser.ini
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Vorlagen
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Startmenü
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Netzwerkumgebung
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Lokale Einstellungen
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Eigene Dateien
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Druckumgebung
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Documents\Eigene Musik
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Documents\Eigene Bilder
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\AppData\Local\Verlauf
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\AppData\Local\Anwendungsdaten
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Anwendungsdaten
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ___RD C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ___RD C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ____D C:\Users\marki_lokal\AppData\Roaming\Adobe
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ____D C:\Users\marki_lokal\AppData\Local\VirtualStore
2014-01-25 12:04 - 2014-01-25 12:03 - 00000000 ____D C:\Users\marki_lokal
2014-01-25 11:59 - 2014-01-25 11:59 - 00000000 ___HD C:\$SysReset
2014-01-25 11:27 - 2014-01-23 11:26 - 00000138 _____ C:\Users\rpmar_000\AppData\Roaming\WB.CFG
2014-01-23 13:58 - 2014-01-23 13:58 - 00001058 _____ C:\Users\Public\Desktop\PDF-XChange Editor.lnk
2014-01-23 13:58 - 2014-01-23 13:58 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\Tracker Software
2014-01-23 13:58 - 2014-01-23 13:58 - 00000000 ____D C:\Program Files\Tracker Software
2014-01-23 13:57 - 2014-01-23 10:51 - 00000000 ____D C:\ProgramData\Package Cache
2014-01-23 13:56 - 2014-01-23 13:56 - 00000000 ____D C:\Users\rpmar_000\Documents\PDF-Viewer
2014-01-23 13:56 - 2014-01-23 13:54 - 53393688 _____ C:\Users\rpmar_000\Downloads\PDFXVE3_3.0.307.1.zip
2014-01-23 12:14 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2014-01-23 11:41 - 2012-11-12 17:16 - 00000000 ___RD C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-23 11:27 - 2014-01-23 11:27 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperia Online
2014-01-23 11:27 - 2014-01-23 11:26 - 00002668 _____ C:\WINDOWS\System32\Tasks\Digital Sites
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\ATI
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\ATI
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D C:\ProgramData\ATI
2014-01-23 10:54 - 2013-08-22 15:44 - 00482800 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-23 10:54 - 2012-11-12 17:16 - 00000000 ___RD C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager
2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera
2014-01-23 10:53 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2014-01-23 10:53 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\Dism
2014-01-23 10:51 - 2014-01-23 10:51 - 00055441 _____ C:\WINDOWS\SysWOW64\CCCInstall_201401231051561539.log
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D C:\Program Files (x86)\Advanced Micro Devices, Inc
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D C:\AMD
2014-01-23 10:51 - 2013-10-17 14:03 - 00000000 ____D C:\Program Files\AMD
2014-01-23 10:46 - 2013-08-15 14:21 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-23 10:45 - 2012-12-12 11:45 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-23 10:40 - 2013-12-02 11:00 - 00000000 ____D C:\Program Files\WhoCrashed
2014-01-22 13:28 - 2014-01-22 13:28 - 00003118 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003092 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003090 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003062 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003060 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2014-01-22 12:07 - 2012-11-13 09:31 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\Adobe
2014-01-22 12:01 - 2013-10-17 14:16 - 00000650 __RSH C:\ProgramData\ntuser.pol
2014-01-22 11:52 - 2012-11-12 17:23 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-01-21 15:29 - 2014-01-21 15:28 - 28028590 _____ C:\Users\rpmar_000\Downloads\WIT-Photobox.zip
2014-01-21 11:17 - 2012-11-18 10:51 - 00001041 _____ C:\Users\rpmar_000\Desktop\Dropbox.lnk
2014-01-21 11:17 - 2012-11-18 10:47 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-21 10:44 - 2012-11-12 17:53 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\Microsoft Help
2014-01-17 12:16 - 2013-09-01 12:25 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\FileZilla
2014-01-17 11:52 - 2013-11-18 10:31 - 00000000 ____D C:\Program Files\Microsoft Office 15
2014-01-15 07:10 - 2012-11-21 17:05 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\Nero
2014-01-14 17:15 - 2012-11-22 13:49 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\Nero
2014-01-14 16:31 - 2012-11-14 16:57 - 00000000 ____D C:\ProgramData\CanonIJ
2014-01-10 10:56 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2014-01-09 11:27 - 2014-01-09 11:26 - 00000000 ____D C:\Users\rpmar_000\Documents\SEPA
2014-01-09 11:24 - 2014-01-09 11:24 - 00001095 _____ C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-01-09 11:24 - 2014-01-09 11:24 - 00001075 _____ C:\Users\Public\Desktop\PDF24 Fax.lnk
2014-01-09 11:24 - 2014-01-09 11:24 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\PDF24
2014-01-09 11:24 - 2014-01-09 11:24 - 00000000 ____D C:\Program Files (x86)\PDF24
2014-01-09 11:24 - 2014-01-09 11:23 - 16189768 _____ (Geek Software GmbH ) C:\Users\rpmar_000\Downloads\pdf24-creator-6.2.0.exe
2014-01-09 10:10 - 2014-01-09 10:10 - 00003442 _____ C:\Users\rpmar_000\Downloads\Antrag (16).xml
2014-01-07 10:42 - 2012-11-14 11:32 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\Google
2014-01-07 10:42 - 2012-11-14 11:32 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-07 10:41 - 2013-09-05 15:16 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014
2014-01-07 09:43 - 2014-01-07 09:43 - 00004857 _____ C:\WINDOWS\SysWOW64\jupdate-1.7.0_45-b18.log
2014-01-07 09:43 - 2014-01-07 09:43 - 00000000 ____D C:\ProgramData\Oracle
2014-01-07 09:43 - 2013-07-11 11:06 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-07 09:39 - 2013-11-27 11:42 - 00002125 _____ C:\Users\Public\Desktop\Nero MediaHome.lnk
2014-01-06 23:31 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-06 23:31 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-03 11:55 - 2014-01-25 16:45 - 24097311 _____ C:\Users\rpmar_000\Downloads\vlc-2.1.2-win32.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-31 14:17
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- [CODE] Code:
ATTFilter Shortcut Cleaner 1.2.8 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/
Windows Version: Windows 8.1 Pro with Media Center
Program started at: 01/31/2014 04:19:08 PM.
Scanning for registry hijacks:
* No issues found in the Registry.
Searching for Hijacked Shortcuts:
Searching C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\
Searching C:\ProgramData\Microsoft\Windows\Start Menu\
Searching C:\Users\rpmar_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\
Searching C:\Users\Public\Desktop\
Searching C:\Users\rpmar_000\Desktop
0 bad shortcuts found.
Program finished at: 01/31/2014 04:19:09 PM
Execution time: 0 hours(s), 0 minute(s), and 0 seconds(s)
Nehme ich den Haken raus, bleibt er dann auch draußen, egal was ich dann mache. Dann funktioniert alles normal. Was mir aufgefallen ist: nach dem Neustart geht auf dem Desktop für Bruchteile von Sekunden ein DOS-Fenster auf. Das Fenster scheint leer zu sein. Erkennen konnte ich nichts, weil es zu schnell wieder weg ist. |
|
31.01.2014, 18:23
| #18 |
| /// Malwareteam | Internetverbindung über Port 8877 unter WIN 8.1 Hi
__________________so jetzt seh ich das Übel  Es handelt sich um einen der zahlreichen TASKS die beim SYstemstart ausgeführt werden. Deshalb ist auch ruhe nachdem du die Einstellungen von hand resetet hast. Schritt 1 Deinstallation: Deinstalliere folgende Programme: Code:
ATTFilter Java 7 Update 25 (64-bit) (Version: 7.0.250 - Oracle)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Spybot - Search & Destroy
TuneUp Utilities 2014 (sinnlos und der RegCleaner gefährlich)
VLC media player 2.0.8 (x32 Version: 2.0.8 - VideoLAN)
VLC media player 2.1.1 (Version: 2.1.1 - VideoLAN)
Schritt 2 Fix: Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Task: C:\WINDOWS\Tasks\Digital Sites.job => C:\Users\RPMAR_~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {FBEC5806-6572-4908-9C72-F6A9DA9CFB0A} - System32\Tasks\Digital Sites => C:\Users\RPMAR_~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {F5951F5F-955F-4713-9AB8-F4A4D4DD5E56} - \RegClean Pro_DEFAULT No Task File
C:\Users\RPMAR_~1\AppData\Roaming\DIGITA~1\
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 3 Kontrolle: erstelle ein neuesFRST Logfile inkl. Adittions.txt und poste beide hier. Ist das Problem nach dem Neustart behoben?
__________________ |
|
01.02.2014, 16:29
| #19 |
| | Internetverbindung über Port 8877 unter WIN 8.1 Hier die Dateien: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2014 03
Ran by rpmarr at 2014-02-01 10:56:48
Running from C:\Users\rpmar_000\Documents\Malware\Neu
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
8GadgetPack (x32 Version: 8.0.1 - Helmut Buhler)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 - Deutsch (x32 Version: 9.5.5 - Adobe Systems Incorporated)
AirPort (x32 Version: 5.6.1.2 - Apple Inc.)
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
ANNO 1404 - Venedig (x32 Version: 2.01.5010 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
ANNO 1404 (x32 Version: 1.03.0000 - Ubisoft)
ANNO 2070 (x32 Version: 1.0.0.0 - Ubisoft)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Ashampoo WinOptimizer 10 v.10.3.0 (x32 Version: 10.03.00 - Ashampoo GmbH & Co. KG)
Avery Wizard 4.0 (x32 Version: 4.0.201 - Avery)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (x32 Version: - )
Canon IJ Network Scan Utility (x32 Version: - )
Canon IJ Network Tool (x32 Version: 3.1.1 - Canon Inc.)
Canon Kurzwahlprogramm (x32 Version: - )
Canon LBP3250 (Version: - )
Canon MP Navigator EX 3.1 (x32 Version: - )
Canon MP630 series Benutzerregistrierung (x32 Version: - )
Canon MP630 series MP Drivers (Version: - )
Canon MX870 series Benutzerregistrierung (x32 Version: - )
Canon MX870 series MP Drivers (Version: - Canon Inc.)
Canon Utilities My Printer (x32 Version: - )
Canon Utilities Solution Menu (x32 Version: - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 1.00.0000 - )
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CD-LabelPrint (x32 Version: - )
Cyberduck 14140 (4.4.3) (x32 Version: 14140 (4.4.3) - )
CyberLink PowerDVD 10 (x32 Version: 10.0.5223.54 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.5223.54 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Das große Franzis Paket Office - Office Vorlagen Teil 1 (x32 Version: - )
Das große Franzis Paket Office - Office Vorlagen Teil 2 (x32 Version: - )
Das große Franzis Paket Office - Office Vorlagen Teil 3 (x32 Version: - )
Deutschland Digital 1.0.0 (x32 Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Die Siedler 7 (x32 Version: 1.12.1396 - Ubisoft)
Dr. Hardware 2013 13.6d (x32 Version: - Peter A. Gebhard)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (x32 Version: - )
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
HWiNFO64 Version 4.24 (Version: 4.24 - Martin Malík - REALiX)
iCloud (Version: 3.1.0.40 - Apple Inc.)
ImgBurn (x32 Version: 2.5.8.0 - LIGHTNING UK!)
Inkjet Printer/Scanner Extended Survey Program (x32 Version: - )
IrfanView (remove only) (x32 Version: 4.35 - Irfan Skiljan)
iTunes (Version: 11.1.3.8 - Apple Inc.)
LetsTrade Komponenten (x32 Version: - )
Logitech SetPoint 6.61 (Version: 6.61.15 - Logitech)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2013 - de-de (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
Nero 12 (x32 Version: 12.0.02000 - Nero AG)
Nero 12 Content Pack (x32 Version: 12.0.00400 - Nero AG)
Nero 2014 (x32 Version: 15.0.02200 - Nero AG)
Nero Abstract Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero BackItUp (x32 Version: 12.5.11000 - Nero AG) Hidden
Nero BackItUp Help (CHM) (x32 Version: 12.0.13000 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20064 - Nero AG) Hidden
Nero Blu-ray Player Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero Burning Core (x32 Version: 15.0.25001 - Nero AG) Hidden
Nero Burning ROM (x32 Version: 12.5.6000 - Nero AG) Hidden
Nero Burning ROM (x32 Version: 15.0.25001 - Nero AG) Hidden
Nero Burning ROM Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Burning ROM Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden
Nero Cliparts (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.16700 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.23400 - Nero AG) Hidden
Nero CoverDesigner (x32 Version: 12.0.00900 - Nero AG)
Nero CoverDesigner (x32 Version: 12.0.11000 - Nero AG) Hidden
Nero CoverDesigner Help (CHM) (x32 Version: 12.0.2000 - Nero AG) Hidden
Nero Disc Menus 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus 2 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus 3 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc to Device (x32 Version: 15.0.12010 - Nero AG) Hidden
Nero Effects Basic (x32 Version: 15.0.10011 - Nero AG) Hidden
Nero Express (x32 Version: 12.5.7000 - Nero AG) Hidden
Nero Express (x32 Version: 15.0.25001 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 12.0.13000 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden
Nero Family and Events Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Football (Soccer) Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Holiday and Sports Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Image Samples (x32 Version: 15.0.10008 - Nero AG) Hidden
Nero Info (x32 Version: 15.1.0030 - Nero AG) Hidden
Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.2.7000 - Nero AG) Hidden
Nero Launcher (x32 Version: 15.0.12000 - Nero AG) Hidden
Nero MediaHome (x32 Version: 1.22.3600 - Nero AG) Hidden
Nero MediaHome Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden
Nero PiP Effects 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero PiP Effects Basic (x32 Version: 15.0.10008 - Nero AG) Hidden
Nero Platinum Effects 12 (x32 Version: 15.0.10011 - Nero AG) Hidden
Nero Prerequisite Installer 2.0 (x32 Version: 12.0.01000 - Nero AG)
Nero Recode (x32 Version: 12.5.6000 - Nero AG) Hidden
Nero Recode (x32 Version: 15.0.14000 - Nero AG) Hidden
Nero Recode Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero Recode Help (CHM) (x32 Version: 15.0.00018 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.11000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 15.0.2000 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero Retro Film Themes (x32 Version: 12.0.11700 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.15005 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.13300.42.0 - Nero AG) Hidden
Nero Video (x32 Version: 12.5.4000 - Nero AG) Hidden
Nero Video (x32 Version: 15.0.13000 - Nero AG) Hidden
Nero Video Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero Video Help (CHM) (x32 Version: 15.0.00018 - Nero AG) Hidden
Nero Video Samples (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Video Transitions 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NetDrive (x32 Version: 1.3.2.0 - Bdrive Inc.)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (x32 Version: 2.1.0.3 - NETGEAR)
Norton Internet Security (x32 Version: 21.1.0.18 - Symantec Corporation)
Nur Entfernen der CopyTrans Suite möglich (HKCU Version: 2.37 - WindSolutions)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Olympia Chronik 2014 (x32 Version: 1.00.0000 - USM)
Olympia Chronik 2014 (x32 Version: 1.00.0000 - USM) Hidden
PDF24 Creator 6.2.0 (x32 Version: - PDF24.org)
PDF-XChange Editor (Version: 3.0.307.1 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Editor (x32 Version: 3.0.307.1 - Tracker Software Products (Canada) Ltd.)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Sid Meier's Civilization V (x32 Version: - 2K Games, Inc.)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
StreamTransport version: 1.0.2.2171 (x32 Version: - )
SW Update (x32 Version: 2.1.3 - Samsung Electronics CO., LTD.)
sysTPL (x32 Version: 1.0.0 - Tlapia)
TechPowerUp GPU-Z (x32 Version: - TechPowerUp)
Top Set 2.00 (x32 Version: 2.00 - Aldarin)
True Image 2013 (x32 Version: 16.0.6514 - Acronis) Hidden
True Image 2013 Plus Pack (x32 Version: 16.0.6514 - Acronis)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3020.2 - TuneUp Software) Hidden
Ubisoft Game Launcher (x32 Version: 1.0.0.0 - UBISOFT)
Updater (x32 Version: 2.6.53 - Creative Island Media, LLC)
Welcome App (Start-up experience) (x32 Version: 12.0.15000 - Nero AG) Hidden
WhoCrashed 5.00 (Version: - Resplendence Software Projects Sp.)
Win8 x64Components v1.2.9 (Version: 1.2.9 - Shark007)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0 - win.rar GmbH)
WISO Mein Geld 2014 Professional (x32 Version: - Buhl Data Service GmbH)
WISO Mein Geld 2014 Professional (x32 Version: 16.0.1.0 - Buhl Data Service GmbH) Hidden
==================== Restore Points =========================
07-01-2014 08:42:57 Installed Java 7 Update 45
22-01-2014 10:44:06 Geplanter Prüfpunkt
23-01-2014 12:57:04 PDF-XChange Editor
25-01-2014 15:48:46 Installiert Olympia Chronik 2014
01-02-2014 09:17:07 Removed Java 7 Update 25 (64-bit)
==================== Hosts content: ==========================
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {09A3D889-2319-4A9C-B55F-18525B43DC56} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0CCC1B48-4AE5-48A7-A32D-F7A446F26E7B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {18ACF2B1-539D-4146-8DE0-47ACCB0BCF0D} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {223353EA-5D32-4540-9857-EC10B2C7467B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-01-23] (Microsoft Corporation)
Task: {277510B7-E9FD-41C5-A117-EA696DFC67F4} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {32715FC6-3161-482F-93B1-000D4D6277FD} - \RegClean Pro No Task File
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3EA2590F-6D23-4803-9EBD-2E69847AACE1} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {49032738-2A03-4DD7-B9DF-2E003EF89811} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {59764A79-6D71-4416-A55F-8AB04A36C97E} - \Advanced System Protector_startup No Task File
Task: {62831809-5F2D-4212-BF8D-ABC143E053AF} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6D8CDB08-6274-451A-A16A-595FF4E7447E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7AB829DF-0465-4987-9A49-C61CFE71EF2E} - \BackgroundContainer Startup Task No Task File
Task: {7BCFE1F4-B102-4A28-BA38-26C859BB0CF2} - System32\Tasks\RunAsStdUser Task => C:\Program Files\NetDrive\netdrive.exe [2013-02-27] (Bdrive Inc.)
Task: {7C740B59-0293-40FF-BFDB-BCE84FF65E9A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14] (Google Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {936F0DDB-0682-4158-ABD4-001D930163BC} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A02DBB75-27DC-466A-8DE9-8B2CA48DCFF7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-22] (Adobe Systems Incorporated)
Task: {A8A71CFB-555A-4BD1-A1CA-CD0978DB8113} - \Advanced System Protector No Task File
Task: {B1946E83-F46E-48CE-981B-1CCC5CC59F17} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Markis_Desktop-rpmarr Markis_Desktop => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-01-17] (Microsoft Corporation)
Task: {B35AFDBD-B259-4D9E-A568-0DE8C2F3B0A9} - \RegClean Pro_UPDATES No Task File
Task: {B4B0CA36-DA5C-42AE-B83D-1BF5ABD4AE43} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {B7D0CDC4-778C-4E4A-BDFF-773F11FCF472} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-11-01] (Samsung Electronics CO., LTD.)
Task: {CB2290CB-8E2D-462D-89A6-D24ADF205C59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14] (Google Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {D914B3CE-795A-400B-B00B-3CDE59B01DCF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DB548322-49B3-47DD-8CC9-38D0B40C6217} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F3B55CF3-3494-4A96-A82E-7B14A9EE6AB4} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG)
Task: {FEEAF85E-2059-43C0-B045-AE52158C82CA} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-03-22 09:08 - 2011-03-22 09:08 - 00161280 _____ () C:\Program Files\NetDrive\libexpat.dll
2013-11-18 10:31 - 2013-08-23 14:45 - 00386216 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-11-18 10:31 - 2013-10-31 09:08 - 00520872 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-11-18 10:31 - 2013-10-31 09:07 - 00618152 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-03-27 21:39 - 2013-03-27 21:39 - 00021824 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\x64\ti_managers_proxy_stub.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-18 14:42 - 2012-09-21 15:25 - 00380928 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-02-18 14:42 - 2012-09-18 09:34 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll
2013-11-18 10:31 - 2013-11-18 10:31 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-12-13 13:18 - 2014-01-17 11:42 - 00359592 _____ () C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
2013-03-27 23:37 - 2013-03-27 23:37 - 13627872 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\rpmar_000\AppData\Roaming\Dropbox\bin\libcef.dll
2013-11-18 10:31 - 2013-11-18 10:31 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2013-12-13 13:18 - 2014-01-17 11:42 - 00359592 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\c2r32.dll
2013-03-27 21:09 - 2013-03-27 21:09 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2013-11-18 10:32 - 2013-11-18 11:17 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2013-12-13 14:02 - 2014-01-17 11:48 - 00359592 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\c2r32.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\rpmar_000\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Could not start eventlog service, could not read events.
Der angeforderte Dienst wurde bereits gestartet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.
==================== Memory info ===========================
Percentage of memory in use: 16%
Total physical RAM: 16347.32 MB
Available physical RAM: 13721.75 MB
Total Pagefile: 32731.32 MB
Available Pagefile: 29800.76 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:237.96 GB) (Free:52.33 GB) NTFS
Drive d: () (Fixed) (Total:372.61 GB) (Free:124.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Volume) (Fixed) (Total:1863.01 GB) (Free:251.26 GB) NTFS
Drive f: (Volume) (Fixed) (Total:2794.39 GB) (Free:831.59 GB) NTFS
Drive z: () (Network) (Total:929.51 GB) (Free:420.95 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 373 GB) (Disk ID: D3CA27CC)
Partition 1: (Active) - (Size=373 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 238 GB) (Disk ID: 8C18BFF1)
Partition: GPT Partition Type
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 5D334ECE)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 3.
==================== End Of Log ============================
FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 03
Ran by rpmarr (administrator) on MARKIS_DESKTOP on 01-02-2014 10:56:30
Running from C:\Users\rpmar_000\Documents\Malware\Neu
Windows 8.1 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Bdrive Inc.) C:\Program Files\NetDrive\ndsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Tlapia) C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Tlapia) C:\Program Files (x86)\sysTPL\sysTPLService.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Dropbox, Inc.) C:\Users\rpmar_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotifications.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [CNAP2 Launcher] - C:\WINDOWS\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [406944 2008-04-08] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [517912 2013-02-15] (Acronis)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91096 2013-04-22] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-12-20] (cyberlink)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM-x32\...\Run: [AirPort Base Station Agent] - C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [NetDrive] - C:\Program Files\NetDrive\NetDrive.exe [3587072 2013-02-27] (Bdrive Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6405376 2013-03-27] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] - C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105848 2013-01-10] (Acronis)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1379490362-2251337210-4251339374-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1379490362-2251337210-4251339374-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1815976 2014-01-27] (Valve Corporation)
HKU\S-1-5-21-1379490362-2251337210-4251339374-1001\...\Run: [AppleIEDAV] - C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-1379490362-2251337210-4251339374-1001\...\Run: [DriveOnWeb Client] - "C:\Program Files\DriveOnWeb Client\DriveOnWeb.exe" /min /sleep=40
HKU\S-1-5-21-1379490362-2251337210-4251339374-1001\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-11-14] (Google Inc.)
Startup: C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\rpmar_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk
ShortcutTarget: Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8877;https=127.0.0.1:8877
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
FireFox:
========
FF ProfilePath: C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default
FF DefaultSearchEngine: Amazon
FF SearchEngineOrder.1: Amazon
FF SelectedSearchEngine: Amazon
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_ff_de_display?ie=UTF8&tagbase=bds-p07&tag=bds-p07-serp-de-ff-21&tbrId=v1_abb-channel-7_dd8d8fc999144474a9c45908a1be2ebb_30_46_20140123_DE_ff_ab_IS0&query=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: iCloud Bookmarks - C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default\Extensions\firefoxdav@icloud.com [2013-12-23]
FF Extension: {1fa09102-1f38-4f83-ba9c-e08baf230c89} - C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default\Extensions\{1fa09102-1f38-4f83-ba9c-e08baf230c89}.xpi [2013-11-07]
FF Extension: Video HTML5 Compiler Pro - C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default\Extensions\{368ac25b-6bc0-40e0-9e17-b88cf8cf1363}.xpi [2013-11-07]
FF Extension: Adblock Plus - C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-11]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-10-17]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-01-28]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Google Docs) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-07]
CHR Extension: (Google Drive) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-07]
CHR Extension: (YouTube) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-07]
CHR Extension: (Google Search) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-07]
CHR Extension: (Norton Identity Protection) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-07]
CHR Extension: (Google Wallet) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07]
CHR Extension: (Gmail) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-07]
CHR HKCU\...\Chrome\Extension: [cfigonhgidedenkkhlilmefgodjpefna] - C:\Users\rpmar_000\AppData\Local\CRE\cfigonhgidedenkkhlilmefgodjpefna.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [cfigonhgidedenkkhlilmefgodjpefna] - C:\Users\rpmar_000\AppData\Local\CRE\cfigonhgidedenkkhlilmefgodjpefna.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-29]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 ndsvc; C:\Program Files\NetDrive\ndsvc.exe [2789376 2013-02-27] (Bdrive Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 sysTPLMonitor.exe; C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe [395888 2013-11-28] (Tlapia)
R2 sysTPLService.exe; C:\Program Files (x86)\sysTPL\sysTPLService.exe [394352 2013-11-28] (Tlapia)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [305200 2012-09-18] ()
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-11-15] ()
R1 avfwot; C:\Windows\system32\DRIVERS\avfwot.sys [126792 2011-01-10] (Avira GmbH)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2014-01-21] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R2 DRHARD64; C:\WINDOWS\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHARD64; C:\WINDOWS\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHMSR64; C:\WINDOWS\system32\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R2 DRHMSR64; C:\WINDOWS\SysWOW64\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-28] (Symantec Corporation)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [31136 2013-10-18] (REALiX(tm))
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140131.001\IDSvia64.sys [521944 2014-01-27] (Symantec Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-11-15] ()
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140131.002\ENG64.SYS [126040 2014-01-31] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140131.002\EX64.SYS [2099288 2014-01-31] (Symantec Corporation)
S3 ndfs; C:\Program Files\NetDrive\ndfs.sys [63712 2013-02-09] (Bdrive Inc.)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 NPF; C:\Windows\system32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [47320 2013-07-29] (Realtek Microelectronics)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [29472 2012-09-05] (SerComm Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1501000.012\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-28] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-08-29] (Acronis International GmbH)
S0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2013-08-29] (Acronis)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [130320 2013-04-25] (CyberLink Corp.)
S3 DfSdkS;
S3 DRHARD; \??\C:\WINDOWS\system32\DRIVERS\DRHARD.SYS [x]
S2 sxuptp; \SystemRoot\System32\drivers\sxuptp.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-01 10:16 - 2014-02-01 10:16 - 00000085 _____ () C:\WINDOWS\wininit.ini
2014-01-31 16:19 - 2014-01-31 16:19 - 00001814 _____ () C:\sc-cleaner.txt
2014-01-31 16:18 - 2014-01-31 16:18 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\rpmar_000\Downloads\sc-cleaner.exe
2014-01-31 16:18 - 2014-01-31 16:18 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\rpmar_000\Desktop\sc-cleaner.exe
2014-01-31 14:35 - 2014-01-31 14:35 - 00000000 ____D () C:\Users\rpmar_000\Documents\ProcAlyzer Dumps
2014-01-31 14:31 - 2014-02-01 10:46 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-31 14:31 - 2014-02-01 10:16 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-01-31 14:31 - 2014-01-31 14:31 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-01-31 13:52 - 2014-01-31 13:53 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\rpmar_000\Downloads\spybot-2.2.25.exe
2014-01-31 13:33 - 2014-01-31 13:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-31 13:33 - 2014-01-31 13:33 - 00119000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-01-31 13:26 - 2014-01-31 13:45 - 00000000 ____D () C:\Users\rpmar_000\Desktop\mbar
2014-01-31 13:24 - 2014-01-31 13:33 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-31 13:23 - 2014-01-31 13:24 - 00000000 ____D () C:\Malewarebytes
2014-01-31 13:21 - 2014-01-31 13:21 - 12589848 _____ (Malwarebytes Corp.) C:\Users\rpmar_000\Downloads\mbar-1.07.0.1009.exe
2014-01-30 16:49 - 2014-01-30 14:05 - 02079744 _____ (Farbar) C:\Users\rpmar_000\Desktop\FRST64.exe
2014-01-30 16:08 - 2014-01-30 16:08 - 01804472 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2014-01-30 16:05 - 2014-01-30 16:05 - 00000964 _____ () C:\Users\rpmar_000\Desktop\JRT.txt
2014-01-30 16:00 - 2014-01-30 16:00 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-01-30 16:00 - 2014-01-30 15:59 - 01037068 _____ (Thisisu) C:\Users\rpmar_000\Desktop\JRT.exe
2014-01-30 15:59 - 2014-01-30 15:59 - 01037068 _____ (Thisisu) C:\Users\rpmar_000\Downloads\JRT.exe
2014-01-30 15:50 - 2014-01-30 13:13 - 01166132 _____ () C:\Users\rpmar_000\Desktop\adwcleaner.exe
2014-01-30 15:42 - 2014-01-30 21:35 - 00011252 _____ () C:\Users\rpmar_000\Documents\Einnahme_Ausgabe.xlsx
2014-01-30 14:17 - 2014-01-31 13:22 - 00000000 ____D () C:\Users\rpmar_000\Documents\Malware
2014-01-30 14:08 - 2014-01-30 16:53 - 00071262 _____ () C:\Users\rpmar_000\Desktop\FRST.txt
2014-01-30 14:06 - 2014-01-31 16:15 - 00073823 _____ () C:\Users\rpmar_000\Downloads\FRST.txt
2014-01-30 14:06 - 2014-01-31 16:15 - 00031870 _____ () C:\Users\rpmar_000\Downloads\Addition.txt
2014-01-30 14:06 - 2014-01-30 14:06 - 00000119 _____ () C:\Users\rpmar_000\Desktop\Addition.txt
2014-01-30 14:05 - 2014-02-01 10:56 - 00000000 ____D () C:\FRST
2014-01-30 14:05 - 2014-01-30 14:05 - 02079744 _____ (Farbar) C:\Users\rpmar_000\Downloads\FRST64.exe
2014-01-30 13:13 - 2014-01-30 13:13 - 01166132 _____ () C:\Users\rpmar_000\Downloads\adwcleaner.exe
2014-01-30 08:59 - 2014-01-30 08:59 - 00281136 _____ () C:\WINDOWS\Minidump\013014-7265-01.dmp
2014-01-29 20:53 - 2014-01-29 20:53 - 00009538 _____ () C:\Users\rpmar_000\Documents\Malware.txt
2014-01-29 16:55 - 2014-01-29 16:55 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-01-29 16:49 - 2014-01-29 16:49 - 00000000 ____D () C:\ProgramData\Websteroids
2014-01-29 16:45 - 2014-01-29 16:45 - 00675048 _____ () C:\Users\rpmar_000\Downloads\AdwCleaner_Setup_Download.exe
2014-01-29 16:44 - 2014-01-29 16:44 - 01166132 _____ () C:\Users\rpmar_000\Downloads\adwcleaner-3.018.exe
2014-01-29 16:39 - 2014-01-30 14:02 - 00000000 ____D () C:\ProgramData\Updater
2014-01-29 16:39 - 2014-01-30 14:02 - 00000000 ____D () C:\ProgramData\RHelpers
2014-01-29 16:10 - 2014-01-29 16:10 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Malwarebytes
2014-01-29 16:09 - 2014-02-01 10:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-29 16:09 - 2014-01-29 16:09 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 16:09 - 2014-01-29 16:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-29 16:09 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-01-29 15:09 - 2014-01-29 15:09 - 00004096 _____ () C:\Users\rpmar_000\Desktop\ipdetails.txt
2014-01-29 15:02 - 2014-01-29 15:02 - 00003475 _____ () C:\Users\rpmar_000\Desktop\ipdetails1.txt
2014-01-28 18:20 - 2014-01-28 18:20 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-01-28 18:19 - 2014-01-28 18:19 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-01-28 18:19 - 2014-01-28 18:19 - 00008222 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-01-28 18:19 - 2014-01-28 18:19 - 00002597 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-01-28 18:19 - 2014-01-28 18:19 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-01-28 18:10 - 2014-01-28 18:15 - 204480336 ____N (Symantec Corporation) C:\Users\rpmar_000\Downloads\NIS-ESD-21.1.0-GE.exe
2014-01-28 17:55 - 2014-01-28 18:47 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\LogMeIn Rescue Applet
2014-01-28 17:55 - 2014-01-28 17:55 - 00002285 _____ () C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Symantec.lnk
2014-01-28 15:20 - 2014-01-28 15:28 - 00101386 _____ () C:\Users\rpmar_000\Desktop\sfcdetails.txt
2014-01-28 15:08 - 2014-01-28 15:08 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\PackageStaging
2014-01-28 13:00 - 2014-01-28 14:16 - 00051811 _____ () C:\Users\rpmar_000\Documents\sfcdetails.txt
2014-01-28 08:55 - 2014-01-28 08:57 - 00216999 _____ () C:\Users\rpmar_000\Desktop\ProjStat_GCD_RPMarr.xlsx
2014-01-25 16:49 - 2014-01-25 16:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\AIM
2014-01-25 16:49 - 2003-12-04 15:58 - 00000696 _____ () C:\WINDOWS\SysWOW64\jetodbc.rsp
2014-01-25 16:49 - 2002-12-11 19:12 - 00760968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSDMOD.DLL
2014-01-25 16:49 - 2002-12-11 19:12 - 00316040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DMOD.DLL
2014-01-25 16:49 - 2002-12-11 19:10 - 00816264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDMOD.DLL
2014-01-25 16:49 - 2002-12-11 17:34 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DMOD.DLL
2014-01-25 16:49 - 2002-12-11 15:16 - 00384512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDMOD.DLL
2014-01-25 16:49 - 2002-08-29 03:43 - 00278559 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMV8DS32.AX
2014-01-25 16:49 - 2002-08-29 03:43 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDS32.AX
2014-01-25 16:49 - 2002-08-29 03:43 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSADDS32.AX
2014-01-25 16:49 - 2002-04-29 19:47 - 00121160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscal.ocx
2014-01-25 16:49 - 2000-06-13 00:00 - 01046288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJET35.DLL
2014-01-25 16:49 - 2000-06-13 00:00 - 00415504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSREPL35.DLL
2014-01-25 16:49 - 1999-03-05 22:15 - 00074000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrclr40.dll
2014-01-25 16:49 - 1999-03-05 22:15 - 00028944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrecr40.dll
2014-01-25 16:49 - 1998-04-24 00:00 - 00368912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBAR332.DLL
2014-01-25 16:49 - 1998-04-24 00:00 - 00148240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJINT35.DLL
2014-01-25 16:49 - 1997-07-01 10:45 - 00250128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSEXCL35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00330000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSEXCH35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00287504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSXBSE35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00252176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSRD2X35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00250128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPDOX35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00166160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSLTUS35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00165648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSTEXT35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00024848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJTER35.DLL
2014-01-25 16:48 - 2014-01-25 16:48 - 00002116 _____ () C:\Users\Public\Desktop\Olympia Chronik 2014.lnk
2014-01-25 16:46 - 2014-01-25 16:46 - 00000000 ____D () C:\Program Files (x86)\USM
2014-01-25 16:45 - 2014-01-03 11:55 - 24097311 _____ () C:\Users\rpmar_000\Downloads\vlc-2.1.2-win32.exe
2014-01-25 16:44 - 2014-01-27 11:45 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-01-25 16:44 - 2014-01-25 16:44 - 00002268 _____ () C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO10).lnk
2014-01-25 16:44 - 2014-01-25 16:44 - 00001246 _____ () C:\Users\Public\Desktop\Ashampoo WinOptimizer 10.lnk
2014-01-25 16:44 - 2014-01-25 16:44 - 00000214 _____ () C:\Users\Public\Desktop\Your Software Deals.url
2014-01-25 16:44 - 2014-01-25 16:44 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-01-25 16:44 - 2009-08-24 21:13 - 00034304 _____ (mst software GmbH, Germany) C:\WINDOWS\system32\DfSdkBt.exe
2014-01-25 16:37 - 2014-01-28 18:56 - 00000000 ____D () C:\Program Files (x86)\Dr. Hardware 2013
2014-01-25 16:37 - 2014-01-25 16:37 - 00000996 _____ () C:\Users\rpmar_000\Desktop\Dr. Hardware 2013.lnk
2014-01-25 16:37 - 2014-01-25 16:37 - 00000996 _____ () C:\Users\marki_lokal\Desktop\Dr. Hardware 2013.lnk
2014-01-25 16:37 - 2013-07-21 17:41 - 00013760 _____ () C:\WINDOWS\SysWOW64\Drivers\DRHMSR64.sys
2014-01-25 16:37 - 2013-07-21 17:41 - 00013760 _____ () C:\WINDOWS\system32\Drivers\DRHMSR64.sys
2014-01-25 16:37 - 2011-11-03 18:05 - 00021984 _____ (Licensed for Gebhard Software) C:\WINDOWS\SysWOW64\Drivers\DRHARD64.sys
2014-01-25 16:37 - 2011-11-03 18:05 - 00021984 _____ (Licensed for Gebhard Software) C:\WINDOWS\system32\Drivers\DRHARD64.sys
2014-01-25 15:30 - 2014-01-25 15:30 - 00023489 _____ () C:\Users\rpmar_000\Documents\Transsib.txt
2014-01-25 13:29 - 2014-01-25 13:41 - 00000000 ____D () C:\Users\rpmar_000\Desktop\Neuer Ordner
2014-01-25 12:09 - 2014-01-25 12:09 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1379490362-2251337210-4251339374-1005
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D () C:\Users\marki_lokal\AppData\Roaming\Logitech
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D () C:\Users\marki_lokal\AppData\Roaming\ATI
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D () C:\Users\marki_lokal\AppData\Local\ATI
2014-01-25 12:04 - 2014-01-25 12:05 - 00000000 ____D () C:\Users\marki_lokal\AppData\Local\Packages
2014-01-25 12:04 - 2014-01-25 12:04 - 00001454 _____ () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-25 12:04 - 2014-01-25 12:04 - 00000020 ___SH () C:\Users\marki_lokal\ntuser.ini
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Vorlagen
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Startmenü
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Netzwerkumgebung
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Lokale Einstellungen
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Eigene Dateien
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Druckumgebung
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Documents\Eigene Musik
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Documents\Eigene Bilder
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\AppData\Local\Verlauf
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\AppData\Local\Anwendungsdaten
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Anwendungsdaten
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ___RD () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ___RD () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ____D () C:\Users\marki_lokal\AppData\Roaming\Adobe
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ____D () C:\Users\marki_lokal\AppData\Local\VirtualStore
2014-01-25 12:03 - 2014-01-25 12:04 - 00000000 ____D () C:\Users\marki_lokal
2014-01-25 12:03 - 2013-10-17 14:07 - 00000000 ____D () C:\Users\marki_lokal\AppData\Local\Microsoft Help
2014-01-25 12:03 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-25 12:03 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-25 12:03 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-01-25 12:03 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-25 11:59 - 2014-01-25 11:59 - 00000000 ___HD () C:\$SysReset
2014-01-23 13:58 - 2014-01-23 13:58 - 00001058 _____ () C:\Users\Public\Desktop\PDF-XChange Editor.lnk
2014-01-23 13:58 - 2014-01-23 13:58 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Tracker Software
2014-01-23 13:58 - 2014-01-23 13:58 - 00000000 ____D () C:\Program Files\Tracker Software
2014-01-23 13:56 - 2014-01-23 13:56 - 00000000 ____D () C:\Users\rpmar_000\Documents\PDF-Viewer
2014-01-23 13:54 - 2014-01-23 13:56 - 53393688 _____ () C:\Users\rpmar_000\Downloads\PDFXVE3_3.0.307.1.zip
2014-01-23 11:39 - 2014-01-30 15:52 - 00000000 ____D () C:\AdwCleaner
2014-01-23 11:27 - 2014-01-23 11:27 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperia Online
2014-01-23 11:27 - 2012-07-25 12:03 - 00016896 _____ () C:\WINDOWS\system32\sasnative64.exe
2014-01-23 11:26 - 2014-01-25 11:27 - 00000138 _____ () C:\Users\rpmar_000\AppData\Roaming\WB.CFG
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\ATI
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\ATI
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D () C:\ProgramData\ATI
2014-01-23 10:51 - 2014-01-23 13:57 - 00000000 ____D () C:\ProgramData\Package Cache
2014-01-23 10:51 - 2014-01-23 10:51 - 00055441 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201401231051561539.log
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D () C:\Program Files (x86)\Advanced Micro Devices, Inc
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D () C:\AMD
2014-01-23 10:48 - 2013-12-09 01:34 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-01-23 10:48 - 2013-12-09 01:04 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-01-23 10:48 - 2013-11-27 16:34 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2014-01-23 10:48 - 2013-11-27 16:27 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-01-23 10:48 - 2013-11-27 15:00 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-01-23 10:48 - 2013-11-27 14:47 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2014-01-23 10:48 - 2013-11-27 13:02 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys
2014-01-23 10:48 - 2013-11-27 11:54 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-01-23 10:48 - 2013-11-27 11:24 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2014-01-23 10:48 - 2013-11-27 11:08 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-01-23 10:48 - 2013-11-27 10:46 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2014-01-23 10:48 - 2013-11-27 10:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2014-01-23 10:48 - 2013-11-27 10:17 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-01-23 10:48 - 2013-11-27 10:10 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2014-01-23 10:48 - 2013-11-27 09:58 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-01-23 10:48 - 2013-11-27 09:56 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2014-01-23 10:48 - 2013-11-27 09:20 - 04106240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-01-23 10:48 - 2013-11-27 05:01 - 00385614 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-01-23 10:48 - 2013-11-26 14:22 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-01-23 10:48 - 2013-11-26 14:20 - 02131120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-01-23 10:48 - 2013-11-26 14:20 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-01-23 10:48 - 2013-11-26 14:20 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcmde.dll
2014-01-23 10:48 - 2013-11-26 14:20 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-01-23 10:48 - 2013-11-26 12:50 - 01371312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-01-23 10:48 - 2013-11-26 12:44 - 02142936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-01-23 10:48 - 2013-11-26 12:44 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-01-23 10:48 - 2013-11-26 11:13 - 04191232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-01-23 10:48 - 2013-11-26 10:21 - 18577920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-01-23 10:48 - 2013-11-26 09:28 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-01-23 10:48 - 2013-11-25 02:45 - 00142680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-01-23 10:48 - 2013-11-25 02:32 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-01-23 10:48 - 2013-11-25 00:30 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-01-23 10:48 - 2013-11-25 00:28 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-01-23 10:48 - 2013-11-23 13:47 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-01-23 10:48 - 2013-11-23 12:49 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-01-23 10:48 - 2013-11-23 09:19 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-01-23 10:48 - 2013-11-23 08:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
2014-01-23 10:48 - 2013-11-23 08:13 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2014-01-23 10:48 - 2013-11-23 08:08 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-01-23 10:48 - 2013-11-23 05:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-01-23 10:48 - 2013-11-23 04:57 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-01-23 10:48 - 2013-11-23 04:48 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-01-23 10:48 - 2013-11-23 04:25 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-01-23 10:48 - 2013-11-23 04:25 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-01-23 10:48 - 2013-11-23 04:19 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-01-23 10:48 - 2013-11-23 04:15 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-01-23 10:48 - 2013-11-21 07:58 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll
2014-01-23 10:48 - 2013-11-21 07:26 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-01-23 10:48 - 2013-11-16 06:11 - 00764856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-01-23 10:48 - 2013-11-15 19:19 - 00669344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-01-23 10:48 - 2013-11-15 15:59 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2014-01-23 10:48 - 2013-11-15 15:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2014-01-23 10:48 - 2013-11-15 15:08 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-01-23 10:48 - 2013-11-15 14:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-01-23 10:48 - 2013-11-05 21:12 - 02551128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-01-23 10:48 - 2013-10-31 01:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-01-23 10:48 - 2013-10-31 00:41 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-01-23 10:47 - 2013-12-11 08:55 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-01-23 10:47 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-23 10:47 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-23 10:47 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-23 10:47 - 2013-11-27 11:34 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-01-23 10:47 - 2013-11-27 10:54 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-23 10:47 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-23 10:47 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-23 10:47 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-23 10:47 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-23 10:47 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-23 10:47 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-22 13:28 - 2014-01-22 13:28 - 00003118 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003092 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003062 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003060 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-01-21 15:28 - 2014-01-21 15:29 - 28028590 _____ () C:\Users\rpmar_000\Downloads\WIT-Photobox.zip
2014-01-09 11:26 - 2014-01-09 11:27 - 00000000 ____D () C:\Users\rpmar_000\Documents\SEPA
2014-01-09 11:24 - 2014-01-09 11:24 - 00001095 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-01-09 11:24 - 2014-01-09 11:24 - 00001075 _____ () C:\Users\Public\Desktop\PDF24 Fax.lnk
2014-01-09 11:24 - 2014-01-09 11:24 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\PDF24
2014-01-09 11:24 - 2014-01-09 11:24 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-01-09 11:23 - 2014-01-09 11:24 - 16189768 _____ (Geek Software GmbH ) C:\Users\rpmar_000\Downloads\pdf24-creator-6.2.0.exe
2014-01-09 10:10 - 2014-01-09 10:10 - 00003442 _____ () C:\Users\rpmar_000\Downloads\Antrag (16).xml
2014-01-07 15:46 - 2013-12-19 16:16 - 01812992 _____ () C:\Users\rpmar_000\Downloads\ProjStat_GCD_RPMarr_bis_12.12.12.xls
2014-01-07 10:42 - 2014-02-01 10:53 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-07 09:43 - 2014-01-07 09:43 - 00004857 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_45-b18.log
2014-01-07 09:43 - 2014-01-07 09:43 - 00000000 ____D () C:\ProgramData\Oracle
==================== One Month Modified Files and Folders =======
2014-02-01 10:56 - 2014-01-30 14:05 - 00000000 ____D () C:\FRST
2014-02-01 10:56 - 2013-10-17 14:16 - 00000000 __RDO () C:\Users\rpmar_000\SkyDrive
2014-02-01 10:56 - 2013-09-30 05:14 - 01812910 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-01 10:56 - 2013-09-30 04:58 - 00782352 _____ () C:\WINDOWS\system32\perfh007.dat
2014-02-01 10:56 - 2013-09-30 04:58 - 00164592 _____ () C:\WINDOWS\system32\perfc007.dat
2014-02-01 10:56 - 2012-11-12 17:22 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1379490362-2251337210-4251339374-1001
2014-02-01 10:53 - 2014-01-07 10:42 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-01 10:53 - 2012-11-12 17:23 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-01 10:51 - 2013-10-17 14:09 - 01923795 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-01 10:51 - 2013-09-29 20:05 - 00502498 _____ () C:\WINDOWS\PFRO.log
2014-02-01 10:51 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-01 10:51 - 2012-12-11 18:25 - 00159912 _____ () C:\ndsvc.log
2014-02-01 10:51 - 2012-11-18 10:51 - 00000000 ___RD () C:\Users\rpmar_000\Dropbox
2014-02-01 10:51 - 2012-11-18 10:46 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Dropbox
2014-02-01 10:51 - 2012-11-14 11:32 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-01 10:50 - 2013-08-22 14:25 - 06553600 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-01 10:49 - 2013-09-26 12:45 - 00000000 ____D () C:\Program Files\VideoLAN
2014-02-01 10:48 - 2012-11-12 17:33 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-02-01 10:47 - 2012-11-14 12:37 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-02-01 10:46 - 2014-01-31 14:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-01 10:45 - 2012-11-12 15:30 - 00000000 ____D () C:\Users\rpmar_000\Documents\WISO Mein Geld
2014-02-01 10:45 - 2012-11-12 15:19 - 00000000 ____D () C:\Users\rpmar_000\Documents\Outlook-Dateien
2014-02-01 10:44 - 2014-01-29 16:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-01 10:44 - 2013-11-12 11:42 - 00000000 ____D () C:\Program Files (x86)\sysTPL
2014-02-01 10:18 - 2013-10-22 08:58 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\E7546975-342B-4B7C-A126-4E5CA701679A.aplzod
2014-02-01 10:17 - 2012-11-14 11:32 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-01 10:16 - 2014-02-01 10:16 - 00000085 _____ () C:\WINDOWS\wininit.ini
2014-02-01 10:16 - 2014-01-31 14:31 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-01 10:13 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-01-31 16:27 - 2013-12-04 10:22 - 00000000 ____D () C:\Program Files\DriveOnWeb Client
2014-01-31 16:19 - 2014-01-31 16:19 - 00001814 _____ () C:\sc-cleaner.txt
2014-01-31 16:18 - 2014-01-31 16:18 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\rpmar_000\Downloads\sc-cleaner.exe
2014-01-31 16:18 - 2014-01-31 16:18 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\rpmar_000\Desktop\sc-cleaner.exe
2014-01-31 16:15 - 2014-01-30 14:06 - 00073823 _____ () C:\Users\rpmar_000\Downloads\FRST.txt
2014-01-31 16:15 - 2014-01-30 14:06 - 00031870 _____ () C:\Users\rpmar_000\Downloads\Addition.txt
2014-01-31 14:35 - 2014-01-31 14:35 - 00000000 ____D () C:\Users\rpmar_000\Documents\ProcAlyzer Dumps
2014-01-31 14:31 - 2014-01-31 14:31 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-01-31 14:06 - 2012-11-12 08:56 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\Packages
2014-01-31 13:53 - 2014-01-31 13:52 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\rpmar_000\Downloads\spybot-2.2.25.exe
2014-01-31 13:45 - 2014-01-31 13:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-31 13:45 - 2014-01-31 13:26 - 00000000 ____D () C:\Users\rpmar_000\Desktop\mbar
2014-01-31 13:33 - 2014-01-31 13:33 - 00119000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-01-31 13:33 - 2014-01-31 13:24 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-31 13:24 - 2014-01-31 13:23 - 00000000 ____D () C:\Malewarebytes
2014-01-31 13:22 - 2014-01-30 14:17 - 00000000 ____D () C:\Users\rpmar_000\Documents\Malware
2014-01-31 13:21 - 2014-01-31 13:21 - 12589848 _____ (Malwarebytes Corp.) C:\Users\rpmar_000\Downloads\mbar-1.07.0.1009.exe
2014-01-30 21:35 - 2014-01-30 15:42 - 00011252 _____ () C:\Users\rpmar_000\Documents\Einnahme_Ausgabe.xlsx
2014-01-30 16:53 - 2014-01-30 14:08 - 00071262 _____ () C:\Users\rpmar_000\Desktop\FRST.txt
2014-01-30 16:08 - 2014-01-30 16:08 - 01804472 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2014-01-30 16:05 - 2014-01-30 16:05 - 00000964 _____ () C:\Users\rpmar_000\Desktop\JRT.txt
2014-01-30 16:00 - 2014-01-30 16:00 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-01-30 15:59 - 2014-01-30 16:00 - 01037068 _____ (Thisisu) C:\Users\rpmar_000\Desktop\JRT.exe
2014-01-30 15:59 - 2014-01-30 15:59 - 01037068 _____ (Thisisu) C:\Users\rpmar_000\Downloads\JRT.exe
2014-01-30 15:52 - 2014-01-23 11:39 - 00000000 ____D () C:\AdwCleaner
2014-01-30 14:06 - 2014-01-30 14:06 - 00000119 _____ () C:\Users\rpmar_000\Desktop\Addition.txt
2014-01-30 14:05 - 2014-01-30 16:49 - 02079744 _____ (Farbar) C:\Users\rpmar_000\Desktop\FRST64.exe
2014-01-30 14:05 - 2014-01-30 14:05 - 02079744 _____ (Farbar) C:\Users\rpmar_000\Downloads\FRST64.exe
2014-01-30 14:03 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-01-30 14:02 - 2014-01-29 16:39 - 00000000 ____D () C:\ProgramData\Updater
2014-01-30 14:02 - 2014-01-29 16:39 - 00000000 ____D () C:\ProgramData\RHelpers
2014-01-30 13:13 - 2014-01-30 15:50 - 01166132 _____ () C:\Users\rpmar_000\Desktop\adwcleaner.exe
2014-01-30 13:13 - 2014-01-30 13:13 - 01166132 _____ () C:\Users\rpmar_000\Downloads\adwcleaner.exe
2014-01-30 12:11 - 2013-10-17 14:05 - 00000000 ____D () C:\Users\rpmar_000
2014-01-30 08:59 - 2014-01-30 08:59 - 00281136 _____ () C:\WINDOWS\Minidump\013014-7265-01.dmp
2014-01-30 08:59 - 2013-12-02 10:42 - 2056067440 _____ () C:\WINDOWS\MEMORY.DMP
2014-01-30 08:59 - 2013-12-02 10:42 - 00000000 ____D () C:\WINDOWS\Minidump
2014-01-30 08:59 - 2013-08-22 15:46 - 00299670 _____ () C:\WINDOWS\setupact.log
2014-01-29 20:53 - 2014-01-29 20:53 - 00009538 _____ () C:\Users\rpmar_000\Documents\Malware.txt
2014-01-29 16:55 - 2014-01-29 16:55 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-01-29 16:49 - 2014-01-29 16:49 - 00000000 ____D () C:\ProgramData\Websteroids
2014-01-29 16:45 - 2014-01-29 16:45 - 00675048 _____ () C:\Users\rpmar_000\Downloads\AdwCleaner_Setup_Download.exe
2014-01-29 16:44 - 2014-01-29 16:44 - 01166132 _____ () C:\Users\rpmar_000\Downloads\adwcleaner-3.018.exe
2014-01-29 16:10 - 2014-01-29 16:10 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Malwarebytes
2014-01-29 16:09 - 2014-01-29 16:09 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 16:09 - 2014-01-29 16:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-29 15:43 - 2013-07-08 15:28 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-01-29 15:09 - 2014-01-29 15:09 - 00004096 _____ () C:\Users\rpmar_000\Desktop\ipdetails.txt
2014-01-29 15:02 - 2014-01-29 15:02 - 00003475 _____ () C:\Users\rpmar_000\Desktop\ipdetails1.txt
2014-01-29 11:42 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-01-28 18:56 - 2014-01-25 16:37 - 00000000 ____D () C:\Program Files (x86)\Dr. Hardware 2013
2014-01-28 18:47 - 2014-01-28 17:55 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\LogMeIn Rescue Applet
2014-01-28 18:46 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-01-28 18:20 - 2014-01-28 18:20 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-01-28 18:19 - 2014-01-28 18:19 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-01-28 18:19 - 2014-01-28 18:19 - 00008222 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-01-28 18:19 - 2014-01-28 18:19 - 00002597 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-01-28 18:19 - 2014-01-28 18:19 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-01-28 18:19 - 2012-12-11 10:33 - 00003234 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration
2014-01-28 18:19 - 2012-12-11 10:33 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-01-28 18:19 - 2012-12-11 10:30 - 00000000 ____D () C:\ProgramData\Norton
2014-01-28 18:15 - 2014-01-28 18:10 - 204480336 ____N (Symantec Corporation) C:\Users\rpmar_000\Downloads\NIS-ESD-21.1.0-GE.exe
2014-01-28 17:55 - 2014-01-28 17:55 - 00002285 _____ () C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Symantec.lnk
2014-01-28 15:28 - 2014-01-28 15:20 - 00101386 _____ () C:\Users\rpmar_000\Desktop\sfcdetails.txt
2014-01-28 15:17 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-01-28 15:12 - 2012-12-11 18:25 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\CrashDumps
2014-01-28 15:08 - 2014-01-28 15:08 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\PackageStaging
2014-01-28 14:16 - 2014-01-28 13:00 - 00051811 _____ () C:\Users\rpmar_000\Documents\sfcdetails.txt
2014-01-28 08:57 - 2014-01-28 08:55 - 00216999 _____ () C:\Users\rpmar_000\Desktop\ProjStat_GCD_RPMarr.xlsx
2014-01-28 08:54 - 2013-01-10 13:28 - 00217029 _____ () C:\Users\rpmar_000\Downloads\ProjStat_GCD_RPMarr.xlsx
2014-01-27 17:17 - 2013-12-02 13:48 - 00000000 __SHD () C:\Users\rpmar_000\wc
2014-01-27 11:45 - 2014-01-25 16:44 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-01-25 16:49 - 2014-01-25 16:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\AIM
2014-01-25 16:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Macromed
2014-01-25 16:49 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-01-25 16:48 - 2014-01-25 16:48 - 00002116 _____ () C:\Users\Public\Desktop\Olympia Chronik 2014.lnk
2014-01-25 16:48 - 2012-11-12 18:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-25 16:46 - 2014-01-25 16:46 - 00000000 ____D () C:\Program Files (x86)\USM
2014-01-25 16:44 - 2014-01-25 16:44 - 00002268 _____ () C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO10).lnk
2014-01-25 16:44 - 2014-01-25 16:44 - 00001246 _____ () C:\Users\Public\Desktop\Ashampoo WinOptimizer 10.lnk
2014-01-25 16:44 - 2014-01-25 16:44 - 00000214 _____ () C:\Users\Public\Desktop\Your Software Deals.url
2014-01-25 16:44 - 2014-01-25 16:44 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-01-25 16:37 - 2014-01-25 16:37 - 00000996 _____ () C:\Users\rpmar_000\Desktop\Dr. Hardware 2013.lnk
2014-01-25 16:37 - 2014-01-25 16:37 - 00000996 _____ () C:\Users\marki_lokal\Desktop\Dr. Hardware 2013.lnk
2014-01-25 16:31 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Registration
2014-01-25 15:30 - 2014-01-25 15:30 - 00023489 _____ () C:\Users\rpmar_000\Documents\Transsib.txt
2014-01-25 13:41 - 2014-01-25 13:29 - 00000000 ____D () C:\Users\rpmar_000\Desktop\Neuer Ordner
2014-01-25 12:09 - 2014-01-25 12:09 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1379490362-2251337210-4251339374-1005
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D () C:\Users\marki_lokal\AppData\Roaming\Logitech
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D () C:\Users\marki_lokal\AppData\Roaming\ATI
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D () C:\Users\marki_lokal\AppData\Local\ATI
2014-01-25 12:05 - 2014-01-25 12:04 - 00000000 ____D () C:\Users\marki_lokal\AppData\Local\Packages
2014-01-25 12:04 - 2014-01-25 12:04 - 00001454 _____ () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-25 12:04 - 2014-01-25 12:04 - 00000020 ___SH () C:\Users\marki_lokal\ntuser.ini
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Vorlagen
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Startmenü
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Netzwerkumgebung
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Lokale Einstellungen
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Eigene Dateien
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Druckumgebung
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Documents\Eigene Musik
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Documents\Eigene Bilder
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\AppData\Local\Verlauf
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\AppData\Local\Anwendungsdaten
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Anwendungsdaten
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ___RD () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ___RD () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ____D () C:\Users\marki_lokal\AppData\Roaming\Adobe
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ____D () C:\Users\marki_lokal\AppData\Local\VirtualStore
2014-01-25 12:04 - 2014-01-25 12:03 - 00000000 ____D () C:\Users\marki_lokal
2014-01-25 11:59 - 2014-01-25 11:59 - 00000000 ___HD () C:\$SysReset
2014-01-25 11:27 - 2014-01-23 11:26 - 00000138 _____ () C:\Users\rpmar_000\AppData\Roaming\WB.CFG
2014-01-23 13:58 - 2014-01-23 13:58 - 00001058 _____ () C:\Users\Public\Desktop\PDF-XChange Editor.lnk
2014-01-23 13:58 - 2014-01-23 13:58 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Tracker Software
2014-01-23 13:58 - 2014-01-23 13:58 - 00000000 ____D () C:\Program Files\Tracker Software
2014-01-23 13:57 - 2014-01-23 10:51 - 00000000 ____D () C:\ProgramData\Package Cache
2014-01-23 13:56 - 2014-01-23 13:56 - 00000000 ____D () C:\Users\rpmar_000\Documents\PDF-Viewer
2014-01-23 13:56 - 2014-01-23 13:54 - 53393688 _____ () C:\Users\rpmar_000\Downloads\PDFXVE3_3.0.307.1.zip
2014-01-23 12:14 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-01-23 11:41 - 2012-11-12 17:16 - 00000000 ___RD () C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-23 11:27 - 2014-01-23 11:27 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperia Online
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\ATI
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\ATI
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D () C:\ProgramData\ATI
2014-01-23 10:54 - 2013-08-22 15:44 - 00482800 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-23 10:54 - 2012-11-12 17:16 - 00000000 ___RD () C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-01-23 10:53 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-01-23 10:53 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-01-23 10:51 - 2014-01-23 10:51 - 00055441 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201401231051561539.log
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D () C:\Program Files (x86)\Advanced Micro Devices, Inc
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D () C:\AMD
2014-01-23 10:51 - 2013-10-17 14:03 - 00000000 ____D () C:\Program Files\AMD
2014-01-23 10:46 - 2013-08-15 14:21 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-01-23 10:45 - 2012-12-12 11:45 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-23 10:40 - 2013-12-02 11:00 - 00000000 ____D () C:\Program Files\WhoCrashed
2014-01-22 13:28 - 2014-01-22 13:28 - 00003118 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003092 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003062 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003060 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-01-22 12:07 - 2012-11-13 09:31 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\Adobe
2014-01-22 12:01 - 2013-10-17 14:16 - 00000650 __RSH () C:\ProgramData\ntuser.pol
2014-01-22 11:52 - 2012-11-12 17:23 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-01-21 15:29 - 2014-01-21 15:28 - 28028590 _____ () C:\Users\rpmar_000\Downloads\WIT-Photobox.zip
2014-01-21 11:17 - 2012-11-18 10:51 - 00001041 _____ () C:\Users\rpmar_000\Desktop\Dropbox.lnk
2014-01-21 11:17 - 2012-11-18 10:47 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-21 10:44 - 2012-11-12 17:53 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\Microsoft Help
2014-01-17 12:16 - 2013-09-01 12:25 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\FileZilla
2014-01-17 11:52 - 2013-11-18 10:31 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-01-15 07:10 - 2012-11-21 17:05 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Nero
2014-01-14 17:15 - 2012-11-22 13:49 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\Nero
2014-01-14 16:31 - 2012-11-14 16:57 - 00000000 ____D () C:\ProgramData\CanonIJ
2014-01-10 10:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-01-09 11:27 - 2014-01-09 11:26 - 00000000 ____D () C:\Users\rpmar_000\Documents\SEPA
2014-01-09 11:24 - 2014-01-09 11:24 - 00001095 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-01-09 11:24 - 2014-01-09 11:24 - 00001075 _____ () C:\Users\Public\Desktop\PDF24 Fax.lnk
2014-01-09 11:24 - 2014-01-09 11:24 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\PDF24
2014-01-09 11:24 - 2014-01-09 11:24 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-01-09 11:24 - 2014-01-09 11:23 - 16189768 _____ (Geek Software GmbH ) C:\Users\rpmar_000\Downloads\pdf24-creator-6.2.0.exe
2014-01-09 10:10 - 2014-01-09 10:10 - 00003442 _____ () C:\Users\rpmar_000\Downloads\Antrag (16).xml
2014-01-07 10:42 - 2012-11-14 11:32 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\Google
2014-01-07 10:42 - 2012-11-14 11:32 - 00000000 ____D () C:\Program Files (x86)\Google
2014-01-07 09:43 - 2014-01-07 09:43 - 00004857 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_45-b18.log
2014-01-07 09:43 - 2014-01-07 09:43 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-07 09:43 - 2013-07-11 11:06 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-07 09:39 - 2013-11-27 11:42 - 00002125 _____ () C:\Users\Public\Desktop\Nero MediaHome.lnk
2014-01-06 23:31 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-06 23:31 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-03 11:55 - 2014-01-25 16:45 - 24097311 _____ () C:\Users\rpmar_000\Downloads\vlc-2.1.2-win32.exe
Some content of TEMP:
====================
C:\Users\rpmar_000\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\rpmar_000\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\rpmar_000\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\rpmar_000\AppData\Local\Temp\SDShelEx-x64.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-31 14:17
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2014 03
Ran by rpmarr at 2014-02-01 10:54:45 Run:4
Running from C:\Users\rpmar_000\Documents\Malware\Neu
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Task: C:\WINDOWS\Tasks\Digital Sites.job => C:\Users\RPMAR_~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {FBEC5806-6572-4908-9C72-F6A9DA9CFB0A} - System32\Tasks\Digital Sites => C:\Users\RPMAR_~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {F5951F5F-955F-4713-9AB8-F4A4D4DD5E56} - \RegClean Pro_DEFAULT No Task File
C:\Users\RPMAR_~1\AppData\Roaming\DIGITA~1\
*****************
C:\WINDOWS\Tasks\Digital Sites.job => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FBEC5806-6572-4908-9C72-F6A9DA9CFB0A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBEC5806-6572-4908-9C72-F6A9DA9CFB0A} => Key deleted successfully.
C:\Windows\System32\Tasks\Digital Sites => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Sites => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5951F5F-955F-4713-9AB8-F4A4D4DD5E56} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5951F5F-955F-4713-9AB8-F4A4D4DD5E56} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_DEFAULT => Key deleted successfully.
C:\Users\RPMAR_~1\AppData\Roaming\DIGITA~1\ => Moved successfully.
==== End of Fixlog ====
Ich hab jetzt noch mal getestet. Nehme ich alle Proxy-Einstellungen raus, lösche den Registry-Eintrag der auf den Port 8877 verweist, habe ich für die laufende Sitzung Ruhe. Sobald ich mich vom Internet verabschiede (Verbindung trenne) egal ob durch Ausschalten des Computers oder Abschalten WLAN und mich wieder verbinde sind nach ca. 1 Minute die Einstellungen wieder drin. Aktiviert wird m. M. nach der Prozess durch die Aufnahme einer Internetverbindung. Geändert von marki56 (01.02.2014 um 11:19 Uhr) |
|
03.02.2014, 10:31
| #20 |
| | Internetverbindung über Port 8877 unter WIN 8.1 Gibt's noch ne neue Idee. Habe mittlerweile auch mal den IE komplett zurückgesetzt incl. Deaktivierung aller Add-Ons. Hat alles nichts genutzt. Die Frage für mich lautet: Kann das irgendwie schaden oder kann ich das so stehen lassen mit dem Port. Mit den Auswirkungen (Apps starten nicht) kann ich leben, weil ich weiß, wie ich sie im Bedarfsfall zum Laufen kriege. Nur möchte ich keine Viren-, Spam- oder Malwareschleuder werden bzw. meinen Rechner für Andere "öffnen. |
|
03.02.2014, 10:35
| #21 |
| /// Malwareteam | Internetverbindung über Port 8877 unter WIN 8.1 Rein Malwaretechnisch scheint das Problem nicht bedingt zu sein. Entweder verhindert ein Programm das ändern des Wertes in der Registry oder eines deiner Sicherheitsprogramme. Ich recherchiere das Problem gerade noch. Rückmeldung kommt schnellst möglich ESET Online Scanner
__________________ --> Internetverbindung über Port 8877 unter WIN 8.1 |
|
03.02.2014, 11:14
| #22 |
| | Internetverbindung über Port 8877 unter WIN 8.1 Danke erst mal für Deine schnelle Rückmeldung. Ich werde noch mal die Norton IS 2014 deaktivieren, die Einstellungen bei den Internetoptionen entfernen und den Registry-Schlüssel löschen. Dann den Rechner wieder in den Ruhezustand schicken, aufwecken und schauen was bei ausgeschalteter Norton SI passiert. Bis jetzt waren ja danach die Einstellungen wieder drin, sobald die Internetverbindung unterbrochen war und wieder neu aufgebaut wurde, egal auf welchem Weg. Wenn es etwas "Meldenswertes" (Richtung Erfolg!!) gibt, poste ich es sofort. PS: Habe eben Deine neuen Anweisungen gelesen. Hat sich mit den letzten Zeilen von mir überschnitten. Ich mach das jetzt gleich. Ich habe hier eine Log.txt vom 03.02. Mein Sohn hatte mir den Tipp gegeben. Ich lass ihn jetzt noch mal durchlaufen mit den von Dir vorgeschlagenen Einstellungen. Das dauert ca. eine knappe Stunde (so wars beim letzten Mal). Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4b5e7ba07da9514faecab03e2764e165
# engine=16853
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-29 06:19:44
# local_time=2014-01-29 07:19:44 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode=3591 16777213 100 88 36037 153616169 0 0
# compatibility_mode=5893 16776574 100 94 10505133 38627714 0 0
# scanned=731215
# found=60
# cleaned=58
# scan_time=8490
sh=1AB5FE7F5654ECBB42397AE222C0B8159081D6C6 ft=1 fh=2b551abc4ed949a7 vn="Variante von Win32/ExFriendAlert.B Anwendung" ac=I fn="C:\Users\All Users\Updater\Uninstall.exe"
sh=1AB5FE7F5654ECBB42397AE222C0B8159081D6C6 ft=1 fh=2b551abc4ed949a7 vn="Variante von Win32/ExFriendAlert.B Anwendung" ac=I fn="D:\Users\All Users\Updater\Uninstall.exe"
sh=A39C55E362199542330244B280735468B730D9E2 ft=1 fh=349dd8a04a8f8b58 vn="Variante von MSIL/AdvancedSystemProtector.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe.vir"
sh=22D2DDD066089C7CE3D77251A17EE75198A1342B ft=1 fh=da73685930070287 vn="Variante von MSIL/AdvancedSystemProtector.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\AspManager.exe.vir"
sh=866698A8AC36996FDF5AB67F502FEA5955C7C450 ft=1 fh=181b648461105be7 vn="Variante von MSIL/AdvancedSystemProtector.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\filetypehelper.exe.vir"
sh=70F105875DE6420CEDC5674F3F3C0ED9D4BE5728 ft=1 fh=43fda2c9df0909f5 vn="Variante von MSIL/AdvancedSystemProtector.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\scandll.dll.vir"
sh=29537B5D9E0B9006067890E1D21D0CE6F22E8A99 ft=1 fh=6e7ef67f604e413f vn="Win32/MyPCBackup.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RegClean Pro\Cloud_Backup_Setup.exe.vir"
sh=EE0DBC090D6FC9DA0D0A84516D8D34BF1F96E196 ft=1 fh=44b5db033c27eea0 vn="Win32/MyPCBackup.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RegClean Pro\Cloud_Backup_Setup_Intl.exe.vir"
sh=A8FD5CC079776D4EF9EE4D5AE676F78BCFC1F296 ft=1 fh=6433603eff6acd71 vn="Variante von Win32/Conduit.SearchProtect.H Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=C2937B7E2619AF42C1CFA13E061C6A0F9133B2BB ft=1 fh=7e032cfc8e1258d7 vn="Variante von Win32/Wajam.D Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\Updater\update.exe.vir"
sh=E21B3507208808596F7FD41C5D637DFE2E8F2FB9 ft=1 fh=5d027b3a7f09e7d3 vn="Win32/Wajam.D Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe.vir"
sh=D8E257A222385523B6A4DF229253CE9A78CF0820 ft=1 fh=c71c0011e3f3ccb1 vn="Variante von Win32/Amonetize.W Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\rpmar_000\AppData\Local\DownloadGuide\Offers\launcher.exe.vir"
sh=1426B95F2619E462F812F6807C88694DF9FBECE7 ft=1 fh=a10496de67a69999 vn="Win32/Toolbar.Conduit.S Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\rpmar_000\AppData\Local\DownloadGuide\Offers\mconduitinstaller.exe.vir"
sh=1CC2501CE8C978BCCEE44BD69857FC94582E149F ft=1 fh=b72459350d3cfd49 vn="Win32/AdWare.Linkular.AH Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\rpmar_000\AppData\Local\DownloadGuide\Offers\PallySoft_YouTubeLyrics.exe.vir"
sh=D1937AEB8ADBC5C7EB69C1AEFEEA4DEC6A1A90B5 ft=1 fh=e6c02fe7d3021daa vn="Win32/Wajam.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\rpmar_000\AppData\Local\DownloadGuide\Offers\wajam_download.exe.vir"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\rpmar_000\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe.vir"
sh=1AB5FE7F5654ECBB42397AE222C0B8159081D6C6 ft=1 fh=2b551abc4ed949a7 vn="Variante von Win32/ExFriendAlert.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\Updater\Uninstall.exe"
sh=FA17BE0F834B98E062029A467D24E277BE29B378 ft=1 fh=c730877f0ed9a282 vn="Win32/Wajam.D Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\rpmar_000\AppData\Local\Microsoft\Windows\INetCache\IE\A1UP1298\wajam_install[1].exe"
sh=29937FA3571590E243178B116200C090ED146C67 ft=1 fh=9f83e32127ad336a vn="Variante von Win32/Wajam.F Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\rpmar_000\AppData\Local\Microsoft\Windows\INetCache\IE\ISQ1ZMJD\AdwCleaner_TSV12NCCL.exe"
sh=846F258F0452609F9CE263126F413C8DEAEFE17B ft=1 fh=1493d81a0791ecf6 vn="Mehrere Bedrohungen (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\rpmar_000\AppData\Local\Microsoft\Windows\INetCache\IE\ISQ1ZMJD\SPSetup[1].exe"
sh=D5AD8748D14FF6E501ABA70DE32833FE776ADB12 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\rpmar_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE\B3FKH5AY\afterdownload[1].htm"
sh=A067E222D8F745542C86AF77F83CB3CCD62140F5 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\rpmar_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE\UMUCSEG9\afterdownload[1].htm"
sh=F28CBC18EF2DB53A1361969A8E2AC57A7316D8BD ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\rpmar_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE\UMUCSEG9\GGKKVLIA.htm"
sh=A836A8346F791EC8A83B51BC78E84B2F6659E6DA ft=1 fh=0a2e45c370149901 vn="Win32/Wajam.F Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\rpmar_000\AppData\Local\Temp\is357113909\1928913_stp\wajam_validate.exe"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\rpmar_000\AppData\Local\Temp\is357113909\1929294_stp\uninstaller.exe"
sh=846F258F0452609F9CE263126F413C8DEAEFE17B ft=1 fh=1493d81a0791ecf6 vn="Mehrere Bedrohungen (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\rpmar_000\AppData\Local\Temp\nse1ACB\SpSetup.exe"
sh=3A50677CFB1232E805B1CAEC3462877AD96BEF3F ft=1 fh=1c5b7d3c4179c860 vn="Variante von MSIL/DownloadGuide.D Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\rpmar_000\Downloads\DriveOnWebClient_Setup-Downloader.exe"
sh=98B79C5A3051D0064860903D425644AAAD0B0D5F ft=1 fh=c71c00118eec61a5 vn="Variante von Win32/InstallCore.IU Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\rpmar_000\Downloads\ZipOpenerSetup.exe"
sh=87FF243FCF51C89D94884EDE62892E4B5CD2CECC ft=1 fh=885d49f30a33fef3 vn="Win32/SoftonicDownloader.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Users\Marr\Desktop\SoftonicDownloader_fuer_dropbox.exe"
sh=44606B969253B0611997A6DE2E1E3C0AFC30A43A ft=1 fh=b38fbb6e2d64009e vn="Win32/RegistryBooster Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Users\Marr\Downloads\registrybooster.exe"
sh=E8C8D31BA1E4111B99D505A20BCB73C7DDF54F0B ft=1 fh=4fda0c7a2acd3348 vn="Win32/SoftonicDownloader.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Users\Marr\Downloads\SoftonicDownloader_fuer_k-lite-codec-pack (1).exe"
sh=E8C8D31BA1E4111B99D505A20BCB73C7DDF54F0B ft=1 fh=4fda0c7a2acd3348 vn="Win32/SoftonicDownloader.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Users\Marr\Downloads\SoftonicDownloader_fuer_k-lite-codec-pack.exe"
sh=450BC07BDF16426A927CFDCF6952C70D8CE5E9F5 ft=1 fh=c6a73bdcdf60520b vn="Variante von Win32/Toolbar.Conduit.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Download\ashampoo_burning_studio_6_free_6.80_3639.exe"
sh=32816F5236EC64E2DC140FE331954207AEF1B090 ft=1 fh=eb42f37c6c581ff1 vn="Variante von Win32/Toolbar.Conduit.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Download\FreeiPadVideo3721Converter(1).exe"
sh=32816F5236EC64E2DC140FE331954207AEF1B090 ft=1 fh=eb42f37c6c581ff1 vn="Variante von Win32/Toolbar.Conduit.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Download\FreeiPadVideo3721Converter.exe"
sh=A0AC2EF060C27275F2C0768DAF18A02FC0A6E168 ft=0 fh=0000000000000000 vn="Archbomb.RAR Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Download\IMG_1559.rar"
sh=4CED88EC9FD919BAB836D9DEA73D53153C6301C0 ft=1 fh=3a8d9b966952a57e vn="Win32/Toolbar.Babylon Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Download\installer_anydvd_hd_7_0_3_0_Deutsch(1).exe"
sh=FAAC5EC1AFF2F31FFDB91F226102AA616548C4CE ft=1 fh=3d2498b5bc5e002f vn="Win32/Toolbar.Babylon Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Download\installer_anydvd_hd_7_0_3_0_Deutsch.exe"
sh=A85FE3F251C6DA222DAECA7F2E3ECDF797623841 ft=1 fh=c11e51564a0f34fc vn="Win32/SoftonicDownloader Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Download\SoftonicDownloader_fuer_mpeg-streamclip.exe"
sh=5ADF4AB03E65B5CE8B91685ABFEE5D46104BBEF7 ft=1 fh=7f08c1e98f2ccffa vn="Variante von Win32/Toolbar.Conduit.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\ERBRD5107\Benutzerdaten\Dokumente\Downloads\4shared_Desktop_320.exe"
sh=FF2C9CAE4B769C7A4392D0FC3525DD7854AA0EA9 ft=1 fh=05bd70e01175bb04 vn="Variante von Win32/Toolbar.Conduit.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\ERBRD5107\Benutzerdaten\Downloads\4shared_Desktop_3.1.0.exe"
sh=9B091416C62D5731A232E8E03AC52A9913E87083 ft=1 fh=463fc4d85dc68931 vn="Variante von Win32/Toolbar.Conduit.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\ERBRD5107\Benutzerdaten\Downloads\FreeStudio.exe"
sh=87FF243FCF51C89D94884EDE62892E4B5CD2CECC ft=1 fh=885d49f30a33fef3 vn="Win32/SoftonicDownloader.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\ERBRD5107\Benutzerdaten\Downloads\SoftonicDownloader_fuer_dropbox.exe"
sh=74858D622064838D28AE6D674F73A19DC3ACD52B ft=1 fh=0cdf8f5a71e19a21 vn="Win32/SoftonicDownloader.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\ERBRD5107\Benutzerdaten\Downloads\SoftonicDownloader_fuer_freefilesync.exe"
sh=6279AA67408F3C6CD11A7F04594DE6EBB1B425CE ft=1 fh=b76fab3cbdd7a6ff vn="Variante von Win32/Toolbar.Conduit.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\ERBRD5107\Benutzerdaten\Downloads\SoftonicEN_tcpmp.pocketpc.0.72RC1.exe"
sh=8021BB5B4229B0C04C9FAE330F61065707B1C043 ft=1 fh=2043db95ce3a218b vn="Variante von Win32/LoadTubes.C Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Windows.old\Users\Marr\AppData\Roaming\loadtbs\toolbar.dll"
sh=92B359D33855BF27D6F0C1F58510D7B493A1162B ft=1 fh=4d6af7cbc920e55f vn="Variante von Win32/LoadTubes.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Windows.old\Users\Marr\AppData\Roaming\loadtbs\uninstall.exe"
sh=20A17559FA40DEA6B71568D5F976DE0ED3C5AFE2 ft=0 fh=0000000000000000 vn="Win32/LoadTubes.D Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Windows.old\Users\Marr\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.js"
sh=640C50440EB82C50F4D0CC5CB9F48524254D6264 ft=0 fh=0000000000000000 vn="Win32/LoadTubes.D Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Windows.old\Users\Marr\AppData\Roaming\Mozilla\Firefox\Profiles\gq2t4ii7.Marr\extensions\software@loadtubes.com\chrome\content\loadtbs.js"
sh=640C50440EB82C50F4D0CC5CB9F48524254D6264 ft=0 fh=0000000000000000 vn="Win32/LoadTubes.D Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Windows.old\Users\Marr\AppData\Roaming\Mozilla\Firefox\Profiles\wxmep4jk.default\extensions\staged\software@loadtubes.com\chrome\content\loadtbs.js"
sh=640C50440EB82C50F4D0CC5CB9F48524254D6264 ft=0 fh=0000000000000000 vn="Win32/LoadTubes.D Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Windows.old\Users\Marr\AppData\Roaming\Mozilla\Firefox\Profiles\xz8ya256.default\extensions\staged\software@loadtubes.com\chrome\content\loadtbs.js"
sh=7FDD8F427D9FD2D0246FD4C5F5016BD4E630BE35 ft=1 fh=4e99cf39d997b113 vn="Mehrere Bedrohungen (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\Windows.old\Users\Marr\Downloads\flashplayer_update_11_de.exe"
sh=8021BB5B4229B0C04C9FAE330F61065707B1C043 ft=1 fh=2043db95ce3a218b vn="Variante von Win32/LoadTubes.C Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="F:\Alt\Roaming\loadtbs\toolbar.dll"
sh=92B359D33855BF27D6F0C1F58510D7B493A1162B ft=1 fh=4d6af7cbc920e55f vn="Variante von Win32/LoadTubes.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="F:\Alt\Roaming\loadtbs\uninstall.exe"
sh=20A17559FA40DEA6B71568D5F976DE0ED3C5AFE2 ft=0 fh=0000000000000000 vn="Win32/LoadTubes.D Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="F:\Alt\Roaming\loadtbs\chrome@loadtubes.com\background.js"
sh=640C50440EB82C50F4D0CC5CB9F48524254D6264 ft=0 fh=0000000000000000 vn="Win32/LoadTubes.D Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="F:\Alt\Roaming\Mozilla\Firefox\Profiles\gq2t4ii7.Marr\extensions\software@loadtubes.com\chrome\content\loadtbs.js"
sh=640C50440EB82C50F4D0CC5CB9F48524254D6264 ft=0 fh=0000000000000000 vn="Win32/LoadTubes.D Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="F:\Alt\Roaming\Mozilla\Firefox\Profiles\wxmep4jk.default\extensions\staged\software@loadtubes.com\chrome\content\loadtbs.js"
sh=640C50440EB82C50F4D0CC5CB9F48524254D6264 ft=0 fh=0000000000000000 vn="Win32/LoadTubes.D Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="F:\Alt\Roaming\Mozilla\Firefox\Profiles\xz8ya256.default\extensions\staged\software@loadtubes.com\chrome\content\loadtbs.js"
sh=A0AC2EF060C27275F2C0768DAF18A02FC0A6E168 ft=0 fh=0000000000000000 vn="Archbomb.RAR Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="F:\DCIM\IMG_1559.rar"
sh=7FDD8F427D9FD2D0246FD4C5F5016BD4E630BE35 ft=1 fh=4e99cf39d997b113 vn="Mehrere Bedrohungen (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\Download_Neu\flashplayer_update_11_de.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4b5e7ba07da9514faecab03e2764e165
# engine=16856
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-29 10:24:55
# local_time=2014-01-29 11:24:55 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode=3591 16777213 100 88 4852 153630880 0 0
# compatibility_mode=5893 16776574 100 94 10519844 38642425 0 0
# scanned=466364
# found=0
# cleaned=0
# scan_time=4293
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
Geändert von marki56 (03.02.2014 um 11:04 Uhr) |
|
03.02.2014, 11:34
| #23 | |
| /// Malwareteam | Internetverbindung über Port 8877 unter WIN 8.1 Hi Zitat:
Poste bitte das neue Logfile noch. |
|
03.02.2014, 15:51
| #24 |
| | Internetverbindung über Port 8877 unter WIN 8.1 Ja, genau. Das habe ich vorige Woche gemacht. Allerdings erst am späten Nachmittag nach 17.00 Uhr und nicht wie da drin steht, früh um kurz nach 7 Uhr!! Mein Sohn hat mir den Link zu "Eset" um 16.44 Uhr per Mail geschickt. Habe mich geirrt. Die Zeiten sind natürlich "englisch", aber 7:00 PM wars auch nicht sondern 05:00 PM. Deine erste Idee war doch, daß da was mit der Zeit nicht stimmen könnte. Der Eintrag von heute steht deshalb drin, weil ich schon mal angefangen hatte und mir nicht sicher war, ob ich die Haken an der richtigen Stelle gesetzt hatte. Da habe ich lieber noch einmal angefangen! So hier das neue Logfile: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4b5e7ba07da9514faecab03e2764e165
# engine=16853
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-29 06:19:44
# local_time=2014-01-29 07:19:44 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode=3591 16777213 100 88 36037 153616169 0 0
# compatibility_mode=5893 16776574 100 94 10505133 38627714 0 0
# scanned=731215
# found=60
# cleaned=58
# scan_time=8490
sh=1AB5FE7F5654ECBB42397AE222C0B8159081D6C6 ft=1 fh=2b551abc4ed949a7 vn="Variante von Win32/ExFriendAlert.B Anwendung" ac=I fn="C:\Users\All Users\Updater\Uninstall.exe"
sh=1AB5FE7F5654ECBB42397AE222C0B8159081D6C6 ft=1 fh=2b551abc4ed949a7 vn="Variante von Win32/ExFriendAlert.B Anwendung" ac=I fn="D:\Users\All Users\Updater\Uninstall.exe"
sh=A39C55E362199542330244B280735468B730D9E2 ft=1 fh=349dd8a04a8f8b58 vn="Variante von MSIL/AdvancedSystemProtector.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe.vir"
sh=22D2DDD066089C7CE3D77251A17EE75198A1342B ft=1 fh=da73685930070287 vn="Variante von MSIL/AdvancedSystemProtector.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\AspManager.exe.vir"
sh=866698A8AC36996FDF5AB67F502FEA5955C7C450 ft=1 fh=181b648461105be7 vn="Variante von MSIL/AdvancedSystemProtector.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\filetypehelper.exe.vir"
sh=70F105875DE6420CEDC5674F3F3C0ED9D4BE5728 ft=1 fh=43fda2c9df0909f5 vn="Variante von MSIL/AdvancedSystemProtector.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\scandll.dll.vir"
sh=29537B5D9E0B9006067890E1D21D0CE6F22E8A99 ft=1 fh=6e7ef67f604e413f vn="Win32/MyPCBackup.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RegClean Pro\Cloud_Backup_Setup.exe.vir"
sh=EE0DBC090D6FC9DA0D0A84516D8D34BF1F96E196 ft=1 fh=44b5db033c27eea0 vn="Win32/MyPCBackup.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RegClean Pro\Cloud_Backup_Setup_Intl.exe.vir"
sh=A8FD5CC079776D4EF9EE4D5AE676F78BCFC1F296 ft=1 fh=6433603eff6acd71 vn="Variante von Win32/Conduit.SearchProtect.H Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=C2937B7E2619AF42C1CFA13E061C6A0F9133B2BB ft=1 fh=7e032cfc8e1258d7 vn="Variante von Win32/Wajam.D Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\Updater\update.exe.vir"
sh=E21B3507208808596F7FD41C5D637DFE2E8F2FB9 ft=1 fh=5d027b3a7f09e7d3 vn="Win32/Wajam.D Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe.vir"
sh=D8E257A222385523B6A4DF229253CE9A78CF0820 ft=1 fh=c71c0011e3f3ccb1 vn="Variante von Win32/Amonetize.W Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\rpmar_000\AppData\Local\DownloadGuide\Offers\launcher.exe.vir"
sh=1426B95F2619E462F812F6807C88694DF9FBECE7 ft=1 fh=a10496de67a69999 vn="Win32/Toolbar.Conduit.S Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\rpmar_000\AppData\Local\DownloadGuide\Offers\mconduitinstaller.exe.vir"
sh=1CC2501CE8C978BCCEE44BD69857FC94582E149F ft=1 fh=b72459350d3cfd49 vn="Win32/AdWare.Linkular.AH Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\rpmar_000\AppData\Local\DownloadGuide\Offers\PallySoft_YouTubeLyrics.exe.vir"
sh=D1937AEB8ADBC5C7EB69C1AEFEEA4DEC6A1A90B5 ft=1 fh=e6c02fe7d3021daa vn="Win32/Wajam.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\rpmar_000\AppData\Local\DownloadGuide\Offers\wajam_download.exe.vir"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\rpmar_000\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe.vir"
sh=1AB5FE7F5654ECBB42397AE222C0B8159081D6C6 ft=1 fh=2b551abc4ed949a7 vn="Variante von Win32/ExFriendAlert.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\Updater\Uninstall.exe"
sh=FA17BE0F834B98E062029A467D24E277BE29B378 ft=1 fh=c730877f0ed9a282 vn="Win32/Wajam.D Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\rpmar_000\AppData\Local\Microsoft\Windows\INetCache\IE\A1UP1298\wajam_install[1].exe"
sh=29937FA3571590E243178B116200C090ED146C67 ft=1 fh=9f83e32127ad336a vn="Variante von Win32/Wajam.F Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\rpmar_000\AppData\Local\Microsoft\Windows\INetCache\IE\ISQ1ZMJD\AdwCleaner_TSV12NCCL.exe"
sh=846F258F0452609F9CE263126F413C8DEAEFE17B ft=1 fh=1493d81a0791ecf6 vn="Mehrere Bedrohungen (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\rpmar_000\AppData\Local\Microsoft\Windows\INetCache\IE\ISQ1ZMJD\SPSetup[1].exe"
sh=D5AD8748D14FF6E501ABA70DE32833FE776ADB12 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\rpmar_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE\B3FKH5AY\afterdownload[1].htm"
sh=A067E222D8F745542C86AF77F83CB3CCD62140F5 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\rpmar_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE\UMUCSEG9\afterdownload[1].htm"
sh=F28CBC18EF2DB53A1361969A8E2AC57A7316D8BD ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\rpmar_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE\UMUCSEG9\GGKKVLIA.htm"
sh=A836A8346F791EC8A83B51BC78E84B2F6659E6DA ft=1 fh=0a2e45c370149901 vn="Win32/Wajam.F Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\rpmar_000\AppData\Local\Temp\is357113909\1928913_stp\wajam_validate.exe"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\rpmar_000\AppData\Local\Temp\is357113909\1929294_stp\uninstaller.exe"
sh=846F258F0452609F9CE263126F413C8DEAEFE17B ft=1 fh=1493d81a0791ecf6 vn="Mehrere Bedrohungen (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\rpmar_000\AppData\Local\Temp\nse1ACB\SpSetup.exe"
sh=3A50677CFB1232E805B1CAEC3462877AD96BEF3F ft=1 fh=1c5b7d3c4179c860 vn="Variante von MSIL/DownloadGuide.D Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\rpmar_000\Downloads\DriveOnWebClient_Setup-Downloader.exe"
sh=98B79C5A3051D0064860903D425644AAAD0B0D5F ft=1 fh=c71c00118eec61a5 vn="Variante von Win32/InstallCore.IU Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\rpmar_000\Downloads\ZipOpenerSetup.exe"
sh=87FF243FCF51C89D94884EDE62892E4B5CD2CECC ft=1 fh=885d49f30a33fef3 vn="Win32/SoftonicDownloader.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Users\Marr\Desktop\SoftonicDownloader_fuer_dropbox.exe"
sh=44606B969253B0611997A6DE2E1E3C0AFC30A43A ft=1 fh=b38fbb6e2d64009e vn="Win32/RegistryBooster Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Users\Marr\Downloads\registrybooster.exe"
sh=E8C8D31BA1E4111B99D505A20BCB73C7DDF54F0B ft=1 fh=4fda0c7a2acd3348 vn="Win32/SoftonicDownloader.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Users\Marr\Downloads\SoftonicDownloader_fuer_k-lite-codec-pack (1).exe"
sh=E8C8D31BA1E4111B99D505A20BCB73C7DDF54F0B ft=1 fh=4fda0c7a2acd3348 vn="Win32/SoftonicDownloader.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Users\Marr\Downloads\SoftonicDownloader_fuer_k-lite-codec-pack.exe"
sh=450BC07BDF16426A927CFDCF6952C70D8CE5E9F5 ft=1 fh=c6a73bdcdf60520b vn="Variante von Win32/Toolbar.Conduit.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Download\ashampoo_burning_studio_6_free_6.80_3639.exe"
sh=32816F5236EC64E2DC140FE331954207AEF1B090 ft=1 fh=eb42f37c6c581ff1 vn="Variante von Win32/Toolbar.Conduit.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Download\FreeiPadVideo3721Converter(1).exe"
sh=32816F5236EC64E2DC140FE331954207AEF1B090 ft=1 fh=eb42f37c6c581ff1 vn="Variante von Win32/Toolbar.Conduit.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Download\FreeiPadVideo3721Converter.exe"
sh=A0AC2EF060C27275F2C0768DAF18A02FC0A6E168 ft=0 fh=0000000000000000 vn="Archbomb.RAR Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Download\IMG_1559.rar"
sh=4CED88EC9FD919BAB836D9DEA73D53153C6301C0 ft=1 fh=3a8d9b966952a57e vn="Win32/Toolbar.Babylon Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Download\installer_anydvd_hd_7_0_3_0_Deutsch(1).exe"
sh=FAAC5EC1AFF2F31FFDB91F226102AA616548C4CE ft=1 fh=3d2498b5bc5e002f vn="Win32/Toolbar.Babylon Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Download\installer_anydvd_hd_7_0_3_0_Deutsch.exe"
sh=A85FE3F251C6DA222DAECA7F2E3ECDF797623841 ft=1 fh=c11e51564a0f34fc vn="Win32/SoftonicDownloader Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Download\SoftonicDownloader_fuer_mpeg-streamclip.exe"
sh=5ADF4AB03E65B5CE8B91685ABFEE5D46104BBEF7 ft=1 fh=7f08c1e98f2ccffa vn="Variante von Win32/Toolbar.Conduit.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\ERBRD5107\Benutzerdaten\Dokumente\Downloads\4shared_Desktop_320.exe"
sh=FF2C9CAE4B769C7A4392D0FC3525DD7854AA0EA9 ft=1 fh=05bd70e01175bb04 vn="Variante von Win32/Toolbar.Conduit.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\ERBRD5107\Benutzerdaten\Downloads\4shared_Desktop_3.1.0.exe"
sh=9B091416C62D5731A232E8E03AC52A9913E87083 ft=1 fh=463fc4d85dc68931 vn="Variante von Win32/Toolbar.Conduit.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\ERBRD5107\Benutzerdaten\Downloads\FreeStudio.exe"
sh=87FF243FCF51C89D94884EDE62892E4B5CD2CECC ft=1 fh=885d49f30a33fef3 vn="Win32/SoftonicDownloader.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\ERBRD5107\Benutzerdaten\Downloads\SoftonicDownloader_fuer_dropbox.exe"
sh=74858D622064838D28AE6D674F73A19DC3ACD52B ft=1 fh=0cdf8f5a71e19a21 vn="Win32/SoftonicDownloader.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\ERBRD5107\Benutzerdaten\Downloads\SoftonicDownloader_fuer_freefilesync.exe"
sh=6279AA67408F3C6CD11A7F04594DE6EBB1B425CE ft=1 fh=b76fab3cbdd7a6ff vn="Variante von Win32/Toolbar.Conduit.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\ERBRD5107\Benutzerdaten\Downloads\SoftonicEN_tcpmp.pocketpc.0.72RC1.exe"
sh=8021BB5B4229B0C04C9FAE330F61065707B1C043 ft=1 fh=2043db95ce3a218b vn="Variante von Win32/LoadTubes.C Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Windows.old\Users\Marr\AppData\Roaming\loadtbs\toolbar.dll"
sh=92B359D33855BF27D6F0C1F58510D7B493A1162B ft=1 fh=4d6af7cbc920e55f vn="Variante von Win32/LoadTubes.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Windows.old\Users\Marr\AppData\Roaming\loadtbs\uninstall.exe"
sh=20A17559FA40DEA6B71568D5F976DE0ED3C5AFE2 ft=0 fh=0000000000000000 vn="Win32/LoadTubes.D Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Windows.old\Users\Marr\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.js"
sh=640C50440EB82C50F4D0CC5CB9F48524254D6264 ft=0 fh=0000000000000000 vn="Win32/LoadTubes.D Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Windows.old\Users\Marr\AppData\Roaming\Mozilla\Firefox\Profiles\gq2t4ii7.Marr\extensions\software@loadtubes.com\chrome\content\loadtbs.js"
sh=640C50440EB82C50F4D0CC5CB9F48524254D6264 ft=0 fh=0000000000000000 vn="Win32/LoadTubes.D Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Windows.old\Users\Marr\AppData\Roaming\Mozilla\Firefox\Profiles\wxmep4jk.default\extensions\staged\software@loadtubes.com\chrome\content\loadtbs.js"
sh=640C50440EB82C50F4D0CC5CB9F48524254D6264 ft=0 fh=0000000000000000 vn="Win32/LoadTubes.D Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Windows.old\Users\Marr\AppData\Roaming\Mozilla\Firefox\Profiles\xz8ya256.default\extensions\staged\software@loadtubes.com\chrome\content\loadtbs.js"
sh=7FDD8F427D9FD2D0246FD4C5F5016BD4E630BE35 ft=1 fh=4e99cf39d997b113 vn="Mehrere Bedrohungen (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\Windows.old\Users\Marr\Downloads\flashplayer_update_11_de.exe"
sh=8021BB5B4229B0C04C9FAE330F61065707B1C043 ft=1 fh=2043db95ce3a218b vn="Variante von Win32/LoadTubes.C Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="F:\Alt\Roaming\loadtbs\toolbar.dll"
sh=92B359D33855BF27D6F0C1F58510D7B493A1162B ft=1 fh=4d6af7cbc920e55f vn="Variante von Win32/LoadTubes.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="F:\Alt\Roaming\loadtbs\uninstall.exe"
sh=20A17559FA40DEA6B71568D5F976DE0ED3C5AFE2 ft=0 fh=0000000000000000 vn="Win32/LoadTubes.D Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="F:\Alt\Roaming\loadtbs\chrome@loadtubes.com\background.js"
sh=640C50440EB82C50F4D0CC5CB9F48524254D6264 ft=0 fh=0000000000000000 vn="Win32/LoadTubes.D Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="F:\Alt\Roaming\Mozilla\Firefox\Profiles\gq2t4ii7.Marr\extensions\software@loadtubes.com\chrome\content\loadtbs.js"
sh=640C50440EB82C50F4D0CC5CB9F48524254D6264 ft=0 fh=0000000000000000 vn="Win32/LoadTubes.D Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="F:\Alt\Roaming\Mozilla\Firefox\Profiles\wxmep4jk.default\extensions\staged\software@loadtubes.com\chrome\content\loadtbs.js"
sh=640C50440EB82C50F4D0CC5CB9F48524254D6264 ft=0 fh=0000000000000000 vn="Win32/LoadTubes.D Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="F:\Alt\Roaming\Mozilla\Firefox\Profiles\xz8ya256.default\extensions\staged\software@loadtubes.com\chrome\content\loadtbs.js"
sh=A0AC2EF060C27275F2C0768DAF18A02FC0A6E168 ft=0 fh=0000000000000000 vn="Archbomb.RAR Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="F:\DCIM\IMG_1559.rar"
sh=7FDD8F427D9FD2D0246FD4C5F5016BD4E630BE35 ft=1 fh=4e99cf39d997b113 vn="Mehrere Bedrohungen (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\Download_Neu\flashplayer_update_11_de.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4b5e7ba07da9514faecab03e2764e165
# engine=16856
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-29 10:24:55
# local_time=2014-01-29 11:24:55 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode=3591 16777213 100 88 4852 153630880 0 0
# compatibility_mode=5893 16776574 100 94 10519844 38642425 0 0
# scanned=466364
# found=0
# cleaned=0
# scan_time=4293
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4b5e7ba07da9514faecab03e2764e165
# engine=16916
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-03 10:11:48
# local_time=2014-02-03 11:11:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=3591 16777213 100 88 396465 154018893 0 0
# compatibility_mode=5893 16776574 100 94 10907857 39030438 0 0
# scanned=3793
# found=0
# cleaned=0
# scan_time=93
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4b5e7ba07da9514faecab03e2764e165
# engine=16916
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-03 01:10:53
# local_time=2014-02-03 02:10:53 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=3591 16777213 100 88 407210 154029638 0 0
# compatibility_mode=5893 16776574 100 94 10918602 39041183 0 0
# scanned=713837
# found=0
# cleaned=0
# scan_time=10695
Geändert von marki56 (03.02.2014 um 11:48 Uhr) |
|
03.02.2014, 16:27
| #25 |
| /// Malwareteam | Internetverbindung über Port 8877 unter WIN 8.1 Deinstalliere TuneUp Utilities und versuche es dann nochmals |
|
03.02.2014, 16:29
| #26 |
| | Internetverbindung über Port 8877 unter WIN 8.1 Du meinst Eset durchlaufen lassen? |
|
03.02.2014, 16:30
| #27 |
| /// Malwareteam | Internetverbindung über Port 8877 unter WIN 8.1 wow das ging schnell. Erst einmal TuneUpUtilities deinstallieren. DAnn testen und ESET dann durchlaufen lassen |
|
03.02.2014, 16:34
| #28 |
| | Internetverbindung über Port 8877 unter WIN 8.1 Tune Up habe ich schon am Sonnabend deinstalliert! |
|
03.02.2014, 16:35
| #29 |
| /// Malwareteam | Internetverbindung über Port 8877 unter WIN 8.1 Grrr, nicht in einer Bereinigung zwischendeinstallieren. EDIT: ok konntest du nicht wissen, ich hab dir keinen Willkommenbaustein gepostet... Dann poste ein aktuelles FRST Logfile inkl Adittions.txt EDIT:  Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. |
|
03.02.2014, 19:50
| #30 |
| | Internetverbindung über Port 8877 unter WIN 8.1 hier die erste Datei FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 03
Ran by rpmarr (administrator) on MARKIS_DESKTOP on 03-02-2014 16:48:17
Running from C:\Users\rpmar_000\Documents\Malware\Neu
Windows 8.1 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Bdrive Inc.) C:\Program Files\NetDrive\ndsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Tlapia) C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Dropbox, Inc.) C:\Users\rpmar_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Buhl Data Service GmbH) C:\Program Files (x86)\Buhl\WISO Mein Geld 2014\MG.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Tlapia) C:\Program Files (x86)\sysTPL\sysTPLService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Tracker Software Products (Canada) Ltd.) C:\Program Files\Tracker Software\PDF Editor\PDFXEdit.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2RPK.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNABASWK.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [CNAP2 Launcher] - C:\WINDOWS\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [406944 2008-04-08] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [517912 2013-02-15] (Acronis)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91096 2013-04-22] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-12-20] (cyberlink)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM-x32\...\Run: [AirPort Base Station Agent] - C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [NetDrive] - C:\Program Files\NetDrive\NetDrive.exe [3587072 2013-02-27] (Bdrive Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6405376 2013-03-27] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] - C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105848 2013-01-10] (Acronis)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1379490362-2251337210-4251339374-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1379490362-2251337210-4251339374-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1815976 2014-01-27] (Valve Corporation)
HKU\S-1-5-21-1379490362-2251337210-4251339374-1001\...\Run: [AppleIEDAV] - C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-1379490362-2251337210-4251339374-1001\...\Run: [DriveOnWeb Client] - "C:\Program Files\DriveOnWeb Client\DriveOnWeb.exe" /min /sleep=40
HKU\S-1-5-21-1379490362-2251337210-4251339374-1001\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-11-14] (Google Inc.)
Startup: C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\rpmar_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk
ShortcutTarget: Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
ProxyServer: http=127.0.0.1:8877;https=127.0.0.1:8877
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2572B62A851FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
FireFox:
========
FF ProfilePath: C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: iCloud Bookmarks - C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default\Extensions\firefoxdav@icloud.com [2013-12-23]
FF Extension: {1fa09102-1f38-4f83-ba9c-e08baf230c89} - C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default\Extensions\{1fa09102-1f38-4f83-ba9c-e08baf230c89}.xpi [2013-11-07]
FF Extension: Video HTML5 Compiler Pro - C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default\Extensions\{368ac25b-6bc0-40e0-9e17-b88cf8cf1363}.xpi [2013-11-07]
FF Extension: Adblock Plus - C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-11]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-10-17]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-01-28]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Google Docs) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-07]
CHR Extension: (Google Drive) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-07]
CHR Extension: (YouTube) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-07]
CHR Extension: (Google Search) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-07]
CHR Extension: (Norton Identity Protection) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-07]
CHR Extension: (Google Wallet) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07]
CHR Extension: (Gmail) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-07]
CHR HKCU\...\Chrome\Extension: [cfigonhgidedenkkhlilmefgodjpefna] - C:\Users\rpmar_000\AppData\Local\CRE\cfigonhgidedenkkhlilmefgodjpefna.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [cfigonhgidedenkkhlilmefgodjpefna] - C:\Users\rpmar_000\AppData\Local\CRE\cfigonhgidedenkkhlilmefgodjpefna.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-29]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 ndsvc; C:\Program Files\NetDrive\ndsvc.exe [2789376 2013-02-27] (Bdrive Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 sysTPLMonitor.exe; C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe [395888 2013-11-28] (Tlapia)
R2 sysTPLService.exe; C:\Program Files (x86)\sysTPL\sysTPLService.exe [394352 2013-11-28] (Tlapia)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [305200 2012-09-18] ()
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-11-15] ()
R1 avfwot; C:\Windows\system32\DRIVERS\avfwot.sys [126792 2011-01-10] (Avira GmbH)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2014-01-21] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R2 DRHARD64; C:\WINDOWS\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHARD64; C:\WINDOWS\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHMSR64; C:\WINDOWS\system32\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R2 DRHMSR64; C:\WINDOWS\SysWOW64\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-28] (Symantec Corporation)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [31136 2013-10-18] (REALiX(tm))
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140131.001\IDSvia64.sys [521944 2014-01-27] (Symantec Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-11-15] ()
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140202.003\ENG64.SYS [126040 2014-01-31] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140202.003\EX64.SYS [2099288 2014-01-31] (Symantec Corporation)
S3 ndfs; C:\Program Files\NetDrive\ndfs.sys [63712 2013-02-09] (Bdrive Inc.)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 NPF; C:\Windows\system32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [47320 2013-07-29] (Realtek Microelectronics)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [29472 2012-09-05] (SerComm Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1501000.012\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-28] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-08-29] (Acronis International GmbH)
S0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2013-08-29] (Acronis)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [130320 2013-04-25] (CyberLink Corp.)
S3 DfSdkS;
S3 DRHARD; \??\C:\WINDOWS\system32\DRIVERS\DRHARD.SYS [x]
S2 sxuptp; \SystemRoot\System32\drivers\sxuptp.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-03 16:23 - 2014-02-03 16:23 - 00003235 _____ () C:\Users\rpmar_000\Downloads\Antrag(2).xml
2014-02-03 11:06 - 2014-02-03 11:06 - 02347384 _____ (ESET) C:\Users\rpmar_000\Downloads\esetsmartinstaller_enu.exe
2014-02-03 10:33 - 2014-02-03 10:33 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\vlc
2014-02-03 10:29 - 2014-02-03 10:29 - 00000887 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-02-03 10:25 - 2014-02-03 10:26 - 23884615 _____ () C:\Users\rpmar_000\Downloads\vlc-2.1.2-win64.exe
2014-02-01 12:48 - 2014-02-01 12:48 - 00000637 _____ () C:\Users\rpmar_000\Desktop\JRT.txt
2014-02-01 10:16 - 2014-02-01 10:16 - 00000085 _____ () C:\WINDOWS\wininit.ini
2014-01-31 16:19 - 2014-02-01 12:43 - 00001814 _____ () C:\sc-cleaner.txt
2014-01-31 16:18 - 2014-01-31 16:18 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\rpmar_000\Downloads\sc-cleaner.exe
2014-01-31 16:18 - 2014-01-31 16:18 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\rpmar_000\Desktop\sc-cleaner.exe
2014-01-31 14:35 - 2014-01-31 14:35 - 00000000 ____D () C:\Users\rpmar_000\Documents\ProcAlyzer Dumps
2014-01-31 14:31 - 2014-02-01 10:46 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-31 14:31 - 2014-02-01 10:16 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-01-31 14:31 - 2014-01-31 14:31 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-01-31 13:52 - 2014-01-31 13:53 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\rpmar_000\Downloads\spybot-2.2.25.exe
2014-01-31 13:33 - 2014-01-31 13:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-31 13:33 - 2014-01-31 13:33 - 00119000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-01-31 13:26 - 2014-01-31 13:45 - 00000000 ____D () C:\Users\rpmar_000\Desktop\mbar
2014-01-31 13:24 - 2014-01-31 13:33 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-31 13:23 - 2014-01-31 13:24 - 00000000 ____D () C:\Malewarebytes
2014-01-31 13:21 - 2014-01-31 13:21 - 12589848 _____ (Malwarebytes Corp.) C:\Users\rpmar_000\Downloads\mbar-1.07.0.1009.exe
2014-01-30 16:49 - 2014-01-30 14:05 - 02079744 _____ (Farbar) C:\Users\rpmar_000\Desktop\FRST64.exe
2014-01-30 16:08 - 2014-01-30 16:08 - 01804472 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2014-01-30 16:00 - 2014-01-30 16:00 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-01-30 16:00 - 2014-01-30 15:59 - 01037068 _____ (Thisisu) C:\Users\rpmar_000\Desktop\JRT.exe
2014-01-30 15:59 - 2014-01-30 15:59 - 01037068 _____ (Thisisu) C:\Users\rpmar_000\Downloads\JRT.exe
2014-01-30 15:50 - 2014-01-30 13:13 - 01166132 _____ () C:\Users\rpmar_000\Desktop\adwcleaner.exe
2014-01-30 15:42 - 2014-01-30 21:35 - 00011252 _____ () C:\Users\rpmar_000\Documents\Einnahme_Ausgabe.xlsx
2014-01-30 14:17 - 2014-02-03 15:54 - 00000000 ____D () C:\Users\rpmar_000\Documents\Malware
2014-01-30 14:08 - 2014-01-30 16:53 - 00071262 _____ () C:\Users\rpmar_000\Desktop\FRST.txt
2014-01-30 14:06 - 2014-01-31 16:15 - 00073823 _____ () C:\Users\rpmar_000\Downloads\FRST.txt
2014-01-30 14:06 - 2014-01-31 16:15 - 00031870 _____ () C:\Users\rpmar_000\Downloads\Addition.txt
2014-01-30 14:06 - 2014-01-30 14:06 - 00000119 _____ () C:\Users\rpmar_000\Desktop\Addition.txt
2014-01-30 14:05 - 2014-02-03 16:48 - 00000000 ____D () C:\FRST
2014-01-30 14:05 - 2014-01-30 14:05 - 02079744 _____ (Farbar) C:\Users\rpmar_000\Downloads\FRST64.exe
2014-01-30 13:13 - 2014-01-30 13:13 - 01166132 _____ () C:\Users\rpmar_000\Downloads\adwcleaner.exe
2014-01-30 08:59 - 2014-01-30 08:59 - 00281136 _____ () C:\WINDOWS\Minidump\013014-7265-01.dmp
2014-01-29 20:53 - 2014-01-29 20:53 - 00009538 _____ () C:\Users\rpmar_000\Documents\Malware.txt
2014-01-29 16:49 - 2014-01-29 16:49 - 00000000 ____D () C:\ProgramData\Websteroids
2014-01-29 16:45 - 2014-01-29 16:45 - 00675048 _____ () C:\Users\rpmar_000\Downloads\AdwCleaner_Setup_Download.exe
2014-01-29 16:44 - 2014-01-29 16:44 - 01166132 _____ () C:\Users\rpmar_000\Downloads\adwcleaner-3.018.exe
2014-01-29 16:39 - 2014-01-30 14:02 - 00000000 ____D () C:\ProgramData\Updater
2014-01-29 16:39 - 2014-01-30 14:02 - 00000000 ____D () C:\ProgramData\RHelpers
2014-01-29 16:10 - 2014-01-29 16:10 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Malwarebytes
2014-01-29 16:09 - 2014-02-01 10:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-29 16:09 - 2014-01-29 16:09 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 16:09 - 2014-01-29 16:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-29 16:09 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-01-29 15:09 - 2014-01-29 15:09 - 00004096 _____ () C:\Users\rpmar_000\Desktop\ipdetails.txt
2014-01-29 15:02 - 2014-01-29 15:02 - 00003475 _____ () C:\Users\rpmar_000\Desktop\ipdetails1.txt
2014-01-28 18:20 - 2014-01-28 18:20 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-01-28 18:19 - 2014-01-28 18:19 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-01-28 18:19 - 2014-01-28 18:19 - 00008222 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-01-28 18:19 - 2014-01-28 18:19 - 00002597 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-01-28 18:19 - 2014-01-28 18:19 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-01-28 18:10 - 2014-01-28 18:15 - 204480336 ____N (Symantec Corporation) C:\Users\rpmar_000\Downloads\NIS-ESD-21.1.0-GE.exe
2014-01-28 17:55 - 2014-01-28 18:47 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\LogMeIn Rescue Applet
2014-01-28 17:55 - 2014-01-28 17:55 - 00002285 _____ () C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Symantec.lnk
2014-01-28 15:20 - 2014-01-28 15:28 - 00101386 _____ () C:\Users\rpmar_000\Desktop\sfcdetails.txt
2014-01-28 15:08 - 2014-01-28 15:08 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\PackageStaging
2014-01-28 13:00 - 2014-01-28 14:16 - 00051811 _____ () C:\Users\rpmar_000\Documents\sfcdetails.txt
2014-01-28 08:55 - 2014-01-28 08:57 - 00216999 _____ () C:\Users\rpmar_000\Desktop\ProjStat_GCD_RPMarr.xlsx
2014-01-25 16:49 - 2014-01-25 16:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\AIM
2014-01-25 16:49 - 2003-12-04 15:58 - 00000696 _____ () C:\WINDOWS\SysWOW64\jetodbc.rsp
2014-01-25 16:49 - 2002-12-11 19:12 - 00760968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSDMOD.DLL
2014-01-25 16:49 - 2002-12-11 19:12 - 00316040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DMOD.DLL
2014-01-25 16:49 - 2002-12-11 19:10 - 00816264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDMOD.DLL
2014-01-25 16:49 - 2002-12-11 17:34 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DMOD.DLL
2014-01-25 16:49 - 2002-12-11 15:16 - 00384512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDMOD.DLL
2014-01-25 16:49 - 2002-08-29 03:43 - 00278559 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMV8DS32.AX
2014-01-25 16:49 - 2002-08-29 03:43 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDS32.AX
2014-01-25 16:49 - 2002-08-29 03:43 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSADDS32.AX
2014-01-25 16:49 - 2002-04-29 19:47 - 00121160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscal.ocx
2014-01-25 16:49 - 2000-06-13 00:00 - 01046288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJET35.DLL
2014-01-25 16:49 - 2000-06-13 00:00 - 00415504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSREPL35.DLL
2014-01-25 16:49 - 1999-03-05 22:15 - 00074000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrclr40.dll
2014-01-25 16:49 - 1999-03-05 22:15 - 00028944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrecr40.dll
2014-01-25 16:49 - 1998-04-24 00:00 - 00368912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBAR332.DLL
2014-01-25 16:49 - 1998-04-24 00:00 - 00148240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJINT35.DLL
2014-01-25 16:49 - 1997-07-01 10:45 - 00250128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSEXCL35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00330000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSEXCH35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00287504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSXBSE35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00252176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSRD2X35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00250128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPDOX35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00166160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSLTUS35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00165648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSTEXT35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00024848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJTER35.DLL
2014-01-25 16:48 - 2014-01-25 16:48 - 00002116 _____ () C:\Users\Public\Desktop\Olympia Chronik 2014.lnk
2014-01-25 16:46 - 2014-01-25 16:46 - 00000000 ____D () C:\Program Files (x86)\USM
2014-01-25 16:45 - 2014-01-03 11:55 - 24097311 _____ () C:\Users\rpmar_000\Downloads\vlc-2.1.2-win32.exe
2014-01-25 16:44 - 2014-02-03 13:41 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-01-25 16:44 - 2014-01-25 16:44 - 00002268 _____ () C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO10).lnk
2014-01-25 16:44 - 2014-01-25 16:44 - 00001246 _____ () C:\Users\Public\Desktop\Ashampoo WinOptimizer 10.lnk
2014-01-25 16:44 - 2014-01-25 16:44 - 00000214 _____ () C:\Users\Public\Desktop\Your Software Deals.url
2014-01-25 16:44 - 2014-01-25 16:44 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-01-25 16:44 - 2009-08-24 21:13 - 00034304 _____ (mst software GmbH, Germany) C:\WINDOWS\system32\DfSdkBt.exe
2014-01-25 16:37 - 2014-02-03 13:43 - 00000000 ____D () C:\Program Files (x86)\Dr. Hardware 2013
2014-01-25 16:37 - 2014-01-25 16:37 - 00000996 _____ () C:\Users\rpmar_000\Desktop\Dr. Hardware 2013.lnk
2014-01-25 16:37 - 2014-01-25 16:37 - 00000996 _____ () C:\Users\marki_lokal\Desktop\Dr. Hardware 2013.lnk
2014-01-25 16:37 - 2013-07-21 17:41 - 00013760 _____ () C:\WINDOWS\SysWOW64\Drivers\DRHMSR64.sys
2014-01-25 16:37 - 2013-07-21 17:41 - 00013760 _____ () C:\WINDOWS\system32\Drivers\DRHMSR64.sys
2014-01-25 16:37 - 2011-11-03 18:05 - 00021984 _____ (Licensed for Gebhard Software) C:\WINDOWS\SysWOW64\Drivers\DRHARD64.sys
2014-01-25 16:37 - 2011-11-03 18:05 - 00021984 _____ (Licensed for Gebhard Software) C:\WINDOWS\system32\Drivers\DRHARD64.sys
2014-01-25 15:30 - 2014-01-25 15:30 - 00023489 _____ () C:\Users\rpmar_000\Documents\Transsib.txt
2014-01-25 13:29 - 2014-01-25 13:41 - 00000000 ____D () C:\Users\rpmar_000\Desktop\Neuer Ordner
2014-01-25 12:09 - 2014-01-25 12:09 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1379490362-2251337210-4251339374-1005
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D () C:\Users\marki_lokal\AppData\Roaming\Logitech
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D () C:\Users\marki_lokal\AppData\Roaming\ATI
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D () C:\Users\marki_lokal\AppData\Local\ATI
2014-01-25 12:04 - 2014-01-25 12:05 - 00000000 ____D () C:\Users\marki_lokal\AppData\Local\Packages
2014-01-25 12:04 - 2014-01-25 12:04 - 00001454 _____ () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-25 12:04 - 2014-01-25 12:04 - 00000020 ___SH () C:\Users\marki_lokal\ntuser.ini
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Vorlagen
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Startmenü
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Netzwerkumgebung
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Lokale Einstellungen
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Eigene Dateien
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Druckumgebung
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Documents\Eigene Musik
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Documents\Eigene Bilder
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\AppData\Local\Verlauf
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\AppData\Local\Anwendungsdaten
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Anwendungsdaten
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ___RD () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ___RD () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ____D () C:\Users\marki_lokal\AppData\Roaming\Adobe
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ____D () C:\Users\marki_lokal\AppData\Local\VirtualStore
2014-01-25 12:03 - 2014-01-25 12:04 - 00000000 ____D () C:\Users\marki_lokal
2014-01-25 12:03 - 2013-10-17 14:07 - 00000000 ____D () C:\Users\marki_lokal\AppData\Local\Microsoft Help
2014-01-25 12:03 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-25 12:03 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-25 12:03 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-01-25 12:03 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-25 11:59 - 2014-01-25 11:59 - 00000000 ___HD () C:\$SysReset
2014-01-23 13:58 - 2014-01-23 13:58 - 00001058 _____ () C:\Users\Public\Desktop\PDF-XChange Editor.lnk
2014-01-23 13:58 - 2014-01-23 13:58 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Tracker Software
2014-01-23 13:58 - 2014-01-23 13:58 - 00000000 ____D () C:\Program Files\Tracker Software
2014-01-23 13:56 - 2014-01-23 13:56 - 00000000 ____D () C:\Users\rpmar_000\Documents\PDF-Viewer
2014-01-23 13:54 - 2014-01-23 13:56 - 53393688 _____ () C:\Users\rpmar_000\Downloads\PDFXVE3_3.0.307.1.zip
2014-01-23 11:39 - 2014-02-01 12:51 - 00000000 ____D () C:\AdwCleaner
2014-01-23 11:27 - 2014-01-23 11:27 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperia Online
2014-01-23 11:27 - 2012-07-25 12:03 - 00016896 _____ () C:\WINDOWS\system32\sasnative64.exe
2014-01-23 11:26 - 2014-01-25 11:27 - 00000138 _____ () C:\Users\rpmar_000\AppData\Roaming\WB.CFG
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\ATI
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\ATI
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D () C:\ProgramData\ATI
2014-01-23 10:51 - 2014-01-23 13:57 - 00000000 ____D () C:\ProgramData\Package Cache
2014-01-23 10:51 - 2014-01-23 10:51 - 00055441 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201401231051561539.log
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D () C:\Program Files (x86)\Advanced Micro Devices, Inc
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D () C:\AMD
2014-01-23 10:48 - 2013-12-09 01:34 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-01-23 10:48 - 2013-12-09 01:04 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-01-23 10:48 - 2013-11-27 16:34 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2014-01-23 10:48 - 2013-11-27 16:27 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-01-23 10:48 - 2013-11-27 15:00 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-01-23 10:48 - 2013-11-27 14:47 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2014-01-23 10:48 - 2013-11-27 13:02 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys
2014-01-23 10:48 - 2013-11-27 11:54 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-01-23 10:48 - 2013-11-27 11:24 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2014-01-23 10:48 - 2013-11-27 11:08 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-01-23 10:48 - 2013-11-27 10:46 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2014-01-23 10:48 - 2013-11-27 10:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2014-01-23 10:48 - 2013-11-27 10:17 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-01-23 10:48 - 2013-11-27 10:10 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2014-01-23 10:48 - 2013-11-27 09:58 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-01-23 10:48 - 2013-11-27 09:56 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2014-01-23 10:48 - 2013-11-27 09:20 - 04106240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-01-23 10:48 - 2013-11-27 05:01 - 00385614 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-01-23 10:48 - 2013-11-26 14:22 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-01-23 10:48 - 2013-11-26 14:20 - 02131120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-01-23 10:48 - 2013-11-26 14:20 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-01-23 10:48 - 2013-11-26 14:20 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcmde.dll
2014-01-23 10:48 - 2013-11-26 14:20 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-01-23 10:48 - 2013-11-26 12:50 - 01371312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-01-23 10:48 - 2013-11-26 12:44 - 02142936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-01-23 10:48 - 2013-11-26 12:44 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-01-23 10:48 - 2013-11-26 11:13 - 04191232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-01-23 10:48 - 2013-11-26 10:21 - 18577920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-01-23 10:48 - 2013-11-26 09:28 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-01-23 10:48 - 2013-11-25 02:45 - 00142680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-01-23 10:48 - 2013-11-25 02:32 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-01-23 10:48 - 2013-11-25 00:30 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-01-23 10:48 - 2013-11-25 00:28 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-01-23 10:48 - 2013-11-23 13:47 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-01-23 10:48 - 2013-11-23 12:49 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-01-23 10:48 - 2013-11-23 09:19 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-01-23 10:48 - 2013-11-23 08:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
2014-01-23 10:48 - 2013-11-23 08:13 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2014-01-23 10:48 - 2013-11-23 08:08 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-01-23 10:48 - 2013-11-23 05:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-01-23 10:48 - 2013-11-23 04:57 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-01-23 10:48 - 2013-11-23 04:48 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-01-23 10:48 - 2013-11-23 04:25 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-01-23 10:48 - 2013-11-23 04:25 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-01-23 10:48 - 2013-11-23 04:19 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-01-23 10:48 - 2013-11-23 04:15 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-01-23 10:48 - 2013-11-21 07:58 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll
2014-01-23 10:48 - 2013-11-21 07:26 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-01-23 10:48 - 2013-11-16 06:11 - 00764856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-01-23 10:48 - 2013-11-15 19:19 - 00669344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-01-23 10:48 - 2013-11-15 15:59 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2014-01-23 10:48 - 2013-11-15 15:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2014-01-23 10:48 - 2013-11-15 15:08 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-01-23 10:48 - 2013-11-15 14:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-01-23 10:48 - 2013-11-05 21:12 - 02551128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-01-23 10:48 - 2013-10-31 01:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-01-23 10:48 - 2013-10-31 00:41 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-01-23 10:47 - 2013-12-11 08:55 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-01-23 10:47 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-23 10:47 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-23 10:47 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-23 10:47 - 2013-11-27 11:34 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-01-23 10:47 - 2013-11-27 10:54 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-23 10:47 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-23 10:47 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-23 10:47 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-23 10:47 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-23 10:47 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-23 10:47 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-22 13:28 - 2014-01-22 13:28 - 00003118 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003092 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003062 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003060 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-01-21 15:28 - 2014-01-21 15:29 - 28028590 _____ () C:\Users\rpmar_000\Downloads\WIT-Photobox.zip
2014-01-09 11:26 - 2014-01-09 11:27 - 00000000 ____D () C:\Users\rpmar_000\Documents\SEPA
2014-01-09 11:24 - 2014-01-09 11:24 - 00001095 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-01-09 11:24 - 2014-01-09 11:24 - 00001075 _____ () C:\Users\Public\Desktop\PDF24 Fax.lnk
2014-01-09 11:24 - 2014-01-09 11:24 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\PDF24
2014-01-09 11:24 - 2014-01-09 11:24 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-01-09 11:23 - 2014-01-09 11:24 - 16189768 _____ (Geek Software GmbH ) C:\Users\rpmar_000\Downloads\pdf24-creator-6.2.0.exe
2014-01-09 10:10 - 2014-01-09 10:10 - 00003442 _____ () C:\Users\rpmar_000\Downloads\Antrag (16).xml
2014-01-07 15:46 - 2013-12-19 16:16 - 01812992 _____ () C:\Users\rpmar_000\Downloads\ProjStat_GCD_RPMarr_bis_12.12.12.xls
2014-01-07 10:42 - 2014-02-01 20:38 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-07 09:43 - 2014-01-07 09:43 - 00004857 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_45-b18.log
2014-01-07 09:43 - 2014-01-07 09:43 - 00000000 ____D () C:\ProgramData\Oracle
==================== One Month Modified Files and Folders =======
2014-02-03 16:48 - 2014-01-30 14:05 - 00000000 ____D () C:\FRST
2014-02-03 16:44 - 2013-10-22 08:58 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\E7546975-342B-4B7C-A126-4E5CA701679A.aplzod
2014-02-03 16:41 - 2012-11-12 15:19 - 00000000 ____D () C:\Users\rpmar_000\Documents\Outlook-Dateien
2014-02-03 16:23 - 2014-02-03 16:23 - 00003235 _____ () C:\Users\rpmar_000\Downloads\Antrag(2).xml
2014-02-03 16:17 - 2012-11-14 11:32 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-03 16:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-03 15:54 - 2014-01-30 14:17 - 00000000 ____D () C:\Users\rpmar_000\Documents\Malware
2014-02-03 15:53 - 2012-11-12 17:23 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-03 15:32 - 2013-10-17 14:09 - 02005858 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-03 14:02 - 2012-11-12 17:22 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1379490362-2251337210-4251339374-1001
2014-02-03 13:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-02-03 13:43 - 2014-01-25 16:37 - 00000000 ____D () C:\Program Files (x86)\Dr. Hardware 2013
2014-02-03 13:41 - 2014-01-25 16:44 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-02-03 12:06 - 2013-11-12 11:42 - 00000000 ____D () C:\Program Files (x86)\sysTPL
2014-02-03 11:16 - 2012-11-12 08:56 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\Packages
2014-02-03 11:08 - 2013-09-30 05:14 - 01812910 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-03 11:08 - 2013-09-30 04:58 - 00782352 _____ () C:\WINDOWS\system32\perfh007.dat
2014-02-03 11:08 - 2013-09-30 04:58 - 00164592 _____ () C:\WINDOWS\system32\perfc007.dat
2014-02-03 11:06 - 2014-02-03 11:06 - 02347384 _____ (ESET) C:\Users\rpmar_000\Downloads\esetsmartinstaller_enu.exe
2014-02-03 10:34 - 2012-11-12 15:30 - 00000000 ____D () C:\Users\rpmar_000\Documents\WISO Mein Geld
2014-02-03 10:33 - 2014-02-03 10:33 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\vlc
2014-02-03 10:29 - 2014-02-03 10:29 - 00000887 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-02-03 10:29 - 2013-09-26 12:45 - 00000000 ____D () C:\Program Files\VideoLAN
2014-02-03 10:26 - 2014-02-03 10:25 - 23884615 _____ () C:\Users\rpmar_000\Downloads\vlc-2.1.2-win64.exe
2014-02-01 20:38 - 2014-01-07 10:42 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-01 20:36 - 2013-10-17 14:16 - 00000000 __RDO () C:\Users\rpmar_000\SkyDrive
2014-02-01 20:36 - 2012-11-18 10:51 - 00000000 ___RD () C:\Users\rpmar_000\Dropbox
2014-02-01 20:36 - 2012-11-18 10:46 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Dropbox
2014-02-01 20:36 - 2012-11-14 11:32 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-01 20:35 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-01 20:35 - 2013-08-22 14:25 - 06553600 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-01 20:35 - 2012-12-11 18:25 - 00161559 _____ () C:\ndsvc.log
2014-02-01 16:38 - 2012-11-14 12:37 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-02-01 12:51 - 2014-01-23 11:39 - 00000000 ____D () C:\AdwCleaner
2014-02-01 12:48 - 2014-02-01 12:48 - 00000637 _____ () C:\Users\rpmar_000\Desktop\JRT.txt
2014-02-01 12:43 - 2014-01-31 16:19 - 00001814 _____ () C:\sc-cleaner.txt
2014-02-01 11:36 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-02-01 10:51 - 2013-09-29 20:05 - 00502498 _____ () C:\WINDOWS\PFRO.log
2014-02-01 10:48 - 2012-11-12 17:33 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-02-01 10:46 - 2014-01-31 14:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-01 10:44 - 2014-01-29 16:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-01 10:16 - 2014-02-01 10:16 - 00000085 _____ () C:\WINDOWS\wininit.ini
2014-02-01 10:16 - 2014-01-31 14:31 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-01-31 16:27 - 2013-12-04 10:22 - 00000000 ____D () C:\Program Files\DriveOnWeb Client
2014-01-31 16:18 - 2014-01-31 16:18 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\rpmar_000\Downloads\sc-cleaner.exe
2014-01-31 16:18 - 2014-01-31 16:18 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\rpmar_000\Desktop\sc-cleaner.exe
2014-01-31 16:15 - 2014-01-30 14:06 - 00073823 _____ () C:\Users\rpmar_000\Downloads\FRST.txt
2014-01-31 16:15 - 2014-01-30 14:06 - 00031870 _____ () C:\Users\rpmar_000\Downloads\Addition.txt
2014-01-31 14:35 - 2014-01-31 14:35 - 00000000 ____D () C:\Users\rpmar_000\Documents\ProcAlyzer Dumps
2014-01-31 14:31 - 2014-01-31 14:31 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-01-31 13:53 - 2014-01-31 13:52 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\rpmar_000\Downloads\spybot-2.2.25.exe
2014-01-31 13:45 - 2014-01-31 13:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-31 13:45 - 2014-01-31 13:26 - 00000000 ____D () C:\Users\rpmar_000\Desktop\mbar
2014-01-31 13:33 - 2014-01-31 13:33 - 00119000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-01-31 13:33 - 2014-01-31 13:24 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-31 13:24 - 2014-01-31 13:23 - 00000000 ____D () C:\Malewarebytes
2014-01-31 13:21 - 2014-01-31 13:21 - 12589848 _____ (Malwarebytes Corp.) C:\Users\rpmar_000\Downloads\mbar-1.07.0.1009.exe
2014-01-30 21:35 - 2014-01-30 15:42 - 00011252 _____ () C:\Users\rpmar_000\Documents\Einnahme_Ausgabe.xlsx
2014-01-30 16:53 - 2014-01-30 14:08 - 00071262 _____ () C:\Users\rpmar_000\Desktop\FRST.txt
2014-01-30 16:08 - 2014-01-30 16:08 - 01804472 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2014-01-30 16:00 - 2014-01-30 16:00 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-01-30 15:59 - 2014-01-30 16:00 - 01037068 _____ (Thisisu) C:\Users\rpmar_000\Desktop\JRT.exe
2014-01-30 15:59 - 2014-01-30 15:59 - 01037068 _____ (Thisisu) C:\Users\rpmar_000\Downloads\JRT.exe
2014-01-30 14:06 - 2014-01-30 14:06 - 00000119 _____ () C:\Users\rpmar_000\Desktop\Addition.txt
2014-01-30 14:05 - 2014-01-30 16:49 - 02079744 _____ (Farbar) C:\Users\rpmar_000\Desktop\FRST64.exe
2014-01-30 14:05 - 2014-01-30 14:05 - 02079744 _____ (Farbar) C:\Users\rpmar_000\Downloads\FRST64.exe
2014-01-30 14:02 - 2014-01-29 16:39 - 00000000 ____D () C:\ProgramData\Updater
2014-01-30 14:02 - 2014-01-29 16:39 - 00000000 ____D () C:\ProgramData\RHelpers
2014-01-30 13:13 - 2014-01-30 15:50 - 01166132 _____ () C:\Users\rpmar_000\Desktop\adwcleaner.exe
2014-01-30 13:13 - 2014-01-30 13:13 - 01166132 _____ () C:\Users\rpmar_000\Downloads\adwcleaner.exe
2014-01-30 12:11 - 2013-10-17 14:05 - 00000000 ____D () C:\Users\rpmar_000
2014-01-30 08:59 - 2014-01-30 08:59 - 00281136 _____ () C:\WINDOWS\Minidump\013014-7265-01.dmp
2014-01-30 08:59 - 2013-12-02 10:42 - 2056067440 _____ () C:\WINDOWS\MEMORY.DMP
2014-01-30 08:59 - 2013-12-02 10:42 - 00000000 ____D () C:\WINDOWS\Minidump
2014-01-30 08:59 - 2013-08-22 15:46 - 00299670 _____ () C:\WINDOWS\setupact.log
2014-01-29 20:53 - 2014-01-29 20:53 - 00009538 _____ () C:\Users\rpmar_000\Documents\Malware.txt
2014-01-29 16:49 - 2014-01-29 16:49 - 00000000 ____D () C:\ProgramData\Websteroids
2014-01-29 16:45 - 2014-01-29 16:45 - 00675048 _____ () C:\Users\rpmar_000\Downloads\AdwCleaner_Setup_Download.exe
2014-01-29 16:44 - 2014-01-29 16:44 - 01166132 _____ () C:\Users\rpmar_000\Downloads\adwcleaner-3.018.exe
2014-01-29 16:10 - 2014-01-29 16:10 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Malwarebytes
2014-01-29 16:09 - 2014-01-29 16:09 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 16:09 - 2014-01-29 16:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-29 15:43 - 2013-07-08 15:28 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-01-29 15:09 - 2014-01-29 15:09 - 00004096 _____ () C:\Users\rpmar_000\Desktop\ipdetails.txt
2014-01-29 15:02 - 2014-01-29 15:02 - 00003475 _____ () C:\Users\rpmar_000\Desktop\ipdetails1.txt
2014-01-29 11:42 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-01-28 18:47 - 2014-01-28 17:55 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\LogMeIn Rescue Applet
2014-01-28 18:46 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-01-28 18:20 - 2014-01-28 18:20 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-01-28 18:19 - 2014-01-28 18:19 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-01-28 18:19 - 2014-01-28 18:19 - 00008222 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-01-28 18:19 - 2014-01-28 18:19 - 00002597 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-01-28 18:19 - 2014-01-28 18:19 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-01-28 18:19 - 2012-12-11 10:33 - 00003234 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration
2014-01-28 18:19 - 2012-12-11 10:33 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-01-28 18:19 - 2012-12-11 10:30 - 00000000 ____D () C:\ProgramData\Norton
2014-01-28 18:15 - 2014-01-28 18:10 - 204480336 ____N (Symantec Corporation) C:\Users\rpmar_000\Downloads\NIS-ESD-21.1.0-GE.exe
2014-01-28 17:55 - 2014-01-28 17:55 - 00002285 _____ () C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Symantec.lnk
2014-01-28 15:28 - 2014-01-28 15:20 - 00101386 _____ () C:\Users\rpmar_000\Desktop\sfcdetails.txt
2014-01-28 15:17 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-01-28 15:12 - 2012-12-11 18:25 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\CrashDumps
2014-01-28 15:08 - 2014-01-28 15:08 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\PackageStaging
2014-01-28 14:16 - 2014-01-28 13:00 - 00051811 _____ () C:\Users\rpmar_000\Documents\sfcdetails.txt
2014-01-28 08:57 - 2014-01-28 08:55 - 00216999 _____ () C:\Users\rpmar_000\Desktop\ProjStat_GCD_RPMarr.xlsx
2014-01-28 08:54 - 2013-01-10 13:28 - 00217029 _____ () C:\Users\rpmar_000\Downloads\ProjStat_GCD_RPMarr.xlsx
2014-01-27 17:17 - 2013-12-02 13:48 - 00000000 __SHD () C:\Users\rpmar_000\wc
2014-01-25 16:49 - 2014-01-25 16:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\AIM
2014-01-25 16:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Macromed
2014-01-25 16:49 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-01-25 16:48 - 2014-01-25 16:48 - 00002116 _____ () C:\Users\Public\Desktop\Olympia Chronik 2014.lnk
2014-01-25 16:48 - 2012-11-12 18:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-25 16:46 - 2014-01-25 16:46 - 00000000 ____D () C:\Program Files (x86)\USM
2014-01-25 16:44 - 2014-01-25 16:44 - 00002268 _____ () C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO10).lnk
2014-01-25 16:44 - 2014-01-25 16:44 - 00001246 _____ () C:\Users\Public\Desktop\Ashampoo WinOptimizer 10.lnk
2014-01-25 16:44 - 2014-01-25 16:44 - 00000214 _____ () C:\Users\Public\Desktop\Your Software Deals.url
2014-01-25 16:44 - 2014-01-25 16:44 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-01-25 16:37 - 2014-01-25 16:37 - 00000996 _____ () C:\Users\rpmar_000\Desktop\Dr. Hardware 2013.lnk
2014-01-25 16:37 - 2014-01-25 16:37 - 00000996 _____ () C:\Users\marki_lokal\Desktop\Dr. Hardware 2013.lnk
2014-01-25 16:31 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Registration
2014-01-25 15:30 - 2014-01-25 15:30 - 00023489 _____ () C:\Users\rpmar_000\Documents\Transsib.txt
2014-01-25 13:41 - 2014-01-25 13:29 - 00000000 ____D () C:\Users\rpmar_000\Desktop\Neuer Ordner
2014-01-25 12:09 - 2014-01-25 12:09 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1379490362-2251337210-4251339374-1005
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D () C:\Users\marki_lokal\AppData\Roaming\Logitech
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D () C:\Users\marki_lokal\AppData\Roaming\ATI
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D () C:\Users\marki_lokal\AppData\Local\ATI
2014-01-25 12:05 - 2014-01-25 12:04 - 00000000 ____D () C:\Users\marki_lokal\AppData\Local\Packages
2014-01-25 12:04 - 2014-01-25 12:04 - 00001454 _____ () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-25 12:04 - 2014-01-25 12:04 - 00000020 ___SH () C:\Users\marki_lokal\ntuser.ini
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Vorlagen
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Startmenü
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Netzwerkumgebung
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Lokale Einstellungen
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Eigene Dateien
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Druckumgebung
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Documents\Eigene Musik
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Documents\Eigene Bilder
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\AppData\Local\Verlauf
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\AppData\Local\Anwendungsdaten
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Anwendungsdaten
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ___RD () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ___RD () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ____D () C:\Users\marki_lokal\AppData\Roaming\Adobe
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ____D () C:\Users\marki_lokal\AppData\Local\VirtualStore
2014-01-25 12:04 - 2014-01-25 12:03 - 00000000 ____D () C:\Users\marki_lokal
2014-01-25 11:59 - 2014-01-25 11:59 - 00000000 ___HD () C:\$SysReset
2014-01-25 11:27 - 2014-01-23 11:26 - 00000138 _____ () C:\Users\rpmar_000\AppData\Roaming\WB.CFG
2014-01-23 13:58 - 2014-01-23 13:58 - 00001058 _____ () C:\Users\Public\Desktop\PDF-XChange Editor.lnk
2014-01-23 13:58 - 2014-01-23 13:58 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Tracker Software
2014-01-23 13:58 - 2014-01-23 13:58 - 00000000 ____D () C:\Program Files\Tracker Software
2014-01-23 13:57 - 2014-01-23 10:51 - 00000000 ____D () C:\ProgramData\Package Cache
2014-01-23 13:56 - 2014-01-23 13:56 - 00000000 ____D () C:\Users\rpmar_000\Documents\PDF-Viewer
2014-01-23 13:56 - 2014-01-23 13:54 - 53393688 _____ () C:\Users\rpmar_000\Downloads\PDFXVE3_3.0.307.1.zip
2014-01-23 12:14 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-01-23 11:41 - 2012-11-12 17:16 - 00000000 ___RD () C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-23 11:27 - 2014-01-23 11:27 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperia Online
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\ATI
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\ATI
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D () C:\ProgramData\ATI
2014-01-23 10:54 - 2013-08-22 15:44 - 00482800 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-23 10:54 - 2012-11-12 17:16 - 00000000 ___RD () C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-01-23 10:53 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-01-23 10:53 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-01-23 10:51 - 2014-01-23 10:51 - 00055441 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201401231051561539.log
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D () C:\Program Files (x86)\Advanced Micro Devices, Inc
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D () C:\AMD
2014-01-23 10:51 - 2013-10-17 14:03 - 00000000 ____D () C:\Program Files\AMD
2014-01-23 10:46 - 2013-08-15 14:21 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-01-23 10:45 - 2012-12-12 11:45 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-23 10:40 - 2013-12-02 11:00 - 00000000 ____D () C:\Program Files\WhoCrashed
2014-01-22 13:28 - 2014-01-22 13:28 - 00003118 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003092 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003062 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003060 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-01-22 12:07 - 2012-11-13 09:31 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\Adobe
2014-01-22 12:01 - 2013-10-17 14:16 - 00000650 __RSH () C:\ProgramData\ntuser.pol
2014-01-22 11:52 - 2012-11-12 17:23 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-01-21 15:29 - 2014-01-21 15:28 - 28028590 _____ () C:\Users\rpmar_000\Downloads\WIT-Photobox.zip
2014-01-21 11:17 - 2012-11-18 10:51 - 00001041 _____ () C:\Users\rpmar_000\Desktop\Dropbox.lnk
2014-01-21 11:17 - 2012-11-18 10:47 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-21 10:44 - 2012-11-12 17:53 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\Microsoft Help
2014-01-17 12:16 - 2013-09-01 12:25 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\FileZilla
2014-01-17 11:52 - 2013-11-18 10:31 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-01-15 07:10 - 2012-11-21 17:05 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Nero
2014-01-14 17:15 - 2012-11-22 13:49 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\Nero
2014-01-14 16:31 - 2012-11-14 16:57 - 00000000 ____D () C:\ProgramData\CanonIJ
2014-01-09 11:27 - 2014-01-09 11:26 - 00000000 ____D () C:\Users\rpmar_000\Documents\SEPA
2014-01-09 11:24 - 2014-01-09 11:24 - 00001095 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-01-09 11:24 - 2014-01-09 11:24 - 00001075 _____ () C:\Users\Public\Desktop\PDF24 Fax.lnk
2014-01-09 11:24 - 2014-01-09 11:24 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\PDF24
2014-01-09 11:24 - 2014-01-09 11:24 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-01-09 11:24 - 2014-01-09 11:23 - 16189768 _____ (Geek Software GmbH ) C:\Users\rpmar_000\Downloads\pdf24-creator-6.2.0.exe
2014-01-09 10:10 - 2014-01-09 10:10 - 00003442 _____ () C:\Users\rpmar_000\Downloads\Antrag (16).xml
2014-01-07 10:42 - 2012-11-14 11:32 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\Google
2014-01-07 10:42 - 2012-11-14 11:32 - 00000000 ____D () C:\Program Files (x86)\Google
2014-01-07 09:43 - 2014-01-07 09:43 - 00004857 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_45-b18.log
2014-01-07 09:43 - 2014-01-07 09:43 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-07 09:43 - 2013-07-11 11:06 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-07 09:39 - 2013-11-27 11:42 - 00002125 _____ () C:\Users\Public\Desktop\Nero MediaHome.lnk
2014-01-06 23:31 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-06 23:31 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\rpmar_000\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\rpmar_000\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\rpmar_000\AppData\Local\Temp\Quarantine.exe
C:\Users\rpmar_000\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\rpmar_000\AppData\Local\Temp\SDShelEx-x64.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-03 12:24
==================== End Of Log ============================
--- --- --- und hier die Additon.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2014 03
Ran by rpmarr at 2014-02-03 16:48:35
Running from C:\Users\rpmar_000\Documents\Malware\Neu
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
8GadgetPack (x32 Version: 8.0.1 - Helmut Buhler)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 - Deutsch (x32 Version: 9.5.5 - Adobe Systems Incorporated)
AirPort (x32 Version: 5.6.1.2 - Apple Inc.)
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
ANNO 1404 - Venedig (x32 Version: 2.01.5010 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
ANNO 1404 (x32 Version: 1.03.0000 - Ubisoft)
ANNO 2070 (x32 Version: 1.0.0.0 - Ubisoft)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Ashampoo WinOptimizer 10 v.10.3.0 (x32 Version: 10.03.00 - Ashampoo GmbH & Co. KG)
Avery Wizard 4.0 (x32 Version: 4.0.201 - Avery)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (x32 Version: - )
Canon IJ Network Scan Utility (x32 Version: - )
Canon IJ Network Tool (x32 Version: 3.1.1 - Canon Inc.)
Canon Kurzwahlprogramm (x32 Version: - )
Canon LBP3250 (Version: - )
Canon MP Navigator EX 3.1 (x32 Version: - )
Canon MP630 series Benutzerregistrierung (x32 Version: - )
Canon MP630 series MP Drivers (Version: - )
Canon MX870 series Benutzerregistrierung (x32 Version: - )
Canon MX870 series MP Drivers (Version: - Canon Inc.)
Canon Utilities My Printer (x32 Version: - )
Canon Utilities Solution Menu (x32 Version: - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 1.00.0000 - )
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CD-LabelPrint (x32 Version: - )
Cyberduck 14140 (4.4.3) (x32 Version: 14140 (4.4.3) - )
CyberLink PowerDVD 10 (x32 Version: 10.0.5223.54 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.5223.54 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Das große Franzis Paket Office - Office Vorlagen Teil 1 (x32 Version: - )
Das große Franzis Paket Office - Office Vorlagen Teil 2 (x32 Version: - )
Das große Franzis Paket Office - Office Vorlagen Teil 3 (x32 Version: - )
Die Siedler 7 (x32 Version: 1.12.1396 - Ubisoft)
Dr. Hardware 2013 13.6d (x32 Version: - Peter A. Gebhard)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
HWiNFO64 Version 4.24 (Version: 4.24 - Martin Malík - REALiX)
iCloud (Version: 3.1.0.40 - Apple Inc.)
ImgBurn (x32 Version: 2.5.8.0 - LIGHTNING UK!)
Inkjet Printer/Scanner Extended Survey Program (x32 Version: - )
IrfanView (remove only) (x32 Version: 4.35 - Irfan Skiljan)
iTunes (Version: 11.1.3.8 - Apple Inc.)
LetsTrade Komponenten (x32 Version: - )
Logitech SetPoint 6.61 (Version: 6.61.15 - Logitech)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2013 - de-de (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
Nero 12 (x32 Version: 12.0.02000 - Nero AG)
Nero 12 Content Pack (x32 Version: 12.0.00400 - Nero AG)
Nero 2014 (x32 Version: 15.0.02200 - Nero AG)
Nero Abstract Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero BackItUp (x32 Version: 12.5.11000 - Nero AG) Hidden
Nero BackItUp Help (CHM) (x32 Version: 12.0.13000 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20064 - Nero AG) Hidden
Nero Blu-ray Player Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero Burning Core (x32 Version: 15.0.25001 - Nero AG) Hidden
Nero Burning ROM (x32 Version: 12.5.6000 - Nero AG) Hidden
Nero Burning ROM (x32 Version: 15.0.25001 - Nero AG) Hidden
Nero Burning ROM Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Burning ROM Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden
Nero Cliparts (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.16700 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.23400 - Nero AG) Hidden
Nero CoverDesigner (x32 Version: 12.0.00900 - Nero AG)
Nero CoverDesigner (x32 Version: 12.0.11000 - Nero AG) Hidden
Nero CoverDesigner Help (CHM) (x32 Version: 12.0.2000 - Nero AG) Hidden
Nero Disc Menus 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus 2 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus 3 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc to Device (x32 Version: 15.0.12010 - Nero AG) Hidden
Nero Effects Basic (x32 Version: 15.0.10011 - Nero AG) Hidden
Nero Express (x32 Version: 12.5.7000 - Nero AG) Hidden
Nero Express (x32 Version: 15.0.25001 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 12.0.13000 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden
Nero Family and Events Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Football (Soccer) Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Holiday and Sports Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Image Samples (x32 Version: 15.0.10008 - Nero AG) Hidden
Nero Info (x32 Version: 15.1.0030 - Nero AG) Hidden
Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.2.7000 - Nero AG) Hidden
Nero Launcher (x32 Version: 15.0.12000 - Nero AG) Hidden
Nero MediaHome (x32 Version: 1.22.3600 - Nero AG) Hidden
Nero MediaHome Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden
Nero PiP Effects 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero PiP Effects Basic (x32 Version: 15.0.10008 - Nero AG) Hidden
Nero Platinum Effects 12 (x32 Version: 15.0.10011 - Nero AG) Hidden
Nero Prerequisite Installer 2.0 (x32 Version: 12.0.01000 - Nero AG)
Nero Recode (x32 Version: 12.5.6000 - Nero AG) Hidden
Nero Recode (x32 Version: 15.0.14000 - Nero AG) Hidden
Nero Recode Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero Recode Help (CHM) (x32 Version: 15.0.00018 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.11000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 15.0.2000 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero Retro Film Themes (x32 Version: 12.0.11700 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.15005 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.13300.42.0 - Nero AG) Hidden
Nero Video (x32 Version: 12.5.4000 - Nero AG) Hidden
Nero Video (x32 Version: 15.0.13000 - Nero AG) Hidden
Nero Video Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero Video Help (CHM) (x32 Version: 15.0.00018 - Nero AG) Hidden
Nero Video Samples (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Video Transitions 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NetDrive (x32 Version: 1.3.2.0 - Bdrive Inc.)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (x32 Version: 2.1.0.3 - NETGEAR)
Norton Internet Security (x32 Version: 21.1.0.18 - Symantec Corporation)
Nur Entfernen der CopyTrans Suite möglich (HKCU Version: 2.37 - WindSolutions)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Olympia Chronik 2014 (x32 Version: 1.00.0000 - USM)
Olympia Chronik 2014 (x32 Version: 1.00.0000 - USM) Hidden
PDF24 Creator 6.2.0 (x32 Version: - PDF24.org)
PDF-XChange Editor (Version: 3.0.307.1 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Editor (x32 Version: 3.0.307.1 - Tracker Software Products (Canada) Ltd.)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Sid Meier's Civilization V (x32 Version: - 2K Games, Inc.)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
StreamTransport version: 1.0.2.2171 (x32 Version: - )
SW Update (x32 Version: 2.1.3 - Samsung Electronics CO., LTD.)
sysTPL (x32 Version: 1.0.0 - Tlapia)
TechPowerUp GPU-Z (x32 Version: - TechPowerUp)
Top Set 2.00 (x32 Version: 2.00 - Aldarin)
True Image 2013 (x32 Version: 16.0.6514 - Acronis) Hidden
True Image 2013 Plus Pack (x32 Version: 16.0.6514 - Acronis)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3020.2 - TuneUp Software) Hidden
Ubisoft Game Launcher (x32 Version: 1.0.0.0 - UBISOFT)
Updater (x32 Version: 2.6.53 - Creative Island Media, LLC)
VLC media player 2.1.2 (Version: 2.1.2 - VideoLAN)
Welcome App (Start-up experience) (x32 Version: 12.0.15000 - Nero AG) Hidden
WhoCrashed 5.00 (Version: - Resplendence Software Projects Sp.)
Win8 x64Components v1.2.9 (Version: 1.2.9 - Shark007)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0 - win.rar GmbH)
WISO Mein Geld 2014 Professional (x32 Version: - Buhl Data Service GmbH)
WISO Mein Geld 2014 Professional (x32 Version: 16.0.1.0 - Buhl Data Service GmbH) Hidden
==================== Restore Points =========================
22-01-2014 10:44:06 Geplanter Prüfpunkt
23-01-2014 12:57:04 PDF-XChange Editor
25-01-2014 15:48:46 Installiert Olympia Chronik 2014
01-02-2014 09:17:07 Removed Java 7 Update 25 (64-bit)
==================== Hosts content: ==========================
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {09A3D889-2319-4A9C-B55F-18525B43DC56} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0CCC1B48-4AE5-48A7-A32D-F7A446F26E7B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {18ACF2B1-539D-4146-8DE0-47ACCB0BCF0D} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {277510B7-E9FD-41C5-A117-EA696DFC67F4} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {32715FC6-3161-482F-93B1-000D4D6277FD} - \RegClean Pro No Task File
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3EA2590F-6D23-4803-9EBD-2E69847AACE1} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {49032738-2A03-4DD7-B9DF-2E003EF89811} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {59764A79-6D71-4416-A55F-8AB04A36C97E} - \Advanced System Protector_startup No Task File
Task: {62831809-5F2D-4212-BF8D-ABC143E053AF} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6D8CDB08-6274-451A-A16A-595FF4E7447E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7AB829DF-0465-4987-9A49-C61CFE71EF2E} - \BackgroundContainer Startup Task No Task File
Task: {7BCFE1F4-B102-4A28-BA38-26C859BB0CF2} - System32\Tasks\RunAsStdUser Task => C:\Program Files\NetDrive\netdrive.exe [2013-02-27] (Bdrive Inc.)
Task: {7C740B59-0293-40FF-BFDB-BCE84FF65E9A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14] (Google Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {936F0DDB-0682-4158-ABD4-001D930163BC} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A02DBB75-27DC-466A-8DE9-8B2CA48DCFF7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-22] (Adobe Systems Incorporated)
Task: {A8A71CFB-555A-4BD1-A1CA-CD0978DB8113} - \Advanced System Protector No Task File
Task: {B1946E83-F46E-48CE-981B-1CCC5CC59F17} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Markis_Desktop-rpmarr Markis_Desktop => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-01-17] (Microsoft Corporation)
Task: {B35AFDBD-B259-4D9E-A568-0DE8C2F3B0A9} - \RegClean Pro_UPDATES No Task File
Task: {B4B0CA36-DA5C-42AE-B83D-1BF5ABD4AE43} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {B7D0CDC4-778C-4E4A-BDFF-773F11FCF472} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-11-01] (Samsung Electronics CO., LTD.)
Task: {CB1FC689-98D2-46B5-AE24-B69DA1224471} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-01-23] (Microsoft Corporation)
Task: {CB2290CB-8E2D-462D-89A6-D24ADF205C59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14] (Google Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {D914B3CE-795A-400B-B00B-3CDE59B01DCF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DB548322-49B3-47DD-8CC9-38D0B40C6217} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F3B55CF3-3494-4A96-A82E-7B14A9EE6AB4} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG)
Task: {FEEAF85E-2059-43C0-B045-AE52158C82CA} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-03-27 21:39 - 2013-03-27 21:39 - 00021824 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\x64\ti_managers_proxy_stub.dll
2013-11-20 09:45 - 2013-11-20 09:45 - 00183808 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00119315 _____ () C:\Program Files\VideoLAN\VLC\libvlc.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 02429459 _____ () C:\Program Files\VideoLAN\VLC\libvlccore.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00265235 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00030227 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00033299 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00071699 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 02355219 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00104467 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00226323 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00077843 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00049683 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00063507 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00524819 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00891923 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00122387 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00042515 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00016915 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00138259 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 02066451 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00312339 _____ () C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 01481235 _____ () C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00055315 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00185363 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00042003 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00090131 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00070675 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 12317203 _____ () C:\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00079891 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00028179 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00081939 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00018451 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libtta_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00024083 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00023059 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 01111059 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libsid_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00123923 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00140819 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libogg_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 01584147 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00122387 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_http_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00017427 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libdirac_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00748051 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\liblive555_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00022035 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libsmf_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00020499 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libpva_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00017427 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libxa_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00018451 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00019987 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libvoc_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00017427 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libau_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00471059 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libgme_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00039955 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00320531 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00018963 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00182291 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 01760787 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00018451 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00024083 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00023571 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00029203 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00023571 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00070675 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00339987 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00022035 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 01494035 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00022035 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00402451 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00016403 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 00021523 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2013-12-10 18:23 - 2013-12-10 18:23 - 01504787 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2013-12-18 14:18 - 2013-12-18 14:18 - 00028160 _____ () C:\Users\rpmar_000\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\Microsoft.PerfTrack\5bf99992f103eeb416af8751401af835\Microsoft.PerfTrack.ni.dll
2013-10-19 04:13 - 2013-10-19 04:13 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\432868bf54b081b16eaf68729020b30a\Windows.Foundation.ni.dll
2013-10-19 04:13 - 2013-10-19 04:13 - 01278464 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Storage\4c323000d6c8d1d462abb0968333c937\Windows.Storage.ni.dll
2013-10-19 04:13 - 2013-10-19 04:13 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\0ff25bd7c20be35c2e915bb82db13b72\Windows.UI.ni.dll
2013-10-19 04:13 - 2013-10-19 04:13 - 01782272 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\600862031eb4d4cfdc6f4d2025a7990e\Windows.ApplicationModel.ni.dll
2013-12-18 14:18 - 2013-12-18 14:18 - 02203136 _____ () C:\Users\rpmar_000\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\Microsoft.B2e1870ee#\d9df48ed6d335db63d752502fb9cf025\Microsoft.Bing.AppEx.Telemetry.ni.dll
2013-10-17 14:39 - 2013-10-17 14:39 - 00347136 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Gloaae92e31#\e0e7493cf161f0e0899caa7eb5e0e259\Windows.Globalization.ni.dll
2013-10-17 14:39 - 2013-10-17 14:39 - 00632320 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Security\4f00f54318cefa03d2a77a61e842ffca\Windows.Security.ni.dll
2013-10-17 14:39 - 2013-10-17 14:39 - 00207872 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.System\e8f8737bea4f0df4b88bbc4bf24fa2a8\Windows.System.ni.dll
2013-10-17 14:39 - 2013-10-17 14:39 - 01259520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Networking\45eee6d0ec199bb4a183edf3d8f2370f\Windows.Networking.ni.dll
2013-12-18 14:18 - 2013-12-18 14:18 - 00113664 _____ () C:\Users\rpmar_000\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\SqliteWrapper\e777100ba81b8c242072ce919b808f6f\SqliteWrapper.ni.dll
2013-09-30 05:02 - 2013-09-30 05:02 - 00485816 _____ () C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.1.203_x64__8wekyb3d8bbwe\SqliteWrapper.dll
2013-09-30 05:02 - 2013-09-30 05:02 - 00660920 _____ () C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.1.203_x64__8wekyb3d8bbwe\Sqlite3.dll
2013-10-19 04:13 - 2013-10-19 04:13 - 01383936 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Web\2b0972e005263c87498242eb8f69480d\Windows.Web.ni.dll
2013-10-17 14:39 - 2013-10-17 14:39 - 00467456 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Graphics\e06f4482547bc7feaa453c9e02585f52\Windows.Graphics.ni.dll
2013-12-18 14:18 - 2013-12-18 14:18 - 05076480 _____ () C:\Users\rpmar_000\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\Microsoft.A46d31238#\5c56739d6d0bbb1d3616c411b9d31beb\Microsoft.AppEx.Sports.Schemas.ni.dll
2013-12-18 14:18 - 2013-12-18 14:18 - 00155136 _____ () C:\Users\rpmar_000\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\Microsoft.Ab11fe181#\106a53baa6682b99805867bf162f46dc\Microsoft.AppEx.Sports.TransformEngine.BaseSchemas.ni.dll
2013-12-18 14:18 - 2013-12-18 14:18 - 00059392 _____ () C:\Users\rpmar_000\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\Microsoft.A615ea4af#\775e0d36fa228982650b7f315af0c6de\Microsoft.AppEx.Sports.BaseEnums.ni.dll
2013-10-17 14:39 - 2013-10-17 14:39 - 00521216 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Data\4e1b0dc15d072d992e08612cd74a34db\Windows.Data.ni.dll
2013-12-18 14:18 - 2013-12-18 14:18 - 00041984 _____ () C:\Users\rpmar_000\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\Microsoft.Ad256fa43#\768381e6ef8a9d80f20b70ac9e6687de\Microsoft.AppEx.Sports.SportsEnums.ni.dll
2013-10-17 14:39 - 2013-10-17 14:39 - 02019840 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Devices\aaa76dfc70840ddd1028b4e1783ec5aa\Windows.Devices.ni.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-18 14:42 - 2012-09-21 15:25 - 00380928 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll
2013-11-18 10:32 - 2013-11-18 11:17 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2013-12-13 14:02 - 2014-01-17 11:48 - 00359592 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\c2r32.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-02-18 14:42 - 2012-09-18 09:34 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll
2013-11-18 10:31 - 2013-11-18 10:31 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-12-13 13:18 - 2014-01-17 11:42 - 00359592 _____ () C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\rpmar_000\AppData\Roaming\Dropbox\bin\libcef.dll
2013-03-27 23:37 - 2013-03-27 23:37 - 13627872 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2013-03-27 21:09 - 2013-03-27 21:09 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2013-11-18 10:31 - 2013-11-18 10:31 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2013-12-13 13:18 - 2014-01-17 11:42 - 00359592 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\c2r32.dll
2008-05-06 09:35 - 2008-05-06 09:35 - 00028456 _____ () C:\Program Files (x86)\Buhl\WISO Mein Geld 2014\On4u3\bdrmf.dll
2013-09-16 13:36 - 2014-01-16 16:40 - 00368456 _____ () C:\Program Files (x86)\Buhl\WISO Mein Geld 2014\LetsTrade\LetsTradeAdapter.dll
2013-09-16 13:36 - 2014-01-16 16:40 - 00021320 _____ () C:\Program Files (x86)\Buhl\WISO Mein Geld 2014\LetsTrade\LetsTradeDB.dll
2013-09-16 13:36 - 2014-01-16 16:40 - 00046408 _____ () C:\Program Files (x86)\Buhl\WISO Mein Geld 2014\LetsTrade\EPaymentAdapter.dll
2013-09-16 13:36 - 2014-01-16 16:40 - 00356168 _____ () C:\Program Files (x86)\Buhl\WISO Mein Geld 2014\LetsTrade\ExternalAPIAdapter.dll
2013-09-16 13:36 - 2014-01-16 16:40 - 00275272 _____ () C:\Program Files (x86)\Buhl\WISO Mein Geld 2014\LetsTrade\ServerAdapter.XmlSerializers.dll
2013-09-16 13:36 - 2014-01-16 13:47 - 01379632 _____ () C:\Program Files (x86)\Buhl\WISO Mein Geld 2014\LetsTrade\DDBAC.Net.FinTS.dll
2012-01-05 17:25 - 2012-01-05 17:25 - 00071304 _____ () C:\Program Files (x86)\Buhl\WISO Mein Geld 2014\Buhl.BuhlRegelEngine.dll
2013-11-18 03:23 - 2013-12-12 12:35 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-01-17 11:43 - 2014-01-17 11:47 - 01027240 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
2013-12-13 14:02 - 2014-01-17 11:49 - 00321704 _____ () C:\Program Files\Microsoft Office 15\root\office15\msfad.dll
2009-02-27 16:40 - 2009-02-27 16:40 - 01712128 _____ () C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU
2012-01-03 21:54 - 2012-01-03 21:54 - 01060864 _____ () C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\PPKLite.DEU
2009-02-27 16:39 - 2009-02-27 16:39 - 00999424 _____ () C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm.DEU
2009-02-27 16:40 - 2009-02-27 16:40 - 00274432 _____ () C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\DigSig.DEU
2009-10-03 01:48 - 2009-10-03 01:48 - 00106496 _____ () C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\EScript.DEU
2009-02-27 16:39 - 2009-02-27 16:39 - 00081920 _____ () C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Accessibility.DEU
2009-10-03 01:45 - 2009-10-03 01:45 - 00012288 _____ () C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Updater.DEU
2013-03-27 21:36 - 2013-03-27 21:36 - 00021312 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\rpmar_000\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Could not start eventlog service, could not read events.
Der angeforderte Dienst wurde bereits gestartet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.
==================== Memory info ===========================
Percentage of memory in use: 29%
Total physical RAM: 16347.32 MB
Available physical RAM: 11509.75 MB
Total Pagefile: 32731.32 MB
Available Pagefile: 25252.2 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:237.96 GB) (Free:64.7 GB) NTFS
Drive d: () (Fixed) (Total:372.61 GB) (Free:124.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Volume) (Fixed) (Total:1863.01 GB) (Free:396.26 GB) NTFS
Drive f: (Volume) (Fixed) (Total:2794.39 GB) (Free:809.4 GB) NTFS
Drive z: () (Network) (Total:929.51 GB) (Free:420.95 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 373 GB) (Disk ID: D3CA27CC)
Partition 1: (Active) - (Size=373 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 238 GB) (Disk ID: 8C18BFF1)
Partition: GPT Partition Type
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 5D334ECE)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 3.
==================== End Of Log ============================
|
|
| Themen zu Internetverbindung über Port 8877 unter WIN 8.1 |
| 127.0.0.1, automatisch, einstellungen, erkennen, eset, firefox, folge, folgendes, funktionieren, haken, inhalt, interne, internetverbindung, meldung, minute, neustart, outlook, port, problem, proxy-server, rechner, sport, stelle, verbindung, wetter, win |
Gruß Aneri 
Linear-Darstellung
