| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Internetverbindung über Port 8877 unter WIN 8.1Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.02.2014, 14:19
| #61 |
 |  Internetverbindung über Port 8877 unter WIN 8.1 Danke!!! Nun haben wir den Übeltäter: GoogleUpdate.exe!!! Hier der Screenshot |
|
10.02.2014, 14:23
| #62 |
| | Internetverbindung über Port 8877 unter WIN 8.1 Danke!!! Wir haben den Übeltäter! Es ist tata! GoogleUpdate.exe. Hier der Screenshot. Wie werde ich die .exe los? |
|
10.02.2014, 14:24
| #63 |
| /// Malwareteam   | Internetverbindung über Port 8877 unter WIN 8.1 erstelle ein neues FRST Logfile und poste es hier, bitte inkl additions.txt
__________________
__________________ |
|
10.02.2014, 14:35
| #64 |
| | Internetverbindung über Port 8877 unter WIN 8.1 ok. Ich habe eben die Google Toolbar entfernt. Das war das einzige mit Goolge, was ich bei Programmen gefunden habe. Der Prozessmonitor hat nichts mehr gefunden. Das scheint der Übeltäter gewesen zu sein. Wurde am 16.12.2013 installiert. Das fällt auch mit der letzten Aktualisierung der Kachelnews zusammen. hier die Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-02-2014 03
Ran by rpmarr at 2014-02-10 14:32:39
Running from C:\Users\rpmar_000\Documents\Malware\Neu
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
8GadgetPack (x32 Version: 8.0.1 - Helmut Buhler)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 - Deutsch (x32 Version: 9.5.5 - Adobe Systems Incorporated)
AirPort (x32 Version: 5.6.1.2 - Apple Inc.)
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
ANNO 1404 - Venedig (x32 Version: 2.01.5010 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
ANNO 1404 (x32 Version: 1.03.0000 - Ubisoft)
ANNO 2070 (x32 Version: 1.0.0.0 - Ubisoft)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Ashampoo WinOptimizer 10 v.10.3.0 (x32 Version: 10.03.00 - Ashampoo GmbH & Co. KG)
Avery Wizard 4.0 (x32 Version: 4.0.201 - Avery)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (x32 Version: - )
Canon IJ Network Scan Utility (x32 Version: - )
Canon IJ Network Tool (x32 Version: 3.1.1 - Canon Inc.)
Canon Kurzwahlprogramm (x32 Version: - )
Canon LBP3250 (Version: - )
Canon MP Navigator EX 3.1 (x32 Version: - )
Canon MP630 series Benutzerregistrierung (x32 Version: - )
Canon MP630 series MP Drivers (Version: - )
Canon MX870 series Benutzerregistrierung (x32 Version: - )
Canon MX870 series MP Drivers (Version: - Canon Inc.)
Canon Utilities My Printer (x32 Version: - )
Canon Utilities Solution Menu (x32 Version: - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 1.00.0000 - )
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CD-LabelPrint (x32 Version: - )
Cyberduck 14140 (4.4.3) (x32 Version: 14140 (4.4.3) - )
CyberLink PowerDVD 10 (x32 Version: 10.0.5223.54 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.5223.54 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Das große Franzis Paket Office - Office Vorlagen Teil 1 (x32 Version: - )
Das große Franzis Paket Office - Office Vorlagen Teil 2 (x32 Version: - )
Das große Franzis Paket Office - Office Vorlagen Teil 3 (x32 Version: - )
Die Siedler 7 (x32 Version: 1.12.1396 - Ubisoft)
Dr. Hardware 2013 13.6d (x32 Version: - Peter A. Gebhard)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fiddler (x32 Version: 4.4.5.9 - Telerik)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
HWiNFO64 Version 4.24 (Version: 4.24 - Martin Malík - REALiX)
iCloud (Version: 3.1.0.40 - Apple Inc.)
ImgBurn (x32 Version: 2.5.8.0 - LIGHTNING UK!)
Inkjet Printer/Scanner Extended Survey Program (x32 Version: - )
IrfanView (remove only) (x32 Version: 4.35 - Irfan Skiljan)
iTunes (Version: 11.1.3.8 - Apple Inc.)
LetsTrade Komponenten (x32 Version: - )
Logitech SetPoint 6.61 (Version: 6.61.15 - Logitech)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2013 - de-de (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0 (x86 de) (x32 Version: 27.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 27.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
Nero 12 (x32 Version: 12.0.02000 - Nero AG)
Nero 12 Content Pack (x32 Version: 12.0.00400 - Nero AG)
Nero 2014 (x32 Version: 15.0.02200 - Nero AG)
Nero Abstract Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero BackItUp (x32 Version: 12.5.11000 - Nero AG) Hidden
Nero BackItUp Help (CHM) (x32 Version: 12.0.13000 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20064 - Nero AG) Hidden
Nero Blu-ray Player Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero Burning Core (x32 Version: 15.0.25001 - Nero AG) Hidden
Nero Burning ROM (x32 Version: 12.5.6000 - Nero AG) Hidden
Nero Burning ROM (x32 Version: 15.0.25001 - Nero AG) Hidden
Nero Burning ROM Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Burning ROM Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden
Nero Cliparts (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.16700 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.23400 - Nero AG) Hidden
Nero CoverDesigner (x32 Version: 12.0.00900 - Nero AG)
Nero CoverDesigner (x32 Version: 12.0.11000 - Nero AG) Hidden
Nero CoverDesigner Help (CHM) (x32 Version: 12.0.2000 - Nero AG) Hidden
Nero Disc Menus 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus 2 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus 3 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc to Device (x32 Version: 15.0.12010 - Nero AG) Hidden
Nero Effects Basic (x32 Version: 15.0.10011 - Nero AG) Hidden
Nero Express (x32 Version: 12.5.7000 - Nero AG) Hidden
Nero Express (x32 Version: 15.0.25001 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 12.0.13000 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden
Nero Family and Events Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Football (Soccer) Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Holiday and Sports Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Image Samples (x32 Version: 15.0.10008 - Nero AG) Hidden
Nero Info (x32 Version: 15.1.0030 - Nero AG) Hidden
Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.2.7000 - Nero AG) Hidden
Nero Launcher (x32 Version: 15.0.12000 - Nero AG) Hidden
Nero MediaHome (x32 Version: 1.22.3600 - Nero AG) Hidden
Nero MediaHome Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden
Nero PiP Effects 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero PiP Effects Basic (x32 Version: 15.0.10008 - Nero AG) Hidden
Nero Platinum Effects 12 (x32 Version: 15.0.10011 - Nero AG) Hidden
Nero Prerequisite Installer 2.0 (x32 Version: 12.0.01000 - Nero AG)
Nero Recode (x32 Version: 12.5.6000 - Nero AG) Hidden
Nero Recode (x32 Version: 15.0.14000 - Nero AG) Hidden
Nero Recode Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero Recode Help (CHM) (x32 Version: 15.0.00018 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.11000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 15.0.2000 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero Retro Film Themes (x32 Version: 12.0.11700 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.15005 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.13300.42.0 - Nero AG) Hidden
Nero Video (x32 Version: 12.5.4000 - Nero AG) Hidden
Nero Video (x32 Version: 15.0.13000 - Nero AG) Hidden
Nero Video Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero Video Help (CHM) (x32 Version: 15.0.00018 - Nero AG) Hidden
Nero Video Samples (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Video Transitions 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NetDrive (x32 Version: 1.3.2.0 - Bdrive Inc.)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (x32 Version: 2.1.0.3 - NETGEAR)
Norton Internet Security (x32 Version: 21.1.0.18 - Symantec Corporation)
Nur Entfernen der CopyTrans Suite möglich (HKCU Version: 2.37 - WindSolutions)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Olympia Chronik 2014 (x32 Version: 1.00.0000 - USM)
Olympia Chronik 2014 (x32 Version: 1.00.0000 - USM) Hidden
PDF24 Creator 6.2.0 (x32 Version: - PDF24.org)
PDF-XChange Editor (Version: 3.0.307.1 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Editor (x32 Version: 3.0.307.1 - Tracker Software Products (Canada) Ltd.)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Sid Meier's Civilization V (x32 Version: - 2K Games, Inc.)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
StreamTransport version: 1.0.2.2171 (x32 Version: - )
SW Update (x32 Version: 2.1.3 - Samsung Electronics CO., LTD.)
sysTPL (x32 Version: 1.0.0 - Tlapia)
TechPowerUp GPU-Z (x32 Version: - TechPowerUp)
Top Set 2.00 (x32 Version: 2.00 - Aldarin)
True Image 2013 (x32 Version: 16.0.6514 - Acronis) Hidden
True Image 2013 Plus Pack (x32 Version: 16.0.6514 - Acronis)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3020.2 - TuneUp Software) Hidden
Ubisoft Game Launcher (x32 Version: 1.0.0.0 - UBISOFT)
Updater (x32 Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION
VLC media player 2.1.3 (Version: 2.1.3 - VideoLAN)
Welcome App (Start-up experience) (x32 Version: 12.0.15000 - Nero AG) Hidden
WhoCrashed 5.00 (Version: - Resplendence Software Projects Sp.)
Win8 x64Components v1.2.9 (Version: 1.2.9 - Shark007)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0 - win.rar GmbH)
WISO Mein Geld 2014 Professional (x32 Version: - Buhl Data Service GmbH)
WISO Mein Geld 2014 Professional (x32 Version: 16.0.1.0 - Buhl Data Service GmbH) Hidden
==================== Restore Points =========================
23-01-2014 12:57:04 PDF-XChange Editor
25-01-2014 15:48:46 Installiert Olympia Chronik 2014
01-02-2014 09:17:07 Removed Java 7 Update 25 (64-bit)
07-02-2014 08:50:36 Windows Update
==================== Hosts content: ==========================
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {09A3D889-2319-4A9C-B55F-18525B43DC56} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0CCC1B48-4AE5-48A7-A32D-F7A446F26E7B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {18ACF2B1-539D-4146-8DE0-47ACCB0BCF0D} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {277510B7-E9FD-41C5-A117-EA696DFC67F4} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {32715FC6-3161-482F-93B1-000D4D6277FD} - \RegClean Pro No Task File
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3EA2590F-6D23-4803-9EBD-2E69847AACE1} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {49032738-2A03-4DD7-B9DF-2E003EF89811} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {59764A79-6D71-4416-A55F-8AB04A36C97E} - \Advanced System Protector_startup No Task File
Task: {62831809-5F2D-4212-BF8D-ABC143E053AF} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6D8CDB08-6274-451A-A16A-595FF4E7447E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7AB829DF-0465-4987-9A49-C61CFE71EF2E} - \BackgroundContainer Startup Task No Task File
Task: {7BCFE1F4-B102-4A28-BA38-26C859BB0CF2} - System32\Tasks\RunAsStdUser Task => C:\Program Files\NetDrive\netdrive.exe [2013-02-27] (Bdrive Inc.)
Task: {7C740B59-0293-40FF-BFDB-BCE84FF65E9A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14] (Google Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {936F0DDB-0682-4158-ABD4-001D930163BC} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A02DBB75-27DC-466A-8DE9-8B2CA48DCFF7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {A8A71CFB-555A-4BD1-A1CA-CD0978DB8113} - \Advanced System Protector No Task File
Task: {B1946E83-F46E-48CE-981B-1CCC5CC59F17} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Markis_Desktop-rpmarr Markis_Desktop => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-01-17] (Microsoft Corporation)
Task: {B35AFDBD-B259-4D9E-A568-0DE8C2F3B0A9} - \RegClean Pro_UPDATES No Task File
Task: {B4B0CA36-DA5C-42AE-B83D-1BF5ABD4AE43} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {B7D0CDC4-778C-4E4A-BDFF-773F11FCF472} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-11-01] (Samsung Electronics CO., LTD.)
Task: {CB2290CB-8E2D-462D-89A6-D24ADF205C59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14] (Google Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {D914B3CE-795A-400B-B00B-3CDE59B01DCF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DB548322-49B3-47DD-8CC9-38D0B40C6217} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F3B55CF3-3494-4A96-A82E-7B14A9EE6AB4} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG)
Task: {FAA7F0E4-C986-4CD1-9A4E-4EBEC52C7BC1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-01-23] (Microsoft Corporation)
Task: {FEEAF85E-2059-43C0-B045-AE52158C82CA} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-03-27 21:39 - 2013-03-27 21:39 - 00021824 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\x64\ti_managers_proxy_stub.dll
2013-11-20 09:45 - 2013-11-20 09:45 - 00183808 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-02-18 14:42 - 2012-09-18 18:46 - 08384800 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
2014-01-30 23:09 - 2014-01-30 23:09 - 00122387 _____ () C:\Program Files\VideoLAN\VLC\libvlc.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 02514963 _____ () C:\Program Files\VideoLAN\VLC\libvlccore.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00321043 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00031251 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00034323 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00070675 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 02335763 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00107027 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00260115 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00080915 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00050707 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00063507 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00606227 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00946707 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00124947 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00043539 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00017427 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00139795 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 02187283 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00316435 _____ () C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 01461779 _____ () C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00055827 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00187923 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00043027 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00092179 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00071187 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00081939 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00029203 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 12172819 _____ () C:\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00082451 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00018963 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libtta_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00024595 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00024595 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 01185299 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libsid_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00126483 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00152595 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libogg_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 01660947 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00017939 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libdirac_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00833555 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\liblive555_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00023059 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libsmf_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00021011 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libpva_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00017939 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libxa_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00018963 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00021011 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libvoc_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00017939 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libau_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00544275 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libgme_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00040467 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00124435 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_http_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00331283 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00019475 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00190995 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00808467 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00019475 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00025619 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00024083 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00035859 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00024595 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00070675 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00339987 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00021523 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 01500179 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00023059 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00413203 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00017427 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00023059 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 01506323 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-14 12:37 - 2008-01-22 09:35 - 00103808 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-02-18 14:42 - 2012-09-18 18:46 - 00305200 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
2013-02-18 14:42 - 2012-09-21 15:25 - 00380928 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll
2013-03-27 21:09 - 2013-03-27 21:09 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-02-18 14:42 - 2012-09-18 09:34 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\rpmar_000\AppData\Roaming\Dropbox\bin\libcef.dll
2013-11-18 10:32 - 2013-11-18 11:17 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2013-12-13 14:02 - 2014-01-17 11:48 - 00359592 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\c2r32.dll
2013-11-18 10:31 - 2013-11-18 10:31 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-12-13 13:18 - 2014-01-17 11:42 - 00359592 _____ () C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
2014-01-17 11:43 - 2014-01-17 11:47 - 01027240 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
2008-05-06 09:35 - 2008-05-06 09:35 - 00028456 _____ () C:\Program Files (x86)\Buhl\WISO Mein Geld 2014\On4u3\bdrmf.dll
2013-09-16 13:36 - 2014-02-03 17:34 - 00369992 _____ () C:\Program Files (x86)\Buhl\WISO Mein Geld 2014\LetsTrade\LetsTradeAdapter.dll
2013-09-16 13:36 - 2014-02-03 17:34 - 00021320 _____ () C:\Program Files (x86)\Buhl\WISO Mein Geld 2014\LetsTrade\LetsTradeDB.dll
2013-09-16 13:36 - 2014-02-03 17:34 - 00046408 _____ () C:\Program Files (x86)\Buhl\WISO Mein Geld 2014\LetsTrade\EPaymentAdapter.dll
2013-09-16 13:36 - 2014-02-03 17:34 - 00356168 _____ () C:\Program Files (x86)\Buhl\WISO Mein Geld 2014\LetsTrade\ExternalAPIAdapter.dll
2013-09-16 13:36 - 2014-02-03 17:34 - 00275272 _____ () C:\Program Files (x86)\Buhl\WISO Mein Geld 2014\LetsTrade\ServerAdapter.XmlSerializers.dll
2014-02-04 17:52 - 2014-02-04 17:52 - 03583600 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-11-18 10:31 - 2013-11-18 10:31 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2013-12-13 13:18 - 2014-01-17 11:42 - 00359592 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\c2r32.dll
2013-03-27 21:36 - 2013-03-27 21:36 - 00021312 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\rpmar_000\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/10/2014 02:31:36 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FRST64.exe, Version: 3.3.10.2, Zeitstempel: 0x52f7faf9
Name des fehlerhaften Moduls: FRST64.exe, Version: 3.3.10.2, Zeitstempel: 0x52f7faf9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000258a0
ID des fehlerhaften Prozesses: 0x1a58
Startzeit der fehlerhaften Anwendung: 0xFRST64.exe0
Pfad der fehlerhaften Anwendung: FRST64.exe1
Pfad des fehlerhaften Moduls: FRST64.exe2
Berichtskennung: FRST64.exe3
Vollständiger Name des fehlerhaften Pakets: FRST64.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FRST64.exe5
Error: (02/10/2014 02:01:21 PM) (Source: Bonjour Service) (User: )
Description: 636: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)
Error: (02/10/2014 02:01:21 PM) (Source: Bonjour Service) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (02/10/2014 09:22:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2344
Error: (02/10/2014 09:22:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2344
Error: (02/10/2014 09:22:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/10/2014 09:22:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1156
Error: (02/10/2014 09:22:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1156
Error: (02/10/2014 09:22:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/08/2014 11:02:54 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2282
System errors:
=============
Error: (02/10/2014 02:29:01 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.
Error: (02/10/2014 02:04:22 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/10/2014 09:28:52 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.
Error: (02/10/2014 09:28:44 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.
Error: (02/10/2014 09:28:41 AM) (Source: disk) (User: )
Description: Fehler beim E/A-Vorgang an der logischen Blockadresse "6bc" für den Datenträger "3" (PDO-Name: \Device\0000003d) aufgrund eines Hardwarefehlers.
Error: (02/10/2014 09:24:28 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SXUPTP Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (02/10/2014 09:23:44 AM) (Source: DCOM) (User: MARKIS_DESKTOP)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (02/10/2014 09:23:44 AM) (Source: DCOM) (User: MARKIS_DESKTOP)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (02/10/2014 09:23:44 AM) (Source: DCOM) (User: MARKIS_DESKTOP)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (02/10/2014 09:23:44 AM) (Source: DCOM) (User: MARKIS_DESKTOP)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Microsoft Office Sessions:
=========================
Error: (02/10/2014 02:31:36 PM) (Source: Application Error)(User: )
Description: FRST64.exe3.3.10.252f7faf9FRST64.exe3.3.10.252f7faf9c000000500000000000258a01a5801cf26645510a6ffC:\Users\rpmar_000\Documents\Malware\Neu\FRST64.exeC:\Users\rpmar_000\Documents\Malware\Neu\FRST64.exea98c753a-9257-11e3-bf1f-00158315a310
Error: (02/10/2014 02:01:21 PM) (Source: Bonjour Service)(User: )
Description: 636: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)
Error: (02/10/2014 02:01:21 PM) (Source: Bonjour Service)(User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (02/10/2014 09:22:19 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2344
Error: (02/10/2014 09:22:19 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2344
Error: (02/10/2014 09:22:19 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/10/2014 09:22:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1156
Error: (02/10/2014 09:22:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1156
Error: (02/10/2014 09:22:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/08/2014 11:02:54 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2282
==================== Memory info ===========================
Percentage of memory in use: 21%
Total physical RAM: 16347.32 MB
Available physical RAM: 12839.22 MB
Total Pagefile: 32731.32 MB
Available Pagefile: 28550.66 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:237.96 GB) (Free:49.94 GB) NTFS
Drive d: () (Fixed) (Total:372.61 GB) (Free:140.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Volume) (Fixed) (Total:1863.01 GB) (Free:396.29 GB) NTFS
Drive f: (Volume) (Fixed) (Total:2794.39 GB) (Free:801.81 GB) NTFS
Drive z: () (Network) (Total:929.51 GB) (Free:420.95 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 373 GB) (Disk ID: D3CA27CC)
Partition 1: (Active) - (Size=373 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 238 GB) (Disk ID: 8C18BFF1)
Partition: GPT Partition Type
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 5D334ECE)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 3.
==================== End Of Log ============================
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-02-2014 03
Ran by rpmarr (administrator) on MARKIS_DESKTOP on 10-02-2014 14:32:13
Running from C:\Users\rpmar_000\Documents\Malware\Neu
Windows 8.1 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\WINDOWS\system32\atiesrxx.exe
(AMD) C:\WINDOWS\system32\atieclxx.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Bdrive Inc.) C:\Program Files\NetDrive\ndsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Tlapia) C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
(CANON INC.) C:\WINDOWS\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE
(CANON INC.) C:\WINDOWS\system32\spool\DRIVERS\x64\3\CNABASWK.EXE
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Dropbox, Inc.) C:\Users\rpmar_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Buhl Data Service GmbH) C:\Program Files (x86)\Buhl\WISO Mein Geld 2014\MG.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
(Tlapia) C:\Program Files (x86)\sysTPL\sysTPLService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sysinternals - www.sysinternals.com) C:\Users\rpmar_000\Documents\Malware\ProcessMonitor\Procmon.exe
(Sysinternals - www.sysinternals.com) C:\Users\rpmar_000\AppData\Local\Temp\Procmon64.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [CNAP2 Launcher] - C:\WINDOWS\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [406944 2008-04-08] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [517912 2013-02-15] (Acronis)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91096 2013-04-22] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-12-20] (cyberlink)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM-x32\...\Run: [AirPort Base Station Agent] - C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [NetDrive] - C:\Program Files\NetDrive\NetDrive.exe [3587072 2013-02-27] (Bdrive Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6405376 2013-03-27] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] - C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105848 2013-01-10] (Acronis)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1379490362-2251337210-4251339374-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1379490362-2251337210-4251339374-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1815976 2014-01-27] (Valve Corporation)
HKU\S-1-5-21-1379490362-2251337210-4251339374-1001\...\Run: [AppleIEDAV] - C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-1379490362-2251337210-4251339374-1001\...\Run: [DriveOnWeb Client] - "C:\Program Files\DriveOnWeb Client\DriveOnWeb.exe" /min /sleep=40
Startup: C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\rpmar_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk
ShortcutTarget: Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2572B62A851FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
FireFox:
========
FF ProfilePath: C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\g9xma40h.default-1391525960886
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\g9xma40h.default-1391525960886\searchplugins\safesearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-10-17]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-01-28]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2014-02-06]
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-07]
CHR Extension: (Google Drive) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-07]
CHR Extension: (YouTube) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-07]
CHR Extension: (Google-Suche) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-07]
CHR Extension: (Norton Identity Protection) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-07]
CHR Extension: (Google Wallet) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07]
CHR Extension: (Google Mail) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-07]
CHR HKCU\...\Chrome\Extension: [cfigonhgidedenkkhlilmefgodjpefna] - C:\Users\rpmar_000\AppData\Local\CRE\cfigonhgidedenkkhlilmefgodjpefna.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [cfigonhgidedenkkhlilmefgodjpefna] - C:\Users\rpmar_000\AppData\Local\CRE\cfigonhgidedenkkhlilmefgodjpefna.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-29]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 ndsvc; C:\Program Files\NetDrive\ndsvc.exe [2789376 2013-02-27] (Bdrive Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 sysTPLMonitor.exe; C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe [395888 2013-11-28] (Tlapia)
R2 sysTPLService.exe; C:\Program Files (x86)\sysTPL\sysTPLService.exe [394352 2013-11-28] (Tlapia)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [305200 2012-09-18] ()
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-11-15] ()
R1 avfwot; C:\Windows\system32\DRIVERS\avfwot.sys [126792 2011-01-10] (Avira GmbH)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2014-01-21] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R2 DRHARD64; C:\WINDOWS\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHARD64; C:\WINDOWS\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHMSR64; C:\WINDOWS\system32\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R2 DRHMSR64; C:\WINDOWS\SysWOW64\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-28] (Symantec Corporation)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [31136 2013-10-18] (REALiX(tm))
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140207.001\IDSvia64.sys [521944 2014-01-27] (Symantec Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-11-15] ()
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140209.019\ENG64.SYS [126040 2014-01-31] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140209.019\EX64.SYS [2099288 2014-01-31] (Symantec Corporation)
S3 ndfs; C:\Program Files\NetDrive\ndfs.sys [63712 2013-02-09] (Bdrive Inc.)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 NPF; C:\Windows\system32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [47320 2013-07-29] (Realtek Microelectronics)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [29472 2012-09-05] (SerComm Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1501000.012\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-28] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-08-29] (Acronis International GmbH)
S0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2013-08-29] (Acronis)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [130320 2013-04-25] (CyberLink Corp.)
U3 DfSdkS;
S3 DRHARD; \??\C:\WINDOWS\system32\DRIVERS\DRHARD.SYS [X]
S2 sxuptp; \SystemRoot\System32\drivers\sxuptp.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-10 14:03 - 2014-02-10 14:03 - 01110478 _____ () C:\Users\rpmar_000\Downloads\ProcessMonitor.zip
2014-02-10 14:03 - 2013-05-31 15:54 - 02489024 _____ (Sysinternals - www.sysinternals.com) C:\Users\rpmar_000\Documents\Procmon.exe
2014-02-10 14:03 - 2011-11-28 11:46 - 00063582 _____ () C:\Users\rpmar_000\Documents\procmon.chm
2014-02-10 14:03 - 2006-07-28 09:32 - 00007005 _____ () C:\Users\rpmar_000\Documents\Eula.txt
2014-02-07 09:44 - 2014-02-07 09:44 - 00448512 _____ (OldTimer Tools) C:\Users\rpmar_000\Downloads\TFC.exe
2014-02-07 09:27 - 2014-02-07 09:27 - 00004570 _____ () C:\Users\rpmar_000\Downloads\Antrag (17).xml
2014-02-06 10:43 - 2014-02-06 11:10 - 00000000 ____D () C:\Users\rpmar_000\Documents\Fiddler2
2014-02-06 10:42 - 2014-02-06 10:42 - 00805608 _____ (Telerik) C:\Users\rpmar_000\Downloads\fiddler4setup (1).exe
2014-02-06 10:41 - 2014-02-06 10:42 - 00000000 ____D () C:\Program Files (x86)\Fiddler2
2014-02-06 10:41 - 2014-02-06 10:41 - 00805608 _____ (Telerik) C:\Users\rpmar_000\Downloads\fiddler4setup.exe
2014-02-05 16:21 - 2014-02-05 16:38 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-02-05 16:21 - 2014-02-05 16:21 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\ParetoLogic
2014-02-05 16:21 - 2014-02-05 16:21 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\DriverCure
2014-02-05 16:20 - 2014-02-05 16:20 - 05249448 _____ (ParetoLogic Inc.) C:\Users\rpmar_000\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-02-04 17:52 - 2014-02-04 17:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-04 15:46 - 2014-02-04 15:46 - 00119443 _____ () C:\Users\rpmar_000\Desktop\TDSSKiller_Report.txt
2014-02-04 15:32 - 2013-11-18 06:28 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\rpmar_000\Desktop\TDSSKiller.exe
2014-02-04 15:30 - 2014-02-04 15:31 - 04101441 _____ () C:\Users\rpmar_000\Downloads\tdsskiller.zip
2014-02-04 15:24 - 2014-02-04 15:24 - 00000000 _____ () C:\Users\rpmar_000\Desktop\gmer.txt
2014-02-04 15:07 - 2014-02-04 15:07 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\rpmar_000\Downloads\tdsskiller.exe
2014-02-04 15:02 - 2014-02-04 15:02 - 00380416 _____ () C:\Users\rpmar_000\Downloads\xceq2g82.exe
2014-02-04 15:02 - 2014-02-04 15:02 - 00380416 _____ () C:\Users\rpmar_000\Downloads\Gmer-19357.exe
2014-02-04 08:38 - 2014-02-05 14:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-04 08:38 - 2014-02-04 08:38 - 00001163 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-04 08:37 - 2014-02-04 08:37 - 00283096 _____ (Mozilla) C:\Users\rpmar_000\Downloads\Firefox Setup Stub 26.0.exe
2014-02-03 16:23 - 2014-02-03 16:23 - 00003235 _____ () C:\Users\rpmar_000\Downloads\Antrag(2).xml
2014-02-03 11:06 - 2014-02-03 11:06 - 02347384 _____ (ESET) C:\Users\rpmar_000\Downloads\esetsmartinstaller_enu.exe
2014-02-03 10:33 - 2014-02-10 09:23 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\vlc
2014-02-03 10:29 - 2014-02-07 09:52 - 00000887 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-02-03 10:25 - 2014-02-03 10:26 - 23884615 _____ () C:\Users\rpmar_000\Downloads\vlc-2.1.2-win64.exe
2014-02-01 12:48 - 2014-02-01 12:48 - 00000637 _____ () C:\Users\rpmar_000\Desktop\JRT.txt
2014-02-01 10:16 - 2014-02-01 10:16 - 00000085 _____ () C:\WINDOWS\wininit.ini
2014-01-31 16:19 - 2014-02-01 12:43 - 00001814 _____ () C:\sc-cleaner.txt
2014-01-31 16:18 - 2014-01-31 16:18 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\rpmar_000\Downloads\sc-cleaner.exe
2014-01-31 16:18 - 2014-01-31 16:18 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\rpmar_000\Desktop\sc-cleaner.exe
2014-01-31 14:35 - 2014-01-31 14:35 - 00000000 ____D () C:\Users\rpmar_000\Documents\ProcAlyzer Dumps
2014-01-31 14:31 - 2014-02-01 10:46 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-31 14:31 - 2014-02-01 10:16 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-01-31 14:31 - 2014-01-31 14:31 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-01-31 13:52 - 2014-01-31 13:53 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\rpmar_000\Downloads\spybot-2.2.25.exe
2014-01-31 13:33 - 2014-01-31 13:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-31 13:33 - 2014-01-31 13:33 - 00119000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-01-31 13:26 - 2014-01-31 13:45 - 00000000 ____D () C:\Users\rpmar_000\Desktop\mbar
2014-01-31 13:24 - 2014-01-31 13:33 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-31 13:23 - 2014-01-31 13:24 - 00000000 ____D () C:\Malewarebytes
2014-01-31 13:21 - 2014-01-31 13:21 - 12589848 _____ (Malwarebytes Corp.) C:\Users\rpmar_000\Downloads\mbar-1.07.0.1009.exe
2014-01-30 16:49 - 2014-01-30 14:05 - 02079744 _____ (Farbar) C:\Users\rpmar_000\Desktop\FRST64.exe
2014-01-30 16:08 - 2014-01-30 16:08 - 01804472 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2014-01-30 16:00 - 2014-01-30 16:00 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-01-30 16:00 - 2014-01-30 15:59 - 01037068 _____ (Thisisu) C:\Users\rpmar_000\Desktop\JRT.exe
2014-01-30 15:59 - 2014-01-30 15:59 - 01037068 _____ (Thisisu) C:\Users\rpmar_000\Downloads\JRT.exe
2014-01-30 15:50 - 2014-01-30 13:13 - 01166132 _____ () C:\Users\rpmar_000\Desktop\adwcleaner.exe
2014-01-30 15:42 - 2014-02-05 17:57 - 00011750 _____ () C:\Users\rpmar_000\Documents\Einnahme_Ausgabe.xlsx
2014-01-30 14:17 - 2014-02-10 14:04 - 00000000 ____D () C:\Users\rpmar_000\Documents\Malware
2014-01-30 14:08 - 2014-01-30 16:53 - 00071262 _____ () C:\Users\rpmar_000\Desktop\FRST.txt
2014-01-30 14:06 - 2014-01-31 16:15 - 00073823 _____ () C:\Users\rpmar_000\Downloads\FRST.txt
2014-01-30 14:06 - 2014-01-31 16:15 - 00031870 _____ () C:\Users\rpmar_000\Downloads\Addition.txt
2014-01-30 14:06 - 2014-01-30 14:06 - 00000119 _____ () C:\Users\rpmar_000\Desktop\Addition.txt
2014-01-30 14:05 - 2014-02-10 14:31 - 00000000 ____D () C:\FRST
2014-01-30 14:05 - 2014-01-30 14:05 - 02079744 _____ (Farbar) C:\Users\rpmar_000\Downloads\FRST64.exe
2014-01-30 13:13 - 2014-01-30 13:13 - 01166132 _____ () C:\Users\rpmar_000\Downloads\adwcleaner.exe
2014-01-30 08:59 - 2014-01-30 08:59 - 00281136 _____ () C:\WINDOWS\Minidump\013014-7265-01.dmp
2014-01-29 20:53 - 2014-01-29 20:53 - 00009538 _____ () C:\Users\rpmar_000\Documents\Malware.txt
2014-01-29 16:49 - 2014-01-29 16:49 - 00000000 ____D () C:\ProgramData\Websteroids
2014-01-29 16:45 - 2014-01-29 16:45 - 00675048 _____ () C:\Users\rpmar_000\Downloads\AdwCleaner_Setup_Download.exe
2014-01-29 16:44 - 2014-01-29 16:44 - 01166132 _____ () C:\Users\rpmar_000\Downloads\adwcleaner-3.018.exe
2014-01-29 16:39 - 2014-01-30 14:02 - 00000000 ____D () C:\ProgramData\Updater
2014-01-29 16:39 - 2014-01-30 14:02 - 00000000 ____D () C:\ProgramData\RHelpers
2014-01-29 16:10 - 2014-01-29 16:10 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Malwarebytes
2014-01-29 16:09 - 2014-02-01 10:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-29 16:09 - 2014-01-29 16:09 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 16:09 - 2014-01-29 16:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-29 16:09 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-01-29 15:09 - 2014-01-29 15:09 - 00004096 _____ () C:\Users\rpmar_000\Desktop\ipdetails.txt
2014-01-29 15:02 - 2014-01-29 15:02 - 00003475 _____ () C:\Users\rpmar_000\Desktop\ipdetails1.txt
2014-01-28 18:20 - 2014-01-28 18:20 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-01-28 18:19 - 2014-01-28 18:19 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-01-28 18:19 - 2014-01-28 18:19 - 00008222 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-01-28 18:19 - 2014-01-28 18:19 - 00002597 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-01-28 18:19 - 2014-01-28 18:19 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-01-28 18:10 - 2014-01-28 18:15 - 204480336 ____N (Symantec Corporation) C:\Users\rpmar_000\Downloads\NIS-ESD-21.1.0-GE.exe
2014-01-28 17:55 - 2014-01-28 18:47 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\LogMeIn Rescue Applet
2014-01-28 17:55 - 2014-01-28 17:55 - 00002285 _____ () C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Symantec.lnk
2014-01-28 15:20 - 2014-01-28 15:28 - 00101386 _____ () C:\Users\rpmar_000\Desktop\sfcdetails.txt
2014-01-28 15:08 - 2014-01-28 15:08 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\PackageStaging
2014-01-28 13:00 - 2014-01-28 14:16 - 00051811 _____ () C:\Users\rpmar_000\Documents\sfcdetails.txt
2014-01-28 08:55 - 2014-02-03 17:00 - 00216987 _____ () C:\Users\rpmar_000\Desktop\ProjStat_GCD_RPMarr.xlsx
2014-01-25 16:49 - 2014-01-25 16:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\AIM
2014-01-25 16:49 - 2003-12-04 15:58 - 00000696 _____ () C:\WINDOWS\SysWOW64\jetodbc.rsp
2014-01-25 16:49 - 2002-12-11 19:12 - 00760968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSDMOD.DLL
2014-01-25 16:49 - 2002-12-11 19:12 - 00316040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DMOD.DLL
2014-01-25 16:49 - 2002-12-11 19:10 - 00816264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDMOD.DLL
2014-01-25 16:49 - 2002-12-11 17:34 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DMOD.DLL
2014-01-25 16:49 - 2002-12-11 15:16 - 00384512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDMOD.DLL
2014-01-25 16:49 - 2002-08-29 03:43 - 00278559 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMV8DS32.AX
2014-01-25 16:49 - 2002-08-29 03:43 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDS32.AX
2014-01-25 16:49 - 2002-08-29 03:43 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSADDS32.AX
2014-01-25 16:49 - 2002-04-29 19:47 - 00121160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscal.ocx
2014-01-25 16:49 - 2000-06-13 00:00 - 01046288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJET35.DLL
2014-01-25 16:49 - 2000-06-13 00:00 - 00415504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSREPL35.DLL
2014-01-25 16:49 - 1999-03-05 22:15 - 00074000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrclr40.dll
2014-01-25 16:49 - 1999-03-05 22:15 - 00028944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrecr40.dll
2014-01-25 16:49 - 1998-04-24 00:00 - 00368912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBAR332.DLL
2014-01-25 16:49 - 1998-04-24 00:00 - 00148240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJINT35.DLL
2014-01-25 16:49 - 1997-07-01 10:45 - 00250128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSEXCL35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00330000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSEXCH35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00287504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSXBSE35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00252176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSRD2X35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00250128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPDOX35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00166160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSLTUS35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00165648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSTEXT35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00024848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJTER35.DLL
2014-01-25 16:48 - 2014-01-25 16:48 - 00002116 _____ () C:\Users\Public\Desktop\Olympia Chronik 2014.lnk
2014-01-25 16:46 - 2014-01-25 16:46 - 00000000 ____D () C:\Program Files (x86)\USM
2014-01-25 16:45 - 2014-01-03 11:55 - 24097311 _____ () C:\Users\rpmar_000\Downloads\vlc-2.1.2-win32.exe
2014-01-25 16:44 - 2014-02-03 13:41 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-01-25 16:44 - 2014-01-25 16:44 - 00002268 _____ () C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO10).lnk
2014-01-25 16:44 - 2014-01-25 16:44 - 00001246 _____ () C:\Users\Public\Desktop\Ashampoo WinOptimizer 10.lnk
2014-01-25 16:44 - 2014-01-25 16:44 - 00000214 _____ () C:\Users\Public\Desktop\Your Software Deals.url
2014-01-25 16:44 - 2014-01-25 16:44 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-01-25 16:44 - 2009-08-24 21:13 - 00034304 _____ (mst software GmbH, Germany) C:\WINDOWS\system32\DfSdkBt.exe
2014-01-25 16:37 - 2014-02-03 13:43 - 00000000 ____D () C:\Program Files (x86)\Dr. Hardware 2013
2014-01-25 16:37 - 2014-01-25 16:37 - 00000996 _____ () C:\Users\rpmar_000\Desktop\Dr. Hardware 2013.lnk
2014-01-25 16:37 - 2014-01-25 16:37 - 00000996 _____ () C:\Users\marki_lokal\Desktop\Dr. Hardware 2013.lnk
2014-01-25 16:37 - 2013-07-21 17:41 - 00013760 _____ () C:\WINDOWS\SysWOW64\Drivers\DRHMSR64.sys
2014-01-25 16:37 - 2013-07-21 17:41 - 00013760 _____ () C:\WINDOWS\system32\Drivers\DRHMSR64.sys
2014-01-25 16:37 - 2011-11-03 18:05 - 00021984 _____ (Licensed for Gebhard Software) C:\WINDOWS\SysWOW64\Drivers\DRHARD64.sys
2014-01-25 16:37 - 2011-11-03 18:05 - 00021984 _____ (Licensed for Gebhard Software) C:\WINDOWS\system32\Drivers\DRHARD64.sys
2014-01-25 15:30 - 2014-01-25 15:30 - 00023489 _____ () C:\Users\rpmar_000\Documents\Transsib.txt
2014-01-25 13:29 - 2014-01-25 13:41 - 00000000 ____D () C:\Users\rpmar_000\Desktop\Neuer Ordner
2014-01-25 12:09 - 2014-01-25 12:09 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1379490362-2251337210-4251339374-1005
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D () C:\Users\marki_lokal\AppData\Roaming\Logitech
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D () C:\Users\marki_lokal\AppData\Roaming\ATI
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D () C:\Users\marki_lokal\AppData\Local\ATI
2014-01-25 12:04 - 2014-01-25 12:05 - 00000000 ____D () C:\Users\marki_lokal\AppData\Local\Packages
2014-01-25 12:04 - 2014-01-25 12:04 - 00001454 _____ () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-25 12:04 - 2014-01-25 12:04 - 00000020 ___SH () C:\Users\marki_lokal\ntuser.ini
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Vorlagen
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Startmenü
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Netzwerkumgebung
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Lokale Einstellungen
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Eigene Dateien
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Druckumgebung
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Documents\Eigene Musik
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Documents\Eigene Bilder
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\AppData\Local\Verlauf
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\AppData\Local\Anwendungsdaten
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Anwendungsdaten
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ___RD () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ___RD () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ____D () C:\Users\marki_lokal\AppData\Roaming\Adobe
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ____D () C:\Users\marki_lokal\AppData\Local\VirtualStore
2014-01-25 12:03 - 2014-01-25 12:04 - 00000000 ____D () C:\Users\marki_lokal
2014-01-25 12:03 - 2013-10-17 14:07 - 00000000 ____D () C:\Users\marki_lokal\AppData\Local\Microsoft Help
2014-01-25 12:03 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-25 12:03 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-25 12:03 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-01-25 12:03 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-25 11:59 - 2014-01-25 11:59 - 00000000 ___HD () C:\$SysReset
2014-01-23 13:58 - 2014-01-23 13:58 - 00001058 _____ () C:\Users\Public\Desktop\PDF-XChange Editor.lnk
2014-01-23 13:58 - 2014-01-23 13:58 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Tracker Software
2014-01-23 13:58 - 2014-01-23 13:58 - 00000000 ____D () C:\Program Files\Tracker Software
2014-01-23 13:56 - 2014-01-23 13:56 - 00000000 ____D () C:\Users\rpmar_000\Documents\PDF-Viewer
2014-01-23 13:54 - 2014-01-23 13:56 - 53393688 _____ () C:\Users\rpmar_000\Downloads\PDFXVE3_3.0.307.1.zip
2014-01-23 11:39 - 2014-02-01 12:51 - 00000000 ____D () C:\AdwCleaner
2014-01-23 11:27 - 2014-01-23 11:27 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperia Online
2014-01-23 11:27 - 2012-07-25 12:03 - 00016896 _____ () C:\WINDOWS\system32\sasnative64.exe
2014-01-23 11:26 - 2014-01-25 11:27 - 00000138 _____ () C:\Users\rpmar_000\AppData\Roaming\WB.CFG
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\ATI
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\ATI
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D () C:\ProgramData\ATI
2014-01-23 10:51 - 2014-01-23 13:57 - 00000000 ____D () C:\ProgramData\Package Cache
2014-01-23 10:51 - 2014-01-23 10:51 - 00055441 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201401231051561539.log
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D () C:\Program Files (x86)\Advanced Micro Devices, Inc
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D () C:\AMD
2014-01-23 10:48 - 2013-12-09 01:34 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-01-23 10:48 - 2013-12-09 01:04 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-01-23 10:48 - 2013-11-27 16:34 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2014-01-23 10:48 - 2013-11-27 16:27 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-01-23 10:48 - 2013-11-27 15:00 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-01-23 10:48 - 2013-11-27 14:47 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2014-01-23 10:48 - 2013-11-27 13:02 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys
2014-01-23 10:48 - 2013-11-27 11:54 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-01-23 10:48 - 2013-11-27 11:24 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2014-01-23 10:48 - 2013-11-27 11:08 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-01-23 10:48 - 2013-11-27 10:46 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2014-01-23 10:48 - 2013-11-27 10:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2014-01-23 10:48 - 2013-11-27 10:17 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-01-23 10:48 - 2013-11-27 10:10 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2014-01-23 10:48 - 2013-11-27 09:58 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-01-23 10:48 - 2013-11-27 09:56 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2014-01-23 10:48 - 2013-11-27 09:20 - 04106240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-01-23 10:48 - 2013-11-27 05:01 - 00385614 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-01-23 10:48 - 2013-11-26 14:22 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-01-23 10:48 - 2013-11-26 14:20 - 02131120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-01-23 10:48 - 2013-11-26 14:20 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-01-23 10:48 - 2013-11-26 14:20 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcmde.dll
2014-01-23 10:48 - 2013-11-26 14:20 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-01-23 10:48 - 2013-11-26 12:50 - 01371312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-01-23 10:48 - 2013-11-26 12:44 - 02142936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-01-23 10:48 - 2013-11-26 12:44 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-01-23 10:48 - 2013-11-26 11:13 - 04191232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-01-23 10:48 - 2013-11-26 10:21 - 18577920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-01-23 10:48 - 2013-11-26 09:28 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-01-23 10:48 - 2013-11-25 02:45 - 00142680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-01-23 10:48 - 2013-11-25 02:32 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-01-23 10:48 - 2013-11-25 00:30 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-01-23 10:48 - 2013-11-25 00:28 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-01-23 10:48 - 2013-11-23 13:47 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-01-23 10:48 - 2013-11-23 12:49 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-01-23 10:48 - 2013-11-23 09:19 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-01-23 10:48 - 2013-11-23 08:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
2014-01-23 10:48 - 2013-11-23 08:13 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2014-01-23 10:48 - 2013-11-23 08:08 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-01-23 10:48 - 2013-11-23 05:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-01-23 10:48 - 2013-11-23 04:57 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-01-23 10:48 - 2013-11-23 04:48 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-01-23 10:48 - 2013-11-23 04:25 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-01-23 10:48 - 2013-11-23 04:25 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-01-23 10:48 - 2013-11-23 04:19 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-01-23 10:48 - 2013-11-23 04:15 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-01-23 10:48 - 2013-11-21 07:58 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll
2014-01-23 10:48 - 2013-11-21 07:26 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-01-23 10:48 - 2013-11-16 06:11 - 00764856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-01-23 10:48 - 2013-11-15 19:19 - 00669344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-01-23 10:48 - 2013-11-15 15:59 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2014-01-23 10:48 - 2013-11-15 15:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2014-01-23 10:48 - 2013-11-15 15:08 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-01-23 10:48 - 2013-11-15 14:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-01-23 10:48 - 2013-11-05 21:12 - 02551128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-01-23 10:48 - 2013-10-31 01:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-01-23 10:48 - 2013-10-31 00:41 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-01-23 10:47 - 2013-12-11 08:55 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-01-23 10:47 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-23 10:47 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-23 10:47 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-23 10:47 - 2013-11-27 11:34 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-01-23 10:47 - 2013-11-27 10:54 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-23 10:47 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-23 10:47 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-23 10:47 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-23 10:47 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-23 10:47 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-23 10:47 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-22 13:28 - 2014-01-22 13:28 - 00003118 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003092 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003062 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003060 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-01-21 15:28 - 2014-01-21 15:29 - 28028590 _____ () C:\Users\rpmar_000\Downloads\WIT-Photobox.zip
==================== One Month Modified Files and Folders =======
2014-02-10 14:31 - 2014-01-30 14:05 - 00000000 ____D () C:\FRST
2014-02-10 14:31 - 2012-12-11 18:25 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\CrashDumps
2014-02-10 14:27 - 2013-10-17 14:09 - 01855365 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-10 14:23 - 2012-11-14 11:32 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\Google
2014-02-10 14:23 - 2012-11-14 11:32 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-10 14:17 - 2012-11-14 11:32 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-10 14:04 - 2014-01-30 14:17 - 00000000 ____D () C:\Users\rpmar_000\Documents\Malware
2014-02-10 14:03 - 2014-02-10 14:03 - 01110478 _____ () C:\Users\rpmar_000\Downloads\ProcessMonitor.zip
2014-02-10 14:01 - 2013-10-22 08:58 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\E7546975-342B-4B7C-A126-4E5CA701679A.aplzod
2014-02-10 14:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-10 14:01 - 2012-11-12 17:22 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1379490362-2251337210-4251339374-1001
2014-02-10 09:31 - 2013-09-30 05:14 - 01812910 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-10 09:31 - 2013-09-30 04:58 - 00782352 _____ () C:\WINDOWS\system32\perfh007.dat
2014-02-10 09:31 - 2013-09-30 04:58 - 00164592 _____ () C:\WINDOWS\system32\perfc007.dat
2014-02-10 09:29 - 2012-11-12 15:30 - 00000000 ____D () C:\Users\rpmar_000\Documents\WISO Mein Geld
2014-02-10 09:28 - 2012-11-12 15:19 - 00000000 ____D () C:\Users\rpmar_000\Documents\Outlook-Dateien
2014-02-10 09:27 - 2014-01-07 10:42 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-10 09:27 - 2013-10-17 14:16 - 00000000 __RDO () C:\Users\rpmar_000\SkyDrive
2014-02-10 09:27 - 2012-11-18 10:51 - 00000000 ___RD () C:\Users\rpmar_000\Dropbox
2014-02-10 09:27 - 2012-11-18 10:46 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Dropbox
2014-02-10 09:27 - 2012-11-14 11:32 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-10 09:24 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-10 09:24 - 2012-12-11 18:25 - 00180818 _____ () C:\ndsvc.log
2014-02-10 09:23 - 2014-02-03 10:33 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\vlc
2014-02-10 09:23 - 2013-08-22 14:25 - 04980736 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-08 11:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-02-07 14:53 - 2012-11-12 17:23 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-07 09:52 - 2014-02-03 10:29 - 00000887 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-02-07 09:48 - 2013-11-12 11:42 - 00000000 ____D () C:\Program Files (x86)\sysTPL
2014-02-07 09:44 - 2014-02-07 09:44 - 00448512 _____ (OldTimer Tools) C:\Users\rpmar_000\Downloads\TFC.exe
2014-02-07 09:35 - 2013-12-02 13:48 - 00000000 __SHD () C:\Users\rpmar_000\wc
2014-02-07 09:27 - 2014-02-07 09:27 - 00004570 _____ () C:\Users\rpmar_000\Downloads\Antrag (17).xml
2014-02-06 16:29 - 2012-11-12 08:56 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\Packages
2014-02-06 15:54 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-02-06 15:46 - 2012-11-14 12:37 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-02-06 13:20 - 2013-09-29 20:05 - 00504902 _____ () C:\WINDOWS\PFRO.log
2014-02-06 11:10 - 2014-02-06 10:43 - 00000000 ____D () C:\Users\rpmar_000\Documents\Fiddler2
2014-02-06 10:42 - 2014-02-06 10:42 - 00805608 _____ (Telerik) C:\Users\rpmar_000\Downloads\fiddler4setup (1).exe
2014-02-06 10:42 - 2014-02-06 10:41 - 00000000 ____D () C:\Program Files (x86)\Fiddler2
2014-02-06 10:41 - 2014-02-06 10:41 - 00805608 _____ (Telerik) C:\Users\rpmar_000\Downloads\fiddler4setup.exe
2014-02-05 17:57 - 2014-01-30 15:42 - 00011750 _____ () C:\Users\rpmar_000\Documents\Einnahme_Ausgabe.xlsx
2014-02-05 16:38 - 2014-02-05 16:21 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-02-05 16:21 - 2014-02-05 16:21 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\ParetoLogic
2014-02-05 16:21 - 2014-02-05 16:21 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\DriverCure
2014-02-05 16:20 - 2014-02-05 16:20 - 05249448 _____ (ParetoLogic Inc.) C:\Users\rpmar_000\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-02-05 15:42 - 2012-11-12 15:17 - 00000000 ____D () C:\Users\rpmar_000\Documents\Gloricus
2014-02-05 14:53 - 2012-11-12 17:23 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-02-05 14:44 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-02-05 14:43 - 2014-02-04 08:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-05 14:34 - 2013-08-22 15:46 - 00300465 _____ () C:\WINDOWS\setupact.log
2014-02-04 17:52 - 2014-02-04 17:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-04 16:42 - 2013-10-17 14:05 - 00000000 ____D () C:\Users\rpmar_000
2014-02-04 15:46 - 2014-02-04 15:46 - 00119443 _____ () C:\Users\rpmar_000\Desktop\TDSSKiller_Report.txt
2014-02-04 15:31 - 2014-02-04 15:30 - 04101441 _____ () C:\Users\rpmar_000\Downloads\tdsskiller.zip
2014-02-04 15:24 - 2014-02-04 15:24 - 00000000 _____ () C:\Users\rpmar_000\Desktop\gmer.txt
2014-02-04 15:07 - 2014-02-04 15:07 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\rpmar_000\Downloads\tdsskiller.exe
2014-02-04 15:02 - 2014-02-04 15:02 - 00380416 _____ () C:\Users\rpmar_000\Downloads\xceq2g82.exe
2014-02-04 15:02 - 2014-02-04 15:02 - 00380416 _____ () C:\Users\rpmar_000\Downloads\Gmer-19357.exe
2014-02-04 08:38 - 2014-02-04 08:38 - 00001163 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-04 08:37 - 2014-02-04 08:37 - 00283096 _____ (Mozilla) C:\Users\rpmar_000\Downloads\Firefox Setup Stub 26.0.exe
2014-02-03 17:00 - 2014-01-28 08:55 - 00216987 _____ () C:\Users\rpmar_000\Desktop\ProjStat_GCD_RPMarr.xlsx
2014-02-03 16:59 - 2013-01-10 13:28 - 00216986 _____ () C:\Users\rpmar_000\Downloads\ProjStat_GCD_RPMarr.xlsx
2014-02-03 16:23 - 2014-02-03 16:23 - 00003235 _____ () C:\Users\rpmar_000\Downloads\Antrag(2).xml
2014-02-03 13:43 - 2014-01-25 16:37 - 00000000 ____D () C:\Program Files (x86)\Dr. Hardware 2013
2014-02-03 13:41 - 2014-01-25 16:44 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-02-03 11:06 - 2014-02-03 11:06 - 02347384 _____ (ESET) C:\Users\rpmar_000\Downloads\esetsmartinstaller_enu.exe
2014-02-03 10:29 - 2013-09-26 12:45 - 00000000 ____D () C:\Program Files\VideoLAN
2014-02-03 10:26 - 2014-02-03 10:25 - 23884615 _____ () C:\Users\rpmar_000\Downloads\vlc-2.1.2-win64.exe
2014-02-01 12:51 - 2014-01-23 11:39 - 00000000 ____D () C:\AdwCleaner
2014-02-01 12:48 - 2014-02-01 12:48 - 00000637 _____ () C:\Users\rpmar_000\Desktop\JRT.txt
2014-02-01 12:43 - 2014-01-31 16:19 - 00001814 _____ () C:\sc-cleaner.txt
2014-02-01 11:36 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-02-01 10:48 - 2012-11-12 17:33 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-02-01 10:46 - 2014-01-31 14:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-01 10:44 - 2014-01-29 16:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-01 10:16 - 2014-02-01 10:16 - 00000085 _____ () C:\WINDOWS\wininit.ini
2014-02-01 10:16 - 2014-01-31 14:31 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-01-31 16:27 - 2013-12-04 10:22 - 00000000 ____D () C:\Program Files\DriveOnWeb Client
2014-01-31 16:18 - 2014-01-31 16:18 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\rpmar_000\Downloads\sc-cleaner.exe
2014-01-31 16:18 - 2014-01-31 16:18 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\rpmar_000\Desktop\sc-cleaner.exe
2014-01-31 16:15 - 2014-01-30 14:06 - 00073823 _____ () C:\Users\rpmar_000\Downloads\FRST.txt
2014-01-31 16:15 - 2014-01-30 14:06 - 00031870 _____ () C:\Users\rpmar_000\Downloads\Addition.txt
2014-01-31 14:35 - 2014-01-31 14:35 - 00000000 ____D () C:\Users\rpmar_000\Documents\ProcAlyzer Dumps
2014-01-31 14:31 - 2014-01-31 14:31 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-01-31 13:53 - 2014-01-31 13:52 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\rpmar_000\Downloads\spybot-2.2.25.exe
2014-01-31 13:45 - 2014-01-31 13:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-31 13:45 - 2014-01-31 13:26 - 00000000 ____D () C:\Users\rpmar_000\Desktop\mbar
2014-01-31 13:33 - 2014-01-31 13:33 - 00119000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-01-31 13:33 - 2014-01-31 13:24 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-31 13:24 - 2014-01-31 13:23 - 00000000 ____D () C:\Malewarebytes
2014-01-31 13:21 - 2014-01-31 13:21 - 12589848 _____ (Malwarebytes Corp.) C:\Users\rpmar_000\Downloads\mbar-1.07.0.1009.exe
2014-01-30 21:47 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-30 21:47 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-30 16:53 - 2014-01-30 14:08 - 00071262 _____ () C:\Users\rpmar_000\Desktop\FRST.txt
2014-01-30 16:08 - 2014-01-30 16:08 - 01804472 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2014-01-30 16:00 - 2014-01-30 16:00 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-01-30 15:59 - 2014-01-30 16:00 - 01037068 _____ (Thisisu) C:\Users\rpmar_000\Desktop\JRT.exe
2014-01-30 15:59 - 2014-01-30 15:59 - 01037068 _____ (Thisisu) C:\Users\rpmar_000\Downloads\JRT.exe
2014-01-30 14:06 - 2014-01-30 14:06 - 00000119 _____ () C:\Users\rpmar_000\Desktop\Addition.txt
2014-01-30 14:05 - 2014-01-30 16:49 - 02079744 _____ (Farbar) C:\Users\rpmar_000\Desktop\FRST64.exe
2014-01-30 14:05 - 2014-01-30 14:05 - 02079744 _____ (Farbar) C:\Users\rpmar_000\Downloads\FRST64.exe
2014-01-30 14:02 - 2014-01-29 16:39 - 00000000 ____D () C:\ProgramData\Updater
2014-01-30 14:02 - 2014-01-29 16:39 - 00000000 ____D () C:\ProgramData\RHelpers
2014-01-30 13:13 - 2014-01-30 15:50 - 01166132 _____ () C:\Users\rpmar_000\Desktop\adwcleaner.exe
2014-01-30 13:13 - 2014-01-30 13:13 - 01166132 _____ () C:\Users\rpmar_000\Downloads\adwcleaner.exe
2014-01-30 08:59 - 2014-01-30 08:59 - 00281136 _____ () C:\WINDOWS\Minidump\013014-7265-01.dmp
2014-01-30 08:59 - 2013-12-02 10:42 - 2056067440 _____ () C:\WINDOWS\MEMORY.DMP
2014-01-30 08:59 - 2013-12-02 10:42 - 00000000 ____D () C:\WINDOWS\Minidump
2014-01-29 20:53 - 2014-01-29 20:53 - 00009538 _____ () C:\Users\rpmar_000\Documents\Malware.txt
2014-01-29 16:49 - 2014-01-29 16:49 - 00000000 ____D () C:\ProgramData\Websteroids
2014-01-29 16:45 - 2014-01-29 16:45 - 00675048 _____ () C:\Users\rpmar_000\Downloads\AdwCleaner_Setup_Download.exe
2014-01-29 16:44 - 2014-01-29 16:44 - 01166132 _____ () C:\Users\rpmar_000\Downloads\adwcleaner-3.018.exe
2014-01-29 16:10 - 2014-01-29 16:10 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Malwarebytes
2014-01-29 16:09 - 2014-01-29 16:09 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 16:09 - 2014-01-29 16:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-29 15:43 - 2013-07-08 15:28 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-01-29 15:09 - 2014-01-29 15:09 - 00004096 _____ () C:\Users\rpmar_000\Desktop\ipdetails.txt
2014-01-29 15:02 - 2014-01-29 15:02 - 00003475 _____ () C:\Users\rpmar_000\Desktop\ipdetails1.txt
2014-01-28 18:47 - 2014-01-28 17:55 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\LogMeIn Rescue Applet
2014-01-28 18:46 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-01-28 18:20 - 2014-01-28 18:20 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-01-28 18:19 - 2014-01-28 18:19 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-01-28 18:19 - 2014-01-28 18:19 - 00008222 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-01-28 18:19 - 2014-01-28 18:19 - 00002597 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-01-28 18:19 - 2014-01-28 18:19 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-01-28 18:19 - 2012-12-11 10:33 - 00003234 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration
2014-01-28 18:19 - 2012-12-11 10:33 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-01-28 18:19 - 2012-12-11 10:30 - 00000000 ____D () C:\ProgramData\Norton
2014-01-28 18:15 - 2014-01-28 18:10 - 204480336 ____N (Symantec Corporation) C:\Users\rpmar_000\Downloads\NIS-ESD-21.1.0-GE.exe
2014-01-28 17:55 - 2014-01-28 17:55 - 00002285 _____ () C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Symantec.lnk
2014-01-28 15:28 - 2014-01-28 15:20 - 00101386 _____ () C:\Users\rpmar_000\Desktop\sfcdetails.txt
2014-01-28 15:08 - 2014-01-28 15:08 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\PackageStaging
2014-01-28 14:16 - 2014-01-28 13:00 - 00051811 _____ () C:\Users\rpmar_000\Documents\sfcdetails.txt
2014-01-25 16:49 - 2014-01-25 16:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\AIM
2014-01-25 16:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Macromed
2014-01-25 16:49 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-01-25 16:48 - 2014-01-25 16:48 - 00002116 _____ () C:\Users\Public\Desktop\Olympia Chronik 2014.lnk
2014-01-25 16:48 - 2012-11-12 18:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-25 16:46 - 2014-01-25 16:46 - 00000000 ____D () C:\Program Files (x86)\USM
2014-01-25 16:44 - 2014-01-25 16:44 - 00002268 _____ () C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO10).lnk
2014-01-25 16:44 - 2014-01-25 16:44 - 00001246 _____ () C:\Users\Public\Desktop\Ashampoo WinOptimizer 10.lnk
2014-01-25 16:44 - 2014-01-25 16:44 - 00000214 _____ () C:\Users\Public\Desktop\Your Software Deals.url
2014-01-25 16:44 - 2014-01-25 16:44 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-01-25 16:37 - 2014-01-25 16:37 - 00000996 _____ () C:\Users\rpmar_000\Desktop\Dr. Hardware 2013.lnk
2014-01-25 16:37 - 2014-01-25 16:37 - 00000996 _____ () C:\Users\marki_lokal\Desktop\Dr. Hardware 2013.lnk
2014-01-25 16:31 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Registration
2014-01-25 15:30 - 2014-01-25 15:30 - 00023489 _____ () C:\Users\rpmar_000\Documents\Transsib.txt
2014-01-25 13:41 - 2014-01-25 13:29 - 00000000 ____D () C:\Users\rpmar_000\Desktop\Neuer Ordner
2014-01-25 12:09 - 2014-01-25 12:09 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1379490362-2251337210-4251339374-1005
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D () C:\Users\marki_lokal\AppData\Roaming\Logitech
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D () C:\Users\marki_lokal\AppData\Roaming\ATI
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D () C:\Users\marki_lokal\AppData\Local\ATI
2014-01-25 12:05 - 2014-01-25 12:04 - 00000000 ____D () C:\Users\marki_lokal\AppData\Local\Packages
2014-01-25 12:04 - 2014-01-25 12:04 - 00001454 _____ () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-25 12:04 - 2014-01-25 12:04 - 00000020 ___SH () C:\Users\marki_lokal\ntuser.ini
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Vorlagen
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Startmenü
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Netzwerkumgebung
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Lokale Einstellungen
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Eigene Dateien
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Druckumgebung
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Documents\Eigene Musik
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Documents\Eigene Bilder
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\AppData\Local\Verlauf
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\AppData\Local\Anwendungsdaten
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Anwendungsdaten
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ___RD () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ___RD () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ____D () C:\Users\marki_lokal\AppData\Roaming\Adobe
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ____D () C:\Users\marki_lokal\AppData\Local\VirtualStore
2014-01-25 12:04 - 2014-01-25 12:03 - 00000000 ____D () C:\Users\marki_lokal
2014-01-25 11:59 - 2014-01-25 11:59 - 00000000 ___HD () C:\$SysReset
2014-01-25 11:27 - 2014-01-23 11:26 - 00000138 _____ () C:\Users\rpmar_000\AppData\Roaming\WB.CFG
2014-01-23 13:58 - 2014-01-23 13:58 - 00001058 _____ () C:\Users\Public\Desktop\PDF-XChange Editor.lnk
2014-01-23 13:58 - 2014-01-23 13:58 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Tracker Software
2014-01-23 13:58 - 2014-01-23 13:58 - 00000000 ____D () C:\Program Files\Tracker Software
2014-01-23 13:57 - 2014-01-23 10:51 - 00000000 ____D () C:\ProgramData\Package Cache
2014-01-23 13:56 - 2014-01-23 13:56 - 00000000 ____D () C:\Users\rpmar_000\Documents\PDF-Viewer
2014-01-23 13:56 - 2014-01-23 13:54 - 53393688 _____ () C:\Users\rpmar_000\Downloads\PDFXVE3_3.0.307.1.zip
2014-01-23 12:14 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-01-23 11:41 - 2012-11-12 17:16 - 00000000 ___RD () C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-23 11:27 - 2014-01-23 11:27 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperia Online
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\ATI
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\ATI
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D () C:\ProgramData\ATI
2014-01-23 10:54 - 2013-08-22 15:44 - 00482800 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-23 10:54 - 2012-11-12 17:16 - 00000000 ___RD () C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-01-23 10:53 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-01-23 10:53 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-01-23 10:51 - 2014-01-23 10:51 - 00055441 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201401231051561539.log
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D () C:\Program Files (x86)\Advanced Micro Devices, Inc
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D () C:\AMD
2014-01-23 10:51 - 2013-10-17 14:03 - 00000000 ____D () C:\Program Files\AMD
2014-01-23 10:46 - 2013-08-15 14:21 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-01-23 10:45 - 2012-12-12 11:45 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-23 10:40 - 2013-12-02 11:00 - 00000000 ____D () C:\Program Files\WhoCrashed
2014-01-22 13:28 - 2014-01-22 13:28 - 00003118 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003092 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003062 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003060 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-01-22 12:07 - 2012-11-13 09:31 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\Adobe
2014-01-22 12:01 - 2013-10-17 14:16 - 00000650 __RSH () C:\ProgramData\ntuser.pol
2014-01-21 15:29 - 2014-01-21 15:28 - 28028590 _____ () C:\Users\rpmar_000\Downloads\WIT-Photobox.zip
2014-01-21 11:17 - 2012-11-18 10:51 - 00001041 _____ () C:\Users\rpmar_000\Desktop\Dropbox.lnk
2014-01-21 11:17 - 2012-11-18 10:47 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-21 10:44 - 2012-11-12 17:53 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\Microsoft Help
2014-01-17 12:16 - 2013-09-01 12:25 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\FileZilla
2014-01-17 11:52 - 2013-11-18 10:31 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-01-15 07:10 - 2012-11-21 17:05 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Nero
2014-01-14 17:15 - 2012-11-22 13:49 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\Nero
2014-01-14 16:31 - 2012-11-14 16:57 - 00000000 ____D () C:\ProgramData\CanonIJ
Some content of TEMP:
====================
C:\Users\rpmar_000\AppData\Local\Temp\Procmon64.exe
C:\Users\rpmar_000\AppData\Local\Temp\vlc-2.1.3-win64.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-06 14:07
==================== End Of Log ============================
--- --- --- |
|
10.02.2014, 14:41
| #65 |
| /// Malwareteam | Internetverbindung über Port 8877 unter WIN 8.1 ok dann beobachte das Ganze nochmal etwas, sollte das Problem nicht mehr auftreten räumen wir auf und sichern das System ab. |
|
10.02.2014, 15:17
| #66 |
| | Internetverbindung über Port 8877 unter WIN 8.1 Die GoogleUpdate.exe ist noch vorhanden im Programmverzeichnis, aber sie wird nicht mehr aktiv. Habe eben die Internetverbindung getrennt und wieder verbunden. Da war der Proxy-Eintrag immer nach ca. 1 Minute da. Jetzt ist Ruhe. Ich werde jetzt mal neu starten und dann gebe ich Rückmeldung! Ich wird bleede, wie der Sachse sagt. Nach dem Neustart ist der Proxy wieder drin. Aber der Procmon zeigt diesen Prozess nicht an! Soll ich die exe einfach mal löschen? Jetzt habe ich den ProcMonitor laufen lassen und die Netzverb. getrennt, dann wieder Netzt ein und wieder war der gelöschte Proxy drin. Der Monitor zeigte alles Mögliche an, nur keinen Port 8877. |
|
10.02.2014, 15:20
| #67 |
| /// Malwareteam | Internetverbindung über Port 8877 unter WIN 8.1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Task: {7C740B59-0293-40FF-BFDB-BCE84FF65E9A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14] (Google Inc.)
Task: {CB2290CB-8E2D-462D-89A6-D24ADF205C59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2: deinstalliere: Code:
ATTFilter Updater
|
|
10.02.2014, 15:34
| #68 |
| | Internetverbindung über Port 8877 unter WIN 8.1 Hier noch ein Screenshot nach dem Booten. Der Prozess, der den Eintrag verursacht heißt: SettingSyncHost.exe (Screenshot_1) und dann die Prozesse nach dem Trennen der Netzverb. und wieder zuschalten (Screenshot_2) |
|
10.02.2014, 15:37
| #69 |
| | Internetverbindung über Port 8877 unter WIN 8.1 Hier die Screenshots |
|
10.02.2014, 15:42
| #70 |
| | Internetverbindung über Port 8877 unter WIN 8.1 Hier die Frstlog FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-02-2014 03
Ran by rpmarr (administrator) on MARKIS_DESKTOP on 10-02-2014 15:41:11
Running from C:\Users\rpmar_000\Desktop
Windows 8.1 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\WINDOWS\system32\atiesrxx.exe
(AMD) C:\WINDOWS\system32\atieclxx.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Bdrive Inc.) C:\Program Files\NetDrive\ndsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Tlapia) C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
(CANON INC.) C:\WINDOWS\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE
(CANON INC.) C:\WINDOWS\system32\spool\DRIVERS\x64\3\CNABASWK.EXE
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(Dropbox, Inc.) C:\Users\rpmar_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Sysinternals - www.sysinternals.com) C:\Users\rpmar_000\Documents\Malware\ProcessMonitor\Procmon.exe
(Sysinternals - www.sysinternals.com) C:\Users\rpmar_000\AppData\Local\Temp\Procmon64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Tlapia) C:\Program Files (x86)\sysTPL\sysTPLService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [CNAP2 Launcher] - C:\WINDOWS\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [406944 2008-04-08] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [517912 2013-02-15] (Acronis)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91096 2013-04-22] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-12-20] (cyberlink)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM-x32\...\Run: [AirPort Base Station Agent] - C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [NetDrive] - C:\Program Files\NetDrive\NetDrive.exe [3587072 2013-02-27] (Bdrive Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6405376 2013-03-27] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] - C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105848 2013-01-10] (Acronis)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1379490362-2251337210-4251339374-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1379490362-2251337210-4251339374-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1815976 2014-01-27] (Valve Corporation)
HKU\S-1-5-21-1379490362-2251337210-4251339374-1001\...\Run: [AppleIEDAV] - C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-1379490362-2251337210-4251339374-1001\...\Run: [DriveOnWeb Client] - "C:\Program Files\DriveOnWeb Client\DriveOnWeb.exe" /min /sleep=40
Startup: C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\rpmar_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk
ShortcutTarget: Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8877;https=127.0.0.1:8877
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2572B62A851FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
FireFox:
========
FF ProfilePath: C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\g9xma40h.default-1391525960886
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\g9xma40h.default-1391525960886\searchplugins\safesearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-10-17]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-01-28]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2014-02-06]
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-07]
CHR Extension: (Google Drive) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-07]
CHR Extension: (YouTube) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-07]
CHR Extension: (Google-Suche) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-07]
CHR Extension: (Norton Identity Protection) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-07]
CHR Extension: (Google Wallet) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07]
CHR Extension: (Google Mail) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-07]
CHR HKCU\...\Chrome\Extension: [cfigonhgidedenkkhlilmefgodjpefna] - C:\Users\rpmar_000\AppData\Local\CRE\cfigonhgidedenkkhlilmefgodjpefna.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [cfigonhgidedenkkhlilmefgodjpefna] - C:\Users\rpmar_000\AppData\Local\CRE\cfigonhgidedenkkhlilmefgodjpefna.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-29]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 ndsvc; C:\Program Files\NetDrive\ndsvc.exe [2789376 2013-02-27] (Bdrive Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 sysTPLMonitor.exe; C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe [395888 2013-11-28] (Tlapia)
R2 sysTPLService.exe; C:\Program Files (x86)\sysTPL\sysTPLService.exe [394352 2013-11-28] (Tlapia)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [305200 2012-09-18] ()
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-11-15] ()
R1 avfwot; C:\Windows\system32\DRIVERS\avfwot.sys [126792 2011-01-10] (Avira GmbH)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2014-01-21] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R2 DRHARD64; C:\WINDOWS\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHARD64; C:\WINDOWS\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHMSR64; C:\WINDOWS\system32\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R2 DRHMSR64; C:\WINDOWS\SysWOW64\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-28] (Symantec Corporation)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [31136 2013-10-18] (REALiX(tm))
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140207.001\IDSvia64.sys [521944 2014-01-27] (Symantec Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-11-15] ()
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140209.019\ENG64.SYS [126040 2014-01-31] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140209.019\EX64.SYS [2099288 2014-01-31] (Symantec Corporation)
S3 ndfs; C:\Program Files\NetDrive\ndfs.sys [63712 2013-02-09] (Bdrive Inc.)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 NPF; C:\Windows\system32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [47320 2013-07-29] (Realtek Microelectronics)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [29472 2012-09-05] (SerComm Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1501000.012\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-28] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-08-29] (Acronis International GmbH)
S0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2013-08-29] (Acronis)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [130320 2013-04-25] (CyberLink Corp.)
U3 DfSdkS;
S3 DRHARD; \??\C:\WINDOWS\system32\DRIVERS\DRHARD.SYS [X]
S2 sxuptp; \SystemRoot\System32\drivers\sxuptp.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-10 15:41 - 2014-02-10 15:41 - 00000000 ____D () C:\Users\rpmar_000\Desktop\FRST-OlderVersion
2014-02-10 15:40 - 2014-02-10 15:40 - 00000572 _____ () C:\Users\rpmar_000\Desktop\Fixlist.txt
2014-02-10 14:03 - 2014-02-10 14:03 - 01110478 _____ () C:\Users\rpmar_000\Downloads\ProcessMonitor.zip
2014-02-10 14:03 - 2013-05-31 15:54 - 02489024 _____ (Sysinternals - www.sysinternals.com) C:\Users\rpmar_000\Documents\Procmon.exe
2014-02-10 14:03 - 2011-11-28 11:46 - 00063582 _____ () C:\Users\rpmar_000\Documents\procmon.chm
2014-02-10 14:03 - 2006-07-28 09:32 - 00007005 _____ () C:\Users\rpmar_000\Documents\Eula.txt
2014-02-07 09:44 - 2014-02-07 09:44 - 00448512 _____ (OldTimer Tools) C:\Users\rpmar_000\Downloads\TFC.exe
2014-02-07 09:27 - 2014-02-07 09:27 - 00004570 _____ () C:\Users\rpmar_000\Downloads\Antrag (17).xml
2014-02-06 10:43 - 2014-02-06 11:10 - 00000000 ____D () C:\Users\rpmar_000\Documents\Fiddler2
2014-02-06 10:42 - 2014-02-06 10:42 - 00805608 _____ (Telerik) C:\Users\rpmar_000\Downloads\fiddler4setup (1).exe
2014-02-06 10:41 - 2014-02-06 10:42 - 00000000 ____D () C:\Program Files (x86)\Fiddler2
2014-02-06 10:41 - 2014-02-06 10:41 - 00805608 _____ (Telerik) C:\Users\rpmar_000\Downloads\fiddler4setup.exe
2014-02-05 16:21 - 2014-02-05 16:38 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-02-05 16:21 - 2014-02-05 16:21 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\ParetoLogic
2014-02-05 16:21 - 2014-02-05 16:21 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\DriverCure
2014-02-05 16:20 - 2014-02-05 16:20 - 05249448 _____ (ParetoLogic Inc.) C:\Users\rpmar_000\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-02-04 17:52 - 2014-02-04 17:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-04 15:46 - 2014-02-04 15:46 - 00119443 _____ () C:\Users\rpmar_000\Desktop\TDSSKiller_Report.txt
2014-02-04 15:32 - 2013-11-18 06:28 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\rpmar_000\Desktop\TDSSKiller.exe
2014-02-04 15:30 - 2014-02-04 15:31 - 04101441 _____ () C:\Users\rpmar_000\Downloads\tdsskiller.zip
2014-02-04 15:24 - 2014-02-04 15:24 - 00000000 _____ () C:\Users\rpmar_000\Desktop\gmer.txt
2014-02-04 15:07 - 2014-02-04 15:07 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\rpmar_000\Downloads\tdsskiller.exe
2014-02-04 15:02 - 2014-02-04 15:02 - 00380416 _____ () C:\Users\rpmar_000\Downloads\xceq2g82.exe
2014-02-04 15:02 - 2014-02-04 15:02 - 00380416 _____ () C:\Users\rpmar_000\Downloads\Gmer-19357.exe
2014-02-04 08:38 - 2014-02-05 14:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-04 08:38 - 2014-02-04 08:38 - 00001163 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-04 08:37 - 2014-02-04 08:37 - 00283096 _____ (Mozilla) C:\Users\rpmar_000\Downloads\Firefox Setup Stub 26.0.exe
2014-02-03 16:23 - 2014-02-03 16:23 - 00003235 _____ () C:\Users\rpmar_000\Downloads\Antrag(2).xml
2014-02-03 11:06 - 2014-02-03 11:06 - 02347384 _____ (ESET) C:\Users\rpmar_000\Downloads\esetsmartinstaller_enu.exe
2014-02-03 10:33 - 2014-02-10 15:05 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\vlc
2014-02-03 10:29 - 2014-02-07 09:52 - 00000887 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-02-03 10:25 - 2014-02-03 10:26 - 23884615 _____ () C:\Users\rpmar_000\Downloads\vlc-2.1.2-win64.exe
2014-02-01 12:48 - 2014-02-01 12:48 - 00000637 _____ () C:\Users\rpmar_000\Desktop\JRT.txt
2014-02-01 10:16 - 2014-02-01 10:16 - 00000085 _____ () C:\WINDOWS\wininit.ini
2014-01-31 16:19 - 2014-02-01 12:43 - 00001814 _____ () C:\sc-cleaner.txt
2014-01-31 16:18 - 2014-01-31 16:18 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\rpmar_000\Downloads\sc-cleaner.exe
2014-01-31 16:18 - 2014-01-31 16:18 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\rpmar_000\Desktop\sc-cleaner.exe
2014-01-31 14:35 - 2014-01-31 14:35 - 00000000 ____D () C:\Users\rpmar_000\Documents\ProcAlyzer Dumps
2014-01-31 14:31 - 2014-02-01 10:46 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-31 14:31 - 2014-02-01 10:16 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-01-31 14:31 - 2014-01-31 14:31 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-01-31 13:52 - 2014-01-31 13:53 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\rpmar_000\Downloads\spybot-2.2.25.exe
2014-01-31 13:33 - 2014-01-31 13:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-31 13:33 - 2014-01-31 13:33 - 00119000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-01-31 13:26 - 2014-01-31 13:45 - 00000000 ____D () C:\Users\rpmar_000\Desktop\mbar
2014-01-31 13:24 - 2014-01-31 13:33 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-31 13:23 - 2014-01-31 13:24 - 00000000 ____D () C:\Malewarebytes
2014-01-31 13:21 - 2014-01-31 13:21 - 12589848 _____ (Malwarebytes Corp.) C:\Users\rpmar_000\Downloads\mbar-1.07.0.1009.exe
2014-01-30 16:49 - 2014-02-10 15:41 - 02170880 _____ (Farbar) C:\Users\rpmar_000\Desktop\FRST64.exe
2014-01-30 16:08 - 2014-01-30 16:08 - 01804472 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2014-01-30 16:00 - 2014-01-30 16:00 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-01-30 16:00 - 2014-01-30 15:59 - 01037068 _____ (Thisisu) C:\Users\rpmar_000\Desktop\JRT.exe
2014-01-30 15:59 - 2014-01-30 15:59 - 01037068 _____ (Thisisu) C:\Users\rpmar_000\Downloads\JRT.exe
2014-01-30 15:50 - 2014-01-30 13:13 - 01166132 _____ () C:\Users\rpmar_000\Desktop\adwcleaner.exe
2014-01-30 15:42 - 2014-02-05 17:57 - 00011750 _____ () C:\Users\rpmar_000\Documents\Einnahme_Ausgabe.xlsx
2014-01-30 14:17 - 2014-02-10 14:04 - 00000000 ____D () C:\Users\rpmar_000\Documents\Malware
2014-01-30 14:08 - 2014-02-10 15:41 - 00023982 _____ () C:\Users\rpmar_000\Desktop\FRST.txt
2014-01-30 14:06 - 2014-01-31 16:15 - 00073823 _____ () C:\Users\rpmar_000\Downloads\FRST.txt
2014-01-30 14:06 - 2014-01-31 16:15 - 00031870 _____ () C:\Users\rpmar_000\Downloads\Addition.txt
2014-01-30 14:06 - 2014-01-30 14:06 - 00000119 _____ () C:\Users\rpmar_000\Desktop\Addition.txt
2014-01-30 14:05 - 2014-02-10 15:41 - 00000000 ____D () C:\FRST
2014-01-30 14:05 - 2014-01-30 14:05 - 02079744 _____ (Farbar) C:\Users\rpmar_000\Downloads\FRST64.exe
2014-01-30 13:13 - 2014-01-30 13:13 - 01166132 _____ () C:\Users\rpmar_000\Downloads\adwcleaner.exe
2014-01-30 08:59 - 2014-01-30 08:59 - 00281136 _____ () C:\WINDOWS\Minidump\013014-7265-01.dmp
2014-01-29 20:53 - 2014-01-29 20:53 - 00009538 _____ () C:\Users\rpmar_000\Documents\Malware.txt
2014-01-29 16:49 - 2014-01-29 16:49 - 00000000 ____D () C:\ProgramData\Websteroids
2014-01-29 16:45 - 2014-01-29 16:45 - 00675048 _____ () C:\Users\rpmar_000\Downloads\AdwCleaner_Setup_Download.exe
2014-01-29 16:44 - 2014-01-29 16:44 - 01166132 _____ () C:\Users\rpmar_000\Downloads\adwcleaner-3.018.exe
2014-01-29 16:39 - 2014-01-30 14:02 - 00000000 ____D () C:\ProgramData\Updater
2014-01-29 16:39 - 2014-01-30 14:02 - 00000000 ____D () C:\ProgramData\RHelpers
2014-01-29 16:10 - 2014-01-29 16:10 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Malwarebytes
2014-01-29 16:09 - 2014-02-01 10:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-29 16:09 - 2014-01-29 16:09 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 16:09 - 2014-01-29 16:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-29 16:09 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-01-29 15:09 - 2014-01-29 15:09 - 00004096 _____ () C:\Users\rpmar_000\Desktop\ipdetails.txt
2014-01-29 15:02 - 2014-01-29 15:02 - 00003475 _____ () C:\Users\rpmar_000\Desktop\ipdetails1.txt
2014-01-28 18:20 - 2014-01-28 18:20 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-01-28 18:19 - 2014-01-28 18:19 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-01-28 18:19 - 2014-01-28 18:19 - 00008222 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-01-28 18:19 - 2014-01-28 18:19 - 00002597 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-01-28 18:19 - 2014-01-28 18:19 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-01-28 18:10 - 2014-01-28 18:15 - 204480336 ____N (Symantec Corporation) C:\Users\rpmar_000\Downloads\NIS-ESD-21.1.0-GE.exe
2014-01-28 17:55 - 2014-01-28 18:47 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\LogMeIn Rescue Applet
2014-01-28 17:55 - 2014-01-28 17:55 - 00002285 _____ () C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Symantec.lnk
2014-01-28 15:20 - 2014-01-28 15:28 - 00101386 _____ () C:\Users\rpmar_000\Desktop\sfcdetails.txt
2014-01-28 15:08 - 2014-01-28 15:08 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\PackageStaging
2014-01-28 13:00 - 2014-01-28 14:16 - 00051811 _____ () C:\Users\rpmar_000\Documents\sfcdetails.txt
2014-01-28 08:55 - 2014-02-03 17:00 - 00216987 _____ () C:\Users\rpmar_000\Desktop\ProjStat_GCD_RPMarr.xlsx
2014-01-25 16:49 - 2014-01-25 16:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\AIM
2014-01-25 16:49 - 2003-12-04 15:58 - 00000696 _____ () C:\WINDOWS\SysWOW64\jetodbc.rsp
2014-01-25 16:49 - 2002-12-11 19:12 - 00760968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSDMOD.DLL
2014-01-25 16:49 - 2002-12-11 19:12 - 00316040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DMOD.DLL
2014-01-25 16:49 - 2002-12-11 19:10 - 00816264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDMOD.DLL
2014-01-25 16:49 - 2002-12-11 17:34 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DMOD.DLL
2014-01-25 16:49 - 2002-12-11 15:16 - 00384512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDMOD.DLL
2014-01-25 16:49 - 2002-08-29 03:43 - 00278559 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMV8DS32.AX
2014-01-25 16:49 - 2002-08-29 03:43 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDS32.AX
2014-01-25 16:49 - 2002-08-29 03:43 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSADDS32.AX
2014-01-25 16:49 - 2002-04-29 19:47 - 00121160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscal.ocx
2014-01-25 16:49 - 2000-06-13 00:00 - 01046288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJET35.DLL
2014-01-25 16:49 - 2000-06-13 00:00 - 00415504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSREPL35.DLL
2014-01-25 16:49 - 1999-03-05 22:15 - 00074000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrclr40.dll
2014-01-25 16:49 - 1999-03-05 22:15 - 00028944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrecr40.dll
2014-01-25 16:49 - 1998-04-24 00:00 - 00368912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBAR332.DLL
2014-01-25 16:49 - 1998-04-24 00:00 - 00148240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJINT35.DLL
2014-01-25 16:49 - 1997-07-01 10:45 - 00250128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSEXCL35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00330000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSEXCH35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00287504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSXBSE35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00252176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSRD2X35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00250128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPDOX35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00166160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSLTUS35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00165648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSTEXT35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00024848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJTER35.DLL
2014-01-25 16:48 - 2014-01-25 16:48 - 00002116 _____ () C:\Users\Public\Desktop\Olympia Chronik 2014.lnk
2014-01-25 16:46 - 2014-01-25 16:46 - 00000000 ____D () C:\Program Files (x86)\USM
2014-01-25 16:45 - 2014-01-03 11:55 - 24097311 _____ () C:\Users\rpmar_000\Downloads\vlc-2.1.2-win32.exe
2014-01-25 16:44 - 2014-02-03 13:41 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-01-25 16:44 - 2014-01-25 16:44 - 00002268 _____ () C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO10).lnk
2014-01-25 16:44 - 2014-01-25 16:44 - 00001246 _____ () C:\Users\Public\Desktop\Ashampoo WinOptimizer 10.lnk
2014-01-25 16:44 - 2014-01-25 16:44 - 00000214 _____ () C:\Users\Public\Desktop\Your Software Deals.url
2014-01-25 16:44 - 2014-01-25 16:44 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-01-25 16:44 - 2009-08-24 21:13 - 00034304 _____ (mst software GmbH, Germany) C:\WINDOWS\system32\DfSdkBt.exe
2014-01-25 16:37 - 2014-02-03 13:43 - 00000000 ____D () C:\Program Files (x86)\Dr. Hardware 2013
2014-01-25 16:37 - 2014-01-25 16:37 - 00000996 _____ () C:\Users\rpmar_000\Desktop\Dr. Hardware 2013.lnk
2014-01-25 16:37 - 2014-01-25 16:37 - 00000996 _____ () C:\Users\marki_lokal\Desktop\Dr. Hardware 2013.lnk
2014-01-25 16:37 - 2013-07-21 17:41 - 00013760 _____ () C:\WINDOWS\SysWOW64\Drivers\DRHMSR64.sys
2014-01-25 16:37 - 2013-07-21 17:41 - 00013760 _____ () C:\WINDOWS\system32\Drivers\DRHMSR64.sys
2014-01-25 16:37 - 2011-11-03 18:05 - 00021984 _____ (Licensed for Gebhard Software) C:\WINDOWS\SysWOW64\Drivers\DRHARD64.sys
2014-01-25 16:37 - 2011-11-03 18:05 - 00021984 _____ (Licensed for Gebhard Software) C:\WINDOWS\system32\Drivers\DRHARD64.sys
2014-01-25 15:30 - 2014-01-25 15:30 - 00023489 _____ () C:\Users\rpmar_000\Documents\Transsib.txt
2014-01-25 13:29 - 2014-01-25 13:41 - 00000000 ____D () C:\Users\rpmar_000\Desktop\Neuer Ordner
2014-01-25 12:09 - 2014-01-25 12:09 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1379490362-2251337210-4251339374-1005
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D () C:\Users\marki_lokal\AppData\Roaming\Logitech
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D () C:\Users\marki_lokal\AppData\Roaming\ATI
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D () C:\Users\marki_lokal\AppData\Local\ATI
2014-01-25 12:04 - 2014-01-25 12:05 - 00000000 ____D () C:\Users\marki_lokal\AppData\Local\Packages
2014-01-25 12:04 - 2014-01-25 12:04 - 00001454 _____ () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-25 12:04 - 2014-01-25 12:04 - 00000020 ___SH () C:\Users\marki_lokal\ntuser.ini
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Vorlagen
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Startmenü
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Netzwerkumgebung
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Lokale Einstellungen
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Eigene Dateien
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Druckumgebung
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Documents\Eigene Musik
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Documents\Eigene Bilder
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\AppData\Local\Verlauf
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\AppData\Local\Anwendungsdaten
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Anwendungsdaten
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ___RD () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ___RD () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ____D () C:\Users\marki_lokal\AppData\Roaming\Adobe
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ____D () C:\Users\marki_lokal\AppData\Local\VirtualStore
2014-01-25 12:03 - 2014-01-25 12:04 - 00000000 ____D () C:\Users\marki_lokal
2014-01-25 12:03 - 2013-10-17 14:07 - 00000000 ____D () C:\Users\marki_lokal\AppData\Local\Microsoft Help
2014-01-25 12:03 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-25 12:03 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-25 12:03 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-01-25 12:03 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-25 11:59 - 2014-01-25 11:59 - 00000000 ___HD () C:\$SysReset
2014-01-23 13:58 - 2014-01-23 13:58 - 00001058 _____ () C:\Users\Public\Desktop\PDF-XChange Editor.lnk
2014-01-23 13:58 - 2014-01-23 13:58 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Tracker Software
2014-01-23 13:58 - 2014-01-23 13:58 - 00000000 ____D () C:\Program Files\Tracker Software
2014-01-23 13:56 - 2014-01-23 13:56 - 00000000 ____D () C:\Users\rpmar_000\Documents\PDF-Viewer
2014-01-23 13:54 - 2014-01-23 13:56 - 53393688 _____ () C:\Users\rpmar_000\Downloads\PDFXVE3_3.0.307.1.zip
2014-01-23 11:39 - 2014-02-01 12:51 - 00000000 ____D () C:\AdwCleaner
2014-01-23 11:27 - 2014-01-23 11:27 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperia Online
2014-01-23 11:27 - 2012-07-25 12:03 - 00016896 _____ () C:\WINDOWS\system32\sasnative64.exe
2014-01-23 11:26 - 2014-01-25 11:27 - 00000138 _____ () C:\Users\rpmar_000\AppData\Roaming\WB.CFG
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\ATI
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\ATI
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D () C:\ProgramData\ATI
2014-01-23 10:51 - 2014-01-23 13:57 - 00000000 ____D () C:\ProgramData\Package Cache
2014-01-23 10:51 - 2014-01-23 10:51 - 00055441 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201401231051561539.log
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D () C:\Program Files (x86)\Advanced Micro Devices, Inc
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D () C:\AMD
2014-01-23 10:48 - 2013-12-09 01:34 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-01-23 10:48 - 2013-12-09 01:04 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-01-23 10:48 - 2013-11-27 16:34 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2014-01-23 10:48 - 2013-11-27 16:27 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-01-23 10:48 - 2013-11-27 15:00 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-01-23 10:48 - 2013-11-27 14:47 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2014-01-23 10:48 - 2013-11-27 13:02 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys
2014-01-23 10:48 - 2013-11-27 11:54 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-01-23 10:48 - 2013-11-27 11:24 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2014-01-23 10:48 - 2013-11-27 11:08 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-01-23 10:48 - 2013-11-27 10:46 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2014-01-23 10:48 - 2013-11-27 10:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2014-01-23 10:48 - 2013-11-27 10:17 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-01-23 10:48 - 2013-11-27 10:10 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2014-01-23 10:48 - 2013-11-27 09:58 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-01-23 10:48 - 2013-11-27 09:56 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2014-01-23 10:48 - 2013-11-27 09:20 - 04106240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-01-23 10:48 - 2013-11-27 05:01 - 00385614 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-01-23 10:48 - 2013-11-26 14:22 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-01-23 10:48 - 2013-11-26 14:20 - 02131120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-01-23 10:48 - 2013-11-26 14:20 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-01-23 10:48 - 2013-11-26 14:20 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcmde.dll
2014-01-23 10:48 - 2013-11-26 14:20 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-01-23 10:48 - 2013-11-26 12:50 - 01371312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-01-23 10:48 - 2013-11-26 12:44 - 02142936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-01-23 10:48 - 2013-11-26 12:44 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-01-23 10:48 - 2013-11-26 11:13 - 04191232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-01-23 10:48 - 2013-11-26 10:21 - 18577920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-01-23 10:48 - 2013-11-26 09:28 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-01-23 10:48 - 2013-11-25 02:45 - 00142680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-01-23 10:48 - 2013-11-25 02:32 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-01-23 10:48 - 2013-11-25 00:30 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-01-23 10:48 - 2013-11-25 00:28 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-01-23 10:48 - 2013-11-23 13:47 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-01-23 10:48 - 2013-11-23 12:49 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-01-23 10:48 - 2013-11-23 09:19 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-01-23 10:48 - 2013-11-23 08:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
2014-01-23 10:48 - 2013-11-23 08:13 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2014-01-23 10:48 - 2013-11-23 08:08 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-01-23 10:48 - 2013-11-23 05:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-01-23 10:48 - 2013-11-23 04:57 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-01-23 10:48 - 2013-11-23 04:48 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-01-23 10:48 - 2013-11-23 04:25 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-01-23 10:48 - 2013-11-23 04:25 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-01-23 10:48 - 2013-11-23 04:19 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-01-23 10:48 - 2013-11-23 04:15 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-01-23 10:48 - 2013-11-21 07:58 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll
2014-01-23 10:48 - 2013-11-21 07:26 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-01-23 10:48 - 2013-11-16 06:11 - 00764856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-01-23 10:48 - 2013-11-15 19:19 - 00669344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-01-23 10:48 - 2013-11-15 15:59 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2014-01-23 10:48 - 2013-11-15 15:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2014-01-23 10:48 - 2013-11-15 15:08 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-01-23 10:48 - 2013-11-15 14:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-01-23 10:48 - 2013-11-05 21:12 - 02551128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-01-23 10:48 - 2013-10-31 01:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-01-23 10:48 - 2013-10-31 00:41 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-01-23 10:47 - 2013-12-11 08:55 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-01-23 10:47 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-23 10:47 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-23 10:47 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-23 10:47 - 2013-11-27 11:34 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-01-23 10:47 - 2013-11-27 10:54 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-23 10:47 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-23 10:47 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-23 10:47 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-23 10:47 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-23 10:47 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-23 10:47 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-22 13:28 - 2014-01-22 13:28 - 00003118 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003092 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003062 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003060 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-01-21 15:28 - 2014-01-21 15:29 - 28028590 _____ () C:\Users\rpmar_000\Downloads\WIT-Photobox.zip
==================== One Month Modified Files and Folders =======
2014-02-10 15:41 - 2014-02-10 15:41 - 00000000 ____D () C:\Users\rpmar_000\Desktop\FRST-OlderVersion
2014-02-10 15:41 - 2014-01-30 16:49 - 02170880 _____ (Farbar) C:\Users\rpmar_000\Desktop\FRST64.exe
2014-02-10 15:41 - 2014-01-30 14:08 - 00023982 _____ () C:\Users\rpmar_000\Desktop\FRST.txt
2014-02-10 15:41 - 2014-01-30 14:05 - 00000000 ____D () C:\FRST
2014-02-10 15:40 - 2014-02-10 15:40 - 00000572 _____ () C:\Users\rpmar_000\Desktop\Fixlist.txt
2014-02-10 15:26 - 2013-10-17 14:09 - 01892572 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-10 15:24 - 2013-10-22 08:58 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\E7546975-342B-4B7C-A126-4E5CA701679A.aplzod
2014-02-10 15:24 - 2012-11-12 15:19 - 00000000 ____D () C:\Users\rpmar_000\Documents\Outlook-Dateien
2014-02-10 15:17 - 2012-11-14 11:32 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-10 15:13 - 2013-09-30 05:14 - 01812910 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-10 15:13 - 2013-09-30 04:58 - 00782352 _____ () C:\WINDOWS\system32\perfh007.dat
2014-02-10 15:13 - 2013-09-30 04:58 - 00164592 _____ () C:\WINDOWS\system32\perfc007.dat
2014-02-10 15:12 - 2012-11-12 17:22 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1379490362-2251337210-4251339374-1001
2014-02-10 15:07 - 2012-11-18 10:51 - 00000000 ___RD () C:\Users\rpmar_000\Dropbox
2014-02-10 15:07 - 2012-11-18 10:46 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Dropbox
2014-02-10 15:06 - 2014-01-07 10:42 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-10 15:06 - 2013-10-17 14:16 - 00000000 __RDO () C:\Users\rpmar_000\SkyDrive
2014-02-10 15:06 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-10 15:06 - 2012-12-11 18:25 - 00181916 _____ () C:\ndsvc.log
2014-02-10 15:06 - 2012-11-14 11:32 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-10 15:05 - 2014-02-03 10:33 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\vlc
2014-02-10 15:05 - 2013-08-22 14:25 - 04980736 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-10 15:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-10 14:53 - 2012-11-12 17:23 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-10 14:47 - 2013-09-29 20:05 - 00506262 _____ () C:\WINDOWS\PFRO.log
2014-02-10 14:47 - 2012-11-14 11:34 - 00000000 ____D () C:\Program Files\Google
2014-02-10 14:47 - 2012-11-14 11:32 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-10 14:46 - 2012-11-12 15:30 - 00000000 ____D () C:\Users\rpmar_000\Documents\WISO Mein Geld
2014-02-10 14:41 - 2012-11-14 11:32 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\Google
2014-02-10 14:31 - 2012-12-11 18:25 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\CrashDumps
2014-02-10 14:04 - 2014-01-30 14:17 - 00000000 ____D () C:\Users\rpmar_000\Documents\Malware
2014-02-10 14:03 - 2014-02-10 14:03 - 01110478 _____ () C:\Users\rpmar_000\Downloads\ProcessMonitor.zip
2014-02-08 11:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-02-07 09:52 - 2014-02-03 10:29 - 00000887 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-02-07 09:48 - 2013-11-12 11:42 - 00000000 ____D () C:\Program Files (x86)\sysTPL
2014-02-07 09:44 - 2014-02-07 09:44 - 00448512 _____ (OldTimer Tools) C:\Users\rpmar_000\Downloads\TFC.exe
2014-02-07 09:35 - 2013-12-02 13:48 - 00000000 __SHD () C:\Users\rpmar_000\wc
2014-02-07 09:27 - 2014-02-07 09:27 - 00004570 _____ () C:\Users\rpmar_000\Downloads\Antrag (17).xml
2014-02-06 16:29 - 2012-11-12 08:56 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\Packages
2014-02-06 15:54 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-02-06 15:46 - 2012-11-14 12:37 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-02-06 11:10 - 2014-02-06 10:43 - 00000000 ____D () C:\Users\rpmar_000\Documents\Fiddler2
2014-02-06 10:42 - 2014-02-06 10:42 - 00805608 _____ (Telerik) C:\Users\rpmar_000\Downloads\fiddler4setup (1).exe
2014-02-06 10:42 - 2014-02-06 10:41 - 00000000 ____D () C:\Program Files (x86)\Fiddler2
2014-02-06 10:41 - 2014-02-06 10:41 - 00805608 _____ (Telerik) C:\Users\rpmar_000\Downloads\fiddler4setup.exe
2014-02-05 17:57 - 2014-01-30 15:42 - 00011750 _____ () C:\Users\rpmar_000\Documents\Einnahme_Ausgabe.xlsx
2014-02-05 16:38 - 2014-02-05 16:21 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-02-05 16:21 - 2014-02-05 16:21 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\ParetoLogic
2014-02-05 16:21 - 2014-02-05 16:21 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\DriverCure
2014-02-05 16:20 - 2014-02-05 16:20 - 05249448 _____ (ParetoLogic Inc.) C:\Users\rpmar_000\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-02-05 15:42 - 2012-11-12 15:17 - 00000000 ____D () C:\Users\rpmar_000\Documents\Gloricus
2014-02-05 14:53 - 2012-11-12 17:23 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-02-05 14:44 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-02-05 14:43 - 2014-02-04 08:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-05 14:34 - 2013-08-22 15:46 - 00300465 _____ () C:\WINDOWS\setupact.log
2014-02-04 17:52 - 2014-02-04 17:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-04 16:42 - 2013-10-17 14:05 - 00000000 ____D () C:\Users\rpmar_000
2014-02-04 15:46 - 2014-02-04 15:46 - 00119443 _____ () C:\Users\rpmar_000\Desktop\TDSSKiller_Report.txt
2014-02-04 15:31 - 2014-02-04 15:30 - 04101441 _____ () C:\Users\rpmar_000\Downloads\tdsskiller.zip
2014-02-04 15:24 - 2014-02-04 15:24 - 00000000 _____ () C:\Users\rpmar_000\Desktop\gmer.txt
2014-02-04 15:07 - 2014-02-04 15:07 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\rpmar_000\Downloads\tdsskiller.exe
2014-02-04 15:02 - 2014-02-04 15:02 - 00380416 _____ () C:\Users\rpmar_000\Downloads\xceq2g82.exe
2014-02-04 15:02 - 2014-02-04 15:02 - 00380416 _____ () C:\Users\rpmar_000\Downloads\Gmer-19357.exe
2014-02-04 08:38 - 2014-02-04 08:38 - 00001163 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-04 08:37 - 2014-02-04 08:37 - 00283096 _____ (Mozilla) C:\Users\rpmar_000\Downloads\Firefox Setup Stub 26.0.exe
2014-02-03 17:00 - 2014-01-28 08:55 - 00216987 _____ () C:\Users\rpmar_000\Desktop\ProjStat_GCD_RPMarr.xlsx
2014-02-03 16:59 - 2013-01-10 13:28 - 00216986 _____ () C:\Users\rpmar_000\Downloads\ProjStat_GCD_RPMarr.xlsx
2014-02-03 16:23 - 2014-02-03 16:23 - 00003235 _____ () C:\Users\rpmar_000\Downloads\Antrag(2).xml
2014-02-03 13:43 - 2014-01-25 16:37 - 00000000 ____D () C:\Program Files (x86)\Dr. Hardware 2013
2014-02-03 13:41 - 2014-01-25 16:44 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-02-03 11:06 - 2014-02-03 11:06 - 02347384 _____ (ESET) C:\Users\rpmar_000\Downloads\esetsmartinstaller_enu.exe
2014-02-03 10:29 - 2013-09-26 12:45 - 00000000 ____D () C:\Program Files\VideoLAN
2014-02-03 10:26 - 2014-02-03 10:25 - 23884615 _____ () C:\Users\rpmar_000\Downloads\vlc-2.1.2-win64.exe
2014-02-01 12:51 - 2014-01-23 11:39 - 00000000 ____D () C:\AdwCleaner
2014-02-01 12:48 - 2014-02-01 12:48 - 00000637 _____ () C:\Users\rpmar_000\Desktop\JRT.txt
2014-02-01 12:43 - 2014-01-31 16:19 - 00001814 _____ () C:\sc-cleaner.txt
2014-02-01 11:36 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-02-01 10:48 - 2012-11-12 17:33 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-02-01 10:46 - 2014-01-31 14:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-01 10:44 - 2014-01-29 16:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-01 10:16 - 2014-02-01 10:16 - 00000085 _____ () C:\WINDOWS\wininit.ini
2014-02-01 10:16 - 2014-01-31 14:31 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-01-31 16:27 - 2013-12-04 10:22 - 00000000 ____D () C:\Program Files\DriveOnWeb Client
2014-01-31 16:18 - 2014-01-31 16:18 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\rpmar_000\Downloads\sc-cleaner.exe
2014-01-31 16:18 - 2014-01-31 16:18 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\rpmar_000\Desktop\sc-cleaner.exe
2014-01-31 16:15 - 2014-01-30 14:06 - 00073823 _____ () C:\Users\rpmar_000\Downloads\FRST.txt
2014-01-31 16:15 - 2014-01-30 14:06 - 00031870 _____ () C:\Users\rpmar_000\Downloads\Addition.txt
2014-01-31 14:35 - 2014-01-31 14:35 - 00000000 ____D () C:\Users\rpmar_000\Documents\ProcAlyzer Dumps
2014-01-31 14:31 - 2014-01-31 14:31 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-01-31 13:53 - 2014-01-31 13:52 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\rpmar_000\Downloads\spybot-2.2.25.exe
2014-01-31 13:45 - 2014-01-31 13:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-31 13:45 - 2014-01-31 13:26 - 00000000 ____D () C:\Users\rpmar_000\Desktop\mbar
2014-01-31 13:33 - 2014-01-31 13:33 - 00119000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-01-31 13:33 - 2014-01-31 13:24 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-31 13:24 - 2014-01-31 13:23 - 00000000 ____D () C:\Malewarebytes
2014-01-31 13:21 - 2014-01-31 13:21 - 12589848 _____ (Malwarebytes Corp.) C:\Users\rpmar_000\Downloads\mbar-1.07.0.1009.exe
2014-01-30 21:47 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-30 21:47 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-30 16:08 - 2014-01-30 16:08 - 01804472 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2014-01-30 16:00 - 2014-01-30 16:00 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-01-30 15:59 - 2014-01-30 16:00 - 01037068 _____ (Thisisu) C:\Users\rpmar_000\Desktop\JRT.exe
2014-01-30 15:59 - 2014-01-30 15:59 - 01037068 _____ (Thisisu) C:\Users\rpmar_000\Downloads\JRT.exe
2014-01-30 14:06 - 2014-01-30 14:06 - 00000119 _____ () C:\Users\rpmar_000\Desktop\Addition.txt
2014-01-30 14:05 - 2014-01-30 14:05 - 02079744 _____ (Farbar) C:\Users\rpmar_000\Downloads\FRST64.exe
2014-01-30 14:02 - 2014-01-29 16:39 - 00000000 ____D () C:\ProgramData\Updater
2014-01-30 14:02 - 2014-01-29 16:39 - 00000000 ____D () C:\ProgramData\RHelpers
2014-01-30 13:13 - 2014-01-30 15:50 - 01166132 _____ () C:\Users\rpmar_000\Desktop\adwcleaner.exe
2014-01-30 13:13 - 2014-01-30 13:13 - 01166132 _____ () C:\Users\rpmar_000\Downloads\adwcleaner.exe
2014-01-30 08:59 - 2014-01-30 08:59 - 00281136 _____ () C:\WINDOWS\Minidump\013014-7265-01.dmp
2014-01-30 08:59 - 2013-12-02 10:42 - 2056067440 _____ () C:\WINDOWS\MEMORY.DMP
2014-01-30 08:59 - 2013-12-02 10:42 - 00000000 ____D () C:\WINDOWS\Minidump
2014-01-29 20:53 - 2014-01-29 20:53 - 00009538 _____ () C:\Users\rpmar_000\Documents\Malware.txt
2014-01-29 16:49 - 2014-01-29 16:49 - 00000000 ____D () C:\ProgramData\Websteroids
2014-01-29 16:45 - 2014-01-29 16:45 - 00675048 _____ () C:\Users\rpmar_000\Downloads\AdwCleaner_Setup_Download.exe
2014-01-29 16:44 - 2014-01-29 16:44 - 01166132 _____ () C:\Users\rpmar_000\Downloads\adwcleaner-3.018.exe
2014-01-29 16:10 - 2014-01-29 16:10 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Malwarebytes
2014-01-29 16:09 - 2014-01-29 16:09 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 16:09 - 2014-01-29 16:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-29 15:43 - 2013-07-08 15:28 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-01-29 15:09 - 2014-01-29 15:09 - 00004096 _____ () C:\Users\rpmar_000\Desktop\ipdetails.txt
2014-01-29 15:02 - 2014-01-29 15:02 - 00003475 _____ () C:\Users\rpmar_000\Desktop\ipdetails1.txt
2014-01-28 18:47 - 2014-01-28 17:55 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\LogMeIn Rescue Applet
2014-01-28 18:46 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-01-28 18:20 - 2014-01-28 18:20 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-01-28 18:19 - 2014-01-28 18:19 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-01-28 18:19 - 2014-01-28 18:19 - 00008222 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-01-28 18:19 - 2014-01-28 18:19 - 00002597 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-01-28 18:19 - 2014-01-28 18:19 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-01-28 18:19 - 2012-12-11 10:33 - 00003234 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration
2014-01-28 18:19 - 2012-12-11 10:33 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-01-28 18:19 - 2012-12-11 10:30 - 00000000 ____D () C:\ProgramData\Norton
2014-01-28 18:15 - 2014-01-28 18:10 - 204480336 ____N (Symantec Corporation) C:\Users\rpmar_000\Downloads\NIS-ESD-21.1.0-GE.exe
2014-01-28 17:55 - 2014-01-28 17:55 - 00002285 _____ () C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Symantec.lnk
2014-01-28 15:28 - 2014-01-28 15:20 - 00101386 _____ () C:\Users\rpmar_000\Desktop\sfcdetails.txt
2014-01-28 15:08 - 2014-01-28 15:08 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\PackageStaging
2014-01-28 14:16 - 2014-01-28 13:00 - 00051811 _____ () C:\Users\rpmar_000\Documents\sfcdetails.txt
2014-01-25 16:49 - 2014-01-25 16:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\AIM
2014-01-25 16:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Macromed
2014-01-25 16:49 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-01-25 16:48 - 2014-01-25 16:48 - 00002116 _____ () C:\Users\Public\Desktop\Olympia Chronik 2014.lnk
2014-01-25 16:48 - 2012-11-12 18:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-25 16:46 - 2014-01-25 16:46 - 00000000 ____D () C:\Program Files (x86)\USM
2014-01-25 16:44 - 2014-01-25 16:44 - 00002268 _____ () C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO10).lnk
2014-01-25 16:44 - 2014-01-25 16:44 - 00001246 _____ () C:\Users\Public\Desktop\Ashampoo WinOptimizer 10.lnk
2014-01-25 16:44 - 2014-01-25 16:44 - 00000214 _____ () C:\Users\Public\Desktop\Your Software Deals.url
2014-01-25 16:44 - 2014-01-25 16:44 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-01-25 16:37 - 2014-01-25 16:37 - 00000996 _____ () C:\Users\rpmar_000\Desktop\Dr. Hardware 2013.lnk
2014-01-25 16:37 - 2014-01-25 16:37 - 00000996 _____ () C:\Users\marki_lokal\Desktop\Dr. Hardware 2013.lnk
2014-01-25 16:31 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Registration
2014-01-25 15:30 - 2014-01-25 15:30 - 00023489 _____ () C:\Users\rpmar_000\Documents\Transsib.txt
2014-01-25 13:41 - 2014-01-25 13:29 - 00000000 ____D () C:\Users\rpmar_000\Desktop\Neuer Ordner
2014-01-25 12:09 - 2014-01-25 12:09 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1379490362-2251337210-4251339374-1005
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D () C:\Users\marki_lokal\AppData\Roaming\Logitech
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D () C:\Users\marki_lokal\AppData\Roaming\ATI
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D () C:\Users\marki_lokal\AppData\Local\ATI
2014-01-25 12:05 - 2014-01-25 12:04 - 00000000 ____D () C:\Users\marki_lokal\AppData\Local\Packages
2014-01-25 12:04 - 2014-01-25 12:04 - 00001454 _____ () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-25 12:04 - 2014-01-25 12:04 - 00000020 ___SH () C:\Users\marki_lokal\ntuser.ini
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Vorlagen
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Startmenü
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Netzwerkumgebung
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Lokale Einstellungen
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Eigene Dateien
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Druckumgebung
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Documents\Eigene Musik
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Documents\Eigene Bilder
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\AppData\Local\Verlauf
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\AppData\Local\Anwendungsdaten
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL () C:\Users\marki_lokal\Anwendungsdaten
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ___RD () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ___RD () C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ____D () C:\Users\marki_lokal\AppData\Roaming\Adobe
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ____D () C:\Users\marki_lokal\AppData\Local\VirtualStore
2014-01-25 12:04 - 2014-01-25 12:03 - 00000000 ____D () C:\Users\marki_lokal
2014-01-25 11:59 - 2014-01-25 11:59 - 00000000 ___HD () C:\$SysReset
2014-01-25 11:27 - 2014-01-23 11:26 - 00000138 _____ () C:\Users\rpmar_000\AppData\Roaming\WB.CFG
2014-01-23 13:58 - 2014-01-23 13:58 - 00001058 _____ () C:\Users\Public\Desktop\PDF-XChange Editor.lnk
2014-01-23 13:58 - 2014-01-23 13:58 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Tracker Software
2014-01-23 13:58 - 2014-01-23 13:58 - 00000000 ____D () C:\Program Files\Tracker Software
2014-01-23 13:57 - 2014-01-23 10:51 - 00000000 ____D () C:\ProgramData\Package Cache
2014-01-23 13:56 - 2014-01-23 13:56 - 00000000 ____D () C:\Users\rpmar_000\Documents\PDF-Viewer
2014-01-23 13:56 - 2014-01-23 13:54 - 53393688 _____ () C:\Users\rpmar_000\Downloads\PDFXVE3_3.0.307.1.zip
2014-01-23 12:14 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-01-23 11:41 - 2012-11-12 17:16 - 00000000 ___RD () C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-23 11:27 - 2014-01-23 11:27 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperia Online
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\ATI
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\ATI
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D () C:\ProgramData\ATI
2014-01-23 10:54 - 2013-08-22 15:44 - 00482800 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-23 10:54 - 2012-11-12 17:16 - 00000000 ___RD () C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-01-23 10:53 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-01-23 10:53 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-01-23 10:51 - 2014-01-23 10:51 - 00055441 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201401231051561539.log
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D () C:\Program Files (x86)\Advanced Micro Devices, Inc
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D () C:\AMD
2014-01-23 10:51 - 2013-10-17 14:03 - 00000000 ____D () C:\Program Files\AMD
2014-01-23 10:46 - 2013-08-15 14:21 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-01-23 10:45 - 2012-12-12 11:45 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-23 10:40 - 2013-12-02 11:00 - 00000000 ____D () C:\Program Files\WhoCrashed
2014-01-22 13:28 - 2014-01-22 13:28 - 00003118 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003092 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003062 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003060 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-01-22 12:07 - 2012-11-13 09:31 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\Adobe
2014-01-22 12:01 - 2013-10-17 14:16 - 00000650 __RSH () C:\ProgramData\ntuser.pol
2014-01-21 15:29 - 2014-01-21 15:28 - 28028590 _____ () C:\Users\rpmar_000\Downloads\WIT-Photobox.zip
2014-01-21 11:17 - 2012-11-18 10:51 - 00001041 _____ () C:\Users\rpmar_000\Desktop\Dropbox.lnk
2014-01-21 11:17 - 2012-11-18 10:47 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-21 10:44 - 2012-11-12 17:53 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\Microsoft Help
2014-01-17 12:16 - 2013-09-01 12:25 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\FileZilla
2014-01-17 11:52 - 2013-11-18 10:31 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-01-15 07:10 - 2012-11-21 17:05 - 00000000 ____D () C:\Users\rpmar_000\AppData\Roaming\Nero
2014-01-14 17:15 - 2012-11-22 13:49 - 00000000 ____D () C:\Users\rpmar_000\AppData\Local\Nero
2014-01-14 16:31 - 2012-11-14 16:57 - 00000000 ____D () C:\ProgramData\CanonIJ
Some content of TEMP:
====================
C:\Users\rpmar_000\AppData\Local\Temp\Procmon64.exe
C:\Users\rpmar_000\AppData\Local\Temp\vlc-2.1.3-win64.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-06 14:07
==================== End Of Log ============================
|
|
10.02.2014, 16:03
| #71 |
| | Internetverbindung über Port 8877 unter WIN 8.1 Ich habe eben mal meine Registry nach der Zeichenfolge http=127.0.0.1:8877 durchsuchen lassen. Da gab es einen Eintrag unter Nero-Agent-Proxies-1. Hier der Screenshot. Kann ich den Eintrag einfach löschen? |
|
10.02.2014, 16:06
| #72 |
| /// Malwareteam | Internetverbindung über Port 8877 unter WIN 8.1 Hi ich kann dir grade nicht folgend. Tritt das Problem jetzt noch auf nachdem wir die Tasks mit GoogleUpdate entfernt haben? |
|
10.02.2014, 16:09
| #73 |
| | Internetverbindung über Port 8877 unter WIN 8.1 "Beim Deinstallieren von Updater ist ein Fehler aufgetreten, möglicherweise ist es bereits gelöscht" war die Meldung! Ich habe es aus der Programmliste entfernen lassen. |
|
10.02.2014, 16:11
| #74 | |
| /// Malwareteam | Internetverbindung über Port 8877 unter WIN 8.1Zitat:
|
|
10.02.2014, 16:12
| #75 | |
| | Internetverbindung über Port 8877 unter WIN 8.1Zitat:
|
|
| Themen zu Internetverbindung über Port 8877 unter WIN 8.1 |
| 127.0.0.1, automatisch, einstellungen, erkennen, eset, firefox, folge, folgendes, funktionieren, haken, inhalt, interne, internetverbindung, meldung, minute, neustart, outlook, port, problem, proxy-server, rechner, sport, stelle, verbindung, wetter, win |
Gruß Aneri 
Linear-Darstellung
