| |
| |||||||
Log-Analyse und Auswertung: Windows 8, 64 Bit. Probleme mit Topic Torch/ Wise EnhanceWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
30.04.2014, 12:36
| #1 |
| |  Windows 8, 64 Bit. Probleme mit Topic Torch/ Wise Enhance Hallo, ich habe seit einigen Tagen das Problem, dass vom Laptop einfach Programme und Browser geschlossen werden. Entweder kommt dann eine Fehlermeldung, (Das Programm funktioniert nicht mehr) oder es geht einfach ohne Fehlermeldung zu. Gestern fiel mir dann auf, dass beim Surfen plötzlich zwei Werbefenster sind, die vorher nicht da waren. Eines Links am Rand, klickt man auf dieses kommt man auf die Seite Topic Torch, auf der seite kann man dann disable anklicken, woraufhin aber nichts geschieht. Klickt man auf das zweite Werbefenster unten am Rand, kommt man auf die Seite Wise Enhance - Review Ich hab in den Google Chrome Einstellungen nachgeschaut, diese Erweiterungen werden mir aber nicht angezeigt. In der Systemsteuerung ist auch nichts zu finden davon. Ich habe dann gegoogelt und mir die Software Malwarebytes rungtergeladen und ausgeführt. Das Problem besteht aber immer noch. Dann habe ich dieses Forum entdeckt, und die Sachen alle runtergeladen und ausgeführt, aber das Programm GMER startet nicht bei mir. Da kommt immer dass ein anderer Prozess darauf zugreift und es geschlossen wird. Falls ich nun was vergessen habe, entschuldige ich mich schon mal Liebe grüße und Vielen Dank schon mal FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2014 Ran by ******* (administrator) on *******LAPTOP on 30-04-2014 12:25:26 Running from C:\Users\*****\Downloads Windows 8.1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\WINDOWS\system32\atiesrxx.exe (AMD) C:\WINDOWS\system32\atieclxx.exe (Hewlett-Packard Company) C:\WINDOWS\system32\Hpservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (Side Effects Software Inc.) C:\WINDOWS\system32\sesinetd.exe (Microsoft Corporation) C:\WINDOWS\system32\dashost.exe (Side Effects Software Inc.) C:\WINDOWS\system32\hserver.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (arvato digital services llc) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON_P2\Status Monitor\SESDBN.EXE (Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON_P2\Status Monitor\SEPWDN.EXE (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\LiveComm.exe (Microsoft Corporation) C:\Windows\System32\skydrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON_P2\Status Monitor\SEPSPZ.EXE (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Corporation) C:\WINDOWS\system32\wwahost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Quick Start\HPQuickstart.exe () C:\Users\*******\Downloads\adwcleaner.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Users\*******\Downloads\Defogger.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-18] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2994928 2013-06-05] (Synaptics Incorporated) HKLM\...\Run: [SEQLU] => C:\Program Files\EPSON_P2\Printer Software\SEQLUZ.EXE [950704 2012-11-16] (SEIKO EPSON CORPORATION) HKLM\...\Run: [SESMPSP] => C:\Program Files\EPSON_P2\Status Monitor\SEPSPZ.EXE [459184 2012-11-16] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-04-17] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-01] (Hewlett-Packard Company) HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-22] (CyberLink Corp.) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-05-03] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2008-09-06] (Apple Inc.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1686528 2012-03-27] (Wondershare) HKU\S-1-5-21-298893599-2156876346-56307058-1002\...\Run: [Corel Photo Downloader] => "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup HKU\S-1-5-21-298893599-2156876346-56307058-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Corel Photo Downloader] => "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk ShortcutTarget: simplicheck.lnk -> C:\Program Files (x86)\simplitec\simplicheck\simplicheck.exe (simplitec) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4 SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites03_14_18_ch&cd=2XzuyEtN2Y1L1Qzu0AtD0DtA0CtCyCyEtB0FtAzytD0BtCtCtN0D0Tzu0SzzyDtDtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCzyzyyD0AyByCtAtGtAtB0B0FtG0FyE0D0EtGtA0A0D0FtGtAtD0BtBtDtD0A0AtB0AyE0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0A0CyDyByC0AzytGtCtD0A0DtGtAyDyC0DtG0EyByCtDtGtAzztCzztCzztC0FzztA0Czz2Q&cr=1290861712&ir= SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites03_14_18_ch&cd=2XzuyEtN2Y1L1Qzu0AtD0DtA0CtCyCyEtB0FtAzytD0BtCtCtN0D0Tzu0SzzyDtDtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCzyzyyD0AyByCtAtGtAtB0B0FtG0FyE0D0EtGtA0A0D0FtGtAtD0BtBtDtD0A0AtB0AyE0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0A0CyDyByC0AzytGtCtD0A0DtGtAyDyC0DtG0EyByCtDtGtAzztCzztCzztC0FzztA0Czz2Q&cr=1290861712&ir= SearchScopes: HKLM - {2F0BA1A6-09CE-47C6-B10A-D1F1FCC65C43} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS SearchScopes: HKLM-x32 - {2F0BA1A6-09CE-47C6-B10A-D1F1FCC65C43} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites03_14_18_ch&cd=2XzuyEtN2Y1L1Qzu0AtD0DtA0CtCyCyEtB0FtAzytD0BtCtCtN0D0Tzu0SzzyDtDtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCzyzyyD0AyByCtAtGtAtB0B0FtG0FyE0D0EtGtA0A0D0FtGtAtD0BtBtDtD0A0AtB0AyE0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0A0CyDyByC0AzytGtCtD0A0DtGtAyDyC0DtG0EyByCtDtGtAzztCzztCzztC0FzztA0Czz2Q&cr=1290861712&ir= SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites03_14_18_ch&cd=2XzuyEtN2Y1L1Qzu0AtD0DtA0CtCyCyEtB0FtAzytD0BtCtCtN0D0Tzu0SzzyDtDtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCzyzyyD0AyByCtAtGtAtB0B0FtG0FyE0D0EtGtA0A0D0FtGtAtD0BtBtDtD0A0AtB0AyE0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0A0CyDyByC0AzytGtCtD0A0DtGtAyDyC0DtG0EyByCtDtGtAzztCzztCzztC0FzztA0Czz2Q&cr=1290861712&ir= SearchScopes: HKCU - {2F0BA1A6-09CE-47C6-B10A-D1F1FCC65C43} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\bx12fuek.default FF user.js: detected! => C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\bx12fuek.default\user.js FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*'))%20%7B%20return%20'PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF NetworkProxy: "type", 2 FF SelectedSearchEngine: Mysearchdial FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\bx12fuek.default\Extensions\staged [2014-04-29] FF Extension: ProxMate - Proxy on steroids! - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\bx12fuek.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2014-01-14] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ [] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF [2014-01-04] Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR StartupUrls: "hxxp://start.mysearchdial.com/?f=1&a=dsites03_14_18_ch&cd=2XzuyEtN2Y1L1Qzu0AtD0DtA0CtCyCyEtB0FtAzytD0BtCtCtN0D0Tzu0SzzyDtDtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCzyzyyD0AyByCtAtGtAtB0B0FtG0FyE0D0EtGtA0A0D0FtGtAtD0BtBtDtD0A0AtB0AyE0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0A0CyDyByC0AzytGtCtD0A0DtGtAyDyC0DtG0EyByCtDtGtAzztCzztCzztC0FzztA0Czz2Q&cr=1290861712&ir=" CHR Extension: (Google Docs) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-04] CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-04] CHR Extension: (YouTube) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-04] CHR Extension: (Google-Suche) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-04] CHR Extension: (Norton Identity Protection) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-04] CHR Extension: (Google Wallet) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-04] CHR Extension: (Google Mail) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-04] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2014-02-01] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-17] (Advanced Micro Devices, Inc.) R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-26] (CyberLink) R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-26] (CyberLink) R2 HoudiniLicenseServer; C:\WINDOWS\system32\sesinetd.exe [2613760 2014-01-10] (Side Effects Software Inc.) R2 HoudiniServer; C:\WINDOWS\system32\hserver.exe [2460160 2014-01-10] (Side Effects Software Inc.) R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-05-03] (Hewlett-Packard Development Company, L.P.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation) R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor) R2 SESMPWD; C:\Program Files\EPSON_P2\Status Monitor\SEPWDN.EXE [155568 2012-11-16] (SEIKO EPSON CORPORATION) R2 SESMSDB; C:\Program Files\EPSON_P2\Status Monitor\SESDBN.EXE [343472 2012-11-16] (SEIKO EPSON CORPORATION) R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-01-04] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [37472 2013-02-14] (Advanced Micro Devices, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-24] (Advanced Micro Devices) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider) R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation) R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-03] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-03] (Symantec Corporation) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20140303.001\IDSvia64.sys [521944 2014-01-21] (Symantec Corporation) R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-01-04] (Microsoft Corporation) S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-30] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140304.032\ENG64.SYS [126040 2014-02-26] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140304.032\EX64.SYS [2099288 2014-02-26] (Symantec Corporation) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] () S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288840 2013-04-11] (Realtek Semiconductor Corp.) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-01-04] (Microsoft Corporation) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-06-05] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-06-05] (Synaptics Incorporated) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation) R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation) R3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation) R3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation) S4 SymELAM; C:\Windows\system32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-11-15] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-01-04] (Symantec Corporation) R3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation) S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) R1 {2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64; C:\Windows\System32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys [61120 2014-04-24] (StdLib) S1 MpKsl9bbdc4c8; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E2A37FAD-C72B-4FE9-928D-CD8DAB99F952}\MpKsl9bbdc4c8.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-30 12:25 - 2014-04-30 12:25 - 00380416 _____ () C:\Users\******\Downloads\Gmer-19357.exe 2014-04-30 12:25 - 2014-04-30 12:25 - 00027306 _____ () C:\Users\*******\Downloads\FRST.txt 2014-04-30 12:24 - 2014-04-30 12:25 - 00000000 ___DC () C:\FRST 2014-04-30 12:24 - 2014-04-30 12:24 - 02061824 _____ (Farbar) C:\Users\******\Downloads\FRST64.exe 2014-04-30 12:23 - 2014-04-30 12:23 - 00050477 _____ () C:\Users\*******\Downloads\Defogger.exe 2014-04-30 12:23 - 2014-04-30 12:23 - 00000478 _____ () C:\Users\******\Downloads\defogger_disable.log 2014-04-30 12:23 - 2014-04-30 12:23 - 00000000 _____ () C:\Users\*******\defogger_reenable 2014-04-30 11:01 - 2014-04-30 11:01 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\******\Downloads\SpyHunter-Installer.exe 2014-04-30 10:50 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll 2014-04-30 10:49 - 2014-04-30 10:49 - 00000000 ___DC () C:\AdwCleaner 2014-04-30 10:47 - 2014-04-30 10:47 - 01310621 _____ () C:\Users\*******\Downloads\adwcleaner.exe 2014-04-30 09:05 - 2014-04-30 10:38 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-04-30 09:04 - 2014-04-30 09:04 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-30 09:04 - 2014-04-30 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-04-30 09:04 - 2014-04-30 09:04 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-30 09:04 - 2014-04-30 09:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-30 09:04 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-04-30 09:04 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-04-30 09:04 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-04-30 09:03 - 2014-04-30 09:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\******\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-29 19:03 - 2014-04-29 19:03 - 00000043 _____ () C:\Users\******\AppData\Roaming\WB.CFG 2014-04-29 18:58 - 2014-04-24 12:32 - 00061120 _____ (StdLib) C:\WINDOWS\system32\Drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys 2014-04-29 18:03 - 2014-04-30 11:03 - 00000334 _____ () C:\WINDOWS\Tasks\MySearchDial.job 2014-04-29 18:03 - 2014-04-29 18:04 - 24677393 _____ () C:\Users\*******\Downloads\vlc-2.1.3-win32 (1).exe 2014-04-29 18:03 - 2014-04-29 18:03 - 00002672 _____ () C:\WINDOWS\System32\Tasks\MySearchDial 2014-04-29 17:38 - 2014-04-29 17:39 - 00000000 ____D () C:\Users\*******\AppData\Roaming\vlc 2014-04-29 17:37 - 2014-04-29 17:37 - 00001085 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-04-29 17:37 - 2014-04-29 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-04-29 17:37 - 2014-04-29 17:37 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-04-29 17:34 - 2014-04-29 17:36 - 24677393 _____ () C:\Users\*******\Downloads\vlc-2.1.3-win32.exe 2014-04-29 17:33 - 2014-04-29 17:33 - 02090619 _____ () C:\Users\*******\Downloads\Nicht bestätigt 479646.crdownload 2014-04-29 17:24 - 2014-04-29 17:24 - 00001094 _____ () C:\Users\Public\Desktop\VideoConverter.lnk 2014-04-29 17:24 - 2014-04-29 17:24 - 00000000 ____D () C:\Users\*******\AppData\Roaming\1H1Q 2014-04-29 17:24 - 2014-04-29 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoConverter 2014-04-29 17:24 - 2014-04-29 17:24 - 00000000 ____D () C:\Program Files (x86)\VideoConverter 2014-04-29 11:56 - 2014-04-29 11:56 - 00000000 ____D () C:\Users\******\AppData\Local\Media Markt Fotoservice 2014-04-29 11:54 - 2014-04-29 11:54 - 00001115 _____ () C:\Users\Public\Desktop\Media Markt Fotoservice.lnk 2014-04-29 11:54 - 2014-04-29 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Markt Fotoservice 2014-04-29 11:53 - 2014-04-29 11:53 - 00000000 ____D () C:\ProgramData\Media Markt Fotoservice 2014-04-29 11:52 - 2014-04-29 11:56 - 00000000 ____D () C:\Program Files (x86)\Media Markt Fotoservice 2014-04-29 11:47 - 2014-04-29 11:51 - 132019488 _____ ( ) C:\Users\********\Downloads\MediaMarkt_Fotoservice.exe 2014-04-28 17:17 - 2014-04-28 17:20 - 00000000 ____D () C:\Users\********\Documents\Designer Files 2014-04-28 17:17 - 2014-04-28 17:17 - 00000000 ____D () C:\Users\******\AppData\Roaming\fotobuch.de AG 2014-04-28 17:17 - 2014-04-28 17:17 - 00000000 ____D () C:\ProgramData\fotobuch.de AG 2014-04-28 17:12 - 2014-04-28 17:12 - 00002094 _____ () C:\Users\*******\Desktop\Designer 2.0.lnk 2014-04-28 17:12 - 2014-04-28 17:12 - 00002094 _____ () C:\Users\******\Desktop\Designer 2.0.lnk 2014-04-28 17:12 - 2014-04-28 17:12 - 00002094 _____ () C:\Users\Gast\Desktop\Designer 2.0.lnk 2014-04-28 17:12 - 2014-04-28 17:12 - 00002094 _____ () C:\Users\*******\Desktop\Designer 2.0.lnk 2014-04-28 17:12 - 2014-04-28 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fotobuch.de 2014-04-28 17:08 - 2014-04-28 17:10 - 00000000 ____D () C:\Program Files (x86)\fotobuch.de 2014-04-28 17:08 - 2014-04-28 17:08 - 00000000 ____D () C:\WINDOWS\SysWOW64\artworks 2014-04-28 17:02 - 2014-04-28 17:04 - 17609480 _____ (Fomanu AG ) C:\Users\******\Downloads\template_spirit_02.exe 2014-04-28 16:58 - 2014-04-28 17:04 - 202388600 _____ (Fomanu AG ) C:\Users\******\Downloads\designer_20.exe 2014-04-28 16:54 - 2014-04-28 16:54 - 00001264 _____ () C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk 2014-04-28 16:54 - 2014-04-28 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Home Edition 8.1.1 2014-04-28 16:54 - 2014-04-28 16:54 - 00000000 ____D () C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 8.1.1 2014-04-28 16:54 - 2013-09-30 16:26 - 03050808 _____ () C:\WINDOWS\system32\pwNative.exe 2014-04-28 16:54 - 2013-09-30 16:26 - 00019152 ____N () C:\WINDOWS\system32\pwdrvio.sys 2014-04-28 16:54 - 2013-09-30 16:26 - 00012504 ____N () C:\WINDOWS\system32\pwdspio.sys 2014-04-28 16:53 - 2014-04-28 16:54 - 20772800 _____ (MiniTool Solution Ltd. ) C:\Users\******\Downloads\pwhe811.exe 2014-04-24 12:39 - 2014-04-24 12:39 - 00001287 _____ () C:\Users\******\Desktop\DSCF4937 - Verknüpfung.lnk 2014-04-18 15:33 - 2014-04-18 15:33 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Total Eclipse 2014-04-18 15:32 - 2014-04-18 15:32 - 00002237 _____ () C:\Users\******\Desktop\Fashion Boutique spielen.lnk 2014-04-18 15:32 - 2014-04-18 15:32 - 00002237 _____ () C:\Users\*****\Desktop\Fashion Boutique spielen.lnk 2014-04-18 15:32 - 2014-04-18 15:32 - 00002237 _____ () C:\Users\Gast\Desktop\Fashion Boutique spielen.lnk 2014-04-18 15:32 - 2014-04-18 15:32 - 00002237 _____ () C:\Users\******\Desktop\Fashion Boutique spielen.lnk 2014-04-18 13:46 - 2014-04-18 15:32 - 00001081 _____ () C:\Users\*****\Desktop\Spielkiste.lnk 2014-04-18 13:46 - 2014-04-18 15:32 - 00001081 _____ () C:\Users\*****\Desktop\Spielkiste.lnk 2014-04-18 13:46 - 2014-04-18 15:32 - 00001081 _____ () C:\Users\Gast\Desktop\Spielkiste.lnk 2014-04-18 13:46 - 2014-04-18 15:32 - 00001081 _____ () C:\Users\******\Desktop\Spielkiste.lnk 2014-04-18 13:46 - 2014-04-18 15:32 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Einfach Spielen 2014-04-18 13:46 - 2014-04-18 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Einfach Spielen 2014-04-18 13:46 - 2014-04-18 15:32 - 00000000 ____D () C:\Program Files (x86)\Einfach_Spielen 2014-04-18 13:46 - 2014-04-18 13:46 - 00002198 _____ () C:\Users\*****\Desktop\The Great Tree spielen.lnk 2014-04-18 13:46 - 2014-04-18 13:46 - 00002198 _____ () C:\Users\*****\Desktop\The Great Tree spielen.lnk 2014-04-18 13:46 - 2014-04-18 13:46 - 00002198 _____ () C:\Users\Gast\Desktop\The Great Tree spielen.lnk 2014-04-18 13:46 - 2014-04-18 13:46 - 00002198 _____ () C:\Users\******\Desktop\The Great Tree spielen.lnk 2014-04-13 14:54 - 2014-04-13 14:54 - 00000000 _____ () C:\Users\*****\AppData\Roaming\TS3Patch.lck 2014-04-13 14:53 - 2014-04-13 14:53 - 00000000 ____D () C:\Users\****\Documents\Electronic Arts 2014-04-13 14:25 - 2014-04-13 14:25 - 00018385 _____ () C:\Users\******\Desktop\Google-Ergebnis für http www.wandtattoo4all.de images articles c364eca7101b119a412c7539b5f70d7e_5.png.htm 2014-04-13 14:25 - 2014-04-13 14:25 - 00000000 ____D () C:\Users\******\Desktop\Google-Ergebnis für http www.wandtattoo4all.de images articles c364eca7101b119a412c7539b5f70d7e_5.png_files 2014-04-05 09:04 - 2014-04-05 09:04 - 00092672 ___SH () C:\Users\******\Downloads\Thumbs.db 2014-04-05 08:57 - 2014-04-06 22:41 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-298893599-2156876346-56307058-1006 2014-04-05 08:54 - 2014-04-06 11:20 - 00000000 ____D () C:\Users\******\AppData\Local\CrashDumps 2014-04-05 08:53 - 2014-04-06 10:52 - 00000000 __RDO () C:\Users\******\SkyDrive 2014-04-05 08:53 - 2014-04-05 08:53 - 00000000 ____D () C:\Users\*******\AppData\Local\Google 2014-04-05 08:52 - 2014-04-06 10:53 - 00000000 ____D () C:\Users\******\Documents\Youcam 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\******\AppData\Roaming\Synaptics 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\*******\AppData\Roaming\simplitec 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\******\AppData\Roaming\ATI 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\******\AppData\Local\Wondershare 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\******\AppData\Local\CyberLink 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\*******\AppData\Local\ATI 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\******\AppData\Local\AMD 2014-04-05 08:50 - 2014-04-06 11:20 - 00000000 ____D () C:\Users\*******\AppData\Local\Packages 2014-04-05 08:50 - 2014-04-05 08:54 - 00002270 _____ () C:\Users\*******\Desktop\Google Chrome.lnk 2014-04-05 08:50 - 2014-04-05 08:50 - 00001453 _____ () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-05 08:50 - 2014-04-05 08:50 - 00000000 ___RD () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-05 08:50 - 2014-04-05 08:50 - 00000000 ___RD () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-05 08:50 - 2014-04-05 08:50 - 00000000 ____D () C:\Users\******\AppData\Roaming\Adobe 2014-04-05 08:50 - 2014-04-05 08:50 - 00000000 ____D () C:\Users\*******\AppData\Local\VirtualStore 2014-04-05 08:50 - 2014-04-05 08:50 - 00000000 ____D () C:\Users\******\AppData\Local\Hewlett-Packard 2014-04-05 08:49 - 2014-04-05 08:53 - 00000000 ____D () C:\Users\***** 2014-04-05 08:49 - 2014-04-05 08:49 - 00000020 ___SH () C:\Users\*****\ntuser.ini 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\*****\Vorlagen 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\*****\Startmenü 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\*****\Netzwerkumgebung 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\*****\Lokale Einstellungen 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\******\Eigene Dateien 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\******\Druckumgebung 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\******\Documents\Eigene Musik 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\******\Documents\Eigene Bilder 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\******\AppData\Local\Verlauf 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\******\AppData\Local\Anwendungsdaten 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\******\Anwendungsdaten 2014-04-05 08:49 - 2014-03-13 18:30 - 00000000 ___RD () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-04-05 08:49 - 2014-01-04 19:16 - 00000000 ____D () C:\Users\******\Documents\hp.system.package.metadata 2014-04-05 08:49 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-04-05 08:49 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-04-05 08:49 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-03-31 06:46 - 2014-03-31 06:46 - 00000000 ____D () C:\Users\******\AppData\Local\Wondershare ==================== One Month Modified Files and Folders ======= 2014-04-30 12:25 - 2014-04-30 12:25 - 00380416 _____ () C:\Users\******\Downloads\Gmer-19357.exe 2014-04-30 12:25 - 2014-04-30 12:25 - 00027306 _____ () C:\Users\******\Downloads\FRST.txt 2014-04-30 12:25 - 2014-04-30 12:24 - 00000000 ___DC () C:\FRST 2014-04-30 12:24 - 2014-04-30 12:24 - 02061824 _____ (Farbar) C:\Users\******\Downloads\FRST64.exe 2014-04-30 12:23 - 2014-04-30 12:23 - 00050477 _____ () C:\Users\******\Downloads\Defogger.exe 2014-04-30 12:23 - 2014-04-30 12:23 - 00000478 _____ () C:\Users\******\Downloads\defogger_disable.log 2014-04-30 12:23 - 2014-04-30 12:23 - 00000000 _____ () C:\Users\******\defogger_reenable 2014-04-30 12:23 - 2014-01-04 19:11 - 00000000 ____D () C:\Users\****** 2014-04-30 12:21 - 2014-01-04 19:24 - 01547259 _____ () C:\WINDOWS\WindowsUpdate.log 2014-04-30 12:19 - 2014-01-12 15:37 - 00003966 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DF5DD767-92A8-444D-A483-EB1DC0AF79C8} 2014-04-30 12:19 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-04-30 11:08 - 2014-01-04 08:41 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-30 11:03 - 2014-04-29 18:03 - 00000334 _____ () C:\WINDOWS\Tasks\MySearchDial.job 2014-04-30 11:01 - 2014-04-30 11:01 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\******\Downloads\SpyHunter-Installer.exe 2014-04-30 10:49 - 2014-04-30 10:49 - 00000000 ___DC () C:\AdwCleaner 2014-04-30 10:47 - 2014-04-30 10:47 - 01310621 _____ () C:\Users\******\Downloads\adwcleaner.exe 2014-04-30 10:38 - 2014-04-30 09:05 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-04-30 10:28 - 2014-01-03 14:40 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-298893599-2156876346-56307058-1002 2014-04-30 10:09 - 2013-11-14 09:27 - 01980934 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-04-30 10:09 - 2013-11-14 09:11 - 00842568 _____ () C:\WINDOWS\system32\perfh007.dat 2014-04-30 10:09 - 2013-11-14 09:11 - 00191764 _____ () C:\WINDOWS\system32\perfc007.dat 2014-04-30 10:06 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-04-30 10:05 - 2014-01-03 14:35 - 00000000 ____D () C:\Users\******\Documents\Youcam 2014-04-30 10:04 - 2014-01-07 22:22 - 00000000 __RDO () C:\Users\******\SkyDrive 2014-04-30 10:04 - 2014-01-04 08:41 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-30 10:03 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-04-30 10:03 - 2013-08-22 16:44 - 00493304 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-04-30 10:02 - 2013-11-14 00:18 - 00028344 _____ () C:\WINDOWS\PFRO.log 2014-04-30 10:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Globalization 2014-04-30 10:02 - 2013-08-22 15:25 - 01835008 ___SH () C:\WINDOWS\system32\config\BBI 2014-04-30 10:02 - 2013-08-22 15:25 - 00000194 _____ () C:\WINDOWS\win.ini 2014-04-30 09:40 - 2014-03-23 13:55 - 00000000 ____D () C:\Users\******\AppData\Roaming\Systweak 2014-04-30 09:04 - 2014-04-30 09:04 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-30 09:04 - 2014-04-30 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-04-30 09:04 - 2014-04-30 09:04 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-30 09:04 - 2014-04-30 09:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-30 09:03 - 2014-04-30 09:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\******\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-30 07:05 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-04-29 19:48 - 2014-01-24 22:02 - 00450048 ___SH () C:\Users\******\Desktop\Thumbs.db 2014-04-29 19:03 - 2014-04-29 19:03 - 00000043 _____ () C:\Users\******\AppData\Roaming\WB.CFG 2014-04-29 18:04 - 2014-04-29 18:03 - 24677393 _____ () C:\Users\******\Downloads\vlc-2.1.3-win32 (1).exe 2014-04-29 18:03 - 2014-04-29 18:03 - 00002672 _____ () C:\WINDOWS\System32\Tasks\MySearchDial 2014-04-29 17:39 - 2014-04-29 17:38 - 00000000 ____D () C:\Users\******\AppData\Roaming\vlc 2014-04-29 17:37 - 2014-04-29 17:37 - 00001085 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-04-29 17:37 - 2014-04-29 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-04-29 17:37 - 2014-04-29 17:37 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-04-29 17:36 - 2014-04-29 17:34 - 24677393 _____ () C:\Users\******\Downloads\vlc-2.1.3-win32.exe 2014-04-29 17:33 - 2014-04-29 17:33 - 02090619 _____ () C:\Users\******\Downloads\Nicht bestätigt 479646.crdownload 2014-04-29 17:24 - 2014-04-29 17:24 - 00001094 _____ () C:\Users\Public\Desktop\VideoConverter.lnk 2014-04-29 17:24 - 2014-04-29 17:24 - 00000000 ____D () C:\Users\******\AppData\Roaming\1H1Q 2014-04-29 17:24 - 2014-04-29 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoConverter 2014-04-29 17:24 - 2014-04-29 17:24 - 00000000 ____D () C:\Program Files (x86)\VideoConverter 2014-04-29 11:56 - 2014-04-29 11:56 - 00000000 ____D () C:\Users\******\AppData\Local\Media Markt Fotoservice 2014-04-29 11:56 - 2014-04-29 11:52 - 00000000 ____D () C:\Program Files (x86)\Media Markt Fotoservice 2014-04-29 11:56 - 2013-07-19 22:55 - 00409304 _____ () C:\WINDOWS\DirectX.log 2014-04-29 11:54 - 2014-04-29 11:54 - 00001115 _____ () C:\Users\Public\Desktop\Media Markt Fotoservice.lnk 2014-04-29 11:54 - 2014-04-29 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Markt Fotoservice 2014-04-29 11:53 - 2014-04-29 11:53 - 00000000 ____D () C:\ProgramData\Media Markt Fotoservice 2014-04-29 11:51 - 2014-04-29 11:47 - 132019488 _____ ( ) C:\Users\******\Downloads\MediaMarkt_Fotoservice.exe 2014-04-28 17:20 - 2014-04-28 17:17 - 00000000 ____D () C:\Users\******\Documents\Designer Files 2014-04-28 17:17 - 2014-04-28 17:17 - 00000000 ____D () C:\Users\******\AppData\Roaming\fotobuch.de AG 2014-04-28 17:17 - 2014-04-28 17:17 - 00000000 ____D () C:\ProgramData\fotobuch.de AG 2014-04-28 17:12 - 2014-04-28 17:12 - 00002094 _____ () C:\Users\******\Desktop\Designer 2.0.lnk 2014-04-28 17:12 - 2014-04-28 17:12 - 00002094 _____ () C:\Users\******\Desktop\Designer 2.0.lnk 2014-04-28 17:12 - 2014-04-28 17:12 - 00002094 _____ () C:\Users\******\Desktop\Designer 2.0.lnk 2014-04-28 17:12 - 2014-04-28 17:12 - 00002094 _____ () C:\Users\******\Desktop\Designer 2.0.lnk 2014-04-28 17:12 - 2014-04-28 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fotobuch.de 2014-04-28 17:10 - 2014-04-28 17:08 - 00000000 ____D () C:\Program Files (x86)\fotobuch.de 2014-04-28 17:08 - 2014-04-28 17:08 - 00000000 ____D () C:\WINDOWS\SysWOW64\artworks 2014-04-28 17:04 - 2014-04-28 17:02 - 17609480 _____ (Fomanu AG ) C:\Users\******\Downloads\template_spirit_02.exe 2014-04-28 17:04 - 2014-04-28 16:58 - 202388600 _____ (Fomanu AG ) C:\Users\******\Downloads\designer_20.exe 2014-04-28 16:54 - 2014-04-28 16:54 - 00001264 _____ () C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk 2014-04-28 16:54 - 2014-04-28 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Home Edition 8.1.1 2014-04-28 16:54 - 2014-04-28 16:54 - 00000000 ____D () C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 8.1.1 2014-04-28 16:54 - 2014-04-28 16:53 - 20772800 _____ (MiniTool Solution Ltd. ) C:\Users\******\Downloads\pwhe811.exe 2014-04-28 16:42 - 2013-07-19 23:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-04-28 15:59 - 2013-11-12 12:31 - 00000000 ____D () C:\Program Files (x86)\CyberLink 2014-04-28 15:45 - 2013-07-19 22:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools 2014-04-28 15:43 - 2014-03-07 00:36 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo 2014-04-28 15:43 - 2014-03-07 00:36 - 00000000 ____D () C:\Program Files (x86)\Ashampoo 2014-04-27 00:16 - 2014-03-19 18:32 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3B319A45-4A65-42F4-A293-DCA0B531A2B2} 2014-04-26 20:40 - 2014-03-06 11:06 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-298893599-2156876346-56307058-1005 2014-04-26 18:45 - 2014-03-06 11:08 - 00000000 ____D () C:\Users\******\AppData\Local\CrashDumps 2014-04-26 18:44 - 2014-01-03 16:36 - 00000000 ____D () C:\Users\******\AppData\Local\CrashDumps 2014-04-26 10:35 - 2014-03-06 11:02 - 00000000 ____D () C:\Users\******\Documents\Youcam 2014-04-26 10:34 - 2014-03-06 11:02 - 00000000 __RDO () C:\Users\******\SkyDrive 2014-04-24 12:39 - 2014-04-24 12:39 - 00001287 _____ () C:\Users\******\Desktop\DSCF4937 - Verknüpfung.lnk 2014-04-24 12:32 - 2014-04-29 18:58 - 00061120 _____ (StdLib) C:\WINDOWS\system32\Drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys 2014-04-21 17:12 - 2013-08-22 16:46 - 00315466 _____ () C:\WINDOWS\setupact.log 2014-04-18 15:33 - 2014-04-18 15:33 - 00000000 ____D () C:\Users\******\AppData\Roaming\Total Eclipse 2014-04-18 15:32 - 2014-04-18 15:32 - 00002237 _____ () C:\Users\******\Desktop\Fashion Boutique spielen.lnk 2014-04-18 15:32 - 2014-04-18 15:32 - 00002237 _____ () C:\Users\******\Desktop\Fashion Boutique spielen.lnk 2014-04-18 15:32 - 2014-04-18 15:32 - 00002237 _____ () C:\Users\Gast\Desktop\Fashion Boutique spielen.lnk 2014-04-18 15:32 - 2014-04-18 15:32 - 00002237 _____ () C:\Users\******\Desktop\Fashion Boutique spielen.lnk 2014-04-18 15:32 - 2014-04-18 13:46 - 00001081 _____ () C:\Users\******\Desktop\Spielkiste.lnk 2014-04-18 15:32 - 2014-04-18 13:46 - 00001081 _____ () C:\Users\******\Desktop\Spielkiste.lnk 2014-04-18 15:32 - 2014-04-18 13:46 - 00001081 _____ () C:\Users\Gast\Desktop\Spielkiste.lnk 2014-04-18 15:32 - 2014-04-18 13:46 - 00001081 _____ () C:\Users\******\Desktop\Spielkiste.lnk 2014-04-18 15:32 - 2014-04-18 13:46 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Einfach Spielen 2014-04-18 15:32 - 2014-04-18 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Einfach Spielen 2014-04-18 15:32 - 2014-04-18 13:46 - 00000000 ____D () C:\Program Files (x86)\Einfach_Spielen 2014-04-18 13:47 - 2014-01-03 14:31 - 00000000 ____D () C:\Users\******\AppData\Local\VirtualStore 2014-04-18 13:46 - 2014-04-18 13:46 - 00002198 _____ () C:\Users\******\Desktop\The Great Tree spielen.lnk 2014-04-18 13:46 - 2014-04-18 13:46 - 00002198 _____ () C:\Users\******\Desktop\The Great Tree spielen.lnk 2014-04-18 13:46 - 2014-04-18 13:46 - 00002198 _____ () C:\Users\Gast\Desktop\The Great Tree spielen.lnk 2014-04-18 13:46 - 2014-04-18 13:46 - 00002198 _____ () C:\Users\******\Desktop\The Great Tree spielen.lnk 2014-04-13 14:54 - 2014-04-13 14:54 - 00000000 _____ () C:\Users\******\AppData\Roaming\TS3Patch.lck 2014-04-13 14:53 - 2014-04-13 14:53 - 00000000 ____D () C:\Users\******\Documents\Electronic Arts 2014-04-13 14:25 - 2014-04-13 14:25 - 00018385 _____ () C:\Users\******\Desktop\Google-Ergebnis für http www.wandtattoo4all.de images articles c364eca7101b119a412c7539b5f70d7e_5.png.htm 2014-04-13 14:25 - 2014-04-13 14:25 - 00000000 ____D () C:\Users\******\Desktop\Google-Ergebnis für http www.wandtattoo4all.de images articles c364eca7101b119a412c7539b5f70d7e_5.png_files 2014-04-09 12:08 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-04-06 22:41 - 2014-04-05 08:57 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-298893599-2156876346-56307058-1006 2014-04-06 12:30 - 2014-03-06 11:00 - 00000000 ____D () C:\Users\******\AppData\Local\Packages 2014-04-06 11:20 - 2014-04-05 08:54 - 00000000 ____D () C:\Users\******\AppData\Local\CrashDumps 2014-04-06 11:20 - 2014-04-05 08:50 - 00000000 ____D () C:\Users\******\AppData\Local\Packages 2014-04-06 10:53 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\******\Documents\Youcam 2014-04-06 10:52 - 2014-04-05 08:53 - 00000000 __RDO () C:\Users\******\SkyDrive 2014-04-05 09:04 - 2014-04-05 09:04 - 00092672 ___SH () C:\Users\******\Downloads\Thumbs.db 2014-04-05 08:54 - 2014-04-05 08:50 - 00002270 _____ () C:\Users\******\Desktop\Google Chrome.lnk 2014-04-05 08:53 - 2014-04-05 08:53 - 00000000 ____D () C:\Users\******\AppData\Local\Google 2014-04-05 08:53 - 2014-04-05 08:49 - 00000000 ____D () C:\Users\****** 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\******\AppData\Roaming\Synaptics 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\******\AppData\Roaming\simplitec 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\******\AppData\Roaming\ATI 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\******\AppData\Local\Wondershare 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\******\AppData\Local\CyberLink 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\******\AppData\Local\ATI 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\******\AppData\Local\AMD 2014-04-05 08:52 - 2014-01-04 20:03 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD 2014-04-05 08:50 - 2014-04-05 08:50 - 00001453 _____ () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-05 08:50 - 2014-04-05 08:50 - 00000000 ___RD () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-05 08:50 - 2014-04-05 08:50 - 00000000 ___RD () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-05 08:50 - 2014-04-05 08:50 - 00000000 ____D () C:\Users\******\AppData\Roaming\Adobe 2014-04-05 08:50 - 2014-04-05 08:50 - 00000000 ____D () C:\Users\******\AppData\Local\VirtualStore 2014-04-05 08:50 - 2014-04-05 08:50 - 00000000 ____D () C:\Users\******\AppData\Local\Hewlett-Packard 2014-04-05 08:49 - 2014-04-05 08:49 - 00000020 ___SH () C:\Users\******\ntuser.ini 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\******\Vorlagen 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\******\Startmenü 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\******\Netzwerkumgebung 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\******\Lokale Einstellungen 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\******\Eigene Dateien 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\******\Druckumgebung 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\******\Documents\Eigene Musik 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\******\Documents\Eigene Bilder 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\******\AppData\Local\Verlauf 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\******\AppData\Local\Anwendungsdaten 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\******\Anwendungsdaten 2014-04-04 19:45 - 2014-01-03 14:31 - 00000000 ____D () C:\Users\******\AppData\Local\Packages 2014-04-03 09:51 - 2014-04-30 09:04 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-30 09:04 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-30 09:04 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-04-01 19:33 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\tracing 2014-03-31 06:46 - 2014-03-31 06:46 - 00000000 ____D () C:\Users\Gast\AppData\Local\Wondershare 2014-03-31 06:45 - 2014-03-12 10:44 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-31 06:45 - 2014-03-12 10:44 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools Some content of TEMP: ==================== C:\Users\******\AppData\Local\Temp\AutoRun.exe C:\Users\******\AppData\Local\Temp\AutoRunGUI.dll C:\Users\******\AppData\Local\Temp\card_setup.exe C:\Users\******\AppData\Local\Temp\COMAP.EXE C:\Users\******\AppData\Local\Temp\drm_dyndata_7350007.dll C:\Users\******\AppData\Local\Temp\EAInstall.dll C:\Users\******\AppData\Local\Temp\eauninstall.exe C:\Users\******\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\******\AppData\Local\Temp\INST011.dll C:\Users\******\AppData\Local\Temp\Quarantine.exe C:\Users\******\AppData\Local\Temp\SHSetup.exe C:\Users\******\AppData\Local\Temp\SimsCS_Uninst.exe C:\Users\******\AppData\Local\Temp\The Sims Castaway Stories_uninst.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-25 09:34 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2014
Ran by ****** at 2014-04-30 12:27:25
Running from C:\Users\******\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Alamandi (HKLM-x32\...\Alamandi) (Version: 0.0.0.0 - INTENIUM GmbH)
Alice im Wunderland (HKLM-x32\...\Alice im Wunderland) (Version: 1.0.0.0 - INTENIUM GmbH)
AMD Accelerated Video Transcoding (Version: 12.10.100.30416 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{DEC772E6-D0C7-9964-5D30-DEC57EF1B26F}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.0416.2338.40605 - Ihr Firmenname) Hidden
AMD VISION Engine Control Center (x32 Version: 2013.0416.2338.40605 - Ihr Firmenname) Hidden
Anno 1701 (HKLM-x32\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.02 - Sunflowers)
Ashampoo Slideshow Studio 2013 v.1.0.2 (HKLM-x32\...\{91B33C97-34D2-9841-084D-BE4849F6A38F}_is1) (Version: 1.0.2 - Ashampoo GmbH & Co. KG)
Bengal Special (HKLM-x32\...\Bengal Special) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{3091A8EB-386B-46D7-8E19-4139424261DD}) (Version: 1.24.0 - Kovid Goyal)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0416.2338.40605 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0416.2338.40605 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0416.2338.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0416.2338.40605 - Advanced Micro Devices, Inc.) Hidden
Context Free (HKCU\...\{DD0B06AD-5E55-41be-88E5-E9D13BAF06F4}) (Version: - )
Corel Painter Photo Essentials 4 (HKLM-x32\...\_{707EB912-C597-49D8-9460-46CC9AB03EBE}) (Version: - Corel Corporation)
Corel Painter Photo Essentials 4 (x32 Version: 4.1 - Corel Corporation) Hidden
Corel PaintShop Pro X6 (HKLM-x32\...\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.2.0.20 - Corel Corporation)
Corel PaintShop Pro X6 (x32 Version: 16.2.0.20 - Corel Corporation) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.4.2928 - CyberLink Corp.) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4128 - CyberLink Corp.)
Cyberlink PhotoDirector (x32 Version: 3.0.2.4128 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.3026 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.4.3026 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1.3024 - CyberLink Corp.)
CyberLink PowerDVD 12 (x32 Version: 12.0.1.3024 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1.2922 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 5.0.1.2922 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Das große Franzis HDR-Paket (HKLM-x32\...\Das große Franzis HDR-Paket_is1) (Version: - )
Designer 2.0 (HKLM-x32\...\Designer 2.0_is1) (Version: 7.9.6 - Fomanu AG)
Deutschland Digital 1.0.0 (HKLM-x32\...\Deutschland Digital_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 1.0.0.45 - INTENIUM GmbH)
Die Sims™ 3 "Erstelle eine Welt"-Tool - Beta (HKLM-x32\...\{65761BAE-11E8-48FE-B30F-1F01011AB906}) (Version: 1.19.6 - Electronic Arts)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.63.5 - Electronic Arts)
Die Sims™ 3 Design-Garten-Accessoires (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Erstelle ein Muster-Tool (HKLM-x32\...\{44EAFE3D-09A9-4478-A2BF-0EED22F4E49F}) (Version: 1.0.0 - Electronic Arts)
Die Sims™ 3 Gib Gas-Accessoires (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
Die Sims™ 3 Inselparadies (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
Die Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
Die Sims™ 3 Stadt-Accessoires (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
Die Sims™ 3 Traumsuite-Accessoires (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
Die Wiege Roms (HKLM-x32\...\Die Wiege Roms) (Version: - )
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
EPSON Printer Software (HKLM-x32\...\{7612D261-8150-4B33-ADEE-3D3C086F0815}) (Version: 1.000.00.00 - EPSON)
Filters Unlimited 2.0 Demo (HKLM-x32\...\Filters Unlimited Demo_is1) (Version: - )
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free-Jahreskalender 2014 (HKLM-x32\...\{91C15625-F1F9-4268-921D-F6024BFD7526}) (Version: 10.00.2014 - OW-SOFT)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Harrys Filters 4.0 (Plugin) (HKLM\...\Harrys Filters 4.0 (Plugin)_is1) (Version: - The Plugin Site)
HDR Darkroom 6 Windows Version v1.0.0 (HKLM-x32\...\HDR Darkroom 6) (Version: Windows Version v1.0.0 - HengTu, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Houdini 13.0.288 (HKLM\...\Houdini 13.0.288) (Version: 13.0.288 - Side Effects Software)
HP 3D DriveGuard (HKLM-x32\...\{AE2F1669-5B1F-47C5-B639-78D74DD0BCE4}) (Version: 6.0.9.1 - Ihr Firmenname)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKCU\...\HPConnectedMusic) (Version: 1.1 (build 77) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{61245005-66F1-4001-AEE8-2E2D36F65C28}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden
HP Quick Start (HKLM-x32\...\{BB27C290-AB30-4D9E-A5D1-88745AAE42E9}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Recovery Manager (x32 Version: 11.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6838.4521 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{C88F84E5-AE23-44BD-922C-2ABEACACAF7A}) (Version: 7.2.23.56 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{1C5BBAD8-4079-4014-8803-751333FBC112}) (Version: 1.0.8 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{A48BD764-CFDF-40A5-A07A-710908044F5D}) (Version: 2.2.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
ICA (x32 Version: 16.1.0.48 - Corel Corporation) Hidden
Image Inc. 1.2 (HKLM-x32\...\{A3E28CE6-970F-4DF7-9013-1DDEA2B829A3}_is1) (Version: - Cybia)
Incomedia WebSite X5 v10 - Home (HKLM-x32\...\{22B260EE-79AD-4F4C-9E06-349E8F1D958C}_is1) (Version: 10.1.0.39 - Incomedia s.r.l.)
IPM_PSP_COM (x32 Version: 16.1.0.48 - Corel Corporation) Hidden
IPM_PSP_COM64 (Version: 16.1.0.48 - Corel Corporation) Hidden
Jodie Drake and the World in Peril (HKLM-x32\...\Jodie Drake and the World in Peril) (Version: 1.0.0.0 - INTENIUM GmbH)
MAGIX Web Designer 7 (HKLM-x32\...\MX.{EE8462F7-1BC5-4DC3-9FAD-F38572A030D7}) (Version: 7.1.2.26041 - MAGIX AG)
MAGIX Web Designer 7 (Version: 7.1.2.26041 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Media Markt Fotoservice 5.2 (HKLM-x32\...\Media Markt Fotoservice_is1) (Version: - )
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Expression Web 4 (x32 Version: 4.0.1460.0 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Mobile Connection Manager (HKLM-x32\...\o2DE) (Version: - Mobile Connection Manager)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.4.0.40 - Symantec Corporation)
NVIDIA Photoshop Plug-ins 64 bit (HKLM-x32\...\{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}) (Version: 8.50 - )
Nvu 1.0 (HKLM-x32\...\Nvu_is1) (Version: 1.0 - Thorsten Fritz)
OEM Application Profile (HKLM-x32\...\{548083DD-D99B-2CE1-8D2B-D78BEB834F7A}) (Version: 1.00.0000 - Ihr Firmenname)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
Philips Phone Manager (HKLM-x32\...\{A1251409-ABB0-4D7F-888C-9180AD1BA982}) (Version: 2.0.8.1 - Philips)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PSPPContent (x32 Version: 16.1.0.48 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 16.1.0.48 - Corel Corporation) Hidden
PSPPro64 (Version: 16.2.0.20 - Corel Corporation) Hidden
Puntsch Zitatenhandbuch 2.0 (HKLM-x32\...\InstallShield_{F5BFDD52-230F-4A94-B302-19606FBD9266}) (Version: 1.00.0000 - USM)
Puntsch Zitatenhandbuch 2.0 (x32 Version: 1.00.0000 - USM) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime (HKLM-x32\...\{8DC42D05-680B-41B0-8878-6C14D24602DB}) (Version: 7.55.90.70 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.29060 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6950 - Realtek Semiconductor Corp.)
Royal Trouble (HKLM-x32\...\Royal Trouble) (Version: 1.0.0.0 - INTENIUM GmbH)
Setup (x32 Version: 16.1.0.48 - Ihr Firmenname) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 1.0.0.0 - Electronic Arts)
simplitec simplicheck (HKLM-x32\...\{183D780B-28F9-41BA-A2CB-605F324A5781}) (Version: 1.3.10.0 - simplitec GmbH)
SlimDX Runtime .NET 2.0 (January 2012) (HKLM-x32\...\{014A2868-BE56-4888-A16C-693989B8F153}) (Version: 2.0.13.43 - SlimDX Group)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.5.1 - Synaptics Incorporated)
TSR Workshop (HKLM-x32\...\{33100EE2-5EDF-4AB1-BF08-D767E3AED642}) (Version: 2.0.86 - The Sims Resource)
Video Converter Packages (HKCU\...\Video Converter Packages) (Version: - ) <==== ATTENTION
VideoConverter (HKLM-x32\...\VideoConverter) (Version: ${VERSION} - )
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Koninklijke Philips Electronics N.V. (usbser) Ports (05/31/2012 6.0.0.0) (HKLM\...\119046B6D39BBB85A700BB4D451858A003C331AC) (Version: 05/31/2012 6.0.0.0 - Koninklijke Philips Electronics N.V.)
Windows-Treiberpaket - Koninklijke Philips Electronics N.V. (usbser) Ports (05/31/2012 6.0.0.0) (HKLM\...\4D59E7849DD13622C7CD9736C3BC8D67F8FF1F23) (Version: 05/31/2012 6.0.0.0 - Koninklijke Philips Electronics N.V.)
Windows-Treiberpaket - Koninklijke Philips Electronics N.V. (usbser) Ports (05/31/2012 6.0.0.0) (HKLM\...\768E87C91FF81FF582D166E1AC9D74633D9B741D) (Version: 05/31/2012 6.0.0.0 - Koninklijke Philips Electronics N.V.)
Windows-Treiberpaket - Koninklijke Philips Electronics N.V. (usbser) Ports (05/31/2012 6.0.0.0) (HKLM\...\C24BC9096B2E5D1847B32CB5C18C05C9AA99B843) (Version: 05/31/2012 6.0.0.0 - Koninklijke Philips Electronics N.V.)
Wondershare Fantashow(Build 2.0.1) (HKLM-x32\...\Wondershare Fantashow_is1) (Version: - Wondershare Software)
Wondershare Photo Collage Studio 2012 4.2.18.6 (HKLM-x32\...\Wondershare Photo Collage Studio 2012_is1) (Version: 4.2.18.6 - Wondershare Software Co.,Ltd.)
World Riddles: Secrets of the Ages (HKLM-x32\...\World Riddles: Secrets of the Ages) (Version: 1.0.0.0 - INTENIUM GmbH)
ZTE USB Driver (HKLM\...\ZTE USB Driver) (Version: 1.0.1.25_TME - ZTE Corporation)
==================== Restore Points =========================
29-04-2014 05:24:41 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {07D746C3-A2E1-4C84-A781-BD7E7359BCE0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {16B3FA43-0DD0-489A-9A5D-B7FCE447ADAC} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {29DC9819-A41F-4DC5-A348-4A63B3C50857} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-04] (Google Inc.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3975E89E-46DC-4EA2-9A90-2525B4D1D501} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {467E4789-B5B8-4938-9744-4E9A294BE58E} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {72DDAE12-A529-49E2-8187-529DD1075BF6} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8D4D0A84-9B65-47E3-A7B5-7EE4B41BF4D7} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
Task: {93D74E58-418F-430E-AC2B-222F8E5C0DD7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-04] (Google Inc.)
Task: {9A33A0B4-C062-498B-8D2A-AA1E71F9D4EC} - System32\Tasks\MySearchDial => C:\Users\Nathalie\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B7BA32B6-592F-44DD-BFD6-D1639FA3567E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D7D6BCFB-56FD-4C9A-A18C-01D17D81B90F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E6D55A35-11A1-4D66-B155-BB119E17FEDB} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MySearchDial.job => C:\Users\******\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) =============
2013-04-17 00:50 - 2013-04-17 00:50 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-04-12 21:53 - 2014-04-12 21:53 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-04-17 00:50 - 2013-04-17 00:50 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-04-30 10:47 - 2014-04-30 10:47 - 01310621 _____ () C:\Users\******\Downloads\adwcleaner.exe
2014-04-30 12:23 - 2014-04-30 12:23 - 00050477 _____ () C:\Users\******\Downloads\Defogger.exe
2013-11-12 12:40 - 2013-03-12 16:51 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-12 23:53 - 2013-03-12 23:53 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-01-04 08:48 - 2012-05-30 08:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2014-04-28 23:13 - 2014-04-24 02:33 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2014-04-28 23:13 - 2014-04-24 02:33 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
2014-04-28 23:13 - 2014-04-24 02:33 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll
2014-04-28 23:13 - 2014-04-24 02:33 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-04-28 23:13 - 2014-04-24 02:33 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-04-28 23:13 - 2014-04-24 02:33 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:054B9966
AlternateDataStreams: C:\Users\******\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\******\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\******\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/30/2014 11:12:24 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3109
Error: (04/30/2014 11:12:24 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3109
Error: (04/30/2014 11:12:24 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/30/2014 11:12:23 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1531
Error: (04/30/2014 11:12:23 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1531
Error: (04/30/2014 11:12:23 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/29/2014 02:40:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1531
Error: (04/29/2014 02:40:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1531
Error: (04/29/2014 02:40:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/29/2014 06:53:12 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22185297
System errors:
=============
Error: (04/30/2014 11:12:19 AM) (Source: Service Control Manager) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/30/2014 10:03:57 AM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "O2BOX" zum Namen "******LAPTOP" auf Transport "NetBT_Tcpip_{436D2B84-2B2F-4DA7-AA13-0F9A971320E6}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
Error: (04/30/2014 10:00:01 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (04/30/2014 09:49:48 AM) (Source: DCOM) (User: ******LAPTOP)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (04/30/2014 09:49:18 AM) (Source: DCOM) (User: ******LAPTOP)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (04/30/2014 09:40:28 AM) (Source: DCOM) (User: ******LAPTOP)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (04/30/2014 08:40:22 AM) (Source: DCOM) (User: ******LAPTOP)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (04/30/2014 08:39:52 AM) (Source: DCOM) (User: ******LAPTOP)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (04/30/2014 08:01:45 AM) (Source: DCOM) (User: ******LAPTOP)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (04/30/2014 08:01:15 AM) (Source: DCOM) (User: ******LAPTOP)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Microsoft Office Sessions:
=========================
Error: (04/30/2014 11:12:24 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3109
Error: (04/30/2014 11:12:24 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3109
Error: (04/30/2014 11:12:24 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/30/2014 11:12:23 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1531
Error: (04/30/2014 11:12:23 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1531
Error: (04/30/2014 11:12:23 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/29/2014 02:40:20 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1531
Error: (04/29/2014 02:40:20 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1531
Error: (04/29/2014 02:40:20 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/29/2014 06:53:12 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22185297
==================== Memory info ===========================
Percentage of memory in use: 23%
Total physical RAM: 11462.25 MB
Available physical RAM: 8739.14 MB
Total Pagefile: 13190.25 MB
Available Pagefile: 10105.13 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:490.87 GB) (Free:389.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:18.39 GB) (Free:1.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Volume) (Fixed) (Total:421.13 GB) (Free:374.19 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 6AE15402)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
30.04.2014, 22:20
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 8, 64 Bit. Probleme mit Topic Torch/ Wise Enhance hi,
__________________Revo Uninstaller - Download - Filepony Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION Mit Revo auch Moderat die Reste entfernen lassen. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
01.05.2014, 12:39
| #3 |
| | Windows 8, 64 Bit. Probleme mit Topic Torch/ Wise Enhance Hallo Danke für die Antwort
__________________Habe alles durchgeführt mbam Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 01.05.2014 Suchlauf-Zeit: 10:20:34 Logdatei: mbam.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.05.01.06 Rootkit Datenbank: v2014.03.27.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: ******* Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 376808 Verstrichene Zeit: 1 Std, 48 Min, 9 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 1 PUP.Optional.MySearchDial.A, C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "startup_urls": [ "hxxp://start.mysearchdial.com/?f=1&a=dsites03_14_18_ch&cd=2XzuyEtN2Y1L1Qzu0AtD0DtA0CtCyCyEtB0FtAzytD0BtCtCtN0D0Tzu0SzzyDtDtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCzyzyyD0AyByCtAtGtAtB0B0FtG0FyE0D0EtGtA0A0D0FtGtAtD0BtBtDtD0A0AtB0AyE0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0A0CyDyByC0AzytGtCtD0A0DtGtAyDyC0DtG0EyByCtDtGtAzztCzztCzztC0FzztA0Czz2Q&cr=1290861712&ir=" ],), Ersetzt,[3ac616ea6a9642be6a2f2f33bf458a76] Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.205 - Bericht erstellt am 01/05/2014 um 11:41:01
# Aktualisiert 28/04/2014 von Xplode
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : ******* - *******LAPTOP
# Gestartet von : C:\Users\*******\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\simplitec
Ordner Gelöscht : C:\Program Files (x86)\sweetpacks bundle uninstaller
Ordner Gelöscht : C:\Users\*******\AppData\Roaming\simplitec
Ordner Gelöscht : C:\Users\*******\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Gast\AppData\Roaming\simplitec
Ordner Gelöscht : C:\Users\*******\AppData\Roaming\simplitec
Ordner Gelöscht : C:\Users\*******\AppData\Local\Temp\WiseEnhance
Ordner Gelöscht : C:\Users\*******\AppData\Roaming\1H1Q
Ordner Gelöscht : C:\Users\*******\AppData\Roaming\simplitec
Ordner Gelöscht : C:\Users\*******\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\4gk1uork.default\Extensions\staged\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Ordner Gelöscht : C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\bx12fuek.default\Extensions\staged\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Ordner Gelöscht : C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Ordner Gelöscht : C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Datei Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\4gk1uork.default\user.js
Datei Gelöscht : C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\bx12fuek.default\user.js
Datei Gelöscht : C:\WINDOWS\Tasks\MySearchDial.job
Datei Gelöscht : C:\WINDOWS\System32\Tasks\MySearchDial
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\Software\InstallCore
Schlüssel Gelöscht : HKLM\Software\simplitec
Schlüssel Gelöscht : HKLM\Software\systweak
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16518
-\\ Mozilla Firefox v27.0.1 (de)
[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\4gk1uork.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Mysearchdial");
[ Datei : C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\bx12fuek.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Mysearchdial");
-\\ Google Chrome v34.0.1847.131
[ Datei : C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh
[ Datei : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh
[ Datei : C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh
[ Datei : C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Gelöscht [Extension] : pflphaooapbgpeakohlggbpidpppgdff
*************************
AdwCleaner[R0].txt - [4341 octets] - [30/04/2014 10:49:44]
AdwCleaner[R1].txt - [4704 octets] - [01/05/2014 10:22:10]
AdwCleaner[S0].txt - [4353 octets] - [01/05/2014 11:41:01]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4413 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by ******* on 01.05.2014 at 12:37:11,57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2F0BA1A6-09CE-47C6-B10A-D1F1FCC65C43}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2F0BA1A6-09CE-47C6-B10A-D1F1FCC65C43}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\simplitec"
~~~ FireFox
Successfully deleted: [Folder] C:\Users\*******\AppData\Roaming\mozilla\firefox\profiles\bx12fuek.default\extensions\staged
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.05.2014 at 12:57:55,83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2014 Ran by ****** (administrator) on *******LAPTOP on 01-05-2014 13:08:43 Running from C:\Users\*******\Desktop Windows 8.1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\WINDOWS\system32\atiesrxx.exe (AMD) C:\WINDOWS\system32\atieclxx.exe (Hewlett-Packard Company) C:\WINDOWS\system32\Hpservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (Microsoft Corporation) C:\WINDOWS\system32\dashost.exe (Side Effects Software Inc.) C:\WINDOWS\system32\sesinetd.exe (Side Effects Software Inc.) C:\WINDOWS\system32\hserver.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (arvato digital services llc) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON_P2\Status Monitor\SESDBN.EXE (Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON_P2\Status Monitor\SEPWDN.EXE (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\LiveComm.exe (Microsoft Corporation) C:\WINDOWS\system32\wwahost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON_P2\Status Monitor\SEPSPZ.EXE (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Microsoft Corporation) C:\Windows\System32\skydrive.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-18] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2994928 2013-06-05] (Synaptics Incorporated) HKLM\...\Run: [SEQLU] => C:\Program Files\EPSON_P2\Printer Software\SEQLUZ.EXE [950704 2012-11-16] (SEIKO EPSON CORPORATION) HKLM\...\Run: [SESMPSP] => C:\Program Files\EPSON_P2\Status Monitor\SEPSPZ.EXE [459184 2012-11-16] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-04-17] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-01] (Hewlett-Packard Company) HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-22] (CyberLink Corp.) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-05-03] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2008-09-06] (Apple Inc.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1686528 2012-03-27] (Wondershare) HKU\S-1-5-21-298893599-2156876346-56307058-1002\...\Run: [Corel Photo Downloader] => "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk ShortcutTarget: simplicheck.lnk -> C:\Program Files (x86)\simplitec\simplicheck\simplicheck.exe (No File) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4 SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites03_14_18_ch&cd=2XzuyEtN2Y1L1Qzu0AtD0DtA0CtCyCyEtB0FtAzytD0BtCtCtN0D0Tzu0SzzyDtDtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCzyzyyD0AyByCtAtGtAtB0B0FtG0FyE0D0EtGtA0A0D0FtGtAtD0BtBtDtD0A0AtB0AyE0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0A0CyDyByC0AzytGtCtD0A0DtGtAyDyC0DtG0EyByCtDtGtAzztCzztCzztC0FzztA0Czz2Q&cr=1290861712&ir= SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites03_14_18_ch&cd=2XzuyEtN2Y1L1Qzu0AtD0DtA0CtCyCyEtB0FtAzytD0BtCtCtN0D0Tzu0SzzyDtDtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCzyzyyD0AyByCtAtGtAtB0B0FtG0FyE0D0EtGtA0A0D0FtGtAtD0BtBtDtD0A0AtB0AyE0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0A0CyDyByC0AzytGtCtD0A0DtGtAyDyC0DtG0EyByCtDtGtAzztCzztCzztC0FzztA0Czz2Q&cr=1290861712&ir= SearchScopes: HKLM - {2F0BA1A6-09CE-47C6-B10A-D1F1FCC65C43} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\bx12fuek.default FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*'))%20%7B%20return%20'PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF NetworkProxy: "type", 2 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ProxMate - Proxy on steroids! - C:\Users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\bx12fuek.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2014-01-14] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ [] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF [2014-01-04] Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR StartupUrls: "hxxp://start.mysearchdial.com/?f=1&a=dsites03_14_18_ch&cd=2XzuyEtN2Y1L1Qzu0AtD0DtA0CtCyCyEtB0FtAzytD0BtCtCtN0D0Tzu0SzzyDtDtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCzyzyyD0AyByCtAtGtAtB0B0FtG0FyE0D0EtGtA0A0D0FtGtAtD0BtBtDtD0A0AtB0AyE0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0A0CyDyByC0AzytGtCtD0A0DtGtAyDyC0DtG0EyByCtDtGtAzztCzztCzztC0FzztA0Czz2Q&cr=1290861712&ir=" CHR Extension: (Google Docs) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-04] CHR Extension: (Google Drive) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-04] CHR Extension: (YouTube) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-04] CHR Extension: (Google-Suche) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-04] CHR Extension: (Norton Identity Protection) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-04] CHR Extension: (Google Wallet) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-04] CHR Extension: (Google Mail) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-04] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2014-02-01] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-17] (Advanced Micro Devices, Inc.) R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-26] (CyberLink) R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-26] (CyberLink) R2 HoudiniLicenseServer; C:\WINDOWS\system32\sesinetd.exe [2613760 2014-01-10] (Side Effects Software Inc.) R2 HoudiniServer; C:\WINDOWS\system32\hserver.exe [2460160 2014-01-10] (Side Effects Software Inc.) R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-05-03] (Hewlett-Packard Development Company, L.P.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation) R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor) R2 SESMPWD; C:\Program Files\EPSON_P2\Status Monitor\SEPWDN.EXE [155568 2012-11-16] (SEIKO EPSON CORPORATION) R2 SESMSDB; C:\Program Files\EPSON_P2\Status Monitor\SESDBN.EXE [343472 2012-11-16] (SEIKO EPSON CORPORATION) R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-01-04] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [37472 2013-02-14] (Advanced Micro Devices, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-24] (Advanced Micro Devices) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider) R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation) R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-03] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-03] (Symantec Corporation) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20140303.001\IDSvia64.sys [521944 2014-01-21] (Symantec Corporation) R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-01-04] (Microsoft Corporation) S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-01] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140304.032\ENG64.SYS [126040 2014-02-26] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140304.032\EX64.SYS [2099288 2014-02-26] (Symantec Corporation) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] () S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288840 2013-04-11] (Realtek Semiconductor Corp.) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-01-04] (Microsoft Corporation) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-06-05] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-06-05] (Synaptics Incorporated) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation) R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation) R3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation) R3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation) S4 SymELAM; C:\Windows\system32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-11-15] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-01-04] (Symantec Corporation) R3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation) S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) R1 {2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64; C:\Windows\System32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys [61120 2014-04-24] (StdLib) S1 MpKsl9bbdc4c8; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E2A37FAD-C72B-4FE9-928D-CD8DAB99F952}\MpKsl9bbdc4c8.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-01 12:57 - 2014-05-01 13:08 - 00001506 _____ () C:\Users\*******\Desktop\JRT.txt 2014-05-01 12:37 - 2014-05-01 12:37 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-05-01 12:35 - 2014-05-01 12:36 - 01016261 _____ (Thisisu) C:\Users\*******\Desktop\JRT.exe 2014-05-01 12:34 - 2014-05-01 12:34 - 00004503 _____ () C:\Users\*******\Desktop\AdwCleaner[S0].txt 2014-05-01 10:21 - 2014-05-01 10:21 - 00001696 _____ () C:\Users\*******\Desktop\mbam.txt 2014-05-01 08:15 - 2014-05-01 08:15 - 00000767 _____ () C:\Users\*******\Desktop\Revo Uninstaller.lnk 2014-05-01 08:14 - 2014-05-01 08:15 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\*******\Downloads\mbam-setup-2.0.1.1004 (1).exe 2014-05-01 08:14 - 2014-05-01 08:14 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\*******\Downloads\revosetup95.exe 2014-04-30 13:16 - 2014-04-30 13:47 - 00028393 _____ () C:\Users\*******\Desktop\mam.txt 2014-04-30 13:11 - 2014-04-30 13:11 - 00035323 _____ () C:\Users\*******\Desktop\Addition.txt 2014-04-30 13:00 - 2014-05-01 13:08 - 00024172 _____ () C:\Users\*******\Desktop\FRST.txt 2014-04-30 12:27 - 2014-04-30 12:28 - 00035461 _____ () C:\Users\*******\Downloads\Addition.txt 2014-04-30 12:25 - 2014-04-30 12:28 - 00058262 _____ () C:\Users\*******\Downloads\FRST.txt 2014-04-30 12:25 - 2014-04-30 12:25 - 00380416 _____ () C:\Users\*******\Downloads\Gmer-19357.exe 2014-04-30 12:24 - 2014-05-01 13:08 - 00000000 ___DC () C:\FRST 2014-04-30 12:24 - 2014-04-30 12:24 - 02061824 _____ (Farbar) C:\Users\*******\Desktop\FRST64.exe 2014-04-30 12:23 - 2014-04-30 12:23 - 00050477 _____ () C:\Users\*******\Downloads\Defogger.exe 2014-04-30 12:23 - 2014-04-30 12:23 - 00000478 _____ () C:\Users\*******\Downloads\defogger_disable.log 2014-04-30 12:23 - 2014-04-30 12:23 - 00000000 _____ () C:\Users\*******\defogger_reenable 2014-04-30 11:01 - 2014-04-30 11:01 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\*******\Downloads\SpyHunter-Installer.exe 2014-04-30 10:50 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll 2014-04-30 10:49 - 2014-05-01 12:29 - 00000000 ___DC () C:\AdwCleaner 2014-04-30 10:47 - 2014-04-30 10:47 - 01310621 _____ () C:\Users\*******\Desktop\adwcleaner.exe 2014-04-30 09:05 - 2014-05-01 12:31 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-04-30 09:04 - 2014-05-01 08:17 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-30 09:04 - 2014-05-01 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-04-30 09:04 - 2014-05-01 08:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-30 09:04 - 2014-04-30 09:04 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-30 09:04 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-04-30 09:04 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-04-30 09:04 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-04-30 09:03 - 2014-04-30 09:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\*******\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-29 19:03 - 2014-04-29 19:03 - 00000043 _____ () C:\Users\*******\AppData\Roaming\WB.CFG 2014-04-29 18:58 - 2014-04-24 12:32 - 00061120 _____ (StdLib) C:\WINDOWS\system32\Drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys 2014-04-29 18:03 - 2014-04-29 18:04 - 24677393 _____ () C:\Users\*******\Downloads\vlc-2.1.3-win32 (1).exe 2014-04-29 17:38 - 2014-04-29 17:39 - 00000000 ____D () C:\Users\*******\AppData\Roaming\vlc 2014-04-29 17:37 - 2014-04-29 17:37 - 00001085 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-04-29 17:37 - 2014-04-29 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-04-29 17:37 - 2014-04-29 17:37 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-04-29 17:34 - 2014-04-29 17:36 - 24677393 _____ () C:\Users\*******\Downloads\vlc-2.1.3-win32.exe 2014-04-29 17:33 - 2014-04-29 17:33 - 02090619 _____ () C:\Users\*******\Downloads\Nicht bestätigt 479646.crdownload 2014-04-29 11:56 - 2014-04-29 11:56 - 00000000 ____D () C:\Users\*******\AppData\Local\Media Markt Fotoservice 2014-04-29 11:54 - 2014-04-29 11:54 - 00001115 _____ () C:\Users\Public\Desktop\Media Markt Fotoservice.lnk 2014-04-29 11:54 - 2014-04-29 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Markt Fotoservice 2014-04-29 11:53 - 2014-04-29 11:53 - 00000000 ____D () C:\ProgramData\Media Markt Fotoservice 2014-04-29 11:52 - 2014-04-29 11:56 - 00000000 ____D () C:\Program Files (x86)\Media Markt Fotoservice 2014-04-29 11:47 - 2014-04-29 11:51 - 132019488 _____ ( ) C:\Users\*******\Downloads\MediaMarkt_Fotoservice.exe 2014-04-28 17:17 - 2014-04-28 17:20 - 00000000 ____D () C:\Users\*******\Documents\Designer Files 2014-04-28 17:17 - 2014-04-28 17:17 - 00000000 ____D () C:\Users\*******\AppData\Roaming\fotobuch.de AG 2014-04-28 17:17 - 2014-04-28 17:17 - 00000000 ____D () C:\ProgramData\fotobuch.de AG 2014-04-28 17:12 - 2014-04-28 17:12 - 00002094 _____ () C:\Users\*******\Desktop\Designer 2.0.lnk 2014-04-28 17:12 - 2014-04-28 17:12 - 00002094 _____ () C:\Users\*******\Desktop\Designer 2.0.lnk 2014-04-28 17:12 - 2014-04-28 17:12 - 00002094 _____ () C:\Users\Gast\Desktop\Designer 2.0.lnk 2014-04-28 17:12 - 2014-04-28 17:12 - 00002094 _____ () C:\Users\*******\Desktop\Designer 2.0.lnk 2014-04-28 17:12 - 2014-04-28 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fotobuch.de 2014-04-28 17:08 - 2014-04-28 17:10 - 00000000 ____D () C:\Program Files (x86)\fotobuch.de 2014-04-28 17:08 - 2014-04-28 17:08 - 00000000 ____D () C:\WINDOWS\SysWOW64\artworks 2014-04-28 17:02 - 2014-04-28 17:04 - 17609480 _____ (Fomanu AG ) C:\Users\*******\Downloads\template_spirit_02.exe 2014-04-28 16:58 - 2014-04-28 17:04 - 202388600 _____ (Fomanu AG ) C:\Users\*******\Downloads\designer_20.exe 2014-04-28 16:54 - 2014-04-28 16:54 - 00001264 _____ () C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk 2014-04-28 16:54 - 2014-04-28 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Home Edition 8.1.1 2014-04-28 16:54 - 2014-04-28 16:54 - 00000000 ____D () C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 8.1.1 2014-04-28 16:54 - 2013-09-30 16:26 - 03050808 _____ () C:\WINDOWS\system32\pwNative.exe 2014-04-28 16:54 - 2013-09-30 16:26 - 00019152 ____N () C:\WINDOWS\system32\pwdrvio.sys 2014-04-28 16:54 - 2013-09-30 16:26 - 00012504 ____N () C:\WINDOWS\system32\pwdspio.sys 2014-04-28 16:53 - 2014-04-28 16:54 - 20772800 _____ (MiniTool Solution Ltd. ) C:\Users\*******\Downloads\pwhe811.exe 2014-04-24 12:39 - 2014-04-24 12:39 - 00001287 _____ () C:\Users\*******\Desktop\DSCF4937 - Verknüpfung.lnk 2014-04-18 15:33 - 2014-04-18 15:33 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Total Eclipse 2014-04-18 15:32 - 2014-04-18 15:32 - 00002237 _____ () C:\Users\*******\Desktop\Fashion Boutique spielen.lnk 2014-04-18 15:32 - 2014-04-18 15:32 - 00002237 _____ () C:\Users\*******\Desktop\Fashion Boutique spielen.lnk 2014-04-18 15:32 - 2014-04-18 15:32 - 00002237 _____ () C:\Users\Gast\Desktop\Fashion Boutique spielen.lnk 2014-04-18 15:32 - 2014-04-18 15:32 - 00002237 _____ () C:\Users\*******\Desktop\Fashion Boutique spielen.lnk 2014-04-18 13:46 - 2014-04-18 15:32 - 00001081 _____ () C:\Users\*******\Desktop\Spielkiste.lnk 2014-04-18 13:46 - 2014-04-18 15:32 - 00001081 _____ () C:\Users\*******\Desktop\Spielkiste.lnk 2014-04-18 13:46 - 2014-04-18 15:32 - 00001081 _____ () C:\Users\Gast\Desktop\Spielkiste.lnk 2014-04-18 13:46 - 2014-04-18 15:32 - 00001081 _____ () C:\Users\*******\Desktop\Spielkiste.lnk 2014-04-18 13:46 - 2014-04-18 15:32 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Einfach Spielen 2014-04-18 13:46 - 2014-04-18 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Einfach Spielen 2014-04-18 13:46 - 2014-04-18 15:32 - 00000000 ____D () C:\Program Files (x86)\Einfach_Spielen 2014-04-18 13:46 - 2014-04-18 13:46 - 00002198 _____ () C:\Users\*******\Desktop\The Great Tree spielen.lnk 2014-04-18 13:46 - 2014-04-18 13:46 - 00002198 _____ () C:\Users\*******\Desktop\The Great Tree spielen.lnk 2014-04-18 13:46 - 2014-04-18 13:46 - 00002198 _____ () C:\Users\Gast\Desktop\The Great Tree spielen.lnk 2014-04-18 13:46 - 2014-04-18 13:46 - 00002198 _____ () C:\Users\*******\Desktop\The Great Tree spielen.lnk 2014-04-13 14:54 - 2014-04-13 14:54 - 00000000 _____ () C:\Users\*******\AppData\Roaming\TS3Patch.lck 2014-04-13 14:53 - 2014-04-13 14:53 - 00000000 ____D () C:\Users\*******\Documents\Electronic Arts 2014-04-13 14:25 - 2014-04-13 14:25 - 00018385 _____ () C:\Users\*******\Desktop\Google-Ergebnis für http www.wandtattoo4all.de images articles c364eca7101b119a412c7539b5f70d7e_5.png.htm 2014-04-13 14:25 - 2014-04-13 14:25 - 00000000 ____D () C:\Users\*******\Desktop\Google-Ergebnis für http www.wandtattoo4all.de images articles c364eca7101b119a412c7539b5f70d7e_5.png_files 2014-04-05 09:04 - 2014-04-05 09:04 - 00092672 ___SH () C:\Users\*******\Downloads\Thumbs.db 2014-04-05 08:57 - 2014-04-06 22:41 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-298893599-2156876346-56307058-1006 2014-04-05 08:54 - 2014-04-06 11:20 - 00000000 ____D () C:\Users\*******\AppData\Local\CrashDumps 2014-04-05 08:53 - 2014-04-06 10:52 - 00000000 __RDO () C:\Users\*******\SkyDrive 2014-04-05 08:53 - 2014-04-05 08:53 - 00000000 ____D () C:\Users\*******\AppData\Local\Google 2014-04-05 08:52 - 2014-04-06 10:53 - 00000000 ____D () C:\Users\*******\Documents\Youcam 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Synaptics 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\*******\AppData\Roaming\ATI 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\*******\AppData\Local\Wondershare 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\*******\AppData\Local\CyberLink 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\*******\AppData\Local\ATI 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\*******\AppData\Local\AMD 2014-04-05 08:50 - 2014-04-06 11:20 - 00000000 ____D () C:\Users\*******\AppData\Local\Packages 2014-04-05 08:50 - 2014-04-05 08:54 - 00002270 _____ () C:\Users\*******\Desktop\Google Chrome.lnk 2014-04-05 08:50 - 2014-04-05 08:50 - 00001453 _____ () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-05 08:50 - 2014-04-05 08:50 - 00000000 ___RD () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-05 08:50 - 2014-04-05 08:50 - 00000000 ___RD () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-05 08:50 - 2014-04-05 08:50 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Adobe 2014-04-05 08:50 - 2014-04-05 08:50 - 00000000 ____D () C:\Users\*******\AppData\Local\VirtualStore 2014-04-05 08:50 - 2014-04-05 08:50 - 00000000 ____D () C:\Users\*******\AppData\Local\Hewlett-Packard 2014-04-05 08:49 - 2014-04-05 08:53 - 00000000 ____D () C:\Users\******* 2014-04-05 08:49 - 2014-04-05 08:49 - 00000020 ___SH () C:\Users\*******\ntuser.ini 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\*******\Vorlagen 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\*******\Startmenü 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\*******\Netzwerkumgebung 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\*******\Lokale Einstellungen 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\*******\Eigene Dateien 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\*******\Druckumgebung 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\*******\Documents\Eigene Musik 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\*******\Documents\Eigene Bilder 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\*******\AppData\Local\Verlauf 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\*******\AppData\Local\Anwendungsdaten 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\*******\Anwendungsdaten 2014-04-05 08:49 - 2014-03-13 18:30 - 00000000 ___RD () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-04-05 08:49 - 2014-01-04 19:16 - 00000000 ____D () C:\Users\*******\Documents\hp.system.package.metadata 2014-04-05 08:49 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-04-05 08:49 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-04-05 08:49 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance ==================== One Month Modified Files and Folders ======= 2014-05-01 13:09 - 2014-04-30 13:00 - 00024172 _____ () C:\Users\*******\Desktop\FRST.txt 2014-05-01 13:08 - 2014-05-01 12:57 - 00001506 _____ () C:\Users\*******\Desktop\JRT.txt 2014-05-01 13:08 - 2014-04-30 12:24 - 00000000 ___DC () C:\FRST 2014-05-01 13:08 - 2014-01-04 08:41 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-01 13:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-05-01 12:58 - 2014-01-03 14:40 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-298893599-2156876346-56307058-1002 2014-05-01 12:47 - 2014-01-04 19:24 - 01673429 _____ () C:\WINDOWS\WindowsUpdate.log 2014-05-01 12:43 - 2014-01-07 22:22 - 00000000 __RDO () C:\Users\*******\SkyDrive 2014-05-01 12:37 - 2014-05-01 12:37 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-05-01 12:36 - 2014-05-01 12:35 - 01016261 _____ (Thisisu) C:\Users\*******\Desktop\JRT.exe 2014-05-01 12:36 - 2013-11-14 09:27 - 01980934 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-05-01 12:36 - 2013-11-14 09:11 - 00842568 _____ () C:\WINDOWS\system32\perfh007.dat 2014-05-01 12:36 - 2013-11-14 09:11 - 00191764 _____ () C:\WINDOWS\system32\perfc007.dat 2014-05-01 12:34 - 2014-05-01 12:34 - 00004503 _____ () C:\Users\*******\Desktop\AdwCleaner[S0].txt 2014-05-01 12:32 - 2014-01-03 14:35 - 00000000 ____D () C:\Users\*******\Documents\Youcam 2014-05-01 12:31 - 2014-04-30 09:05 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-05-01 12:31 - 2014-01-04 08:41 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-01 12:30 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-05-01 12:29 - 2014-04-30 10:49 - 00000000 ___DC () C:\AdwCleaner 2014-05-01 12:29 - 2013-11-14 00:18 - 00028654 _____ () C:\WINDOWS\PFRO.log 2014-05-01 12:29 - 2013-08-22 15:25 - 01835008 ___SH () C:\WINDOWS\system32\config\BBI 2014-05-01 10:21 - 2014-05-01 10:21 - 00001696 _____ () C:\Users\*******\Desktop\mbam.txt 2014-05-01 08:18 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-05-01 08:17 - 2014-04-30 09:04 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-01 08:17 - 2014-04-30 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-01 08:17 - 2014-04-30 09:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-01 08:15 - 2014-05-01 08:15 - 00000767 _____ () C:\Users\*******\Desktop\Revo Uninstaller.lnk 2014-05-01 08:15 - 2014-05-01 08:14 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\*******\Downloads\mbam-setup-2.0.1.1004 (1).exe 2014-05-01 08:14 - 2014-05-01 08:14 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\*******\Downloads\revosetup95.exe 2014-05-01 08:09 - 2014-01-03 16:36 - 00000000 ____D () C:\Users\*******\AppData\Local\CrashDumps 2014-04-30 22:08 - 2014-01-12 15:37 - 00003966 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DF5DD767-92A8-444D-A483-EB1DC0AF79C8} 2014-04-30 13:47 - 2014-04-30 13:16 - 00028393 _____ () C:\Users\*******\Desktop\mam.txt 2014-04-30 13:11 - 2014-04-30 13:11 - 00035323 _____ () C:\Users\*******\Desktop\Addition.txt 2014-04-30 12:28 - 2014-04-30 12:27 - 00035461 _____ () C:\Users\*******\Downloads\Addition.txt 2014-04-30 12:28 - 2014-04-30 12:25 - 00058262 _____ () C:\Users\*******\Downloads\FRST.txt 2014-04-30 12:25 - 2014-04-30 12:25 - 00380416 _____ () C:\Users\*******\Downloads\Gmer-19357.exe 2014-04-30 12:24 - 2014-04-30 12:24 - 02061824 _____ (Farbar) C:\Users\*******\Desktop\FRST64.exe 2014-04-30 12:23 - 2014-04-30 12:23 - 00050477 _____ () C:\Users\*******\Downloads\Defogger.exe 2014-04-30 12:23 - 2014-04-30 12:23 - 00000478 _____ () C:\Users\*******\Downloads\defogger_disable.log 2014-04-30 12:23 - 2014-04-30 12:23 - 00000000 _____ () C:\Users\*******\defogger_reenable 2014-04-30 12:23 - 2014-01-04 19:11 - 00000000 ____D () C:\Users\******* 2014-04-30 11:01 - 2014-04-30 11:01 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\*******\Downloads\SpyHunter-Installer.exe 2014-04-30 10:47 - 2014-04-30 10:47 - 01310621 _____ () C:\Users\*******\Desktop\adwcleaner.exe 2014-04-30 10:06 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-04-30 10:03 - 2013-08-22 16:44 - 00493304 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-04-30 10:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Globalization 2014-04-30 10:02 - 2013-08-22 15:25 - 00000194 _____ () C:\WINDOWS\win.ini 2014-04-30 09:04 - 2014-04-30 09:04 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-30 09:03 - 2014-04-30 09:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\*******\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-29 19:48 - 2014-01-24 22:02 - 00450048 ___SH () C:\Users\*******\Desktop\Thumbs.db 2014-04-29 19:03 - 2014-04-29 19:03 - 00000043 _____ () C:\Users\*******\AppData\Roaming\WB.CFG 2014-04-29 18:04 - 2014-04-29 18:03 - 24677393 _____ () C:\Users\*******\Downloads\vlc-2.1.3-win32 (1).exe 2014-04-29 17:39 - 2014-04-29 17:38 - 00000000 ____D () C:\Users\*******\AppData\Roaming\vlc 2014-04-29 17:37 - 2014-04-29 17:37 - 00001085 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-04-29 17:37 - 2014-04-29 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-04-29 17:37 - 2014-04-29 17:37 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-04-29 17:36 - 2014-04-29 17:34 - 24677393 _____ () C:\Users\*******\Downloads\vlc-2.1.3-win32.exe 2014-04-29 17:33 - 2014-04-29 17:33 - 02090619 _____ () C:\Users\*******\Downloads\Nicht bestätigt 479646.crdownload 2014-04-29 11:56 - 2014-04-29 11:56 - 00000000 ____D () C:\Users\*******\AppData\Local\Media Markt Fotoservice 2014-04-29 11:56 - 2014-04-29 11:52 - 00000000 ____D () C:\Program Files (x86)\Media Markt Fotoservice 2014-04-29 11:56 - 2013-07-19 22:55 - 00409304 _____ () C:\WINDOWS\DirectX.log 2014-04-29 11:54 - 2014-04-29 11:54 - 00001115 _____ () C:\Users\Public\Desktop\Media Markt Fotoservice.lnk 2014-04-29 11:54 - 2014-04-29 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Markt Fotoservice 2014-04-29 11:53 - 2014-04-29 11:53 - 00000000 ____D () C:\ProgramData\Media Markt Fotoservice 2014-04-29 11:51 - 2014-04-29 11:47 - 132019488 _____ ( ) C:\Users\*******\Downloads\MediaMarkt_Fotoservice.exe 2014-04-28 17:20 - 2014-04-28 17:17 - 00000000 ____D () C:\Users\*******\Documents\Designer Files 2014-04-28 17:17 - 2014-04-28 17:17 - 00000000 ____D () C:\Users\*******\AppData\Roaming\fotobuch.de AG 2014-04-28 17:17 - 2014-04-28 17:17 - 00000000 ____D () C:\ProgramData\fotobuch.de AG 2014-04-28 17:12 - 2014-04-28 17:12 - 00002094 _____ () C:\Users\*******\Desktop\Designer 2.0.lnk 2014-04-28 17:12 - 2014-04-28 17:12 - 00002094 _____ () C:\Users\*******\Desktop\Designer 2.0.lnk 2014-04-28 17:12 - 2014-04-28 17:12 - 00002094 _____ () C:\Users\Gast\Desktop\Designer 2.0.lnk 2014-04-28 17:12 - 2014-04-28 17:12 - 00002094 _____ () C:\Users\*******\Desktop\Designer 2.0.lnk 2014-04-28 17:12 - 2014-04-28 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fotobuch.de 2014-04-28 17:10 - 2014-04-28 17:08 - 00000000 ____D () C:\Program Files (x86)\fotobuch.de 2014-04-28 17:08 - 2014-04-28 17:08 - 00000000 ____D () C:\WINDOWS\SysWOW64\artworks 2014-04-28 17:04 - 2014-04-28 17:02 - 17609480 _____ (Fomanu AG ) C:\Users\*******\Downloads\template_spirit_02.exe 2014-04-28 17:04 - 2014-04-28 16:58 - 202388600 _____ (Fomanu AG ) C:\Users\*******\Downloads\designer_20.exe 2014-04-28 16:54 - 2014-04-28 16:54 - 00001264 _____ () C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk 2014-04-28 16:54 - 2014-04-28 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Home Edition 8.1.1 2014-04-28 16:54 - 2014-04-28 16:54 - 00000000 ____D () C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 8.1.1 2014-04-28 16:54 - 2014-04-28 16:53 - 20772800 _____ (MiniTool Solution Ltd. ) C:\Users\*******\Downloads\pwhe811.exe 2014-04-28 16:42 - 2013-07-19 23:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-04-28 15:59 - 2013-11-12 12:31 - 00000000 ____D () C:\Program Files (x86)\CyberLink 2014-04-28 15:45 - 2013-07-19 22:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools 2014-04-28 15:43 - 2014-03-07 00:36 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo 2014-04-28 15:43 - 2014-03-07 00:36 - 00000000 ____D () C:\Program Files (x86)\Ashampoo 2014-04-27 00:16 - 2014-03-19 18:32 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3B319A45-4A65-42F4-A293-DCA0B531A2B2} 2014-04-26 20:40 - 2014-03-06 11:06 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-298893599-2156876346-56307058-1005 2014-04-26 18:45 - 2014-03-06 11:08 - 00000000 ____D () C:\Users\*******\AppData\Local\CrashDumps 2014-04-26 10:35 - 2014-03-06 11:02 - 00000000 ____D () C:\Users\*******\Documents\Youcam 2014-04-26 10:34 - 2014-03-06 11:02 - 00000000 __RDO () C:\Users\*******\SkyDrive 2014-04-24 12:39 - 2014-04-24 12:39 - 00001287 _____ () C:\Users\*******\Desktop\DSCF4937 - Verknüpfung.lnk 2014-04-24 12:32 - 2014-04-29 18:58 - 00061120 _____ (StdLib) C:\WINDOWS\system32\Drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys 2014-04-21 17:12 - 2013-08-22 16:46 - 00315466 _____ () C:\WINDOWS\setupact.log 2014-04-18 15:33 - 2014-04-18 15:33 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Total Eclipse 2014-04-18 15:32 - 2014-04-18 15:32 - 00002237 _____ () C:\Users\*******\Desktop\Fashion Boutique spielen.lnk 2014-04-18 15:32 - 2014-04-18 15:32 - 00002237 _____ () C:\Users\*******\Desktop\Fashion Boutique spielen.lnk 2014-04-18 15:32 - 2014-04-18 15:32 - 00002237 _____ () C:\Users\Gast\Desktop\Fashion Boutique spielen.lnk 2014-04-18 15:32 - 2014-04-18 15:32 - 00002237 _____ () C:\Users\*******\Desktop\Fashion Boutique spielen.lnk 2014-04-18 15:32 - 2014-04-18 13:46 - 00001081 _____ () C:\Users\*******\Desktop\Spielkiste.lnk 2014-04-18 15:32 - 2014-04-18 13:46 - 00001081 _____ () C:\Users\*******\Desktop\Spielkiste.lnk 2014-04-18 15:32 - 2014-04-18 13:46 - 00001081 _____ () C:\Users\Gast\Desktop\Spielkiste.lnk 2014-04-18 15:32 - 2014-04-18 13:46 - 00001081 _____ () C:\Users\*******\Desktop\Spielkiste.lnk 2014-04-18 15:32 - 2014-04-18 13:46 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Einfach Spielen 2014-04-18 15:32 - 2014-04-18 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Einfach Spielen 2014-04-18 15:32 - 2014-04-18 13:46 - 00000000 ____D () C:\Program Files (x86)\Einfach_Spielen 2014-04-18 13:47 - 2014-01-03 14:31 - 00000000 ____D () C:\Users\*******\AppData\Local\VirtualStore 2014-04-18 13:46 - 2014-04-18 13:46 - 00002198 _____ () C:\Users\*******\Desktop\The Great Tree spielen.lnk 2014-04-18 13:46 - 2014-04-18 13:46 - 00002198 _____ () C:\Users\*******\Desktop\The Great Tree spielen.lnk 2014-04-18 13:46 - 2014-04-18 13:46 - 00002198 _____ () C:\Users\Gast\Desktop\The Great Tree spielen.lnk 2014-04-18 13:46 - 2014-04-18 13:46 - 00002198 _____ () C:\Users\*******\Desktop\The Great Tree spielen.lnk 2014-04-13 14:54 - 2014-04-13 14:54 - 00000000 _____ () C:\Users\*******\AppData\Roaming\TS3Patch.lck 2014-04-13 14:53 - 2014-04-13 14:53 - 00000000 ____D () C:\Users\*******\Documents\Electronic Arts 2014-04-13 14:25 - 2014-04-13 14:25 - 00018385 _____ () C:\Users\*******\Desktop\Google-Ergebnis für http www.wandtattoo4all.de images articles c364eca7101b119a412c7539b5f70d7e_5.png.htm 2014-04-13 14:25 - 2014-04-13 14:25 - 00000000 ____D () C:\Users\*******\Desktop\Google-Ergebnis für http www.wandtattoo4all.de images articles c364eca7101b119a412c7539b5f70d7e_5.png_files 2014-04-09 12:08 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-04-06 22:41 - 2014-04-05 08:57 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-298893599-2156876346-56307058-1006 2014-04-06 12:30 - 2014-03-06 11:00 - 00000000 ____D () C:\Users\*******\AppData\Local\Packages 2014-04-06 11:20 - 2014-04-05 08:54 - 00000000 ____D () C:\Users\*******\AppData\Local\CrashDumps 2014-04-06 11:20 - 2014-04-05 08:50 - 00000000 ____D () C:\Users\*******\AppData\Local\Packages 2014-04-06 10:53 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\*******\Documents\Youcam 2014-04-06 10:52 - 2014-04-05 08:53 - 00000000 __RDO () C:\Users\*******\SkyDrive 2014-04-05 09:04 - 2014-04-05 09:04 - 00092672 ___SH () C:\Users\*******\Downloads\Thumbs.db 2014-04-05 08:54 - 2014-04-05 08:50 - 00002270 _____ () C:\Users\*******\Desktop\Google Chrome.lnk 2014-04-05 08:53 - 2014-04-05 08:53 - 00000000 ____D () C:\Users\*******\AppData\Local\Google 2014-04-05 08:53 - 2014-04-05 08:49 - 00000000 ____D () C:\Users\******* 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Synaptics 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\*******\AppData\Roaming\ATI 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\*******\AppData\Local\Wondershare 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\*******\AppData\Local\CyberLink 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\*******\AppData\Local\ATI 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\*******\AppData\Local\AMD 2014-04-05 08:52 - 2014-01-04 20:03 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD 2014-04-05 08:50 - 2014-04-05 08:50 - 00001453 _____ () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-05 08:50 - 2014-04-05 08:50 - 00000000 ___RD () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-05 08:50 - 2014-04-05 08:50 - 00000000 ___RD () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-05 08:50 - 2014-04-05 08:50 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Adobe 2014-04-05 08:50 - 2014-04-05 08:50 - 00000000 ____D () C:\Users\*******\AppData\Local\VirtualStore 2014-04-05 08:50 - 2014-04-05 08:50 - 00000000 ____D () C:\Users\*******\AppData\Local\Hewlett-Packard 2014-04-05 08:49 - 2014-04-05 08:49 - 00000020 ___SH () C:\Users\*******\ntuser.ini 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\*******\Vorlagen 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\*******\Startmenü 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\*******\Netzwerkumgebung 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\*******\Lokale Einstellungen 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\*******\Eigene Dateien 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\*******\Druckumgebung 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\*******\Documents\Eigene Musik 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\*******\Documents\Eigene Bilder 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\*******\AppData\Local\Verlauf 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\*******\AppData\Local\Anwendungsdaten 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\*******\Anwendungsdaten 2014-04-04 19:45 - 2014-01-03 14:31 - 00000000 ____D () C:\Users\*******\AppData\Local\Packages 2014-04-03 09:51 - 2014-04-30 09:04 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-30 09:04 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-30 09:04 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-04-01 19:33 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\tracing Some content of TEMP: ==================== C:\Users\*******\AppData\Local\Temp\AutoRun.exe C:\Users\*******\AppData\Local\Temp\AutoRunGUI.dll C:\Users\*******\AppData\Local\Temp\card_setup.exe C:\Users\*******\AppData\Local\Temp\COMAP.EXE C:\Users\*******\AppData\Local\Temp\drm_dyndata_7350007.dll C:\Users\*******\AppData\Local\Temp\EAInstall.dll C:\Users\*******\AppData\Local\Temp\eauninstall.exe C:\Users\*******\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\*******\AppData\Local\Temp\INST011.dll C:\Users\*******\AppData\Local\Temp\Quarantine.exe C:\Users\*******\AppData\Local\Temp\SHSetup.exe C:\Users\*******\AppData\Local\Temp\SimsCS_Uninst.exe C:\Users\*******\AppData\Local\Temp\The Sims Castaway Stories_uninst.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-25 09:34 ==================== End Of Log ============================ --- --- --- --- --- --- |
|
02.05.2014, 07:33
| #4 |
| /// the machine /// TB-Ausbilder | Windows 8, 64 Bit. Probleme mit Topic Torch/ Wise EnhanceESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.05.2014, 14:27
| #5 |
| | Windows 8, 64 Bit. Probleme mit Topic Torch/ Wise Enhance Hallo Eset log Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7f73a2709e5cb54d9f9793fe756c6e5b
# engine=18105
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-02 01:10:41
# local_time=2014-05-02 03:10:41 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode=3591 16777213 100 91 7284111 161632826 0 0
# compatibility_mode=5893 16776573 100 94 2932453 23917534 0 0
# scanned=379189
# found=5
# cleaned=0
# scan_time=19252
sh=16EEF1955DC2DBCF13202766FA27210FE60B9CE3 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Cache\f_001121"
sh=566E7537C5F675B32D97C5FAC17DA8F5BC769742 ft=1 fh=8e55988a952c18ae vn="Variante von Win32/AdWare.SpeedingUpMyPC.G Anwendung" ac=I fn="C:\Users\******\AppData\Local\Temp\is1242154493\263889987_stp.EXE"
sh=E52B187571CEF2EFDF33150A6044EF7D0F0D11B7 ft=1 fh=c71c0011e8464a4f vn="Variante von Win32/Injected.F Trojaner" ac=I fn="F:\Downloads\COMPUTER_BILD-Download-Manager_fuer_Bengal.exe"
sh=AAD158B9787FFD835B3D7DF0D9693CC9203EDE64 ft=1 fh=c71c00116035b39f vn="Variante von Win32/Injected.F Trojaner" ac=I fn="F:\Downloads\Firefox_Setup.exe"
sh=DC2C3CDE464813984B5C03F39D23DD9E05684B40 ft=1 fh=c71c0011483ea54b vn="Variante von Win32/TrojanDownloader.FakeNSIS.A Trojaner" ac=I fn="F:\Downloads\ZipSetup.exe"
Security Check Log Code:
ATTFilter Results of screen317's Security Check version 0.99.82 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 11.9.900.170 Flash Player out of Date! Mozilla Firefox 27.0.1 Firefox out of Date! Google Chrome 34.0.1847.116 Google Chrome 34.0.1847.131 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Windows Defender MSMpEng.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2014 Ran by Nathalie (administrator) on NATHALIELAPTOP on 02-05-2014 15:18:03 Running from C:\Users\Nathalie\Desktop Windows 8.1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Side Effects Software Inc.) C:\Windows\System32\sesinetd.exe (Side Effects Software Inc.) C:\Windows\System32\hserver.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON_P2\Status Monitor\SESDBN.EXE (Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON_P2\Status Monitor\SEPWDN.EXE (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (AMD) C:\Windows\System32\atieclxx.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON_P2\Status Monitor\SEPSPZ.EXE (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Quick Start\HPQuickstart.exe () C:\Users\Nathalie\Downloads\SecurityCheck.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-18] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2994928 2013-06-05] (Synaptics Incorporated) HKLM\...\Run: [SEQLU] => C:\Program Files\EPSON_P2\Printer Software\SEQLUZ.EXE [950704 2012-11-16] (SEIKO EPSON CORPORATION) HKLM\...\Run: [SESMPSP] => C:\Program Files\EPSON_P2\Status Monitor\SEPSPZ.EXE [459184 2012-11-16] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-04-17] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-01] (Hewlett-Packard Company) HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-22] (CyberLink Corp.) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-05-03] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2008-09-06] (Apple Inc.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1686528 2012-03-27] (Wondershare) HKU\S-1-5-21-298893599-2156876346-56307058-1002\...\Run: [Corel Photo Downloader] => "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk ShortcutTarget: simplicheck.lnk -> C:\Program Files (x86)\simplitec\simplicheck\simplicheck.exe (No File) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4 SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites03_14_18_ch&cd=2XzuyEtN2Y1L1Qzu0AtD0DtA0CtCyCyEtB0FtAzytD0BtCtCtN0D0Tzu0SzzyDtDtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCzyzyyD0AyByCtAtGtAtB0B0FtG0FyE0D0EtGtA0A0D0FtGtAtD0BtBtDtD0A0AtB0AyE0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0A0CyDyByC0AzytGtCtD0A0DtGtAyDyC0DtG0EyByCtDtGtAzztCzztCzztC0FzztA0Czz2Q&cr=1290861712&ir= SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites03_14_18_ch&cd=2XzuyEtN2Y1L1Qzu0AtD0DtA0CtCyCyEtB0FtAzytD0BtCtCtN0D0Tzu0SzzyDtDtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCzyzyyD0AyByCtAtGtAtB0B0FtG0FyE0D0EtGtA0A0D0FtGtAtD0BtBtDtD0A0AtB0AyE0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0A0CyDyByC0AzytGtCtD0A0DtGtAyDyC0DtG0EyByCtDtGtAzztCzztCzztC0FzztA0Czz2Q&cr=1290861712&ir= SearchScopes: HKLM - {2F0BA1A6-09CE-47C6-B10A-D1F1FCC65C43} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\bx12fuek.default FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*'))%20%7B%20return%20'PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF NetworkProxy: "type", 2 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ProxMate - Proxy on steroids! - C:\Users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\bx12fuek.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2014-01-14] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ [] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF [2014-01-04] Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR StartupUrls: "hxxp://start.mysearchdial.com/?f=1&a=dsites03_14_18_ch&cd=2XzuyEtN2Y1L1Qzu0AtD0DtA0CtCyCyEtB0FtAzytD0BtCtCtN0D0Tzu0SzzyDtDtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCzyzyyD0AyByCtAtGtAtB0B0FtG0FyE0D0EtGtA0A0D0FtGtAtD0BtBtDtD0A0AtB0AyE0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0A0CyDyByC0AzytGtCtD0A0DtGtAyDyC0DtG0EyByCtDtGtAzztCzztCzztC0FzztA0Czz2Q&cr=1290861712&ir=" CHR Extension: (Google Docs) - C:\Users\Nathalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-04] CHR Extension: (Google Drive) - C:\Users\Nathalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-04] CHR Extension: (YouTube) - C:\Users\Nathalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-04] CHR Extension: (Google-Suche) - C:\Users\Nathalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-04] CHR Extension: (Norton Identity Protection) - C:\Users\Nathalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-04] CHR Extension: (Google Wallet) - C:\Users\Nathalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-04] CHR Extension: (Google Mail) - C:\Users\Nathalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-04] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2014-02-01] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-17] (Advanced Micro Devices, Inc.) R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-26] (CyberLink) R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-26] (CyberLink) R2 HoudiniLicenseServer; C:\WINDOWS\system32\sesinetd.exe [2613760 2014-01-10] (Side Effects Software Inc.) R2 HoudiniServer; C:\WINDOWS\system32\hserver.exe [2460160 2014-01-10] (Side Effects Software Inc.) R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-05-03] (Hewlett-Packard Development Company, L.P.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation) R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor) R2 SESMPWD; C:\Program Files\EPSON_P2\Status Monitor\SEPWDN.EXE [155568 2012-11-16] (SEIKO EPSON CORPORATION) R2 SESMSDB; C:\Program Files\EPSON_P2\Status Monitor\SESDBN.EXE [343472 2012-11-16] (SEIKO EPSON CORPORATION) R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-01-04] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [37472 2013-02-14] (Advanced Micro Devices, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-24] (Advanced Micro Devices) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider) R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation) R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-03] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-03] (Symantec Corporation) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20140303.001\IDSvia64.sys [521944 2014-01-21] (Symantec Corporation) R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-01-04] (Microsoft Corporation) S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-02] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140304.032\ENG64.SYS [126040 2014-02-26] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140304.032\EX64.SYS [2099288 2014-02-26] (Symantec Corporation) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] () S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288840 2013-04-11] (Realtek Semiconductor Corp.) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-01-04] (Microsoft Corporation) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-06-05] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-06-05] (Synaptics Incorporated) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation) R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation) R3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation) R3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation) S4 SymELAM; C:\Windows\system32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-11-15] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-01-04] (Symantec Corporation) R3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation) S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) R1 {2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64; C:\Windows\System32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys [61120 2014-04-24] (StdLib) S1 MpKsl9bbdc4c8; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E2A37FAD-C72B-4FE9-928D-CD8DAB99F952}\MpKsl9bbdc4c8.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-02 15:17 - 2014-05-02 15:17 - 00000000 ____D () C:\Users\Nathalie\Desktop\FRST-OlderVersion 2014-05-02 09:43 - 2014-05-02 09:44 - 00855379 _____ () C:\Users\Nathalie\Downloads\SecurityCheck.exe 2014-05-02 09:43 - 2014-05-02 09:43 - 02347384 _____ (ESET) C:\Users\Nathalie\Downloads\esetsmartinstaller_deu.exe 2014-05-01 13:31 - 2014-05-01 13:39 - 00055705 _____ () C:\Users\Nathalie\Desktop\FRST2.txt 2014-05-01 12:57 - 2014-05-01 13:08 - 00001506 _____ () C:\Users\Nathalie\Desktop\JRT.txt 2014-05-01 12:37 - 2014-05-01 12:37 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-05-01 12:35 - 2014-05-01 12:36 - 01016261 _____ (Thisisu) C:\Users\Nathalie\Desktop\JRT.exe 2014-05-01 12:34 - 2014-05-01 12:34 - 00004503 _____ () C:\Users\Nathalie\Desktop\AdwCleaner[S0].txt 2014-05-01 10:21 - 2014-05-01 13:35 - 00001694 _____ () C:\Users\Nathalie\Desktop\mbam.txt 2014-05-01 08:15 - 2014-05-01 08:15 - 00000767 _____ () C:\Users\Nathalie\Desktop\Revo Uninstaller.lnk 2014-05-01 08:14 - 2014-05-01 08:15 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Nathalie\Downloads\mbam-setup-2.0.1.1004 (1).exe 2014-05-01 08:14 - 2014-05-01 08:14 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Nathalie\Downloads\revosetup95.exe 2014-04-30 13:16 - 2014-04-30 13:47 - 00028393 _____ () C:\Users\Nathalie\Desktop\mam.txt 2014-04-30 13:11 - 2014-04-30 13:11 - 00035323 _____ () C:\Users\Nathalie\Desktop\Addition.txt 2014-04-30 13:00 - 2014-05-02 15:18 - 00024422 _____ () C:\Users\Nathalie\Desktop\FRST.txt 2014-04-30 12:27 - 2014-04-30 12:28 - 00035461 _____ () C:\Users\Nathalie\Downloads\Addition.txt 2014-04-30 12:25 - 2014-04-30 12:28 - 00058262 _____ () C:\Users\Nathalie\Downloads\FRST.txt 2014-04-30 12:25 - 2014-04-30 12:25 - 00380416 _____ () C:\Users\Nathalie\Downloads\Gmer-19357.exe 2014-04-30 12:24 - 2014-05-02 15:17 - 02062336 ____C (Farbar) C:\Users\Nathalie\Desktop\FRST64.exe 2014-04-30 12:24 - 2014-05-02 15:17 - 00000000 ___DC () C:\FRST 2014-04-30 12:23 - 2014-04-30 12:23 - 00050477 _____ () C:\Users\Nathalie\Downloads\Defogger.exe 2014-04-30 12:23 - 2014-04-30 12:23 - 00000478 _____ () C:\Users\Nathalie\Downloads\defogger_disable.log 2014-04-30 12:23 - 2014-04-30 12:23 - 00000000 _____ () C:\Users\Nathalie\defogger_reenable 2014-04-30 11:01 - 2014-04-30 11:01 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Nathalie\Downloads\SpyHunter-Installer.exe 2014-04-30 10:50 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll 2014-04-30 10:49 - 2014-05-01 19:39 - 00000000 ___DC () C:\AdwCleaner 2014-04-30 10:47 - 2014-04-30 10:47 - 01310621 _____ () C:\Users\Nathalie\Desktop\adwcleaner.exe 2014-04-30 09:05 - 2014-05-02 13:45 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-04-30 09:04 - 2014-05-01 08:17 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-30 09:04 - 2014-05-01 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-04-30 09:04 - 2014-05-01 08:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-30 09:04 - 2014-04-30 09:04 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-30 09:04 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-04-30 09:04 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-04-30 09:04 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-04-30 09:03 - 2014-04-30 09:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Nathalie\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-29 19:03 - 2014-04-29 19:03 - 00000043 _____ () C:\Users\Nathalie\AppData\Roaming\WB.CFG 2014-04-29 18:58 - 2014-04-24 12:32 - 00061120 _____ (StdLib) C:\WINDOWS\system32\Drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys 2014-04-29 18:03 - 2014-04-29 18:04 - 24677393 _____ () C:\Users\Nathalie\Downloads\vlc-2.1.3-win32 (1).exe 2014-04-29 17:38 - 2014-04-29 17:39 - 00000000 ____D () C:\Users\Nathalie\AppData\Roaming\vlc 2014-04-29 17:37 - 2014-04-29 17:37 - 00001085 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-04-29 17:37 - 2014-04-29 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-04-29 17:37 - 2014-04-29 17:37 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-04-29 17:34 - 2014-04-29 17:36 - 24677393 _____ () C:\Users\Nathalie\Downloads\vlc-2.1.3-win32.exe 2014-04-29 17:33 - 2014-04-29 17:33 - 02090619 _____ () C:\Users\Nathalie\Downloads\Nicht bestätigt 479646.crdownload 2014-04-29 11:56 - 2014-04-29 11:56 - 00000000 ____D () C:\Users\Nathalie\AppData\Local\Media Markt Fotoservice 2014-04-29 11:54 - 2014-04-29 11:54 - 00001115 _____ () C:\Users\Public\Desktop\Media Markt Fotoservice.lnk 2014-04-29 11:54 - 2014-04-29 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Markt Fotoservice 2014-04-29 11:53 - 2014-04-29 11:53 - 00000000 ____D () C:\ProgramData\Media Markt Fotoservice 2014-04-29 11:52 - 2014-04-29 11:56 - 00000000 ____D () C:\Program Files (x86)\Media Markt Fotoservice 2014-04-29 11:47 - 2014-04-29 11:51 - 132019488 _____ ( ) C:\Users\Nathalie\Downloads\MediaMarkt_Fotoservice.exe 2014-04-28 17:17 - 2014-04-28 17:20 - 00000000 ____D () C:\Users\Nathalie\Documents\Designer Files 2014-04-28 17:17 - 2014-04-28 17:17 - 00000000 ____D () C:\Users\Nathalie\AppData\Roaming\fotobuch.de AG 2014-04-28 17:17 - 2014-04-28 17:17 - 00000000 ____D () C:\ProgramData\fotobuch.de AG 2014-04-28 17:12 - 2014-04-28 17:12 - 00002094 _____ () C:\Users\Nathalie\Desktop\Designer 2.0.lnk 2014-04-28 17:12 - 2014-04-28 17:12 - 00002094 _____ () C:\Users\Leon\Desktop\Designer 2.0.lnk 2014-04-28 17:12 - 2014-04-28 17:12 - 00002094 _____ () C:\Users\Gast\Desktop\Designer 2.0.lnk 2014-04-28 17:12 - 2014-04-28 17:12 - 00002094 _____ () C:\Users\Emily\Desktop\Designer 2.0.lnk 2014-04-28 17:12 - 2014-04-28 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fotobuch.de 2014-04-28 17:08 - 2014-04-28 17:10 - 00000000 ____D () C:\Program Files (x86)\fotobuch.de 2014-04-28 17:08 - 2014-04-28 17:08 - 00000000 ____D () C:\WINDOWS\SysWOW64\artworks 2014-04-28 17:02 - 2014-04-28 17:04 - 17609480 _____ (Fomanu AG ) C:\Users\Nathalie\Downloads\template_spirit_02.exe 2014-04-28 16:58 - 2014-04-28 17:04 - 202388600 _____ (Fomanu AG ) C:\Users\Nathalie\Downloads\designer_20.exe 2014-04-28 16:54 - 2014-04-28 16:54 - 00001264 _____ () C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk 2014-04-28 16:54 - 2014-04-28 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Home Edition 8.1.1 2014-04-28 16:54 - 2014-04-28 16:54 - 00000000 ____D () C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 8.1.1 2014-04-28 16:54 - 2013-09-30 16:26 - 03050808 _____ () C:\WINDOWS\system32\pwNative.exe 2014-04-28 16:54 - 2013-09-30 16:26 - 00019152 ____N () C:\WINDOWS\system32\pwdrvio.sys 2014-04-28 16:54 - 2013-09-30 16:26 - 00012504 ____N () C:\WINDOWS\system32\pwdspio.sys 2014-04-28 16:53 - 2014-04-28 16:54 - 20772800 _____ (MiniTool Solution Ltd. ) C:\Users\Nathalie\Downloads\pwhe811.exe 2014-04-24 12:39 - 2014-04-24 12:39 - 00001287 _____ () C:\Users\Nathalie\Desktop\DSCF4937 - Verknüpfung.lnk 2014-04-18 15:33 - 2014-04-18 15:33 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Total Eclipse 2014-04-18 15:32 - 2014-04-18 15:32 - 00002237 _____ () C:\Users\Nathalie\Desktop\Fashion Boutique spielen.lnk 2014-04-18 15:32 - 2014-04-18 15:32 - 00002237 _____ () C:\Users\Leon\Desktop\Fashion Boutique spielen.lnk 2014-04-18 15:32 - 2014-04-18 15:32 - 00002237 _____ () C:\Users\Gast\Desktop\Fashion Boutique spielen.lnk 2014-04-18 15:32 - 2014-04-18 15:32 - 00002237 _____ () C:\Users\Emily\Desktop\Fashion Boutique spielen.lnk 2014-04-18 13:46 - 2014-04-18 15:32 - 00001081 _____ () C:\Users\Nathalie\Desktop\Spielkiste.lnk 2014-04-18 13:46 - 2014-04-18 15:32 - 00001081 _____ () C:\Users\Leon\Desktop\Spielkiste.lnk 2014-04-18 13:46 - 2014-04-18 15:32 - 00001081 _____ () C:\Users\Gast\Desktop\Spielkiste.lnk 2014-04-18 13:46 - 2014-04-18 15:32 - 00001081 _____ () C:\Users\Emily\Desktop\Spielkiste.lnk 2014-04-18 13:46 - 2014-04-18 15:32 - 00000000 ____D () C:\Users\Nathalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Einfach Spielen 2014-04-18 13:46 - 2014-04-18 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Einfach Spielen 2014-04-18 13:46 - 2014-04-18 15:32 - 00000000 ____D () C:\Program Files (x86)\Einfach_Spielen 2014-04-18 13:46 - 2014-04-18 13:46 - 00002198 _____ () C:\Users\Nathalie\Desktop\The Great Tree spielen.lnk 2014-04-18 13:46 - 2014-04-18 13:46 - 00002198 _____ () C:\Users\Leon\Desktop\The Great Tree spielen.lnk 2014-04-18 13:46 - 2014-04-18 13:46 - 00002198 _____ () C:\Users\Gast\Desktop\The Great Tree spielen.lnk 2014-04-18 13:46 - 2014-04-18 13:46 - 00002198 _____ () C:\Users\Emily\Desktop\The Great Tree spielen.lnk 2014-04-13 14:54 - 2014-04-13 14:54 - 00000000 _____ () C:\Users\Emily\AppData\Roaming\TS3Patch.lck 2014-04-13 14:53 - 2014-04-13 14:53 - 00000000 ____D () C:\Users\Emily\Documents\Electronic Arts 2014-04-13 14:25 - 2014-04-13 14:25 - 00018385 _____ () C:\Users\Nathalie\Desktop\Google-Ergebnis für http www.wandtattoo4all.de images articles c364eca7101b119a412c7539b5f70d7e_5.png.htm 2014-04-13 14:25 - 2014-04-13 14:25 - 00000000 ____D () C:\Users\Nathalie\Desktop\Google-Ergebnis für http www.wandtattoo4all.de images articles c364eca7101b119a412c7539b5f70d7e_5.png_files 2014-04-05 09:04 - 2014-04-05 09:04 - 00092672 ___SH () C:\Users\Leon\Downloads\Thumbs.db 2014-04-05 08:57 - 2014-04-06 22:41 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-298893599-2156876346-56307058-1006 2014-04-05 08:54 - 2014-04-06 11:20 - 00000000 ____D () C:\Users\Leon\AppData\Local\CrashDumps 2014-04-05 08:53 - 2014-04-06 10:52 - 00000000 __RDO () C:\Users\Leon\SkyDrive 2014-04-05 08:53 - 2014-04-05 08:53 - 00000000 ____D () C:\Users\Leon\AppData\Local\Google 2014-04-05 08:52 - 2014-04-06 10:53 - 00000000 ____D () C:\Users\Leon\Documents\Youcam 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Synaptics 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\ATI 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\Leon\AppData\Local\Wondershare 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\Leon\AppData\Local\CyberLink 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\Leon\AppData\Local\ATI 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\Leon\AppData\Local\AMD 2014-04-05 08:50 - 2014-04-06 11:20 - 00000000 ____D () C:\Users\Leon\AppData\Local\Packages 2014-04-05 08:50 - 2014-04-05 08:54 - 00002270 _____ () C:\Users\Leon\Desktop\Google Chrome.lnk 2014-04-05 08:50 - 2014-04-05 08:50 - 00001453 _____ () C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-05 08:50 - 2014-04-05 08:50 - 00000000 ___RD () C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-05 08:50 - 2014-04-05 08:50 - 00000000 ___RD () C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-05 08:50 - 2014-04-05 08:50 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Adobe 2014-04-05 08:50 - 2014-04-05 08:50 - 00000000 ____D () C:\Users\Leon\AppData\Local\VirtualStore 2014-04-05 08:50 - 2014-04-05 08:50 - 00000000 ____D () C:\Users\Leon\AppData\Local\Hewlett-Packard 2014-04-05 08:49 - 2014-04-05 08:53 - 00000000 ____D () C:\Users\Leon 2014-04-05 08:49 - 2014-04-05 08:49 - 00000020 ___SH () C:\Users\Leon\ntuser.ini 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\Leon\Vorlagen 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\Leon\Startmenü 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\Leon\Netzwerkumgebung 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\Leon\Lokale Einstellungen 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\Leon\Eigene Dateien 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\Leon\Druckumgebung 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\Leon\Documents\Eigene Musik 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\Leon\Documents\Eigene Bilder 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\Leon\AppData\Local\Verlauf 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\Leon\AppData\Local\Anwendungsdaten 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\Leon\Anwendungsdaten 2014-04-05 08:49 - 2014-03-13 18:30 - 00000000 ___RD () C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-04-05 08:49 - 2014-01-04 19:16 - 00000000 ____D () C:\Users\Leon\Documents\hp.system.package.metadata 2014-04-05 08:49 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-04-05 08:49 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-04-05 08:49 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance ==================== One Month Modified Files and Folders ======= 2014-05-02 15:19 - 2014-01-12 15:37 - 00003966 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DF5DD767-92A8-444D-A483-EB1DC0AF79C8} 2014-05-02 15:18 - 2014-04-30 13:00 - 00024422 _____ () C:\Users\Nathalie\Desktop\FRST.txt 2014-05-02 15:18 - 2014-04-30 12:24 - 00000000 ___DC () C:\FRST 2014-05-02 15:17 - 2014-05-02 15:17 - 00000000 ____D () C:\Users\Nathalie\Desktop\FRST-OlderVersion 2014-05-02 15:17 - 2014-04-30 12:24 - 02062336 ____C (Farbar) C:\Users\Nathalie\Desktop\FRST64.exe 2014-05-02 15:12 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-05-02 15:11 - 2014-01-03 14:40 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-298893599-2156876346-56307058-1002 2014-05-02 15:08 - 2014-01-04 08:41 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-02 13:45 - 2014-04-30 09:05 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-05-02 11:48 - 2013-11-14 09:27 - 01980934 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-05-02 11:48 - 2013-11-14 09:11 - 00842568 _____ () C:\WINDOWS\system32\perfh007.dat 2014-05-02 11:48 - 2013-11-14 09:11 - 00191764 _____ () C:\WINDOWS\system32\perfc007.dat 2014-05-02 11:36 - 2014-01-04 19:24 - 01763646 _____ () C:\WINDOWS\WindowsUpdate.log 2014-05-02 09:44 - 2014-05-02 09:43 - 00855379 _____ () C:\Users\Nathalie\Downloads\SecurityCheck.exe 2014-05-02 09:43 - 2014-05-02 09:43 - 02347384 _____ (ESET) C:\Users\Nathalie\Downloads\esetsmartinstaller_deu.exe 2014-05-02 09:42 - 2014-01-03 14:35 - 00000000 ____D () C:\Users\Nathalie\Documents\Youcam 2014-05-02 09:41 - 2014-01-07 22:22 - 00000000 __RDO () C:\Users\Nathalie\SkyDrive 2014-05-02 09:41 - 2014-01-04 08:41 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-02 07:01 - 2013-11-12 12:49 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NISx64 2014-05-02 06:53 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-05-01 20:02 - 2013-11-14 00:18 - 00028960 _____ () C:\WINDOWS\PFRO.log 2014-05-01 20:02 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-05-01 20:01 - 2013-08-22 15:25 - 01835008 ___SH () C:\WINDOWS\system32\config\BBI 2014-05-01 19:39 - 2014-04-30 10:49 - 00000000 ___DC () C:\AdwCleaner 2014-05-01 15:36 - 2014-01-03 16:36 - 00000000 ____D () C:\Users\Nathalie\AppData\Local\CrashDumps 2014-05-01 13:39 - 2014-05-01 13:31 - 00055705 _____ () C:\Users\Nathalie\Desktop\FRST2.txt 2014-05-01 13:35 - 2014-05-01 10:21 - 00001694 _____ () C:\Users\Nathalie\Desktop\mbam.txt 2014-05-01 13:08 - 2014-05-01 12:57 - 00001506 _____ () C:\Users\Nathalie\Desktop\JRT.txt 2014-05-01 12:37 - 2014-05-01 12:37 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-05-01 12:36 - 2014-05-01 12:35 - 01016261 _____ (Thisisu) C:\Users\Nathalie\Desktop\JRT.exe 2014-05-01 12:34 - 2014-05-01 12:34 - 00004503 _____ () C:\Users\Nathalie\Desktop\AdwCleaner[S0].txt 2014-05-01 08:17 - 2014-04-30 09:04 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-01 08:17 - 2014-04-30 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-01 08:17 - 2014-04-30 09:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-01 08:15 - 2014-05-01 08:15 - 00000767 _____ () C:\Users\Nathalie\Desktop\Revo Uninstaller.lnk 2014-05-01 08:15 - 2014-05-01 08:14 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Nathalie\Downloads\mbam-setup-2.0.1.1004 (1).exe 2014-05-01 08:14 - 2014-05-01 08:14 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Nathalie\Downloads\revosetup95.exe 2014-04-30 13:47 - 2014-04-30 13:16 - 00028393 _____ () C:\Users\Nathalie\Desktop\mam.txt 2014-04-30 13:11 - 2014-04-30 13:11 - 00035323 _____ () C:\Users\Nathalie\Desktop\Addition.txt 2014-04-30 12:28 - 2014-04-30 12:27 - 00035461 _____ () C:\Users\Nathalie\Downloads\Addition.txt 2014-04-30 12:28 - 2014-04-30 12:25 - 00058262 _____ () C:\Users\Nathalie\Downloads\FRST.txt 2014-04-30 12:25 - 2014-04-30 12:25 - 00380416 _____ () C:\Users\Nathalie\Downloads\Gmer-19357.exe 2014-04-30 12:23 - 2014-04-30 12:23 - 00050477 _____ () C:\Users\Nathalie\Downloads\Defogger.exe 2014-04-30 12:23 - 2014-04-30 12:23 - 00000478 _____ () C:\Users\Nathalie\Downloads\defogger_disable.log 2014-04-30 12:23 - 2014-04-30 12:23 - 00000000 _____ () C:\Users\Nathalie\defogger_reenable 2014-04-30 12:23 - 2014-01-04 19:11 - 00000000 ____D () C:\Users\Nathalie 2014-04-30 11:01 - 2014-04-30 11:01 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Nathalie\Downloads\SpyHunter-Installer.exe 2014-04-30 10:47 - 2014-04-30 10:47 - 01310621 _____ () C:\Users\Nathalie\Desktop\adwcleaner.exe 2014-04-30 10:06 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-04-30 10:03 - 2013-08-22 16:44 - 00493304 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-04-30 10:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Globalization 2014-04-30 10:02 - 2013-08-22 15:25 - 00000194 _____ () C:\WINDOWS\win.ini 2014-04-30 09:04 - 2014-04-30 09:04 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-30 09:03 - 2014-04-30 09:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Nathalie\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-29 19:48 - 2014-01-24 22:02 - 00450048 ___SH () C:\Users\Nathalie\Desktop\Thumbs.db 2014-04-29 19:03 - 2014-04-29 19:03 - 00000043 _____ () C:\Users\Nathalie\AppData\Roaming\WB.CFG 2014-04-29 18:04 - 2014-04-29 18:03 - 24677393 _____ () C:\Users\Nathalie\Downloads\vlc-2.1.3-win32 (1).exe 2014-04-29 17:39 - 2014-04-29 17:38 - 00000000 ____D () C:\Users\Nathalie\AppData\Roaming\vlc 2014-04-29 17:37 - 2014-04-29 17:37 - 00001085 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-04-29 17:37 - 2014-04-29 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-04-29 17:37 - 2014-04-29 17:37 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-04-29 17:36 - 2014-04-29 17:34 - 24677393 _____ () C:\Users\Nathalie\Downloads\vlc-2.1.3-win32.exe 2014-04-29 17:33 - 2014-04-29 17:33 - 02090619 _____ () C:\Users\Nathalie\Downloads\Nicht bestätigt 479646.crdownload 2014-04-29 11:56 - 2014-04-29 11:56 - 00000000 ____D () C:\Users\Nathalie\AppData\Local\Media Markt Fotoservice 2014-04-29 11:56 - 2014-04-29 11:52 - 00000000 ____D () C:\Program Files (x86)\Media Markt Fotoservice 2014-04-29 11:56 - 2013-07-19 22:55 - 00409304 _____ () C:\WINDOWS\DirectX.log 2014-04-29 11:54 - 2014-04-29 11:54 - 00001115 _____ () C:\Users\Public\Desktop\Media Markt Fotoservice.lnk 2014-04-29 11:54 - 2014-04-29 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Markt Fotoservice 2014-04-29 11:53 - 2014-04-29 11:53 - 00000000 ____D () C:\ProgramData\Media Markt Fotoservice 2014-04-29 11:51 - 2014-04-29 11:47 - 132019488 _____ ( ) C:\Users\Nathalie\Downloads\MediaMarkt_Fotoservice.exe 2014-04-28 17:20 - 2014-04-28 17:17 - 00000000 ____D () C:\Users\Nathalie\Documents\Designer Files 2014-04-28 17:17 - 2014-04-28 17:17 - 00000000 ____D () C:\Users\Nathalie\AppData\Roaming\fotobuch.de AG 2014-04-28 17:17 - 2014-04-28 17:17 - 00000000 ____D () C:\ProgramData\fotobuch.de AG 2014-04-28 17:12 - 2014-04-28 17:12 - 00002094 _____ () C:\Users\Nathalie\Desktop\Designer 2.0.lnk 2014-04-28 17:12 - 2014-04-28 17:12 - 00002094 _____ () C:\Users\Leon\Desktop\Designer 2.0.lnk 2014-04-28 17:12 - 2014-04-28 17:12 - 00002094 _____ () C:\Users\Gast\Desktop\Designer 2.0.lnk 2014-04-28 17:12 - 2014-04-28 17:12 - 00002094 _____ () C:\Users\Emily\Desktop\Designer 2.0.lnk 2014-04-28 17:12 - 2014-04-28 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fotobuch.de 2014-04-28 17:10 - 2014-04-28 17:08 - 00000000 ____D () C:\Program Files (x86)\fotobuch.de 2014-04-28 17:08 - 2014-04-28 17:08 - 00000000 ____D () C:\WINDOWS\SysWOW64\artworks 2014-04-28 17:04 - 2014-04-28 17:02 - 17609480 _____ (Fomanu AG ) C:\Users\Nathalie\Downloads\template_spirit_02.exe 2014-04-28 17:04 - 2014-04-28 16:58 - 202388600 _____ (Fomanu AG ) C:\Users\Nathalie\Downloads\designer_20.exe 2014-04-28 16:54 - 2014-04-28 16:54 - 00001264 _____ () C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk 2014-04-28 16:54 - 2014-04-28 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Home Edition 8.1.1 2014-04-28 16:54 - 2014-04-28 16:54 - 00000000 ____D () C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 8.1.1 2014-04-28 16:54 - 2014-04-28 16:53 - 20772800 _____ (MiniTool Solution Ltd. ) C:\Users\Nathalie\Downloads\pwhe811.exe 2014-04-28 16:42 - 2013-07-19 23:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-04-28 15:59 - 2013-11-12 12:31 - 00000000 ____D () C:\Program Files (x86)\CyberLink 2014-04-28 15:45 - 2013-07-19 22:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools 2014-04-28 15:43 - 2014-03-07 00:36 - 00000000 ____D () C:\Users\Nathalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo 2014-04-28 15:43 - 2014-03-07 00:36 - 00000000 ____D () C:\Program Files (x86)\Ashampoo 2014-04-27 00:16 - 2014-03-19 18:32 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3B319A45-4A65-42F4-A293-DCA0B531A2B2} 2014-04-26 20:40 - 2014-03-06 11:06 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-298893599-2156876346-56307058-1005 2014-04-26 18:45 - 2014-03-06 11:08 - 00000000 ____D () C:\Users\Emily\AppData\Local\CrashDumps 2014-04-26 10:35 - 2014-03-06 11:02 - 00000000 ____D () C:\Users\Emily\Documents\Youcam 2014-04-26 10:34 - 2014-03-06 11:02 - 00000000 __RDO () C:\Users\Emily\SkyDrive 2014-04-24 12:39 - 2014-04-24 12:39 - 00001287 _____ () C:\Users\Nathalie\Desktop\DSCF4937 - Verknüpfung.lnk 2014-04-24 12:32 - 2014-04-29 18:58 - 00061120 _____ (StdLib) C:\WINDOWS\system32\Drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys 2014-04-21 17:12 - 2013-08-22 16:46 - 00315466 _____ () C:\WINDOWS\setupact.log 2014-04-18 15:33 - 2014-04-18 15:33 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Total Eclipse 2014-04-18 15:32 - 2014-04-18 15:32 - 00002237 _____ () C:\Users\Nathalie\Desktop\Fashion Boutique spielen.lnk 2014-04-18 15:32 - 2014-04-18 15:32 - 00002237 _____ () C:\Users\Leon\Desktop\Fashion Boutique spielen.lnk 2014-04-18 15:32 - 2014-04-18 15:32 - 00002237 _____ () C:\Users\Gast\Desktop\Fashion Boutique spielen.lnk 2014-04-18 15:32 - 2014-04-18 15:32 - 00002237 _____ () C:\Users\Emily\Desktop\Fashion Boutique spielen.lnk 2014-04-18 15:32 - 2014-04-18 13:46 - 00001081 _____ () C:\Users\Nathalie\Desktop\Spielkiste.lnk 2014-04-18 15:32 - 2014-04-18 13:46 - 00001081 _____ () C:\Users\Leon\Desktop\Spielkiste.lnk 2014-04-18 15:32 - 2014-04-18 13:46 - 00001081 _____ () C:\Users\Gast\Desktop\Spielkiste.lnk 2014-04-18 15:32 - 2014-04-18 13:46 - 00001081 _____ () C:\Users\Emily\Desktop\Spielkiste.lnk 2014-04-18 15:32 - 2014-04-18 13:46 - 00000000 ____D () C:\Users\Nathalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Einfach Spielen 2014-04-18 15:32 - 2014-04-18 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Einfach Spielen 2014-04-18 15:32 - 2014-04-18 13:46 - 00000000 ____D () C:\Program Files (x86)\Einfach_Spielen 2014-04-18 13:47 - 2014-01-03 14:31 - 00000000 ____D () C:\Users\Nathalie\AppData\Local\VirtualStore 2014-04-18 13:46 - 2014-04-18 13:46 - 00002198 _____ () C:\Users\Nathalie\Desktop\The Great Tree spielen.lnk 2014-04-18 13:46 - 2014-04-18 13:46 - 00002198 _____ () C:\Users\Leon\Desktop\The Great Tree spielen.lnk 2014-04-18 13:46 - 2014-04-18 13:46 - 00002198 _____ () C:\Users\Gast\Desktop\The Great Tree spielen.lnk 2014-04-18 13:46 - 2014-04-18 13:46 - 00002198 _____ () C:\Users\Emily\Desktop\The Great Tree spielen.lnk 2014-04-13 14:54 - 2014-04-13 14:54 - 00000000 _____ () C:\Users\Emily\AppData\Roaming\TS3Patch.lck 2014-04-13 14:53 - 2014-04-13 14:53 - 00000000 ____D () C:\Users\Emily\Documents\Electronic Arts 2014-04-13 14:25 - 2014-04-13 14:25 - 00018385 _____ () C:\Users\Nathalie\Desktop\Google-Ergebnis für http www.wandtattoo4all.de images articles c364eca7101b119a412c7539b5f70d7e_5.png.htm 2014-04-13 14:25 - 2014-04-13 14:25 - 00000000 ____D () C:\Users\Nathalie\Desktop\Google-Ergebnis für http www.wandtattoo4all.de images articles c364eca7101b119a412c7539b5f70d7e_5.png_files 2014-04-09 12:08 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-04-06 22:41 - 2014-04-05 08:57 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-298893599-2156876346-56307058-1006 2014-04-06 12:30 - 2014-03-06 11:00 - 00000000 ____D () C:\Users\Emily\AppData\Local\Packages 2014-04-06 11:20 - 2014-04-05 08:54 - 00000000 ____D () C:\Users\Leon\AppData\Local\CrashDumps 2014-04-06 11:20 - 2014-04-05 08:50 - 00000000 ____D () C:\Users\Leon\AppData\Local\Packages 2014-04-06 10:53 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\Leon\Documents\Youcam 2014-04-06 10:52 - 2014-04-05 08:53 - 00000000 __RDO () C:\Users\Leon\SkyDrive 2014-04-05 09:04 - 2014-04-05 09:04 - 00092672 ___SH () C:\Users\Leon\Downloads\Thumbs.db 2014-04-05 08:54 - 2014-04-05 08:50 - 00002270 _____ () C:\Users\Leon\Desktop\Google Chrome.lnk 2014-04-05 08:53 - 2014-04-05 08:53 - 00000000 ____D () C:\Users\Leon\AppData\Local\Google 2014-04-05 08:53 - 2014-04-05 08:49 - 00000000 ____D () C:\Users\Leon 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Synaptics 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\ATI 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\Leon\AppData\Local\Wondershare 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\Leon\AppData\Local\CyberLink 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\Leon\AppData\Local\ATI 2014-04-05 08:52 - 2014-04-05 08:52 - 00000000 ____D () C:\Users\Leon\AppData\Local\AMD 2014-04-05 08:52 - 2014-01-04 20:03 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD 2014-04-05 08:50 - 2014-04-05 08:50 - 00001453 _____ () C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-05 08:50 - 2014-04-05 08:50 - 00000000 ___RD () C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-05 08:50 - 2014-04-05 08:50 - 00000000 ___RD () C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-05 08:50 - 2014-04-05 08:50 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Adobe 2014-04-05 08:50 - 2014-04-05 08:50 - 00000000 ____D () C:\Users\Leon\AppData\Local\VirtualStore 2014-04-05 08:50 - 2014-04-05 08:50 - 00000000 ____D () C:\Users\Leon\AppData\Local\Hewlett-Packard 2014-04-05 08:49 - 2014-04-05 08:49 - 00000020 ___SH () C:\Users\Leon\ntuser.ini 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\Leon\Vorlagen 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\Leon\Startmenü 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\Leon\Netzwerkumgebung 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\Leon\Lokale Einstellungen 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\Leon\Eigene Dateien 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\Leon\Druckumgebung 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\Leon\Documents\Eigene Musik 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\Leon\Documents\Eigene Bilder 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\Leon\AppData\Local\Verlauf 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\Leon\AppData\Local\Anwendungsdaten 2014-04-05 08:49 - 2014-04-05 08:49 - 00000000 _SHDL () C:\Users\Leon\Anwendungsdaten 2014-04-04 19:45 - 2014-01-03 14:31 - 00000000 ____D () C:\Users\Nathalie\AppData\Local\Packages 2014-04-03 09:51 - 2014-04-30 09:04 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-30 09:04 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-30 09:04 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys Some content of TEMP: ==================== C:\Users\Nathalie\AppData\Local\Temp\AutoRun.exe C:\Users\Nathalie\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Nathalie\AppData\Local\Temp\card_setup.exe C:\Users\Nathalie\AppData\Local\Temp\COMAP.EXE C:\Users\Nathalie\AppData\Local\Temp\drm_dyndata_7350007.dll C:\Users\Nathalie\AppData\Local\Temp\EAInstall.dll C:\Users\Nathalie\AppData\Local\Temp\eauninstall.exe C:\Users\Nathalie\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\Nathalie\AppData\Local\Temp\INST011.dll C:\Users\Nathalie\AppData\Local\Temp\Quarantine.exe C:\Users\Nathalie\AppData\Local\Temp\SHSetup.exe C:\Users\Nathalie\AppData\Local\Temp\SimsCS_Uninst.exe C:\Users\Nathalie\AppData\Local\Temp\The Sims Castaway Stories_uninst.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-25 09:34 ==================== End Of Log ============================ --- --- --- Ich hoffe es ist nicht schlimm wenn ich die Benutzernamen nun nicht entfernt hab. Das nimmt doch arg Zeit in Anspruch. Die Werbefenster sind immer noch alle da, hat sich am Verhalten nichts geändert. Hab ich etwas falsch gemacht? |
|
04.05.2014, 06:58
| #6 |
| /// the machine /// TB-Ausbilder | Windows 8, 64 Bit. Probleme mit Topic Torch/ Wise Enhance In welchem Browser? Teste mal mehrere. FRST öffnen, Haken setzen bei Additional und scannen, poste bitte beide Logfiles.
__________________ --> Windows 8, 64 Bit. Probleme mit Topic Torch/ Wise Enhance |
|
04.05.2014, 07:13
| #7 |
| | Windows 8, 64 Bit. Probleme mit Topic Torch/ Wise Enhance Es war bei Google Chrome im Browser, das ging auch einfach nicht weg. Und der wurde immer langsamer und seltsamer vom Verhalten her Ich hab jetzt einfach Windows 8 deinstalliert und Neuinstalliert. Nun geht er wieder vernünftig, hoffe ich mal. Danke für die Hilfe trotzdem |
|
04.05.2014, 07:56
| #8 |
| /// the machine /// TB-Ausbilder | Windows 8, 64 Bit. Probleme mit Topic Torch/ Wise Enhance ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 8, 64 Bit. Probleme mit Topic Torch/ Wise Enhance |
| branding, device driver, einstellungen, fehlermeldung, flash player, funktioniert nicht mehr, html/scrinject.b.gen, installation, prozess, pup.optional.mysearchdial.a, remotecomputer, rundll, secrets, software, spyhunter, spyhunter entfernen, super, svchost.exe, symantec, updates, werbefenster, win32/adware.speedingupmypc.g, win32/injected.f, win32/trojandownloader.fakensis.a, windowsapps |
Linear-Darstellung
