Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: portaldosites als Startseite im IE und FireFox lässt sich nicht löschen!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.08.2013, 15:24   #1
smokejumper
 
portaldosites als Startseite im IE und FireFox lässt sich nicht löschen! - Standard

portaldosites als Startseite im IE und FireFox lässt sich nicht löschen!



Hallo,

nach der Installation eines vermeintlichen HP druckertolls habe ich nun auch das portaldosites Problem. Es haben sich ein paar Programme und Tools selber installiert. Die habe ich wieder deinstalliert. Dann habe ich bemerkt, das als Startseite bei IE und FireFox portaldosites als Startseite kommt. Auf die herkömmliche Art und Weise lässt sich das Problem nicht beheben und ich benötige dringend eure Hilfe.
Was muß ich machen?

Alt 27.08.2013, 15:25   #2
M-K-D-B
/// TB-Ausbilder
 
portaldosites als Startseite im IE und FireFox lässt sich nicht löschen! - Standard

portaldosites als Startseite im IE und FireFox lässt sich nicht löschen!






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 4 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.



Ich habe dein Thema in Arbeit und melde mich so schnell wie möglich mit weiteren Anweisungen.
__________________

__________________

Alt 27.08.2013, 15:27   #3
M-K-D-B
/// TB-Ausbilder
 
portaldosites als Startseite im IE und FireFox lässt sich nicht löschen! - Standard

portaldosites als Startseite im IE und FireFox lässt sich nicht löschen!



Servus,




Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
__________________

Alt 27.08.2013, 15:34   #4
smokejumper
 
portaldosites als Startseite im IE und FireFox lässt sich nicht löschen! - Standard

portaldosites als Startseite im IE und FireFox lässt sich nicht löschen!



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-08-2013 01
Ran by Christoph (administrator) on 27-08-2013 16:31:25
Running from C:\Users\Christoph\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.1.1.2\ccSvcHst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Program Files (x86)\XSManager\WTGService.exe
(4G Systems GmbH & Co. KG) C:\Windows\service4g.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.1.1.2\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(WebToGo Mobiles Internet GmbH) C:\Program Files (x86)\XSManager\XSManager.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-03] (NVIDIA Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4123 2012-05-30] ()
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [4384928 2012-07-12] (Dell Inc.)
HKCU\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
MountPoints2: {69ebd6a7-fe97-11e2-be73-6036ddc486b8} - "G:\autorun.exe" 
MountPoints2: {6f960c28-02b6-11e3-be73-6036ddc486b8} - "G:\HTC_Sync_Manager_PC.exe" 
MountPoints2: {f50b9ba2-0a6e-11e3-be76-5cf9dd5a62a6} - "G:\HTC_Sync_Manager_PC.exe" 
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [38984 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [starter4g] - C:\Windows\starter4g.exe [157968 2009-09-17] (4G Systems GmbH & Co. KG)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [266448 2013-06-21] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll,C:\Windows\SysWOW64\nvinit.dll [266448 2013-06-21] ()
Startup: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk
ShortcutTarget: Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=20.1.1.2
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=spfs2&from=spfs2&uid=WDCXWD10JPVT-75A1YT0_WX51AA2M9153AA2M9153&ts=1377511227
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=spfs2&from=spfs2&uid=WDCXWD10JPVT-75A1YT0_WX51AA2M9153AA2M9153&ts=1377511227
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=spfs2&from=spfs2&uid=WDCXWD10JPVT-75A1YT0_WX51AA2M9153AA2M9153&ts=1377511227
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=spfs2&from=spfs2&uid=WDCXWD10JPVT-75A1YT0_WX51AA2M9153AA2M9153&ts=1377511227
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=spfs2&from=spfs2&uid=WDCXWD10JPVT-75A1YT0_WX51AA2M9153AA2M9153&ts=1377511227
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.portaldosites.com/?utm_source=b&utm_medium=spfs2&from=spfs2&uid=WDCXWD10JPVT-75A1YT0_WX51AA2M9153AA2M9153&ts=1377511227
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=spfs2&from=spfs2&uid=WDCXWD10JPVT-75A1YT0_WX51AA2M9153AA2M9153&ts=1377511227
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=spfs2&from=spfs2&uid=WDCXWD10JPVT-75A1YT0_WX51AA2M9153AA2M9153&ts=1377511227
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=spfs2&from=spfs2&uid=WDCXWD10JPVT-75A1YT0_WX51AA2M9153AA2M9153&ts=1377511227
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=spfs2&from=spfs2&uid=WDCXWD10JPVT-75A1YT0_WX51AA2M9153AA2M9153&ts=1377511227
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.1.1.2\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.1.1.2\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.1.1.2\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{3EBEEAB5-45AE-41BF-9975-8E891E5A71A0}: [NameServer]62.134.11.4 195.182.110.132

FireFox:
========
FF ProfilePath: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\38n2jqqi.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=3 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=9 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\portaldosites.xml
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.portaldosites.com/?utm_source=b&utm_medium=spfs2&from=spfs2&uid=WDCXWD10JPVT-75A1YT0_WX51AA2M9153AA2M9153&ts=1377511227

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Lyrics Fan) - C:\Users\CHRIST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfeonecgpoepapkmdgdmjolonaakdknd\1.114
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.1.1.2\Exts\Chrome.crx

==================== Services (Whitelisted) =================

R2 HPSLPSVC; C:\Users\CHRIST~1\AppData\Local\Temp\7zS3653\hpslpsvc64.dll [1039360 2013-02-06] (Hewlett-Packard Co.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.1.1.2\ccSvcHst.exe [143928 2012-08-29] (Symantec Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2013-05-18] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [312784 2009-09-25] ()
R2 XS Stick Service; C:\Windows\service4g.exe [125200 2009-09-17] (4G Systems GmbH & Co. KG)
S2 dealplylive; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe /svc [x]
S3 dealplylivem; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe /medsvc [x]

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-07-15] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-07-15] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1401010.002\ccSetx64.sys [168096 2012-08-07] (Symantec Corporation)
R3 cmnsusbser; C:\Windows\system32\DRIVERS\cmnsusbser.sys [117888 2013-08-11] (Mobile Connector)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-27] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130826.001\IDSvia64.sys [520280 2013-08-26] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130826.001\IDSvia64.sys [520280 2013-08-26] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130826.025\ENG64.SYS [126040 2013-08-27] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130826.025\ENG64.SYS [126040 2013-08-27] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130826.025\EX64.SYS [2098776 2013-08-27] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130826.025\EX64.SYS [2098776 2013-08-27] (Symantec Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1401010.002\SRTSP64.SYS [776352 2012-08-10] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1401010.002\SRTSPX64.SYS [37496 2012-05-24] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1401010.002\SYMDS64.SYS [493216 2012-07-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1401010.002\SYMEFA64.SYS [1132192 2012-08-07] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1401010.002\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-08-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1401010.002\Ironx64.SYS [224416 2012-07-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1401010.002\SYMNETS.SYS [432800 2012-07-22] (Symantec Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-27 16:30 - 2013-08-27 16:30 - 01578852 _____ (Farbar) C:\Users\Christoph\Desktop\FRST64.exe
2013-08-27 15:55 - 2013-08-27 15:55 - 00994642 _____ C:\Users\Christoph\Downloads\adwcleaner3001.exe
2013-08-27 13:40 - 2013-08-27 13:40 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security CBE
2013-08-27 13:40 - 2013-08-27 13:40 - 00000000 ____D C:\Users\Christoph\Documents\Symantec
2013-08-27 13:39 - 2013-08-27 13:39 - 00177312 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-08-27 13:39 - 2013-08-27 13:39 - 00007466 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-08-27 13:39 - 2013-08-27 13:39 - 00003240 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-08-27 13:39 - 2013-08-27 13:39 - 00002612 _____ C:\Users\Public\Desktop\Norton Internet Security CBE.lnk
2013-08-27 13:39 - 2013-08-27 13:39 - 00000000 ____D C:\Program Files\Symantec
2013-08-27 13:39 - 2013-08-27 13:39 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-08-27 13:38 - 2013-08-27 13:39 - 00000000 ____D C:\ProgramData\Norton
2013-08-27 13:38 - 2013-08-27 13:38 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2013-08-27 13:38 - 2013-08-27 13:38 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security CBE
2013-08-27 12:12 - 2013-08-27 12:12 - 00000122 ___RH C:\Users\Christoph\Downloads\Stinger.opt
2013-08-27 12:02 - 2013-08-27 12:06 - 00000628 _____ C:\Users\Christoph\Downloads\Stinger_27082013_120205.html
2013-08-27 12:01 - 2013-08-27 12:12 - 00000000 ____D C:\Program Files\stinger
2013-08-27 12:01 - 2013-08-27 12:01 - 11044384 _____ (McAfee Inc) C:\Users\Christoph\Downloads\stinger64.exe
2013-08-27 10:36 - 2013-08-27 10:36 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\TeamViewer
2013-08-27 10:19 - 2013-08-27 10:19 - 00000000 ____D C:\Users\Christoph\Desktop\Alte Firefox-Daten
2013-08-27 09:42 - 2013-08-27 09:42 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-27 09:42 - 2013-08-27 09:42 - 00000000 _____ C:\autoexec.bat
2013-08-27 09:41 - 2013-08-27 13:45 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-26 12:01 - 2013-08-26 12:04 - 00000000 ____D C:\ProgramData\eSafe
2013-08-26 12:00 - 2013-08-27 09:24 - 00000000 ____D C:\Program Files (x86)\Desk 365
2013-08-26 12:00 - 2013-08-26 12:02 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\Desk 365
2013-08-26 12:00 - 2013-08-26 12:00 - 00000000 _____ C:\ProgramData\20263e31_c
2013-08-26 11:59 - 2013-08-26 11:59 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\eIntaller
2013-08-26 11:58 - 2013-08-26 11:58 - 00456240 _____ (Company) C:\Users\Christoph\Desktop\setup.exe
2013-08-25 14:07 - 2013-08-25 14:07 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-08-25 14:06 - 2013-08-25 14:06 - 05536272 _____ (TeamViewer GmbH) C:\Users\Christoph\Downloads\TeamViewer_Setup_de-ckc.exe
2013-08-21 20:14 - 2013-08-27 08:58 - 00000000 ____D C:\Users\Christoph\Desktop\Ausbildungskonzept2014
2013-08-21 17:07 - 2013-08-21 17:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-14 20:37 - 2013-08-14 20:38 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 20:20 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 20:20 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 20:20 - 2013-07-26 07:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-08-14 20:20 - 2013-07-26 07:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-08-14 20:20 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 20:20 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 20:20 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 20:20 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 20:20 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 20:20 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 20:20 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 20:20 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 20:20 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 20:20 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 20:20 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 20:20 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 20:20 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 20:20 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 20:20 - 2013-07-26 05:13 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-08-14 20:20 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 20:20 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 20:20 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 20:20 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 20:20 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 20:20 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 20:20 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 20:20 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 20:20 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 20:20 - 2013-07-26 02:54 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-08-14 20:20 - 2013-07-09 08:07 - 02233168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 20:20 - 2013-07-02 02:44 - 00036288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2013-08-14 20:20 - 2013-07-02 00:08 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2013-08-14 20:20 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 20:20 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 20:19 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 20:19 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 20:19 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 20:19 - 2013-07-13 08:16 - 01889280 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 20:19 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 20:19 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2013-08-14 20:19 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2013-08-14 20:19 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 20:19 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 20:19 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2013-08-14 20:19 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2013-08-14 14:07 - 2013-08-14 14:22 - 00000005 _____ C:\Windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp
2013-08-14 14:00 - 2013-08-14 14:08 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\HTC
2013-08-14 13:59 - 2013-08-14 14:11 - 00000000 ____D C:\ProgramData\HTC
2013-08-14 13:59 - 2013-08-14 14:00 - 00000000 ____D C:\Users\Christoph\Documents\HTC
2013-08-14 13:59 - 2013-08-14 13:59 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\Apple Computer
2013-08-14 13:59 - 2013-08-14 13:59 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\Apple Computer
2013-08-14 13:59 - 2013-08-14 13:59 - 00000000 ____D C:\ProgramData\Motorola
2013-08-14 13:58 - 2013-08-14 14:22 - 00000000 ____D C:\Program Files (x86)\HTC
2013-08-14 13:58 - 2013-08-14 13:58 - 00012690 _____ C:\Windows\DPINST.LOG
2013-08-14 13:58 - 2013-08-14 13:58 - 00000000 ____D C:\Program Files (x86)\Spirent Communications
2013-08-14 13:57 - 2013-08-14 14:09 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\Downloaded Installations
2013-08-13 15:17 - 2013-08-13 15:17 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2013-08-11 13:49 - 2013-08-12 00:25 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\XSManager
2013-08-11 13:48 - 2013-08-11 13:48 - 00117888 _____ (Mobile Connector) C:\Windows\system32\Drivers\cmnsusbser.sys
2013-08-11 13:48 - 2013-08-11 13:48 - 00001931 _____ C:\Users\Public\Desktop\XSManager.lnk
2013-08-11 13:48 - 2013-08-11 13:48 - 00000000 ____D C:\Program Files (x86)\XSManager
2013-08-11 13:48 - 2009-09-17 18:37 - 00157968 ____R (4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe
2013-08-11 13:48 - 2009-09-17 18:37 - 00125200 ____R (4G Systems GmbH & Co. KG) C:\Windows\service4g.exe
2013-08-11 13:48 - 2008-10-31 16:19 - 00117888 _____ (Mobile Connector) C:\Windows\SysWOW64\Drivers\cmnsusbser.sys
2013-08-09 14:48 - 2013-08-09 14:49 - 00011776 ___SH C:\Users\Christoph\Downloads\Thumbs.db
2013-08-07 21:14 - 2013-08-07 22:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-06 14:42 - 2013-08-06 14:42 - 00000000 ____D C:\Windows\Hewlett-Packard
2013-07-29 20:03 - 2013-07-29 20:03 - 00000000 ____D C:\Users\Public\Documents\Hewlett-Packard
2013-07-29 20:02 - 2013-07-29 20:02 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-07-29 20:02 - 2013-07-29 20:02 - 00000000 _____ C:\Windows\HPMProp.INI
2013-07-29 20:02 - 2013-05-10 09:40 - 00237344 _____ (Hewlett-Packard Company) C:\Windows\system32\hpmlm135.dll
2013-07-29 20:02 - 2013-05-10 09:40 - 00216864 _____ (Hewlett-Packard) C:\Windows\system32\hpmml150.dll
2013-07-29 20:02 - 2013-05-10 09:40 - 00189728 _____ (Hewlett-Packard) C:\Windows\system32\hpmpm081.dll
2013-07-29 20:02 - 2013-05-10 09:40 - 00162080 _____ (Hewlett-Packard) C:\Windows\system32\hpmtp150.dll
2013-07-29 20:02 - 2013-05-10 09:40 - 00074016 _____ (Hewlett-Packard) C:\Windows\system32\hpmpw081.dll
2013-07-29 20:02 - 2013-05-10 09:39 - 00438560 _____ (Hewlett-Packard Corporation) C:\Windows\system32\hpcpn150.dll
2013-07-29 20:02 - 2013-05-10 09:39 - 00199968 _____ (Hewlett-Packard) C:\Windows\system32\hpmja150.dll
2013-07-29 20:02 - 2013-05-10 09:38 - 00140064 _____ (Hewlett-Packard) C:\Windows\system32\hpcjpm.dll
2013-07-29 20:02 - 2011-02-11 15:23 - 00193592 _____ (Hewlett-Packard) C:\Windows\system32\hppdcompio.dll
2013-07-29 20:02 - 2011-02-11 15:23 - 00167480 _____ (Hewlett-Packard) C:\Windows\SysWOW64\hppccompio.dll
2013-07-29 20:01 - 2013-07-29 20:01 - 00000000 ____D C:\HP Universal Print Driver
2013-07-29 20:01 - 2013-05-10 09:41 - 00518432 _____ (HP) C:\Windows\SysWOW64\hpcdmc32.dll
2013-07-29 20:01 - 2013-05-10 09:36 - 00436512 _____ C:\Windows\SysWOW64\hpcc3150.dll
2013-07-29 20:01 - 2009-02-25 17:32 - 00060440 _____ (Hewlett-Packard) C:\Windows\system32\FxCompChannel_x64.dll
2013-07-29 19:52 - 2013-07-29 20:00 - 17602872 _____ C:\Users\Christoph\Desktop\upd-pcl5-x64-5.6.5.15717.exe
2013-07-29 19:45 - 2013-07-29 19:47 - 03616768 _____ C:\Users\Christoph\Desktop\Dot4x64.msi
2013-07-28 22:49 - 2013-07-28 22:49 - 00000000 ____D C:\ProgramData\Dell
2013-07-28 22:49 - 2013-07-28 22:49 - 00000000 ____D C:\Program Files\Dell
2013-07-28 22:48 - 2013-07-28 22:48 - 00002010 _____ C:\Users\Public\Desktop\Intel(R) WiDi.lnk
2013-07-28 22:48 - 2013-07-28 22:48 - 00000000 ____D C:\ProgramData\Intel
2013-07-28 22:48 - 2013-07-28 22:48 - 00000000 ____D C:\Program Files\Intel Corporation
2013-07-28 22:45 - 2013-07-28 22:45 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-07-28 22:44 - 2013-07-28 22:44 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2013-07-28 22:44 - 2013-07-28 22:44 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-07-28 22:44 - 2013-07-28 22:44 - 00000000 ____D C:\Program Files\MSBuild
2013-07-28 22:43 - 2012-07-06 04:02 - 01166440 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2013-07-28 22:43 - 2012-07-06 04:02 - 00778856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2013-07-28 22:43 - 2012-07-06 04:02 - 00124040 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-07-28 22:43 - 2012-07-06 04:02 - 00102528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-07-28 22:43 - 2012-07-06 04:02 - 00035400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2013-07-28 22:43 - 2012-07-06 04:02 - 00035400 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2013-07-28 22:41 - 2013-07-28 22:41 - 00001045 _____ C:\Users\Public\Desktop\Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk
2013-07-28 22:41 - 2013-07-28 22:41 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\InstallShield
2013-07-28 22:41 - 2013-07-28 22:41 - 00000000 ____D C:\Program Files\Intel
2013-07-28 22:35 - 2013-07-28 22:35 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-07-28 22:35 - 2012-06-15 13:50 - 09888912 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsUVStoricon.dll
2013-07-28 22:35 - 2012-06-15 13:50 - 00315536 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUVStor.sys
2013-07-28 22:30 - 2013-07-28 22:35 - 00000000 ____D C:\Windows\SysWOW64\sda
2013-07-28 22:29 - 2013-07-28 22:29 - 00003130 _____ C:\Windows\System32\Tasks\{4A573F58-4FAE-43F2-9678-B47E3F81A21B}
2013-07-28 22:28 - 2013-07-28 22:28 - 00000000 ____D C:\dell

==================== One Month Modified Files and Folders =======

2013-08-27 16:30 - 2013-08-27 16:30 - 01578852 _____ (Farbar) C:\Users\Christoph\Desktop\FRST64.exe
2013-08-27 16:07 - 2013-06-22 10:02 - 00000922 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2013-08-27 16:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-08-27 15:55 - 2013-08-27 15:55 - 00994642 _____ C:\Users\Christoph\Downloads\adwcleaner3001.exe
2013-08-27 14:25 - 2013-05-18 16:43 - 01592360 _____ C:\Windows\WindowsUpdate.log
2013-08-27 14:05 - 2013-06-22 10:02 - 00000918 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2013-08-27 14:01 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-27 14:00 - 2013-05-18 16:35 - 00016220 _____ C:\Windows\PFRO.log
2013-08-27 14:00 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-08-27 13:59 - 2013-05-18 16:51 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2125518474-1797576930-2400602621-1001
2013-08-27 13:57 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-08-27 13:53 - 2013-05-19 02:34 - 00753134 _____ C:\Windows\system32\perfh007.dat
2013-08-27 13:53 - 2013-05-19 02:34 - 00155826 _____ C:\Windows\system32\perfc007.dat
2013-08-27 13:53 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-27 13:45 - 2013-08-27 09:41 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-27 13:40 - 2013-08-27 13:40 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security CBE
2013-08-27 13:40 - 2013-08-27 13:40 - 00000000 ____D C:\Users\Christoph\Documents\Symantec
2013-08-27 13:39 - 2013-08-27 13:39 - 00177312 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-08-27 13:39 - 2013-08-27 13:39 - 00007466 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-08-27 13:39 - 2013-08-27 13:39 - 00003240 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-08-27 13:39 - 2013-08-27 13:39 - 00002612 _____ C:\Users\Public\Desktop\Norton Internet Security CBE.lnk
2013-08-27 13:39 - 2013-08-27 13:39 - 00000000 ____D C:\Program Files\Symantec
2013-08-27 13:39 - 2013-08-27 13:39 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-08-27 13:39 - 2013-08-27 13:38 - 00000000 ____D C:\ProgramData\Norton
2013-08-27 13:39 - 2012-07-26 10:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2013-08-27 13:38 - 2013-08-27 13:38 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2013-08-27 13:38 - 2013-08-27 13:38 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security CBE
2013-08-27 12:12 - 2013-08-27 12:12 - 00000122 ___RH C:\Users\Christoph\Downloads\Stinger.opt
2013-08-27 12:12 - 2013-08-27 12:01 - 00000000 ____D C:\Program Files\stinger
2013-08-27 12:06 - 2013-08-27 12:02 - 00000628 _____ C:\Users\Christoph\Downloads\Stinger_27082013_120205.html
2013-08-27 12:01 - 2013-08-27 12:01 - 11044384 _____ (McAfee Inc) C:\Users\Christoph\Downloads\stinger64.exe
2013-08-27 10:36 - 2013-08-27 10:36 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\TeamViewer
2013-08-27 10:19 - 2013-08-27 10:19 - 00000000 ____D C:\Users\Christoph\Desktop\Alte Firefox-Daten
2013-08-27 09:42 - 2013-08-27 09:42 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-27 09:42 - 2013-08-27 09:42 - 00000000 _____ C:\autoexec.bat
2013-08-27 09:24 - 2013-08-26 12:00 - 00000000 ____D C:\Program Files (x86)\Desk 365
2013-08-27 08:58 - 2013-08-21 20:14 - 00000000 ____D C:\Users\Christoph\Desktop\Ausbildungskonzept2014
2013-08-26 12:31 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-08-26 12:05 - 2013-07-16 09:23 - 00424672 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-26 12:04 - 2013-08-26 12:01 - 00000000 ____D C:\ProgramData\eSafe
2013-08-26 12:02 - 2013-08-26 12:00 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\Desk 365
2013-08-26 12:00 - 2013-08-26 12:00 - 00000000 _____ C:\ProgramData\20263e31_c
2013-08-26 12:00 - 2013-05-18 16:44 - 00001716 _____ C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-26 12:00 - 2011-01-07 15:39 - 00773712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2013-08-26 12:00 - 2011-01-07 15:39 - 00420944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-08-26 11:59 - 2013-08-26 11:59 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\eIntaller
2013-08-26 11:58 - 2013-08-26 11:58 - 00456240 _____ (Company) C:\Users\Christoph\Desktop\setup.exe
2013-08-25 14:07 - 2013-08-25 14:07 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-08-25 14:06 - 2013-08-25 14:06 - 05536272 _____ (TeamViewer GmbH) C:\Users\Christoph\Downloads\TeamViewer_Setup_de-ckc.exe
2013-08-25 12:52 - 2013-06-01 18:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-21 19:25 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-08-21 17:08 - 2013-08-21 17:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-21 16:42 - 2012-07-26 09:21 - 00026946 _____ C:\Windows\setupact.log
2013-08-21 16:34 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-21 16:34 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-14 20:39 - 2013-06-04 21:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-14 20:38 - 2013-08-14 20:37 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 20:37 - 2013-06-01 17:33 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 14:23 - 2013-06-22 09:21 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\MyPhoneExplorer
2013-08-14 14:22 - 2013-08-14 14:07 - 00000005 _____ C:\Windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp
2013-08-14 14:22 - 2013-08-14 13:58 - 00000000 ____D C:\Program Files (x86)\HTC
2013-08-14 14:11 - 2013-08-14 13:59 - 00000000 ____D C:\ProgramData\HTC
2013-08-14 14:09 - 2013-08-14 13:57 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\Downloaded Installations
2013-08-14 14:08 - 2013-08-14 14:00 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\HTC
2013-08-14 14:00 - 2013-08-14 13:59 - 00000000 ____D C:\Users\Christoph\Documents\HTC
2013-08-14 13:59 - 2013-08-14 13:59 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\Apple Computer
2013-08-14 13:59 - 2013-08-14 13:59 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\Apple Computer
2013-08-14 13:59 - 2013-08-14 13:59 - 00000000 ____D C:\ProgramData\Motorola
2013-08-14 13:58 - 2013-08-14 13:58 - 00012690 _____ C:\Windows\DPINST.LOG
2013-08-14 13:58 - 2013-08-14 13:58 - 00000000 ____D C:\Program Files (x86)\Spirent Communications
2013-08-14 12:29 - 2013-06-23 19:07 - 00000000 ____D C:\Users\Christoph\Desktop\k9mailsicherung
2013-08-13 15:18 - 2013-06-05 14:42 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\HpUpdate
2013-08-13 15:17 - 2013-08-13 15:17 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2013-08-12 00:25 - 2013-08-11 13:49 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\XSManager
2013-08-12 00:25 - 2013-06-16 12:02 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\Skype
2013-08-11 13:48 - 2013-08-11 13:48 - 00117888 _____ (Mobile Connector) C:\Windows\system32\Drivers\cmnsusbser.sys
2013-08-11 13:48 - 2013-08-11 13:48 - 00001931 _____ C:\Users\Public\Desktop\XSManager.lnk
2013-08-11 13:48 - 2013-08-11 13:48 - 00000000 ____D C:\Program Files (x86)\XSManager
2013-08-09 14:49 - 2013-08-09 14:48 - 00011776 ___SH C:\Users\Christoph\Downloads\Thumbs.db
2013-08-07 22:16 - 2013-08-07 21:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-06 14:42 - 2013-08-06 14:42 - 00000000 ____D C:\Windows\Hewlett-Packard
2013-07-29 20:03 - 2013-07-29 20:03 - 00000000 ____D C:\Users\Public\Documents\Hewlett-Packard
2013-07-29 20:02 - 2013-07-29 20:02 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-07-29 20:02 - 2013-07-29 20:02 - 00000000 _____ C:\Windows\HPMProp.INI
2013-07-29 20:01 - 2013-07-29 20:01 - 00000000 ____D C:\HP Universal Print Driver
2013-07-29 20:00 - 2013-07-29 19:52 - 17602872 _____ C:\Users\Christoph\Desktop\upd-pcl5-x64-5.6.5.15717.exe
2013-07-29 19:47 - 2013-07-29 19:45 - 03616768 _____ C:\Users\Christoph\Desktop\Dot4x64.msi
2013-07-29 19:47 - 2013-06-05 14:41 - 00000000 ____D C:\Program Files (x86)\HP
2013-07-29 12:07 - 2013-05-18 16:43 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\Packages
2013-07-28 22:49 - 2013-07-28 22:49 - 00000000 ____D C:\ProgramData\Dell
2013-07-28 22:49 - 2013-07-28 22:49 - 00000000 ____D C:\Program Files\Dell
2013-07-28 22:48 - 2013-07-28 22:48 - 00002010 _____ C:\Users\Public\Desktop\Intel(R) WiDi.lnk
2013-07-28 22:48 - 2013-07-28 22:48 - 00000000 ____D C:\ProgramData\Intel
2013-07-28 22:48 - 2013-07-28 22:48 - 00000000 ____D C:\Program Files\Intel Corporation
2013-07-28 22:48 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-07-28 22:45 - 2013-07-28 22:45 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-07-28 22:45 - 2013-06-04 21:16 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-07-28 22:44 - 2013-07-28 22:44 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2013-07-28 22:44 - 2013-07-28 22:44 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-07-28 22:44 - 2013-07-28 22:44 - 00000000 ____D C:\Program Files\MSBuild
2013-07-28 22:41 - 2013-07-28 22:41 - 00001045 _____ C:\Users\Public\Desktop\Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk
2013-07-28 22:41 - 2013-07-28 22:41 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\InstallShield
2013-07-28 22:41 - 2013-07-28 22:41 - 00000000 ____D C:\Program Files\Intel
2013-07-28 22:41 - 2013-05-18 17:02 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-28 22:41 - 2013-05-18 16:44 - 00000000 ___RD C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-28 22:35 - 2013-07-28 22:35 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-07-28 22:35 - 2013-07-28 22:30 - 00000000 ____D C:\Windows\SysWOW64\sda
2013-07-28 22:29 - 2013-07-28 22:29 - 00003130 _____ C:\Windows\System32\Tasks\{4A573F58-4FAE-43F2-9678-B47E3F81A21B}
2013-07-28 22:28 - 2013-07-28 22:28 - 00000000 ____D C:\dell

Files to move or delete:
====================
C:\Users\CHRIST~1\AppData\Local\Temp\ICReinstall_UltimateCodec.exe
C:\Users\CHRIST~1\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe
C:\Users\CHRIST~1\AppData\Local\Temp\ose00000.exe
C:\Users\CHRIST~1\AppData\Local\Temp\sdanircmdc.exe
C:\Users\CHRIST~1\AppData\Local\Temp\SHSetup.exe
C:\Users\CHRIST~1\AppData\Local\Temp\SkypeSetup.exe
C:\Users\CHRIST~1\AppData\Local\Temp\tbsTMP.exe
C:\Users\CHRIST~1\AppData\Local\Temp\uninst1.exe
C:\Users\CHRIST~1\AppData\Local\Temp\_TinDel.exe
C:\Users\CHRIST~1\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_15821.exe
C:\Users\CHRIST~1\AppData\Local\Temp\{B7F0A6A8-8F07-48A4-8B5F-B61A675C5F66}\{671EC9B2-A0F0-4035-AA48-729EDC3C59EF}\TurboBoostSetup_x64.exe
C:\Users\CHRIST~1\AppData\Local\Temp\{4E1581DA-B182-43FD-9B33-8F6FCA192ABC}\ISBEW64.exe
C:\Users\CHRIST~1\AppData\Local\Temp\upd53B6\BabScheduler2000201.exe
C:\Users\CHRIST~1\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_.exe
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\setup.exe
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\NVI2\NVI2.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\NVI2\NVI2UI.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\NVI2\NVPrxy32.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\NVI2\NVPrxy64.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\MS.NET\dotNetFx40_Full_setup.exe
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\MS.NET\MSNetExt.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\7z.exe
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\DisplayCplExt.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\ExtensionLoader.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\GalaSoft.MvvmLight.Extras.WPF4.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\GalaSoft.MvvmLight.WPF4.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\GFExperience.exe
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\GFExperienceControls.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\GFExperienceCore.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\GFExperienceExt.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\GridService.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\InstallerService.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\InstallerUIExtension.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\log4net.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\Microsoft.Practices.ServiceLocation.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\Microsoft.WindowsAPICodePack.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\Microsoft.WindowsAPICodePack.Shell.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\NVIDIA.Win32Api.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\nvtmru.exe
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\oaremote_plugin.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\ShadowPlay.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\System.Reactive.Core.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\System.Reactive.Interfaces.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\System.Reactive.Linq.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\System.Reactive.PlatformServices.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\System.Reactive.Providers.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\System.Reactive.Runtime.Remoting.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\System.Reactive.Windows.Threading.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\System.Windows.Interactivity.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\zh-CHT\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\zh-CHS\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\tr-TR\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\th-TH\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\sv-SE\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\sl-SI\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\sk-SK\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\ru-RU\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\pt-PT\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\pt-BR\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\pl-PL\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\nl-NL\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\nb-NO\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\ko-KR\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\ja-JP\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\it-IT\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\hu-HU\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\he-IL\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\fr-FR\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\fi-FI\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\es-MX\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\es-ES\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\en-US\GFExperience.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\en-US\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\en-GB\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\el-GR\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\de-DE\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\da-DK\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\cs-CZ\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\ar-AE\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\ComUpdatus.exe
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\daemonu.exe
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\easyDaemonAPIU32.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\easyDaemonAPIU64.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\nvupdt32.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\nvupdt64.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\nvupdtr32.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\nvupdtr64.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\nvupdtrXP32.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\nvupdtrXP64.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\nvupdtXP32.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\nvupdtXP64.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\UpdateExt.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\WLMerger.exe
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Optimus\OptimusExt.dll
C:\Users\CHRIST~1\AppData\Local\Temp\is1971879534\1194285_Setup.EXE
C:\Users\CHRIST~1\AppData\Local\Temp\is1971879534\1890026_Setup.EXE
C:\Users\CHRIST~1\AppData\Local\Temp\is1971879534\2324847_Setup.EXE
C:\Users\CHRIST~1\AppData\Local\Temp\is1971879534\DeltaTB.exe
C:\Users\CHRIST~1\AppData\Local\Temp\is1971879534\dp.exe
C:\Users\CHRIST~1\AppData\Local\Temp\is1971879534\PCSpeedMaximizer_AQDE_AFD_PPI.exe
C:\Users\CHRIST~1\AppData\Local\Temp\is1971879534\PlusHd_DE.exe
C:\Users\CHRIST~1\AppData\Local\Temp\HpUpdate\26809\FWUpdateEDO2_305748.exe
C:\Users\CHRIST~1\AppData\Local\Temp\HpUpdate\26593\hpusetup.exe
C:\Users\CHRIST~1\AppData\Local\Temp\HpUpdate\26578\4250_DiagnosticAlert_000_000_010_000.exe
C:\Users\CHRIST~1\AppData\Local\Temp\HPDiagnosticAlert\DiagnosticAlert.exe
C:\Users\CHRIST~1\AppData\Local\Temp\Desk365\eInstall\eInstall.exe
C:\Users\CHRIST~1\AppData\Local\Temp\Desk365\eInstall\msvcp100.dll
C:\Users\CHRIST~1\AppData\Local\Temp\Desk365\eInstall\msvcr100.dll
C:\Users\CHRIST~1\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\BabMaint.exe
C:\Users\CHRIST~1\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\BExternal.dll
C:\Users\CHRIST~1\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\BUSolForMontiera.dll
C:\Users\CHRIST~1\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\BUSolution.dll
C:\Users\CHRIST~1\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\ccp.exe
C:\Users\CHRIST~1\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\ChromeToolbarSetup.dll
C:\Users\CHRIST~1\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\CrxInstaller.dll
C:\Users\CHRIST~1\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\GUninstaller.exe
C:\Users\CHRIST~1\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\MntrDLLInstall.dll
C:\Users\CHRIST~1\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\MyDeltaTB.exe
C:\Users\CHRIST~1\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\Setup.exe
C:\Users\CHRIST~1\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\sqlite3.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS3653\hppiw.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS3653\HPSLPSVC32.DLL
C:\Users\CHRIST~1\AppData\Local\Temp\7zS3653\HPSLPSVC64.DLL
C:\Users\CHRIST~1\AppData\Local\Temp\7zS3653\DeviceManager\DeviceManager.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS3653\DeviceManager\DIFxAPI.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS2A97\InstallDiagnosticAlert.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\HP-DQEX5.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\Setup.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\utils\HPInstallLogCollector.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\utils\hpUrlLauncher.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\utils\x86\DIFxAPI.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\utils\x86\RemovePreinstalledDrivers.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\utils\x64\DIFxAPI.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\utils\x64\RemovePreinstalledDrivers.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\Toolbar\BingBarSetup.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\Toolbar\smartprintsetup.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\i386\hpfime51.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\i386\hpinkcoi5912.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\i386\hpinkins5912.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\i386\hpinksts5912.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\i386\hpinksts5912LM.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\i386\hpvpldrv09.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\i386\hpvplres09.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\i386\hpvplui09.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\i386\unidrv.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\i386\unidrvui.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\i386\unires.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\HP\Setup\hpssres.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\scanner\x64\HPScanTRDrv_OJ8600.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\scanner\x64\HPWia1_OJ8600.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\scanner\x64\HPWia2_OJ8600.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\scanner\x32\HPScanTRDrv_OJ8600.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\scanner\x32\HPWia1_OJ8600.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\scanner\x32\HPWia2_OJ8600.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\fax\x64\HPOJ8600_FaxPCSendDialogUI.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\fax\x64\HPOJ8600_FaxPCSendRenderPlugin.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\fax\x64\Unidrv.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\fax\x64\UnidrvUI.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\fax\x64\Unires.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\fax\x32\HPOJ8600_FaxPCSendDialogUI.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\fax\x32\HPOJ8600_FaxPCSendRenderPlugin.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\fax\x32\Unidrv.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\fax\x32\UnidrvUI.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\fax\x32\Unires.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\amd64\hpfime51.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\amd64\hpinkcoi5912.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\amd64\hpinkins5912.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\amd64\hpinksts5912.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\amd64\hpinksts5912LM.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\amd64\hpvpldrv09.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\amd64\hpvplres09.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\amd64\hpvplui09.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\amd64\unidrv.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\amd64\unidrvui.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\amd64\unires.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS2853\EnterpriseDU.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS2853\EnterpriseDUUI.dll
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\BabMaint.exe
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\BExternal.dll
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\BUSolForMontiera.dll
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\BUSolution.dll
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\ccp.exe
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\ChromeToolbarSetup.dll
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\CrxInstaller.dll
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\GUninstaller.exe
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\IEHelper.dll
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\MntrDLLInstall.dll
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\MyDeltaTB.exe
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\Setup.exe
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\sqlite3.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 10:26

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-08-2013 01
Ran by Christoph at 2013-08-27 16:31:54
Running from C:\Users\Christoph\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.7)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Bit HP CIO Components Installer (Version: 13.2.1)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.7)
Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch (x32 Version: 1.1)
Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch (x32)
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch (x32 Version: 1.4)
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch (x32)
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch (x32)
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch (x32 Version: 1.5)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32)
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7)
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32)
Dot4 (Version: 1.0.0.0)
Google Update Helper (x32 Version: 1.3.23.0)
HP FWUpdateEDO2 (x32 Version: 1.2.0.0)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (Version: 28.0.1315.0)
HP Officejet Pro 8600 Hilfe (x32 Version: 28.0.0)
HP Update (x32 Version: 5.003.003.001)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HTC Driver Installer (x32 Version: 4.3.0.001)
I.R.I.S. OCR (x32 Version: 12.3.4.0)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2849)
Intel(R) WiDi (Version: 3.5.34.0)
IPTInstaller (x32 Version: 4.0.8)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8)
MyPhoneExplorer (x32 Version: 1.8.4)
Norton Internet Security CBE (x32 Version: 20.1.1.2)
NVIDIA GeForce Experience 1.5.1 (Version: 1.5.1)
NVIDIA Grafiktreiber 320.49 (Version: 320.49)
NVIDIA Install Application (Version: 2.1002.125.816)
NVIDIA Optimus 6.4.23 (Version: 6.4.23)
NVIDIA PhysX (x32 Version: 9.13.0604)
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604)
NVIDIA Systemsteuerung 320.49 (Version: 320.49)
NVIDIA Update 6.4.23 (Version: 6.4.23)
NVIDIA Update Components (Version: 6.4.23)
Quickset64 (Version: 11.1.27)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.39030)
Skype™ 6.6 (x32 Version: 6.6.106)
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (Version: 28.0.1315.0)
TeamViewer 8 (x32 Version: 8.0.20202)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.6 (Version: 2.6.2.0)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition (x32)
XSManager (x32 Version: 3.0)

==================== Restore Points  =========================

11-08-2013 16:13:54 Geplanter Prüfpunkt
14-08-2013 18:35:56 Windows Update
21-08-2013 15:45:44 Windows Update
26-08-2013 09:59:28 Uniblue SpeedUpMyPC installation
27-08-2013 11:43:57 Removed SpyHunter

==================== Hosts content: ==========================

2012-07-26 07:26 - 2013-06-14 13:12 - 00002383 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com      
127.0.0.1 practivate.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 192.150.18.108
127.0.0.1 activate.adobe.com:443
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 192.150.18.108
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 adobe-dns-5.adobe.com
127.0.0.1 ereg.wip3.adobe.com

There are 21 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {0934AF59-05C7-4B9A-9E60-A0658DDDF251} - System32\Tasks\{298BB8E3-A60E-4C29-9CDD-BFA05E508556} => c:\program files (x86)\mozilla firefox\firefox.exe [2013-08-21] (Mozilla Corporation)
Task: {0B6091EF-2668-472B-930B-F551036AAB37} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {10079164-7C57-4B94-B7E7-AD616362EB5C} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation)
Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {32ACAC3E-EE76-4C8A-A239-C1CB4286ED9F} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {38D429E1-980E-4454-B754-D92C8AA91A0C} - System32\Tasks\DealPlyLiveUpdateTaskMachineCore => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe No File
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {420B00DC-77A6-4FF9-B624-02899C23EAF2} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation)
Task: {4998F38D-EE96-4963-A742-C6F481DB9F69} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe No File
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {5786EB7D-7A36-4A31-9750-FEB4EE04CF49} - System32\Tasks\Norton Internet Security CBE\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.1.1.2\SymErr.exe [2012-08-17] (Symantec Corporation)
Task: {57CDB7CC-BAF2-4706-83BD-77B2DC3E66A5} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2125518474-1797576930-2400602621-1001
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {72F579FD-A844-4CEF-9D50-8A908B03444D} - System32\Tasks\Norton Internet Security CBE\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.1.1.2\SymErr.exe [2012-08-17] (Symantec Corporation)
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {97DB00E2-886A-4C16-8AF3-B6328CAF1700} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe [2012-08-15] (Microsoft Corporation)
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {A6A57D2E-503B-4562-B41F-F547D9A00475} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.1.1.2\WSCStub.exe [2012-08-29] (Symantec Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C2D41E62-029E-4898-B7F8-9277A536AB99} - System32\Tasks\DealPlyLiveUpdateTaskMachineUA => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe No File
Task: {C349513B-1076-4999-8B23-2044EEDDA1C7} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\Windows\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {CE71C66F-2CF7-4165-BC24-9EFF4DB125B9} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E1A6ACC8-6B90-49DB-900D-C0328DDED93E} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Christoph\Desktop\Thumbs.db:encryptable
AlternateDataStreams: C:\Users\Christoph\Downloads\Thumbs.db:encryptable
AlternateDataStreams: C:\Users\Christoph\Documents\Thumbs.db:encryptable


==================== Faulty Device Manager Devices =============

Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/27/2013 03:49:01 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_p2psvc, Version: 6.2.9200.16420, Zeitstempel: 0x505a9a4e
Name des fehlerhaften Moduls: ESENT.dll, Version: 6.2.9200.16384, Zeitstempel: 0x5010aad8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000eaa3
ID des fehlerhaften Prozesses: 0xe18
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_p2psvc0
Pfad der fehlerhaften Anwendung: svchost.exe_p2psvc1
Pfad des fehlerhaften Moduls: svchost.exe_p2psvc2
Berichtskennung: svchost.exe_p2psvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_p2psvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_p2psvc5

Error: (08/27/2013 02:01:29 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_p2psvc, Version: 6.2.9200.16420, Zeitstempel: 0x505a9a4e
Name des fehlerhaften Moduls: ESENT.dll, Version: 6.2.9200.16384, Zeitstempel: 0x5010aad8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000eaa3
ID des fehlerhaften Prozesses: 0xb34
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_p2psvc0
Pfad der fehlerhaften Anwendung: svchost.exe_p2psvc1
Pfad des fehlerhaften Moduls: svchost.exe_p2psvc2
Berichtskennung: svchost.exe_p2psvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_p2psvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_p2psvc5

Error: (08/27/2013 01:54:39 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_p2psvc, Version: 6.2.9200.16420, Zeitstempel: 0x505a9a4e
Name des fehlerhaften Moduls: ESENT.dll, Version: 6.2.9200.16384, Zeitstempel: 0x5010aad8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000eaa3
ID des fehlerhaften Prozesses: 0xb54
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_p2psvc0
Pfad der fehlerhaften Anwendung: svchost.exe_p2psvc1
Pfad des fehlerhaften Moduls: svchost.exe_p2psvc2
Berichtskennung: svchost.exe_p2psvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_p2psvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_p2psvc5

Error: (08/27/2013 01:49:24 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_p2psvc, Version: 6.2.9200.16420, Zeitstempel: 0x505a9a4e
Name des fehlerhaften Moduls: ESENT.dll, Version: 6.2.9200.16384, Zeitstempel: 0x5010aad8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000eaa3
ID des fehlerhaften Prozesses: 0xbf4
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_p2psvc0
Pfad der fehlerhaften Anwendung: svchost.exe_p2psvc1
Pfad des fehlerhaften Moduls: svchost.exe_p2psvc2
Berichtskennung: svchost.exe_p2psvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_p2psvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_p2psvc5

Error: (08/27/2013 01:43:49 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_p2psvc, Version: 6.2.9200.16420, Zeitstempel: 0x505a9a4e
Name des fehlerhaften Moduls: ESENT.dll, Version: 6.2.9200.16384, Zeitstempel: 0x5010aad8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000eaa3
ID des fehlerhaften Prozesses: 0x1328
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_p2psvc0
Pfad der fehlerhaften Anwendung: svchost.exe_p2psvc1
Pfad des fehlerhaften Moduls: svchost.exe_p2psvc2
Berichtskennung: svchost.exe_p2psvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_p2psvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_p2psvc5

Error: (08/27/2013 01:43:35 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_p2psvc, Version: 6.2.9200.16420, Zeitstempel: 0x505a9a4e
Name des fehlerhaften Moduls: ESENT.dll, Version: 6.2.9200.16384, Zeitstempel: 0x5010aad8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000eaa3
ID des fehlerhaften Prozesses: 0x63c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_p2psvc0
Pfad der fehlerhaften Anwendung: svchost.exe_p2psvc1
Pfad des fehlerhaften Moduls: svchost.exe_p2psvc2
Berichtskennung: svchost.exe_p2psvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_p2psvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_p2psvc5

Error: (08/27/2013 01:40:49 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_p2psvc, Version: 6.2.9200.16420, Zeitstempel: 0x505a9a4e
Name des fehlerhaften Moduls: ESENT.dll, Version: 6.2.9200.16384, Zeitstempel: 0x5010aad8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000eaa3
ID des fehlerhaften Prozesses: 0x1af0
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_p2psvc0
Pfad der fehlerhaften Anwendung: svchost.exe_p2psvc1
Pfad des fehlerhaften Moduls: svchost.exe_p2psvc2
Berichtskennung: svchost.exe_p2psvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_p2psvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_p2psvc5

Error: (08/27/2013 01:40:43 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_p2psvc, Version: 6.2.9200.16420, Zeitstempel: 0x505a9a4e
Name des fehlerhaften Moduls: ESENT.dll, Version: 6.2.9200.16384, Zeitstempel: 0x5010aad8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000eaa3
ID des fehlerhaften Prozesses: 0x18ec
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_p2psvc0
Pfad der fehlerhaften Anwendung: svchost.exe_p2psvc1
Pfad des fehlerhaften Moduls: svchost.exe_p2psvc2
Berichtskennung: svchost.exe_p2psvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_p2psvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_p2psvc5

Error: (08/27/2013 01:37:41 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_p2psvc, Version: 6.2.9200.16420, Zeitstempel: 0x505a9a4e
Name des fehlerhaften Moduls: ESENT.dll, Version: 6.2.9200.16384, Zeitstempel: 0x5010aad8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000eaa3
ID des fehlerhaften Prozesses: 0x120c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_p2psvc0
Pfad der fehlerhaften Anwendung: svchost.exe_p2psvc1
Pfad des fehlerhaften Moduls: svchost.exe_p2psvc2
Berichtskennung: svchost.exe_p2psvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_p2psvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_p2psvc5

Error: (08/27/2013 01:37:35 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_p2psvc, Version: 6.2.9200.16420, Zeitstempel: 0x505a9a4e
Name des fehlerhaften Moduls: ESENT.dll, Version: 6.2.9200.16384, Zeitstempel: 0x5010aad8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000eaa3
ID des fehlerhaften Prozesses: 0x1078
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_p2psvc0
Pfad der fehlerhaften Anwendung: svchost.exe_p2psvc1
Pfad des fehlerhaften Moduls: svchost.exe_p2psvc2
Berichtskennung: svchost.exe_p2psvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_p2psvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_p2psvc5


System errors:
=============
Error: (08/27/2013 03:54:02 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Peer Name Resolution-Protokoll" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (08/27/2013 03:49:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/27/2013 03:49:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/27/2013 03:49:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerkidentitäts-Manager" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/27/2013 02:06:30 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Peer Name Resolution-Protokoll" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (08/27/2013 02:03:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DealPly Live-Dienst (dealplylive)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/27/2013 02:01:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/27/2013 02:01:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/27/2013 02:01:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerkidentitäts-Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/27/2013 02:00:56 PM) (Source: BTHUSB) (User: )
Description: Der lokale Adapter bietet keine Unterstützung für einen wichtigen Controllerstatus für energiearme Geräte. Die mindestens erforderliche unterstützte Statusmaske ist "0x1f7fffff", vorhanden ist jedoch "0x1f3fffff". Die Funktionalität für energiearme Geräte wird deaktiviert.


Microsoft Office Sessions:
=========================
Error: (08/26/2013 09:14:39 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5992 seconds with 900 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 34%
Total physical RAM: 8048.93 MB
Available physical RAM: 5281.52 MB
Total Pagefile: 9264.93 MB
Available Pagefile: 6447.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.31 GB) (Free:140.57 GB) NTFS
Drive d: (Daten) (Fixed) (Total:194.97 GB) (Free:170.69 GB) NTFS
Drive e: (Media) (Fixed) (Total:540.89 GB) (Free:540.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 8E40B229)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=541 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=195 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 27.08.2013, 15:38   #5
M-K-D-B
/// TB-Ausbilder
 
portaldosites als Startseite im IE und FireFox lässt sich nicht löschen! - Standard

portaldosites als Startseite im IE und FireFox lässt sich nicht löschen!



Aus deiner Logdatei:
Zitat:
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 192.150.18.108
127.0.0.1 activate.adobe.com:443
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 192.150.18.108
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 adobe-dns-5.adobe.com
127.0.0.1 ereg.wip3.adobe.com
Die von mir gelisteten Einträge deuten stark darauf hin, dass auf diesem Rechner Software benutzt wird, die nicht legal erworben wurde.

Alleine der Besuch auf Seiten, welche diese Dateien zum Download anbieten, beinhaltet ein hohes Risiko sich zu infizieren.

Wenn Du den Crack startest, startest du eine ausführbare Datei aus einer sehr dubiosen Quelle. Im Quellcode der Datei kann alles mögliche stehen. ( z.B downloaden und ausführen von Malware Dateien )
Dies ist einer der Hauptgründe wie man sich infiziert.

Wir tolerieren Software-Diebstahl nicht.

Darum haben wir uns darauf geeinigt,
Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Wir sind nicht die Internetpolizei und werden bestimmt nicht explizit danach suchen.
Darum entferne und lösche alle Cracks, Keygens usw bevor Du um Hilfe bittest und halte dich in Zukunft davon fern.



Im Klartext heißt das für dich:
Entferne jegliche illegale Software (Adobe Acrobat X Pro) und alle Cracks, Keygens, etc. und poste neue Logdateien von FRST.

__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 27.08.2013, 15:59   #6
smokejumper
 
portaldosites als Startseite im IE und FireFox lässt sich nicht löschen! - Standard

portaldosites als Startseite im IE und FireFox lässt sich nicht löschen!



was soll genau entfert werden? a a x? oder befindet sich noch etwas störendes in den files?

Alt 27.08.2013, 16:03   #7
M-K-D-B
/// TB-Ausbilder
 
portaldosites als Startseite im IE und FireFox lässt sich nicht löschen! - Standard

portaldosites als Startseite im IE und FireFox lässt sich nicht löschen!



Zitat:
Zitat von smokejumper Beitrag anzeigen
was soll genau entfert werden? a a x? oder befindet sich noch etwas störendes in den files?
Ich sags dir jetzt noch ein zweites Mal:
Die Einträge in der hosts Datei deuten auf illegale Adobe Software auf deinem Rechner hin.


Entweder du entfernst sämliche illegale Software und wir fahren mit der Bereinigung fort
oder
du entfernst die illegale Software nicht und wir sind hier fertig.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 27.08.2013, 16:10   #8
smokejumper
 
portaldosites als Startseite im IE und FireFox lässt sich nicht löschen! - Standard

portaldosites als Startseite im IE und FireFox lässt sich nicht löschen!



ist entfernt, sorry wenn ich nochmal nachgefragt habe aber ich bin absolut nicht so bewandert mit der materie.

Alt 27.08.2013, 16:11   #9
M-K-D-B
/// TB-Ausbilder
 
portaldosites als Startseite im IE und FireFox lässt sich nicht löschen! - Standard

portaldosites als Startseite im IE und FireFox lässt sich nicht löschen!



Zitat:
Zitat von smokejumper Beitrag anzeigen
ist entfernt, sorry wenn ich nochmal nachgefragt habe aber ich bin absolut nicht so bewandert mit der materie.
Ok, dann nochmal FRST bitte:




Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus.
Setze dazu eine Haken bei Addition.txt rechts unten und klicke auf Scan.
Es werden wieder zwei Logdateien erzeugt. Poste mir diese.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 27.08.2013, 16:27   #10
smokejumper
 
portaldosites als Startseite im IE und FireFox lässt sich nicht löschen! - Standard

portaldosites als Startseite im IE und FireFox lässt sich nicht löschen!



FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-08-2013 01
Ran by Christoph (administrator) on 27-08-2013 17:21:53
Running from C:\Users\Christoph\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.1.1.2\ccSvcHst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Program Files (x86)\XSManager\WTGService.exe
(4G Systems GmbH & Co. KG) C:\Windows\service4g.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.1.1.2\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(WebToGo Mobiles Internet GmbH) C:\Program Files (x86)\XSManager\XSManager.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-03] (NVIDIA Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4123 2012-05-30] ()
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [4384928 2012-07-12] (Dell Inc.)
HKCU\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
MountPoints2: {69ebd6a7-fe97-11e2-be73-6036ddc486b8} - "G:\autorun.exe" 
MountPoints2: {6f960c28-02b6-11e3-be73-6036ddc486b8} - "G:\HTC_Sync_Manager_PC.exe" 
MountPoints2: {f50b9ba2-0a6e-11e3-be76-5cf9dd5a62a6} - "G:\HTC_Sync_Manager_PC.exe" 
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [starter4g] - C:\Windows\starter4g.exe [157968 2009-09-17] (4G Systems GmbH & Co. KG)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [266448 2013-06-21] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll,C:\Windows\SysWOW64\nvinit.dll [266448 2013-06-21] ()
Startup: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk
ShortcutTarget: Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=20.1.1.2
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=spfs2&from=spfs2&uid=WDCXWD10JPVT-75A1YT0_WX51AA2M9153AA2M9153&ts=1377511227
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=spfs2&from=spfs2&uid=WDCXWD10JPVT-75A1YT0_WX51AA2M9153AA2M9153&ts=1377511227
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=spfs2&from=spfs2&uid=WDCXWD10JPVT-75A1YT0_WX51AA2M9153AA2M9153&ts=1377511227
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=spfs2&from=spfs2&uid=WDCXWD10JPVT-75A1YT0_WX51AA2M9153AA2M9153&ts=1377511227
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=spfs2&from=spfs2&uid=WDCXWD10JPVT-75A1YT0_WX51AA2M9153AA2M9153&ts=1377511227
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.portaldosites.com/?utm_source=b&utm_medium=spfs2&from=spfs2&uid=WDCXWD10JPVT-75A1YT0_WX51AA2M9153AA2M9153&ts=1377511227
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=spfs2&from=spfs2&uid=WDCXWD10JPVT-75A1YT0_WX51AA2M9153AA2M9153&ts=1377511227
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=spfs2&from=spfs2&uid=WDCXWD10JPVT-75A1YT0_WX51AA2M9153AA2M9153&ts=1377511227
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=spfs2&from=spfs2&uid=WDCXWD10JPVT-75A1YT0_WX51AA2M9153AA2M9153&ts=1377511227
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=spfs2&from=spfs2&uid=WDCXWD10JPVT-75A1YT0_WX51AA2M9153AA2M9153&ts=1377511227
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.1.1.2\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.1.1.2\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.1.1.2\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{3EBEEAB5-45AE-41BF-9975-8E891E5A71A0}: [NameServer]62.134.11.4 195.182.110.132

FireFox:
========
FF ProfilePath: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\38n2jqqi.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=3 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=9 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\portaldosites.xml
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.portaldosites.com/?utm_source=b&utm_medium=spfs2&from=spfs2&uid=WDCXWD10JPVT-75A1YT0_WX51AA2M9153AA2M9153&ts=1377511227

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Lyrics Fan) - C:\Users\CHRIST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfeonecgpoepapkmdgdmjolonaakdknd\1.114
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.1.1.2\Exts\Chrome.crx

==================== Services (Whitelisted) =================

R2 HPSLPSVC; C:\Users\CHRIST~1\AppData\Local\Temp\7zS3653\hpslpsvc64.dll [1039360 2013-02-06] (Hewlett-Packard Co.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.1.1.2\ccSvcHst.exe [143928 2012-08-29] (Symantec Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2013-05-18] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [312784 2009-09-25] ()
R2 XS Stick Service; C:\Windows\service4g.exe [125200 2009-09-17] (4G Systems GmbH & Co. KG)
S2 dealplylive; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe /svc [x]
S3 dealplylivem; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe /medsvc [x]

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-07-15] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-07-15] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1401010.002\ccSetx64.sys [168096 2012-08-07] (Symantec Corporation)
R3 cmnsusbser; C:\Windows\system32\DRIVERS\cmnsusbser.sys [117888 2013-08-11] (Mobile Connector)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-27] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130826.001\IDSvia64.sys [520280 2013-08-26] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130826.001\IDSvia64.sys [520280 2013-08-26] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130826.025\ENG64.SYS [126040 2013-08-27] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130826.025\ENG64.SYS [126040 2013-08-27] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130826.025\EX64.SYS [2098776 2013-08-27] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130826.025\EX64.SYS [2098776 2013-08-27] (Symantec Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1401010.002\SRTSP64.SYS [776352 2012-08-10] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1401010.002\SRTSPX64.SYS [37496 2012-05-24] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1401010.002\SYMDS64.SYS [493216 2012-07-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1401010.002\SYMEFA64.SYS [1132192 2012-08-07] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1401010.002\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-08-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1401010.002\Ironx64.SYS [224416 2012-07-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1401010.002\SYMNETS.SYS [432800 2012-07-22] (Symantec Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-27 16:30 - 2013-08-27 16:30 - 01578852 _____ (Farbar) C:\Users\Christoph\Desktop\FRST64.exe
2013-08-27 15:55 - 2013-08-27 15:55 - 00994642 _____ C:\Users\Christoph\Downloads\adwcleaner3001.exe
2013-08-27 13:40 - 2013-08-27 13:40 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security CBE
2013-08-27 13:40 - 2013-08-27 13:40 - 00000000 ____D C:\Users\Christoph\Documents\Symantec
2013-08-27 13:39 - 2013-08-27 13:39 - 00177312 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-08-27 13:39 - 2013-08-27 13:39 - 00007466 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-08-27 13:39 - 2013-08-27 13:39 - 00003240 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-08-27 13:39 - 2013-08-27 13:39 - 00002612 _____ C:\Users\Public\Desktop\Norton Internet Security CBE.lnk
2013-08-27 13:39 - 2013-08-27 13:39 - 00000000 ____D C:\Program Files\Symantec
2013-08-27 13:39 - 2013-08-27 13:39 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-08-27 13:38 - 2013-08-27 13:39 - 00000000 ____D C:\ProgramData\Norton
2013-08-27 13:38 - 2013-08-27 13:38 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2013-08-27 13:38 - 2013-08-27 13:38 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security CBE
2013-08-27 12:12 - 2013-08-27 12:12 - 00000122 ___RH C:\Users\Christoph\Downloads\Stinger.opt
2013-08-27 12:02 - 2013-08-27 12:06 - 00000628 _____ C:\Users\Christoph\Downloads\Stinger_27082013_120205.html
2013-08-27 12:01 - 2013-08-27 12:12 - 00000000 ____D C:\Program Files\stinger
2013-08-27 12:01 - 2013-08-27 12:01 - 11044384 _____ (McAfee Inc) C:\Users\Christoph\Downloads\stinger64.exe
2013-08-27 10:36 - 2013-08-27 10:36 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\TeamViewer
2013-08-27 09:42 - 2013-08-27 09:42 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-27 09:42 - 2013-08-27 09:42 - 00000000 _____ C:\autoexec.bat
2013-08-27 09:41 - 2013-08-27 13:45 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-26 12:01 - 2013-08-26 12:04 - 00000000 ____D C:\ProgramData\eSafe
2013-08-26 12:00 - 2013-08-27 09:24 - 00000000 ____D C:\Program Files (x86)\Desk 365
2013-08-26 12:00 - 2013-08-26 12:02 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\Desk 365
2013-08-26 12:00 - 2013-08-26 12:00 - 00000000 _____ C:\ProgramData\20263e31_c
2013-08-26 11:59 - 2013-08-26 11:59 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\eIntaller
2013-08-25 14:07 - 2013-08-25 14:07 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-08-25 14:06 - 2013-08-25 14:06 - 05536272 _____ (TeamViewer GmbH) C:\Users\Christoph\Downloads\TeamViewer_Setup_de-ckc.exe
2013-08-21 20:14 - 2013-08-27 08:58 - 00000000 ____D C:\Users\Christoph\Desktop\Ausbildungskonzept2014
2013-08-21 17:07 - 2013-08-21 17:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-14 20:37 - 2013-08-14 20:38 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 20:20 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 20:20 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 20:20 - 2013-07-26 07:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-08-14 20:20 - 2013-07-26 07:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-08-14 20:20 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 20:20 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 20:20 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 20:20 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 20:20 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 20:20 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 20:20 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 20:20 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 20:20 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 20:20 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 20:20 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 20:20 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 20:20 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 20:20 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 20:20 - 2013-07-26 05:13 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-08-14 20:20 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 20:20 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 20:20 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 20:20 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 20:20 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 20:20 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 20:20 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 20:20 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 20:20 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 20:20 - 2013-07-26 02:54 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-08-14 20:20 - 2013-07-09 08:07 - 02233168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 20:20 - 2013-07-02 02:44 - 00036288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2013-08-14 20:20 - 2013-07-02 00:08 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2013-08-14 20:20 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 20:20 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 20:19 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 20:19 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 20:19 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 20:19 - 2013-07-13 08:16 - 01889280 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 20:19 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 20:19 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2013-08-14 20:19 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2013-08-14 20:19 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 20:19 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 20:19 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2013-08-14 20:19 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2013-08-14 14:07 - 2013-08-14 14:22 - 00000005 _____ C:\Windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp
2013-08-14 14:00 - 2013-08-14 14:08 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\HTC
2013-08-14 13:59 - 2013-08-14 14:11 - 00000000 ____D C:\ProgramData\HTC
2013-08-14 13:59 - 2013-08-14 14:00 - 00000000 ____D C:\Users\Christoph\Documents\HTC
2013-08-14 13:59 - 2013-08-14 13:59 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\Apple Computer
2013-08-14 13:59 - 2013-08-14 13:59 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\Apple Computer
2013-08-14 13:59 - 2013-08-14 13:59 - 00000000 ____D C:\ProgramData\Motorola
2013-08-14 13:58 - 2013-08-14 14:22 - 00000000 ____D C:\Program Files (x86)\HTC
2013-08-14 13:58 - 2013-08-14 13:58 - 00012690 _____ C:\Windows\DPINST.LOG
2013-08-14 13:58 - 2013-08-14 13:58 - 00000000 ____D C:\Program Files (x86)\Spirent Communications
2013-08-14 13:57 - 2013-08-14 14:09 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\Downloaded Installations
2013-08-13 15:17 - 2013-08-13 15:17 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2013-08-11 13:49 - 2013-08-12 00:25 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\XSManager
2013-08-11 13:48 - 2013-08-11 13:48 - 00117888 _____ (Mobile Connector) C:\Windows\system32\Drivers\cmnsusbser.sys
2013-08-11 13:48 - 2013-08-11 13:48 - 00001931 _____ C:\Users\Public\Desktop\XSManager.lnk
2013-08-11 13:48 - 2013-08-11 13:48 - 00000000 ____D C:\Program Files (x86)\XSManager
2013-08-11 13:48 - 2009-09-17 18:37 - 00157968 ____R (4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe
2013-08-11 13:48 - 2009-09-17 18:37 - 00125200 ____R (4G Systems GmbH & Co. KG) C:\Windows\service4g.exe
2013-08-11 13:48 - 2008-10-31 16:19 - 00117888 _____ (Mobile Connector) C:\Windows\SysWOW64\Drivers\cmnsusbser.sys
2013-08-09 14:48 - 2013-08-09 14:49 - 00011776 ___SH C:\Users\Christoph\Downloads\Thumbs.db
2013-08-07 21:14 - 2013-08-07 22:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-06 14:42 - 2013-08-06 14:42 - 00000000 ____D C:\Windows\Hewlett-Packard
2013-07-29 20:03 - 2013-07-29 20:03 - 00000000 ____D C:\Users\Public\Documents\Hewlett-Packard
2013-07-29 20:02 - 2013-07-29 20:02 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-07-29 20:02 - 2013-07-29 20:02 - 00000000 _____ C:\Windows\HPMProp.INI
2013-07-29 20:02 - 2013-05-10 09:40 - 00237344 _____ (Hewlett-Packard Company) C:\Windows\system32\hpmlm135.dll
2013-07-29 20:02 - 2013-05-10 09:40 - 00216864 _____ (Hewlett-Packard) C:\Windows\system32\hpmml150.dll
2013-07-29 20:02 - 2013-05-10 09:40 - 00189728 _____ (Hewlett-Packard) C:\Windows\system32\hpmpm081.dll
2013-07-29 20:02 - 2013-05-10 09:40 - 00162080 _____ (Hewlett-Packard) C:\Windows\system32\hpmtp150.dll
2013-07-29 20:02 - 2013-05-10 09:40 - 00074016 _____ (Hewlett-Packard) C:\Windows\system32\hpmpw081.dll
2013-07-29 20:02 - 2013-05-10 09:39 - 00438560 _____ (Hewlett-Packard Corporation) C:\Windows\system32\hpcpn150.dll
2013-07-29 20:02 - 2013-05-10 09:39 - 00199968 _____ (Hewlett-Packard) C:\Windows\system32\hpmja150.dll
2013-07-29 20:02 - 2013-05-10 09:38 - 00140064 _____ (Hewlett-Packard) C:\Windows\system32\hpcjpm.dll
2013-07-29 20:02 - 2011-02-11 15:23 - 00193592 _____ (Hewlett-Packard) C:\Windows\system32\hppdcompio.dll
2013-07-29 20:02 - 2011-02-11 15:23 - 00167480 _____ (Hewlett-Packard) C:\Windows\SysWOW64\hppccompio.dll
2013-07-29 20:01 - 2013-07-29 20:01 - 00000000 ____D C:\HP Universal Print Driver
2013-07-29 20:01 - 2013-05-10 09:41 - 00518432 _____ (HP) C:\Windows\SysWOW64\hpcdmc32.dll
2013-07-29 20:01 - 2013-05-10 09:36 - 00436512 _____ C:\Windows\SysWOW64\hpcc3150.dll
2013-07-29 20:01 - 2009-02-25 17:32 - 00060440 _____ (Hewlett-Packard) C:\Windows\system32\FxCompChannel_x64.dll
2013-07-29 19:52 - 2013-07-29 20:00 - 17602872 _____ C:\Users\Christoph\Desktop\upd-pcl5-x64-5.6.5.15717.exe
2013-07-29 19:45 - 2013-07-29 19:47 - 03616768 _____ C:\Users\Christoph\Desktop\Dot4x64.msi
2013-07-28 22:49 - 2013-07-28 22:49 - 00000000 ____D C:\ProgramData\Dell
2013-07-28 22:49 - 2013-07-28 22:49 - 00000000 ____D C:\Program Files\Dell
2013-07-28 22:48 - 2013-07-28 22:48 - 00002010 _____ C:\Users\Public\Desktop\Intel(R) WiDi.lnk
2013-07-28 22:48 - 2013-07-28 22:48 - 00000000 ____D C:\ProgramData\Intel
2013-07-28 22:48 - 2013-07-28 22:48 - 00000000 ____D C:\Program Files\Intel Corporation
2013-07-28 22:45 - 2013-07-28 22:45 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-07-28 22:44 - 2013-07-28 22:44 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2013-07-28 22:44 - 2013-07-28 22:44 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-07-28 22:44 - 2013-07-28 22:44 - 00000000 ____D C:\Program Files\MSBuild
2013-07-28 22:43 - 2012-07-06 04:02 - 01166440 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2013-07-28 22:43 - 2012-07-06 04:02 - 00778856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2013-07-28 22:43 - 2012-07-06 04:02 - 00124040 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-07-28 22:43 - 2012-07-06 04:02 - 00102528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-07-28 22:43 - 2012-07-06 04:02 - 00035400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2013-07-28 22:43 - 2012-07-06 04:02 - 00035400 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2013-07-28 22:41 - 2013-07-28 22:41 - 00001045 _____ C:\Users\Public\Desktop\Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk
2013-07-28 22:41 - 2013-07-28 22:41 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\InstallShield
2013-07-28 22:41 - 2013-07-28 22:41 - 00000000 ____D C:\Program Files\Intel
2013-07-28 22:35 - 2013-07-28 22:35 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-07-28 22:35 - 2012-06-15 13:50 - 09888912 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsUVStoricon.dll
2013-07-28 22:35 - 2012-06-15 13:50 - 00315536 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUVStor.sys
2013-07-28 22:30 - 2013-07-28 22:35 - 00000000 ____D C:\Windows\SysWOW64\sda
2013-07-28 22:29 - 2013-07-28 22:29 - 00003130 _____ C:\Windows\System32\Tasks\{4A573F58-4FAE-43F2-9678-B47E3F81A21B}
2013-07-28 22:28 - 2013-07-28 22:28 - 00000000 ____D C:\dell

==================== One Month Modified Files and Folders =======

2013-08-27 17:19 - 2013-05-19 02:34 - 00753134 _____ C:\Windows\system32\perfh007.dat
2013-08-27 17:19 - 2013-05-19 02:34 - 00155826 _____ C:\Windows\system32\perfc007.dat
2013-08-27 17:19 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-27 17:07 - 2013-06-22 10:02 - 00000922 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2013-08-27 17:01 - 2013-06-14 13:18 - 00000000 ____D C:\ProgramData\Adobe
2013-08-27 17:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-08-27 16:31 - 2013-08-27 16:31 - 00000000 ____D C:\FRST
2013-08-27 16:30 - 2013-08-27 16:30 - 01578852 _____ (Farbar) C:\Users\Christoph\Desktop\FRST64.exe
2013-08-27 15:55 - 2013-08-27 15:55 - 00994642 _____ C:\Users\Christoph\Downloads\adwcleaner3001.exe
2013-08-27 14:25 - 2013-05-18 16:43 - 01592360 _____ C:\Windows\WindowsUpdate.log
2013-08-27 14:05 - 2013-06-22 10:02 - 00000918 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2013-08-27 14:01 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-27 14:00 - 2013-05-18 16:35 - 00016220 _____ C:\Windows\PFRO.log
2013-08-27 14:00 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-08-27 13:59 - 2013-05-18 16:51 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2125518474-1797576930-2400602621-1001
2013-08-27 13:57 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-08-27 13:45 - 2013-08-27 09:41 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-27 13:40 - 2013-08-27 13:40 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security CBE
2013-08-27 13:40 - 2013-08-27 13:40 - 00000000 ____D C:\Users\Christoph\Documents\Symantec
2013-08-27 13:39 - 2013-08-27 13:39 - 00177312 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-08-27 13:39 - 2013-08-27 13:39 - 00007466 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-08-27 13:39 - 2013-08-27 13:39 - 00003240 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-08-27 13:39 - 2013-08-27 13:39 - 00002612 _____ C:\Users\Public\Desktop\Norton Internet Security CBE.lnk
2013-08-27 13:39 - 2013-08-27 13:39 - 00000000 ____D C:\Program Files\Symantec
2013-08-27 13:39 - 2013-08-27 13:39 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-08-27 13:39 - 2013-08-27 13:38 - 00000000 ____D C:\ProgramData\Norton
2013-08-27 13:39 - 2012-07-26 10:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2013-08-27 13:38 - 2013-08-27 13:38 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2013-08-27 13:38 - 2013-08-27 13:38 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security CBE
2013-08-27 12:12 - 2013-08-27 12:12 - 00000122 ___RH C:\Users\Christoph\Downloads\Stinger.opt
2013-08-27 12:12 - 2013-08-27 12:01 - 00000000 ____D C:\Program Files\stinger
2013-08-27 12:06 - 2013-08-27 12:02 - 00000628 _____ C:\Users\Christoph\Downloads\Stinger_27082013_120205.html
2013-08-27 12:01 - 2013-08-27 12:01 - 11044384 _____ (McAfee Inc) C:\Users\Christoph\Downloads\stinger64.exe
2013-08-27 10:36 - 2013-08-27 10:36 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\TeamViewer
2013-08-27 09:42 - 2013-08-27 09:42 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-27 09:42 - 2013-08-27 09:42 - 00000000 _____ C:\autoexec.bat
2013-08-27 09:24 - 2013-08-26 12:00 - 00000000 ____D C:\Program Files (x86)\Desk 365
2013-08-27 08:58 - 2013-08-21 20:14 - 00000000 ____D C:\Users\Christoph\Desktop\Ausbildungskonzept2014
2013-08-26 12:31 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-08-26 12:05 - 2013-07-16 09:23 - 00424672 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-26 12:04 - 2013-08-26 12:01 - 00000000 ____D C:\ProgramData\eSafe
2013-08-26 12:02 - 2013-08-26 12:00 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\Desk 365
2013-08-26 12:00 - 2013-08-26 12:00 - 00000000 _____ C:\ProgramData\20263e31_c
2013-08-26 12:00 - 2013-05-18 16:44 - 00001716 _____ C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-26 12:00 - 2011-01-07 15:39 - 00773712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2013-08-26 12:00 - 2011-01-07 15:39 - 00420944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-08-26 11:59 - 2013-08-26 11:59 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\eIntaller
2013-08-25 14:07 - 2013-08-25 14:07 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-08-25 14:06 - 2013-08-25 14:06 - 05536272 _____ (TeamViewer GmbH) C:\Users\Christoph\Downloads\TeamViewer_Setup_de-ckc.exe
2013-08-25 12:52 - 2013-06-01 18:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-21 19:25 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-08-21 17:08 - 2013-08-21 17:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-21 16:42 - 2012-07-26 09:21 - 00026946 _____ C:\Windows\setupact.log
2013-08-21 16:34 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-21 16:34 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-14 20:39 - 2013-06-04 21:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-14 20:38 - 2013-08-14 20:37 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 20:37 - 2013-06-01 17:33 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 14:23 - 2013-06-22 09:21 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\MyPhoneExplorer
2013-08-14 14:22 - 2013-08-14 14:07 - 00000005 _____ C:\Windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp
2013-08-14 14:22 - 2013-08-14 13:58 - 00000000 ____D C:\Program Files (x86)\HTC
2013-08-14 14:11 - 2013-08-14 13:59 - 00000000 ____D C:\ProgramData\HTC
2013-08-14 14:09 - 2013-08-14 13:57 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\Downloaded Installations
2013-08-14 14:08 - 2013-08-14 14:00 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\HTC
2013-08-14 14:00 - 2013-08-14 13:59 - 00000000 ____D C:\Users\Christoph\Documents\HTC
2013-08-14 13:59 - 2013-08-14 13:59 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\Apple Computer
2013-08-14 13:59 - 2013-08-14 13:59 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\Apple Computer
2013-08-14 13:59 - 2013-08-14 13:59 - 00000000 ____D C:\ProgramData\Motorola
2013-08-14 13:58 - 2013-08-14 13:58 - 00012690 _____ C:\Windows\DPINST.LOG
2013-08-14 13:58 - 2013-08-14 13:58 - 00000000 ____D C:\Program Files (x86)\Spirent Communications
2013-08-14 12:29 - 2013-06-23 19:07 - 00000000 ____D C:\Users\Christoph\Desktop\k9mailsicherung
2013-08-13 15:18 - 2013-06-05 14:42 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\HpUpdate
2013-08-13 15:17 - 2013-08-13 15:17 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2013-08-12 00:25 - 2013-08-11 13:49 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\XSManager
2013-08-12 00:25 - 2013-06-16 12:02 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\Skype
2013-08-11 13:48 - 2013-08-11 13:48 - 00117888 _____ (Mobile Connector) C:\Windows\system32\Drivers\cmnsusbser.sys
2013-08-11 13:48 - 2013-08-11 13:48 - 00001931 _____ C:\Users\Public\Desktop\XSManager.lnk
2013-08-11 13:48 - 2013-08-11 13:48 - 00000000 ____D C:\Program Files (x86)\XSManager
2013-08-09 14:49 - 2013-08-09 14:48 - 00011776 ___SH C:\Users\Christoph\Downloads\Thumbs.db
2013-08-07 22:16 - 2013-08-07 21:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-06 14:42 - 2013-08-06 14:42 - 00000000 ____D C:\Windows\Hewlett-Packard
2013-07-29 20:03 - 2013-07-29 20:03 - 00000000 ____D C:\Users\Public\Documents\Hewlett-Packard
2013-07-29 20:02 - 2013-07-29 20:02 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-07-29 20:02 - 2013-07-29 20:02 - 00000000 _____ C:\Windows\HPMProp.INI
2013-07-29 20:01 - 2013-07-29 20:01 - 00000000 ____D C:\HP Universal Print Driver
2013-07-29 20:00 - 2013-07-29 19:52 - 17602872 _____ C:\Users\Christoph\Desktop\upd-pcl5-x64-5.6.5.15717.exe
2013-07-29 19:47 - 2013-07-29 19:45 - 03616768 _____ C:\Users\Christoph\Desktop\Dot4x64.msi
2013-07-29 19:47 - 2013-06-05 14:41 - 00000000 ____D C:\Program Files (x86)\HP
2013-07-29 12:07 - 2013-05-18 16:43 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\Packages
2013-07-28 22:49 - 2013-07-28 22:49 - 00000000 ____D C:\ProgramData\Dell
2013-07-28 22:49 - 2013-07-28 22:49 - 00000000 ____D C:\Program Files\Dell
2013-07-28 22:48 - 2013-07-28 22:48 - 00002010 _____ C:\Users\Public\Desktop\Intel(R) WiDi.lnk
2013-07-28 22:48 - 2013-07-28 22:48 - 00000000 ____D C:\ProgramData\Intel
2013-07-28 22:48 - 2013-07-28 22:48 - 00000000 ____D C:\Program Files\Intel Corporation
2013-07-28 22:48 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-07-28 22:45 - 2013-07-28 22:45 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-07-28 22:45 - 2013-06-04 21:16 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-07-28 22:44 - 2013-07-28 22:44 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2013-07-28 22:44 - 2013-07-28 22:44 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-07-28 22:44 - 2013-07-28 22:44 - 00000000 ____D C:\Program Files\MSBuild
2013-07-28 22:41 - 2013-07-28 22:41 - 00001045 _____ C:\Users\Public\Desktop\Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk
2013-07-28 22:41 - 2013-07-28 22:41 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\InstallShield
2013-07-28 22:41 - 2013-07-28 22:41 - 00000000 ____D C:\Program Files\Intel
2013-07-28 22:41 - 2013-05-18 17:02 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-28 22:41 - 2013-05-18 16:44 - 00000000 ___RD C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-28 22:35 - 2013-07-28 22:35 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-07-28 22:35 - 2013-07-28 22:30 - 00000000 ____D C:\Windows\SysWOW64\sda
2013-07-28 22:29 - 2013-07-28 22:29 - 00003130 _____ C:\Windows\System32\Tasks\{4A573F58-4FAE-43F2-9678-B47E3F81A21B}
2013-07-28 22:28 - 2013-07-28 22:28 - 00000000 ____D C:\dell

Files to move or delete:
====================
C:\Users\CHRIST~1\AppData\Local\Temp\ICReinstall_UltimateCodec.exe
C:\Users\CHRIST~1\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe
C:\Users\CHRIST~1\AppData\Local\Temp\ose00000.exe
C:\Users\CHRIST~1\AppData\Local\Temp\sdanircmdc.exe
C:\Users\CHRIST~1\AppData\Local\Temp\SHSetup.exe
C:\Users\CHRIST~1\AppData\Local\Temp\SkypeSetup.exe
C:\Users\CHRIST~1\AppData\Local\Temp\tbsTMP.exe
C:\Users\CHRIST~1\AppData\Local\Temp\uninst1.exe
C:\Users\CHRIST~1\AppData\Local\Temp\_TinDel.exe
C:\Users\CHRIST~1\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_15821.exe
C:\Users\CHRIST~1\AppData\Local\Temp\{B7F0A6A8-8F07-48A4-8B5F-B61A675C5F66}\{671EC9B2-A0F0-4035-AA48-729EDC3C59EF}\TurboBoostSetup_x64.exe
C:\Users\CHRIST~1\AppData\Local\Temp\{4E1581DA-B182-43FD-9B33-8F6FCA192ABC}\ISBEW64.exe
C:\Users\CHRIST~1\AppData\Local\Temp\upd53B6\BabScheduler2000201.exe
C:\Users\CHRIST~1\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_.exe
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\setup.exe
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\NVI2\NVI2.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\NVI2\NVI2UI.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\NVI2\NVPrxy32.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\NVI2\NVPrxy64.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\MS.NET\dotNetFx40_Full_setup.exe
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\MS.NET\MSNetExt.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\7z.exe
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\DisplayCplExt.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\ExtensionLoader.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\GalaSoft.MvvmLight.Extras.WPF4.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\GalaSoft.MvvmLight.WPF4.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\GFExperience.exe
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\GFExperienceControls.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\GFExperienceCore.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\GFExperienceExt.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\GridService.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\InstallerService.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\InstallerUIExtension.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\log4net.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\Microsoft.Practices.ServiceLocation.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\Microsoft.WindowsAPICodePack.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\Microsoft.WindowsAPICodePack.Shell.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\NVIDIA.Win32Api.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\nvtmru.exe
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\oaremote_plugin.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\ShadowPlay.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\System.Reactive.Core.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\System.Reactive.Interfaces.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\System.Reactive.Linq.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\System.Reactive.PlatformServices.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\System.Reactive.Providers.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\System.Reactive.Runtime.Remoting.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\System.Reactive.Windows.Threading.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\System.Windows.Interactivity.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\zh-CHT\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\zh-CHS\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\tr-TR\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\th-TH\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\sv-SE\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\sl-SI\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\sk-SK\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\ru-RU\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\pt-PT\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\pt-BR\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\pl-PL\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\nl-NL\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\nb-NO\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\ko-KR\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\ja-JP\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\it-IT\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\hu-HU\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\he-IL\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\fr-FR\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\fi-FI\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\es-MX\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\es-ES\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\en-US\GFExperience.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\en-US\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\en-GB\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\el-GR\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\de-DE\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\da-DK\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\cs-CZ\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\ar-AE\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\ComUpdatus.exe
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\daemonu.exe
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\easyDaemonAPIU32.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\easyDaemonAPIU64.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\nvupdt32.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\nvupdt64.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\nvupdtr32.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\nvupdtr64.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\nvupdtrXP32.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\nvupdtrXP64.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\nvupdtXP32.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\nvupdtXP64.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\UpdateExt.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\WLMerger.exe
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Optimus\OptimusExt.dll
C:\Users\CHRIST~1\AppData\Local\Temp\is1971879534\1194285_Setup.EXE
C:\Users\CHRIST~1\AppData\Local\Temp\is1971879534\1890026_Setup.EXE
C:\Users\CHRIST~1\AppData\Local\Temp\is1971879534\2324847_Setup.EXE
C:\Users\CHRIST~1\AppData\Local\Temp\is1971879534\DeltaTB.exe
C:\Users\CHRIST~1\AppData\Local\Temp\is1971879534\dp.exe
C:\Users\CHRIST~1\AppData\Local\Temp\is1971879534\PCSpeedMaximizer_AQDE_AFD_PPI.exe
C:\Users\CHRIST~1\AppData\Local\Temp\is1971879534\PlusHd_DE.exe
C:\Users\CHRIST~1\AppData\Local\Temp\HpUpdate\26809\FWUpdateEDO2_305748.exe
C:\Users\CHRIST~1\AppData\Local\Temp\HpUpdate\26593\hpusetup.exe
C:\Users\CHRIST~1\AppData\Local\Temp\HpUpdate\26578\4250_DiagnosticAlert_000_000_010_000.exe
C:\Users\CHRIST~1\AppData\Local\Temp\HPDiagnosticAlert\DiagnosticAlert.exe
C:\Users\CHRIST~1\AppData\Local\Temp\Desk365\eInstall\eInstall.exe
C:\Users\CHRIST~1\AppData\Local\Temp\Desk365\eInstall\msvcp100.dll
C:\Users\CHRIST~1\AppData\Local\Temp\Desk365\eInstall\msvcr100.dll
C:\Users\CHRIST~1\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\BabMaint.exe
C:\Users\CHRIST~1\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\BExternal.dll
C:\Users\CHRIST~1\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\BUSolForMontiera.dll
C:\Users\CHRIST~1\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\BUSolution.dll
C:\Users\CHRIST~1\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\ccp.exe
C:\Users\CHRIST~1\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\ChromeToolbarSetup.dll
C:\Users\CHRIST~1\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\CrxInstaller.dll
C:\Users\CHRIST~1\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\GUninstaller.exe
C:\Users\CHRIST~1\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\MntrDLLInstall.dll
C:\Users\CHRIST~1\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\MyDeltaTB.exe
C:\Users\CHRIST~1\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\Setup.exe
C:\Users\CHRIST~1\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\sqlite3.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS3653\hppiw.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS3653\HPSLPSVC32.DLL
C:\Users\CHRIST~1\AppData\Local\Temp\7zS3653\HPSLPSVC64.DLL
C:\Users\CHRIST~1\AppData\Local\Temp\7zS3653\DeviceManager\DeviceManager.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS3653\DeviceManager\DIFxAPI.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS2A97\InstallDiagnosticAlert.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\HP-DQEX5.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\Setup.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\utils\HPInstallLogCollector.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\utils\hpUrlLauncher.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\utils\x86\DIFxAPI.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\utils\x86\RemovePreinstalledDrivers.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\utils\x64\DIFxAPI.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\utils\x64\RemovePreinstalledDrivers.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\Toolbar\BingBarSetup.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\Toolbar\smartprintsetup.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\i386\hpfime51.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\i386\hpinkcoi5912.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\i386\hpinkins5912.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\i386\hpinksts5912.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\i386\hpinksts5912LM.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\i386\hpvpldrv09.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\i386\hpvplres09.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\i386\hpvplui09.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\i386\unidrv.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\i386\unidrvui.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\i386\unires.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\HP\Setup\hpssres.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\scanner\x64\HPScanTRDrv_OJ8600.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\scanner\x64\HPWia1_OJ8600.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\scanner\x64\HPWia2_OJ8600.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\scanner\x32\HPScanTRDrv_OJ8600.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\scanner\x32\HPWia1_OJ8600.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\scanner\x32\HPWia2_OJ8600.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\fax\x64\HPOJ8600_FaxPCSendDialogUI.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\fax\x64\HPOJ8600_FaxPCSendRenderPlugin.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\fax\x64\Unidrv.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\fax\x64\UnidrvUI.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\fax\x64\Unires.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\fax\x32\HPOJ8600_FaxPCSendDialogUI.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\fax\x32\HPOJ8600_FaxPCSendRenderPlugin.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\fax\x32\Unidrv.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\fax\x32\UnidrvUI.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\fax\x32\Unires.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\amd64\hpfime51.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\amd64\hpinkcoi5912.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\amd64\hpinkins5912.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\amd64\hpinksts5912.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\amd64\hpinksts5912LM.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\amd64\hpvpldrv09.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\amd64\hpvplres09.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\amd64\hpvplui09.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\amd64\unidrv.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\amd64\unidrvui.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\amd64\unires.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS2853\EnterpriseDU.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS2853\EnterpriseDUUI.dll
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\BabMaint.exe
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\BExternal.dll
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\BUSolForMontiera.dll
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\BUSolution.dll
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\ccp.exe
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\ChromeToolbarSetup.dll
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\CrxInstaller.dll
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\GUninstaller.exe
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\IEHelper.dll
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\MntrDLLInstall.dll
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\MyDeltaTB.exe
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\Setup.exe
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\sqlite3.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 10:26

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-08-2013 01
Ran by Christoph at 2013-08-27 17:22:08
Running from C:\Users\Christoph\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Bit HP CIO Components Installer (Version: 13.2.1)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.7)
Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch (x32 Version: 1.1)
Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch (x32)
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch (x32 Version: 1.4)
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch (x32)
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch (x32)
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch (x32 Version: 1.5)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32)
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7)
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32)
Dot4 (Version: 1.0.0.0)
Google Update Helper (x32 Version: 1.3.23.0)
HP FWUpdateEDO2 (x32 Version: 1.2.0.0)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (Version: 28.0.1315.0)
HP Officejet Pro 8600 Hilfe (x32 Version: 28.0.0)
HP Update (x32 Version: 5.003.003.001)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HTC Driver Installer (x32 Version: 4.3.0.001)
I.R.I.S. OCR (x32 Version: 12.3.4.0)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2849)
Intel(R) WiDi (Version: 3.5.34.0)
IPTInstaller (x32 Version: 4.0.8)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8)
MyPhoneExplorer (x32 Version: 1.8.4)
Norton Internet Security CBE (x32 Version: 20.1.1.2)
NVIDIA GeForce Experience 1.5.1 (Version: 1.5.1)
NVIDIA Grafiktreiber 320.49 (Version: 320.49)
NVIDIA Install Application (Version: 2.1002.125.816)
NVIDIA Optimus 6.4.23 (Version: 6.4.23)
NVIDIA PhysX (x32 Version: 9.13.0604)
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604)
NVIDIA Systemsteuerung 320.49 (Version: 320.49)
NVIDIA Update 6.4.23 (Version: 6.4.23)
NVIDIA Update Components (Version: 6.4.23)
Quickset64 (Version: 11.1.27)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.39030)
Skype™ 6.6 (x32 Version: 6.6.106)
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (Version: 28.0.1315.0)
TeamViewer 8 (x32 Version: 8.0.20202)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.6 (Version: 2.6.2.0)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition (x32)
XSManager (x32 Version: 3.0)

==================== Restore Points  =========================

11-08-2013 16:13:54 Geplanter Prüfpunkt
14-08-2013 18:35:56 Windows Update
21-08-2013 15:45:44 Windows Update
26-08-2013 09:59:28 Uniblue SpeedUpMyPC installation
27-08-2013 11:43:57 Removed SpyHunter

==================== Hosts content: ==========================

2012-07-26 07:26 - 2013-08-27 17:20 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0934AF59-05C7-4B9A-9E60-A0658DDDF251} - System32\Tasks\{298BB8E3-A60E-4C29-9CDD-BFA05E508556} => c:\program files (x86)\mozilla firefox\firefox.exe [2013-08-21] (Mozilla Corporation)
Task: {0B6091EF-2668-472B-930B-F551036AAB37} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {10079164-7C57-4B94-B7E7-AD616362EB5C} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation)
Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {32ACAC3E-EE76-4C8A-A239-C1CB4286ED9F} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {38D429E1-980E-4454-B754-D92C8AA91A0C} - System32\Tasks\DealPlyLiveUpdateTaskMachineCore => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe No File
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {420B00DC-77A6-4FF9-B624-02899C23EAF2} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation)
Task: {4998F38D-EE96-4963-A742-C6F481DB9F69} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe No File
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {5786EB7D-7A36-4A31-9750-FEB4EE04CF49} - System32\Tasks\Norton Internet Security CBE\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.1.1.2\SymErr.exe [2012-08-17] (Symantec Corporation)
Task: {57CDB7CC-BAF2-4706-83BD-77B2DC3E66A5} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2125518474-1797576930-2400602621-1001
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {72F579FD-A844-4CEF-9D50-8A908B03444D} - System32\Tasks\Norton Internet Security CBE\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.1.1.2\SymErr.exe [2012-08-17] (Symantec Corporation)
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {97DB00E2-886A-4C16-8AF3-B6328CAF1700} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe [2012-08-15] (Microsoft Corporation)
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {A6A57D2E-503B-4562-B41F-F547D9A00475} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.1.1.2\WSCStub.exe [2012-08-29] (Symantec Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C2D41E62-029E-4898-B7F8-9277A536AB99} - System32\Tasks\DealPlyLiveUpdateTaskMachineUA => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe No File
Task: {C349513B-1076-4999-8B23-2044EEDDA1C7} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\Windows\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {CE71C66F-2CF7-4165-BC24-9EFF4DB125B9} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E1A6ACC8-6B90-49DB-900D-C0328DDED93E} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Christoph\Desktop\Thumbs.db:encryptable
AlternateDataStreams: C:\Users\Christoph\Downloads\Thumbs.db:encryptable
AlternateDataStreams: C:\Users\Christoph\Documents\Thumbs.db:encryptable


==================== Faulty Device Manager Devices =============

Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/27/2013 03:49:01 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_p2psvc, Version: 6.2.9200.16420, Zeitstempel: 0x505a9a4e
Name des fehlerhaften Moduls: ESENT.dll, Version: 6.2.9200.16384, Zeitstempel: 0x5010aad8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000eaa3
ID des fehlerhaften Prozesses: 0xe18
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_p2psvc0
Pfad der fehlerhaften Anwendung: svchost.exe_p2psvc1
Pfad des fehlerhaften Moduls: svchost.exe_p2psvc2
Berichtskennung: svchost.exe_p2psvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_p2psvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_p2psvc5

Error: (08/27/2013 02:01:29 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_p2psvc, Version: 6.2.9200.16420, Zeitstempel: 0x505a9a4e
Name des fehlerhaften Moduls: ESENT.dll, Version: 6.2.9200.16384, Zeitstempel: 0x5010aad8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000eaa3
ID des fehlerhaften Prozesses: 0xb34
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_p2psvc0
Pfad der fehlerhaften Anwendung: svchost.exe_p2psvc1
Pfad des fehlerhaften Moduls: svchost.exe_p2psvc2
Berichtskennung: svchost.exe_p2psvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_p2psvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_p2psvc5

Error: (08/27/2013 01:54:39 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_p2psvc, Version: 6.2.9200.16420, Zeitstempel: 0x505a9a4e
Name des fehlerhaften Moduls: ESENT.dll, Version: 6.2.9200.16384, Zeitstempel: 0x5010aad8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000eaa3
ID des fehlerhaften Prozesses: 0xb54
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_p2psvc0
Pfad der fehlerhaften Anwendung: svchost.exe_p2psvc1
Pfad des fehlerhaften Moduls: svchost.exe_p2psvc2
Berichtskennung: svchost.exe_p2psvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_p2psvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_p2psvc5

Error: (08/27/2013 01:49:24 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_p2psvc, Version: 6.2.9200.16420, Zeitstempel: 0x505a9a4e
Name des fehlerhaften Moduls: ESENT.dll, Version: 6.2.9200.16384, Zeitstempel: 0x5010aad8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000eaa3
ID des fehlerhaften Prozesses: 0xbf4
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_p2psvc0
Pfad der fehlerhaften Anwendung: svchost.exe_p2psvc1
Pfad des fehlerhaften Moduls: svchost.exe_p2psvc2
Berichtskennung: svchost.exe_p2psvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_p2psvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_p2psvc5

Error: (08/27/2013 01:43:49 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_p2psvc, Version: 6.2.9200.16420, Zeitstempel: 0x505a9a4e
Name des fehlerhaften Moduls: ESENT.dll, Version: 6.2.9200.16384, Zeitstempel: 0x5010aad8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000eaa3
ID des fehlerhaften Prozesses: 0x1328
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_p2psvc0
Pfad der fehlerhaften Anwendung: svchost.exe_p2psvc1
Pfad des fehlerhaften Moduls: svchost.exe_p2psvc2
Berichtskennung: svchost.exe_p2psvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_p2psvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_p2psvc5

Error: (08/27/2013 01:43:35 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_p2psvc, Version: 6.2.9200.16420, Zeitstempel: 0x505a9a4e
Name des fehlerhaften Moduls: ESENT.dll, Version: 6.2.9200.16384, Zeitstempel: 0x5010aad8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000eaa3
ID des fehlerhaften Prozesses: 0x63c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_p2psvc0
Pfad der fehlerhaften Anwendung: svchost.exe_p2psvc1
Pfad des fehlerhaften Moduls: svchost.exe_p2psvc2
Berichtskennung: svchost.exe_p2psvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_p2psvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_p2psvc5

Error: (08/27/2013 01:40:49 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_p2psvc, Version: 6.2.9200.16420, Zeitstempel: 0x505a9a4e
Name des fehlerhaften Moduls: ESENT.dll, Version: 6.2.9200.16384, Zeitstempel: 0x5010aad8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000eaa3
ID des fehlerhaften Prozesses: 0x1af0
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_p2psvc0
Pfad der fehlerhaften Anwendung: svchost.exe_p2psvc1
Pfad des fehlerhaften Moduls: svchost.exe_p2psvc2
Berichtskennung: svchost.exe_p2psvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_p2psvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_p2psvc5

Error: (08/27/2013 01:40:43 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_p2psvc, Version: 6.2.9200.16420, Zeitstempel: 0x505a9a4e
Name des fehlerhaften Moduls: ESENT.dll, Version: 6.2.9200.16384, Zeitstempel: 0x5010aad8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000eaa3
ID des fehlerhaften Prozesses: 0x18ec
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_p2psvc0
Pfad der fehlerhaften Anwendung: svchost.exe_p2psvc1
Pfad des fehlerhaften Moduls: svchost.exe_p2psvc2
Berichtskennung: svchost.exe_p2psvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_p2psvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_p2psvc5

Error: (08/27/2013 01:37:41 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_p2psvc, Version: 6.2.9200.16420, Zeitstempel: 0x505a9a4e
Name des fehlerhaften Moduls: ESENT.dll, Version: 6.2.9200.16384, Zeitstempel: 0x5010aad8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000eaa3
ID des fehlerhaften Prozesses: 0x120c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_p2psvc0
Pfad der fehlerhaften Anwendung: svchost.exe_p2psvc1
Pfad des fehlerhaften Moduls: svchost.exe_p2psvc2
Berichtskennung: svchost.exe_p2psvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_p2psvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_p2psvc5

Error: (08/27/2013 01:37:35 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_p2psvc, Version: 6.2.9200.16420, Zeitstempel: 0x505a9a4e
Name des fehlerhaften Moduls: ESENT.dll, Version: 6.2.9200.16384, Zeitstempel: 0x5010aad8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000eaa3
ID des fehlerhaften Prozesses: 0x1078
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_p2psvc0
Pfad der fehlerhaften Anwendung: svchost.exe_p2psvc1
Pfad des fehlerhaften Moduls: svchost.exe_p2psvc2
Berichtskennung: svchost.exe_p2psvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_p2psvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_p2psvc5


System errors:
=============
Error: (08/27/2013 03:54:02 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Peer Name Resolution-Protokoll" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (08/27/2013 03:49:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/27/2013 03:49:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/27/2013 03:49:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerkidentitäts-Manager" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/27/2013 02:06:30 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Peer Name Resolution-Protokoll" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (08/27/2013 02:03:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DealPly Live-Dienst (dealplylive)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/27/2013 02:01:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/27/2013 02:01:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/27/2013 02:01:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerkidentitäts-Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/27/2013 02:00:56 PM) (Source: BTHUSB) (User: )
Description: Der lokale Adapter bietet keine Unterstützung für einen wichtigen Controllerstatus für energiearme Geräte. Die mindestens erforderliche unterstützte Statusmaske ist "0x1f7fffff", vorhanden ist jedoch "0x1f3fffff". Die Funktionalität für energiearme Geräte wird deaktiviert.


Microsoft Office Sessions:
=========================
Error: (08/26/2013 09:14:39 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5992 seconds with 900 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 25%
Total physical RAM: 8048.93 MB
Available physical RAM: 5963.15 MB
Total Pagefile: 9264.93 MB
Available Pagefile: 6547.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.31 GB) (Free:143.83 GB) NTFS
Drive d: (Daten) (Fixed) (Total:194.97 GB) (Free:180.64 GB) NTFS
Drive e: (Media) (Fixed) (Total:540.89 GB) (Free:540.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 8E40B229)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=541 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=195 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Wie schädlich ist dieses portaldosites eigentlich? bewirkt es noch mehr wie nur die browserstartseite zu ändern?

Alt 27.08.2013, 18:23   #11
M-K-D-B
/// TB-Ausbilder
 
portaldosites als Startseite im IE und FireFox lässt sich nicht löschen! - Standard

portaldosites als Startseite im IE und FireFox lässt sich nicht löschen!



Servus,



Zitat:
Zitat von smokejumper Beitrag anzeigen
Wie schädlich ist dieses portaldosites eigentlich? bewirkt es noch mehr wie nur die browserstartseite zu ändern?
Die Seite wird zum Verbreiten von unerwünschter Software bzw. Malware verwendet.




Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.






Schritt 3
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von MBAM.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 27.08.2013, 20:01   #12
smokejumper
 
portaldosites als Startseite im IE und FireFox lässt sich nicht löschen! - Standard

portaldosites als Startseite im IE und FireFox lässt sich nicht löschen!



Code:
ATTFilter
# AdwCleaner v3.001 - Report created 27/08/2013 at 19:41:27
# Updated 24/08/2013 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Christoph - HOME
# Running from : C:\Users\Christoph\Desktop\adwcleaner3001.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : dealplylive
[#] Service Deleted : dealplylivem

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\DealPlyLive
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Desk 365
Folder Deleted : C:\Program Files (x86)\optimizer pro
Folder Deleted : C:\Program Files (x86)\VideoSaver
Folder Deleted : C:\Program Files (x86)\Common Files\337
Folder Deleted : C:\Users\Christoph\AppData\Local\DealPlyLive
Folder Deleted : C:\Users\CHRIST~1\AppData\Local\Temp\Desk365
Folder Deleted : C:\Users\Christoph\AppData\LocalLow\delta
Folder Deleted : C:\Users\Christoph\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Christoph\AppData\Roaming\DealPly
Folder Deleted : C:\Users\Christoph\AppData\Roaming\Desk 365
Folder Deleted : C:\Users\Christoph\AppData\Roaming\eIntaller
Folder Deleted : C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfeonecgpoepapkmdgdmjolonaakdknd
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\portaldosites.xml
File Deleted : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
File Deleted : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore
File Deleted : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
File Deleted : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Christoph\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Christoph\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dealplylive.exe
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickCtrl.9
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLive.Update3WebControl.3
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.coreclass
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachine
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclasssvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\957dd88b068ed44
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\dealplylive
Key Deleted : HKCU\Software\delta LTD
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\LyricsFan
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\TubeSaver
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\dealplylive
Key Deleted : HKLM\Software\Desksvc
Key Deleted : HKLM\Software\portaldositesSoftware
Key Deleted : HKLM\Software\V9
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v23.0.1 (de)

[ File : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\38n2jqqi.default-1377591559266\prefs.js ]


*************************

AdwCleaner[R0].txt - [11424 octets] - [27/08/2013 19:39:02]
AdwCleaner[S0].txt - [9537 octets] - [27/08/2013 19:41:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9597 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 8 x64
Ran by Christoph on 27.08.2013 at 20:29:23,82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\uniblue



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.08.2013 at 20:33:37,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.27.07

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16660
Christoph :: HOME [Administrator]

Schutz: Aktiviert

27.08.2013 20:40:27
mbam-log-2013-08-27 (20-40-27).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 241874
Laufzeit: 2 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 4
C:\Users\Christoph\AppData\Local\Temp\mt_ffx (PUP.Optional.BundleInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Christoph\AppData\Local\Temp\mt_ffx\Delta (PUP.Optional.BundleInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Christoph\AppData\Local\Temp\mt_ffx\Delta\delta (PUP.Optional.BundleInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Christoph\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.21.5 (PUP.Optional.BundleInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 15
C:\Users\Christoph\AppData\Local\Temp\ICReinstall_UltimateCodec.exe (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Christoph\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Christoph\AppData\Local\Temp\tbsTMP.exe (PUP.Optional.AdLyrics) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Christoph\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Christoph\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\ccp.exe (PUP.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Christoph\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Christoph\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Christoph\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Christoph\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\ccp.exe (PUP.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Christoph\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Christoph\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Christoph\AppData\Local\Temp\is1971879534\DeltaTB.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Christoph\AppData\Local\Temp\is1971879534\dp.exe (PUP.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Christoph\AppData\Local\Temp\is1971879534\PlusHd_DE.exe (Adware.Packed.Ranver) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Christoph\AppData\Local\Temp\upd53B6\BabMaint.x (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
so, firefox und ie starten mit der von mir definierten startseite. ist nun alles gut?

Ich konnte ja den Tag der unerwünschten Besucher eingrenzen, 26.8.2013. Ich habe vorhin zufällig einige Einträge in der FRST gefunden die von diesem Tag gegen Mittag waren. Hab mal alle zurück verfolgt. Zu Anfang waren sie alle da. Nun ist nur noch der folgende Eintrag auffindbar.
2013-08-26 12:00 - 2013-08-26 12:00 - 00000000 _____ C:\ProgramData\20263e31_c
Die Größe wird mit 0kb angegeben.

Alt 28.08.2013, 08:26   #13
M-K-D-B
/// TB-Ausbilder
 
portaldosites als Startseite im IE und FireFox lässt sich nicht löschen! - Standard

portaldosites als Startseite im IE und FireFox lässt sich nicht löschen!



Servus,



Zitat:
Zitat von smokejumper Beitrag anzeigen
so, firefox und ie starten mit der von mir definierten startseite. ist nun alles gut?

Ich konnte ja den Tag der unerwünschten Besucher eingrenzen, 26.8.2013. Ich habe vorhin zufällig einige Einträge in der FRST gefunden die von diesem Tag gegen Mittag waren. Hab mal alle zurück verfolgt. Zu Anfang waren sie alle da. Nun ist nur noch der folgende Eintrag auffindbar.
2013-08-26 12:00 - 2013-08-26 12:00 - 00000000 _____ C:\ProgramData\20263e31_c
Die Größe wird mit 0kb angegeben.
Ok, danke für die Info.



Wir spüren die letzten Reste auf, damit wir sie später entfernen können:





Schritt 1
Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus.
Setze dazu eine Haken bei Addition.txt rechts unten und klicke auf Scan.
Es werden wieder zwei Logdateien erzeugt. Poste mir diese.





Schritt 2
Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)
  • Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    ATTFilter
    :filefind
    *dealply*
    *eSafe*
    *Desk 365*
    *optimizer pro*
    *VideoSaver*
    *portaldosites*
    *speedupmypc*
    *WebCake*
    *DataMngr*
    *Crossrider*
    
    :folderfind
    *dealply*
    *eSafe*
    *Desk 365*
    *optimizer pro*
    *VideoSaver*
    *portaldosites*
    *speedupmypc*
    *WebCake*
    *DataMngr*
    *Crossrider*
    
    :regfind
    dealply
    eSafe
    Desk 365
    optimizer pro
    VideoSaver
    portaldosites
    speedupmypc
    WebCake
    DataMngr
    Crossrider
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.





Gibt es noch Probleme mit Malware? Wenn ja, welche?
Wie läuft der Rechner derzeit?






Bitte poste mit deiner nächsten Antwort
  • die beiden Logdateien von FRST,
  • die Logdatei von SystemLook,
  • die Beantwortung der gestellten Fragen.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 28.08.2013, 09:21   #14
smokejumper
 
portaldosites als Startseite im IE und FireFox lässt sich nicht löschen! - Standard

portaldosites als Startseite im IE und FireFox lässt sich nicht löschen!



FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013
Ran by Christoph (administrator) on 28-08-2013 10:01:25
Running from C:\Users\Christoph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I2J13Q6Z
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.1.1.2\ccSvcHst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Program Files (x86)\XSManager\WTGService.exe
(4G Systems GmbH & Co. KG) C:\Windows\service4g.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.1.1.2\ccSvcHst.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe
(WebToGo Mobiles Internet GmbH) C:\Program Files (x86)\XSManager\XSManager.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-03] (NVIDIA Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4123 2012-05-30] ()
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [4384928 2012-07-12] (Dell Inc.)
HKCU\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
MountPoints2: {69ebd6a7-fe97-11e2-be73-6036ddc486b8} - "G:\autorun.exe" 
MountPoints2: {6f960c28-02b6-11e3-be73-6036ddc486b8} - "G:\HTC_Sync_Manager_PC.exe" 
MountPoints2: {f50b9ba2-0a6e-11e3-be76-5cf9dd5a62a6} - "G:\HTC_Sync_Manager_PC.exe" 
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [starter4g] - C:\Windows\starter4g.exe [157968 2009-09-17] (4G Systems GmbH & Co. KG)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [266448 2013-06-21] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll, C:\Windows\SysWOW64\nvinit.dll [266448 2013-06-21] ()
Startup: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk
ShortcutTarget: Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=20.1.1.2
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=spfs2&from=spfs2&uid=WDCXWD10JPVT-75A1YT0_WX51AA2M9153AA2M9153&ts=1377511227
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=spfs2&from=spfs2&uid=WDCXWD10JPVT-75A1YT0_WX51AA2M9153AA2M9153&ts=1377511227
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.1.1.2\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.1.1.2\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.1.1.2\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{3EBEEAB5-45AE-41BF-9975-8E891E5A71A0}: [NameServer]62.134.11.4 195.182.110.132

FireFox:
========
FF ProfilePath: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\38n2jqqi.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.1.1.2\Exts\Chrome.crx

==================== Services (Whitelisted) =================

R2 HPSLPSVC; C:\Users\CHRIST~1\AppData\Local\Temp\7zS3653\hpslpsvc64.dll [1039360 2013-02-06] (Hewlett-Packard Co.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.1.1.2\ccSvcHst.exe [143928 2012-08-29] (Symantec Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2013-05-18] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [312784 2009-09-25] ()
R2 XS Stick Service; C:\Windows\service4g.exe [125200 2009-09-17] (4G Systems GmbH & Co. KG)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-07-15] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-07-15] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1401010.002\ccSetx64.sys [168096 2012-08-07] (Symantec Corporation)
R3 cmnsusbser; C:\Windows\system32\DRIVERS\cmnsusbser.sys [117888 2013-08-11] (Mobile Connector)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-27] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130826.001\IDSvia64.sys [520280 2013-08-26] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130826.001\IDSvia64.sys [520280 2013-08-26] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130827.002\ENG64.SYS [126040 2013-08-27] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130827.002\ENG64.SYS [126040 2013-08-27] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130827.002\EX64.SYS [2098776 2013-08-27] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130827.002\EX64.SYS [2098776 2013-08-27] (Symantec Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1401010.002\SRTSP64.SYS [776352 2012-08-10] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1401010.002\SRTSPX64.SYS [37496 2012-05-24] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1401010.002\SYMDS64.SYS [493216 2012-07-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1401010.002\SYMEFA64.SYS [1132192 2012-08-07] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1401010.002\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-08-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1401010.002\Ironx64.SYS [224416 2012-07-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1401010.002\SYMNETS.SYS [432800 2012-07-22] (Symantec Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-27 20:37 - 2013-08-27 20:37 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-27 20:37 - 2013-08-27 20:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-27 20:37 - 2013-08-27 20:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-27 20:37 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-27 20:35 - 2013-08-27 20:36 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Christoph\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-27 20:33 - 2013-08-27 20:33 - 00000793 _____ C:\Users\Christoph\Desktop\JRT.txt
2013-08-27 20:29 - 2013-08-27 20:29 - 00000000 ____D C:\Windows\ERUNT
2013-08-27 20:27 - 2013-08-27 20:28 - 01021434 _____ (Thisisu) C:\Users\Christoph\Desktop\JRT.exe
2013-08-27 19:38 - 2013-08-27 19:41 - 00000000 ____D C:\AdwCleaner
2013-08-27 17:22 - 2013-08-27 17:22 - 00058699 _____ C:\Users\Christoph\Desktop\FRST.txt
2013-08-27 17:22 - 2013-08-27 17:22 - 00027782 _____ C:\Users\Christoph\Desktop\Addition.txt
2013-08-27 16:31 - 2013-08-27 16:31 - 00000000 ____D C:\FRST
2013-08-27 15:55 - 2013-08-27 15:55 - 00994642 _____ C:\Users\Christoph\Desktop\adwcleaner3001.exe
2013-08-27 13:40 - 2013-08-27 13:40 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security CBE
2013-08-27 13:40 - 2013-08-27 13:40 - 00000000 ____D C:\Users\Christoph\Documents\Symantec
2013-08-27 13:39 - 2013-08-27 13:39 - 00177312 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-08-27 13:39 - 2013-08-27 13:39 - 00007466 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-08-27 13:39 - 2013-08-27 13:39 - 00003240 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-08-27 13:39 - 2013-08-27 13:39 - 00002612 _____ C:\Users\Public\Desktop\Norton Internet Security CBE.lnk
2013-08-27 13:39 - 2013-08-27 13:39 - 00000000 ____D C:\Program Files\Symantec
2013-08-27 13:39 - 2013-08-27 13:39 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-08-27 13:38 - 2013-08-27 13:39 - 00000000 ____D C:\ProgramData\Norton
2013-08-27 13:38 - 2013-08-27 13:38 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2013-08-27 13:38 - 2013-08-27 13:38 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security CBE
2013-08-27 12:12 - 2013-08-27 12:12 - 00000122 ___RH C:\Users\Christoph\Downloads\Stinger.opt
2013-08-27 12:02 - 2013-08-27 12:06 - 00000628 _____ C:\Users\Christoph\Downloads\Stinger_27082013_120205.html
2013-08-27 12:01 - 2013-08-27 12:12 - 00000000 ____D C:\Program Files\stinger
2013-08-27 12:01 - 2013-08-27 12:01 - 11044384 _____ (McAfee Inc) C:\Users\Christoph\Downloads\stinger64.exe
2013-08-27 10:36 - 2013-08-27 10:36 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\TeamViewer
2013-08-27 09:42 - 2013-08-27 09:42 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-27 09:42 - 2013-08-27 09:42 - 00000000 _____ C:\autoexec.bat
2013-08-27 09:41 - 2013-08-27 13:45 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-26 12:00 - 2013-08-26 12:00 - 00000000 _____ C:\ProgramData\20263e31_c
2013-08-25 14:07 - 2013-08-25 14:07 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-08-25 14:06 - 2013-08-25 14:06 - 05536272 _____ (TeamViewer GmbH) C:\Users\Christoph\Downloads\TeamViewer_Setup_de-ckc.exe
2013-08-21 20:14 - 2013-08-27 21:30 - 00000000 ____D C:\Users\Christoph\Desktop\Ausbildungskonzept2014
2013-08-21 17:07 - 2013-08-21 17:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-14 20:37 - 2013-08-14 20:38 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 20:20 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 20:20 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 20:20 - 2013-07-26 07:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-08-14 20:20 - 2013-07-26 07:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-08-14 20:20 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 20:20 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 20:20 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 20:20 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 20:20 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 20:20 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 20:20 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 20:20 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 20:20 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 20:20 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 20:20 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 20:20 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 20:20 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 20:20 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 20:20 - 2013-07-26 05:13 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-08-14 20:20 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 20:20 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 20:20 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 20:20 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 20:20 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 20:20 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 20:20 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 20:20 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 20:20 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 20:20 - 2013-07-26 02:54 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-08-14 20:20 - 2013-07-09 08:07 - 02233168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 20:20 - 2013-07-02 02:44 - 00036288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2013-08-14 20:20 - 2013-07-02 00:08 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2013-08-14 20:20 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 20:20 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 20:19 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 20:19 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 20:19 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 20:19 - 2013-07-13 08:16 - 01889280 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 20:19 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 20:19 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2013-08-14 20:19 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2013-08-14 20:19 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 20:19 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 20:19 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2013-08-14 20:19 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2013-08-14 14:07 - 2013-08-14 14:22 - 00000005 _____ C:\Windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp
2013-08-14 14:00 - 2013-08-14 14:08 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\HTC
2013-08-14 13:59 - 2013-08-14 14:11 - 00000000 ____D C:\ProgramData\HTC
2013-08-14 13:59 - 2013-08-14 14:00 - 00000000 ____D C:\Users\Christoph\Documents\HTC
2013-08-14 13:59 - 2013-08-14 13:59 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\Apple Computer
2013-08-14 13:59 - 2013-08-14 13:59 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\Apple Computer
2013-08-14 13:59 - 2013-08-14 13:59 - 00000000 ____D C:\ProgramData\Motorola
2013-08-14 13:58 - 2013-08-14 14:22 - 00000000 ____D C:\Program Files (x86)\HTC
2013-08-14 13:58 - 2013-08-14 13:58 - 00012690 _____ C:\Windows\DPINST.LOG
2013-08-14 13:58 - 2013-08-14 13:58 - 00000000 ____D C:\Program Files (x86)\Spirent Communications
2013-08-14 13:57 - 2013-08-14 14:09 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\Downloaded Installations
2013-08-13 15:17 - 2013-08-13 15:17 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2013-08-11 13:49 - 2013-08-12 00:25 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\XSManager
2013-08-11 13:48 - 2013-08-11 13:48 - 00117888 _____ (Mobile Connector) C:\Windows\system32\Drivers\cmnsusbser.sys
2013-08-11 13:48 - 2013-08-11 13:48 - 00001931 _____ C:\Users\Public\Desktop\XSManager.lnk
2013-08-11 13:48 - 2013-08-11 13:48 - 00000000 ____D C:\Program Files (x86)\XSManager
2013-08-11 13:48 - 2009-09-17 18:37 - 00157968 ____R (4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe
2013-08-11 13:48 - 2009-09-17 18:37 - 00125200 ____R (4G Systems GmbH & Co. KG) C:\Windows\service4g.exe
2013-08-11 13:48 - 2008-10-31 16:19 - 00117888 _____ (Mobile Connector) C:\Windows\SysWOW64\Drivers\cmnsusbser.sys
2013-08-09 14:48 - 2013-08-09 14:49 - 00011776 ___SH C:\Users\Christoph\Downloads\Thumbs.db
2013-08-07 21:14 - 2013-08-07 22:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-06 14:42 - 2013-08-06 14:42 - 00000000 ____D C:\Windows\Hewlett-Packard
2013-07-29 20:03 - 2013-07-29 20:03 - 00000000 ____D C:\Users\Public\Documents\Hewlett-Packard
2013-07-29 20:02 - 2013-07-29 20:02 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-07-29 20:02 - 2013-07-29 20:02 - 00000000 _____ C:\Windows\HPMProp.INI
2013-07-29 20:02 - 2013-05-10 09:40 - 00237344 _____ (Hewlett-Packard Company) C:\Windows\system32\hpmlm135.dll
2013-07-29 20:02 - 2013-05-10 09:40 - 00216864 _____ (Hewlett-Packard) C:\Windows\system32\hpmml150.dll
2013-07-29 20:02 - 2013-05-10 09:40 - 00189728 _____ (Hewlett-Packard) C:\Windows\system32\hpmpm081.dll
2013-07-29 20:02 - 2013-05-10 09:40 - 00162080 _____ (Hewlett-Packard) C:\Windows\system32\hpmtp150.dll
2013-07-29 20:02 - 2013-05-10 09:40 - 00074016 _____ (Hewlett-Packard) C:\Windows\system32\hpmpw081.dll
2013-07-29 20:02 - 2013-05-10 09:39 - 00438560 _____ (Hewlett-Packard Corporation) C:\Windows\system32\hpcpn150.dll
2013-07-29 20:02 - 2013-05-10 09:39 - 00199968 _____ (Hewlett-Packard) C:\Windows\system32\hpmja150.dll
2013-07-29 20:02 - 2013-05-10 09:38 - 00140064 _____ (Hewlett-Packard) C:\Windows\system32\hpcjpm.dll
2013-07-29 20:02 - 2011-02-11 15:23 - 00193592 _____ (Hewlett-Packard) C:\Windows\system32\hppdcompio.dll
2013-07-29 20:02 - 2011-02-11 15:23 - 00167480 _____ (Hewlett-Packard) C:\Windows\SysWOW64\hppccompio.dll
2013-07-29 20:01 - 2013-07-29 20:01 - 00000000 ____D C:\HP Universal Print Driver
2013-07-29 20:01 - 2013-05-10 09:41 - 00518432 _____ (HP) C:\Windows\SysWOW64\hpcdmc32.dll
2013-07-29 20:01 - 2013-05-10 09:36 - 00436512 _____ C:\Windows\SysWOW64\hpcc3150.dll
2013-07-29 20:01 - 2009-02-25 17:32 - 00060440 _____ (Hewlett-Packard) C:\Windows\system32\FxCompChannel_x64.dll
2013-07-29 19:52 - 2013-07-29 20:00 - 17602872 _____ C:\Users\Christoph\Desktop\upd-pcl5-x64-5.6.5.15717.exe
2013-07-29 19:45 - 2013-07-29 19:47 - 03616768 _____ C:\Users\Christoph\Desktop\Dot4x64.msi

==================== One Month Modified Files and Folders =======

2013-08-28 10:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-08-28 09:59 - 2013-05-19 02:34 - 00753134 _____ C:\Windows\system32\perfh007.dat
2013-08-28 09:59 - 2013-05-19 02:34 - 00155826 _____ C:\Windows\system32\perfc007.dat
2013-08-28 09:59 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-28 09:58 - 2013-05-18 16:43 - 01702475 _____ C:\Windows\WindowsUpdate.log
2013-08-27 21:30 - 2013-08-21 20:14 - 00000000 ____D C:\Users\Christoph\Desktop\Ausbildungskonzept2014
2013-08-27 20:48 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-27 20:47 - 2013-05-18 16:35 - 00024688 _____ C:\Windows\PFRO.log
2013-08-27 20:38 - 2013-08-27 20:38 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\Malwarebytes
2013-08-27 20:37 - 2013-08-27 20:37 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-27 20:37 - 2013-08-27 20:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-27 20:37 - 2013-08-27 20:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-27 20:36 - 2013-08-27 20:35 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Christoph\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-27 20:33 - 2013-08-27 20:33 - 00000793 _____ C:\Users\Christoph\Desktop\JRT.txt
2013-08-27 20:29 - 2013-08-27 20:29 - 00000000 ____D C:\Windows\ERUNT
2013-08-27 20:28 - 2013-08-27 20:27 - 01021434 _____ (Thisisu) C:\Users\Christoph\Desktop\JRT.exe
2013-08-27 19:53 - 2013-05-18 16:51 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2125518474-1797576930-2400602621-1001
2013-08-27 19:42 - 2013-07-16 09:23 - 00424640 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-27 19:41 - 2013-08-27 19:38 - 00000000 ____D C:\AdwCleaner
2013-08-27 19:41 - 2013-05-18 16:44 - 00001003 _____ C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-27 19:41 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-08-27 19:08 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-08-27 17:22 - 2013-08-27 17:22 - 00058699 _____ C:\Users\Christoph\Desktop\FRST.txt
2013-08-27 17:22 - 2013-08-27 17:22 - 00027782 _____ C:\Users\Christoph\Desktop\Addition.txt
2013-08-27 17:01 - 2013-06-14 13:18 - 00000000 ____D C:\ProgramData\Adobe
2013-08-27 16:31 - 2013-08-27 16:31 - 00000000 ____D C:\FRST
2013-08-27 15:55 - 2013-08-27 15:55 - 00994642 _____ C:\Users\Christoph\Desktop\adwcleaner3001.exe
2013-08-27 13:57 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-08-27 13:45 - 2013-08-27 09:41 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-27 13:40 - 2013-08-27 13:40 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security CBE
2013-08-27 13:40 - 2013-08-27 13:40 - 00000000 ____D C:\Users\Christoph\Documents\Symantec
2013-08-27 13:39 - 2013-08-27 13:39 - 00177312 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-08-27 13:39 - 2013-08-27 13:39 - 00007466 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-08-27 13:39 - 2013-08-27 13:39 - 00003240 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-08-27 13:39 - 2013-08-27 13:39 - 00002612 _____ C:\Users\Public\Desktop\Norton Internet Security CBE.lnk
2013-08-27 13:39 - 2013-08-27 13:39 - 00000000 ____D C:\Program Files\Symantec
2013-08-27 13:39 - 2013-08-27 13:39 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-08-27 13:39 - 2013-08-27 13:38 - 00000000 ____D C:\ProgramData\Norton
2013-08-27 13:39 - 2012-07-26 10:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2013-08-27 13:38 - 2013-08-27 13:38 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2013-08-27 13:38 - 2013-08-27 13:38 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security CBE
2013-08-27 12:12 - 2013-08-27 12:12 - 00000122 ___RH C:\Users\Christoph\Downloads\Stinger.opt
2013-08-27 12:12 - 2013-08-27 12:01 - 00000000 ____D C:\Program Files\stinger
2013-08-27 12:06 - 2013-08-27 12:02 - 00000628 _____ C:\Users\Christoph\Downloads\Stinger_27082013_120205.html
2013-08-27 12:01 - 2013-08-27 12:01 - 11044384 _____ (McAfee Inc) C:\Users\Christoph\Downloads\stinger64.exe
2013-08-27 10:36 - 2013-08-27 10:36 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\TeamViewer
2013-08-27 09:42 - 2013-08-27 09:42 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-27 09:42 - 2013-08-27 09:42 - 00000000 _____ C:\autoexec.bat
2013-08-26 12:31 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-08-26 12:00 - 2013-08-26 12:00 - 00000000 _____ C:\ProgramData\20263e31_c
2013-08-26 12:00 - 2011-01-07 15:39 - 00773712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2013-08-26 12:00 - 2011-01-07 15:39 - 00420944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-08-25 14:07 - 2013-08-25 14:07 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-08-25 14:06 - 2013-08-25 14:06 - 05536272 _____ (TeamViewer GmbH) C:\Users\Christoph\Downloads\TeamViewer_Setup_de-ckc.exe
2013-08-25 12:52 - 2013-06-01 18:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-21 17:08 - 2013-08-21 17:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-21 16:42 - 2012-07-26 09:21 - 00026946 _____ C:\Windows\setupact.log
2013-08-21 16:34 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-21 16:34 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-14 20:39 - 2013-06-04 21:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-14 20:38 - 2013-08-14 20:37 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 20:37 - 2013-06-01 17:33 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 14:23 - 2013-06-22 09:21 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\MyPhoneExplorer
2013-08-14 14:22 - 2013-08-14 14:07 - 00000005 _____ C:\Windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp
2013-08-14 14:22 - 2013-08-14 13:58 - 00000000 ____D C:\Program Files (x86)\HTC
2013-08-14 14:11 - 2013-08-14 13:59 - 00000000 ____D C:\ProgramData\HTC
2013-08-14 14:09 - 2013-08-14 13:57 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\Downloaded Installations
2013-08-14 14:08 - 2013-08-14 14:00 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\HTC
2013-08-14 14:00 - 2013-08-14 13:59 - 00000000 ____D C:\Users\Christoph\Documents\HTC
2013-08-14 13:59 - 2013-08-14 13:59 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\Apple Computer
2013-08-14 13:59 - 2013-08-14 13:59 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\Apple Computer
2013-08-14 13:59 - 2013-08-14 13:59 - 00000000 ____D C:\ProgramData\Motorola
2013-08-14 13:58 - 2013-08-14 13:58 - 00012690 _____ C:\Windows\DPINST.LOG
2013-08-14 13:58 - 2013-08-14 13:58 - 00000000 ____D C:\Program Files (x86)\Spirent Communications
2013-08-14 12:29 - 2013-06-23 19:07 - 00000000 ____D C:\Users\Christoph\Desktop\k9mailsicherung
2013-08-13 15:18 - 2013-06-05 14:42 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\HpUpdate
2013-08-13 15:17 - 2013-08-13 15:17 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2013-08-12 00:25 - 2013-08-11 13:49 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\XSManager
2013-08-12 00:25 - 2013-06-16 12:02 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\Skype
2013-08-11 13:48 - 2013-08-11 13:48 - 00117888 _____ (Mobile Connector) C:\Windows\system32\Drivers\cmnsusbser.sys
2013-08-11 13:48 - 2013-08-11 13:48 - 00001931 _____ C:\Users\Public\Desktop\XSManager.lnk
2013-08-11 13:48 - 2013-08-11 13:48 - 00000000 ____D C:\Program Files (x86)\XSManager
2013-08-09 14:49 - 2013-08-09 14:48 - 00011776 ___SH C:\Users\Christoph\Downloads\Thumbs.db
2013-08-07 22:16 - 2013-08-07 21:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-06 14:42 - 2013-08-06 14:42 - 00000000 ____D C:\Windows\Hewlett-Packard
2013-07-29 20:03 - 2013-07-29 20:03 - 00000000 ____D C:\Users\Public\Documents\Hewlett-Packard
2013-07-29 20:02 - 2013-07-29 20:02 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-07-29 20:02 - 2013-07-29 20:02 - 00000000 _____ C:\Windows\HPMProp.INI
2013-07-29 20:01 - 2013-07-29 20:01 - 00000000 ____D C:\HP Universal Print Driver
2013-07-29 20:00 - 2013-07-29 19:52 - 17602872 _____ C:\Users\Christoph\Desktop\upd-pcl5-x64-5.6.5.15717.exe
2013-07-29 19:47 - 2013-07-29 19:45 - 03616768 _____ C:\Users\Christoph\Desktop\Dot4x64.msi
2013-07-29 19:47 - 2013-06-05 14:41 - 00000000 ____D C:\Program Files (x86)\HP
2013-07-29 12:07 - 2013-05-18 16:43 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\Packages

Files to move or delete:
====================
C:\Users\CHRIST~1\AppData\Local\Temp\ose00000.exe
C:\Users\CHRIST~1\AppData\Local\Temp\Quarantine.exe
C:\Users\CHRIST~1\AppData\Local\Temp\sdanircmdc.exe
C:\Users\CHRIST~1\AppData\Local\Temp\SHSetup.exe
C:\Users\CHRIST~1\AppData\Local\Temp\SkypeSetup.exe
C:\Users\CHRIST~1\AppData\Local\Temp\uninst1.exe
C:\Users\CHRIST~1\AppData\Local\Temp\_TinDel.exe
C:\Users\CHRIST~1\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_15821.exe
C:\Users\CHRIST~1\AppData\Local\Temp\{B7F0A6A8-8F07-48A4-8B5F-B61A675C5F66}\{671EC9B2-A0F0-4035-AA48-729EDC3C59EF}\TurboBoostSetup_x64.exe
C:\Users\CHRIST~1\AppData\Local\Temp\{4E1581DA-B182-43FD-9B33-8F6FCA192ABC}\ISBEW64.exe
C:\Users\CHRIST~1\AppData\Local\Temp\upd53B6\BabScheduler2000201.exe
C:\Users\CHRIST~1\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_.exe
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\setup.exe
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\NVI2\NVI2.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\NVI2\NVI2UI.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\NVI2\NVPrxy32.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\NVI2\NVPrxy64.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\MS.NET\dotNetFx40_Full_setup.exe
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\MS.NET\MSNetExt.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\7z.exe
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\DisplayCplExt.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\ExtensionLoader.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\GalaSoft.MvvmLight.Extras.WPF4.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\GalaSoft.MvvmLight.WPF4.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\GFExperience.exe
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\GFExperienceControls.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\GFExperienceCore.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\GFExperienceExt.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\GridService.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\InstallerService.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\InstallerUIExtension.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\log4net.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\Microsoft.Practices.ServiceLocation.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\Microsoft.WindowsAPICodePack.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\Microsoft.WindowsAPICodePack.Shell.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\NVIDIA.Win32Api.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\nvtmru.exe
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\oaremote_plugin.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\ShadowPlay.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\System.Reactive.Core.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\System.Reactive.Interfaces.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\System.Reactive.Linq.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\System.Reactive.PlatformServices.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\System.Reactive.Providers.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\System.Reactive.Runtime.Remoting.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\System.Reactive.Windows.Threading.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\System.Windows.Interactivity.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\zh-CHT\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\zh-CHS\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\tr-TR\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\th-TH\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\sv-SE\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\sl-SI\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\sk-SK\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\ru-RU\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\pt-PT\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\pt-BR\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\pl-PL\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\nl-NL\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\nb-NO\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\ko-KR\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\ja-JP\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\it-IT\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\hu-HU\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\he-IL\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\fr-FR\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\fi-FI\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\es-MX\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\es-ES\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\en-US\GFExperience.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\en-US\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\en-GB\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\el-GR\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\de-DE\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\da-DK\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\cs-CZ\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\GFExperience\ar-AE\GFExperienceControls.resources.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\ComUpdatus.exe
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\daemonu.exe
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\easyDaemonAPIU32.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\easyDaemonAPIU64.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\nvupdt32.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\nvupdt64.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\nvupdtr32.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\nvupdtr64.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\nvupdtrXP32.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\nvupdtrXP64.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\nvupdtXP32.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\nvupdtXP64.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\UpdateExt.dll
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Update\WLMerger.exe
C:\Users\CHRIST~1\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\6.4.23.3\Display.Optimus\OptimusExt.dll
C:\Users\CHRIST~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\CHRIST~1\AppData\Local\Temp\is1971879534\1194285_Setup.EXE
C:\Users\CHRIST~1\AppData\Local\Temp\is1971879534\1890026_Setup.EXE
C:\Users\CHRIST~1\AppData\Local\Temp\is1971879534\2324847_Setup.EXE
C:\Users\CHRIST~1\AppData\Local\Temp\is1971879534\PCSpeedMaximizer_AQDE_AFD_PPI.exe
C:\Users\CHRIST~1\AppData\Local\Temp\HpUpdate\26809\FWUpdateEDO2_305748.exe
C:\Users\CHRIST~1\AppData\Local\Temp\HpUpdate\26593\hpusetup.exe
C:\Users\CHRIST~1\AppData\Local\Temp\HpUpdate\26578\4250_DiagnosticAlert_000_000_010_000.exe
C:\Users\CHRIST~1\AppData\Local\Temp\HPDiagnosticAlert\DiagnosticAlert.exe
C:\Users\CHRIST~1\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\BExternal.dll
C:\Users\CHRIST~1\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\BUSolForMontiera.dll
C:\Users\CHRIST~1\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\BUSolution.dll
C:\Users\CHRIST~1\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\ChromeToolbarSetup.dll
C:\Users\CHRIST~1\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\CrxInstaller.dll
C:\Users\CHRIST~1\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\GUninstaller.exe
C:\Users\CHRIST~1\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\MntrDLLInstall.dll
C:\Users\CHRIST~1\AppData\Local\Temp\AB02B7AA-BAB0-7891-9B73-5DEA39FAC97A\Latest\sqlite3.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS3653\hppiw.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS3653\HPSLPSVC32.DLL
C:\Users\CHRIST~1\AppData\Local\Temp\7zS3653\HPSLPSVC64.DLL
C:\Users\CHRIST~1\AppData\Local\Temp\7zS3653\DeviceManager\DeviceManager.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS3653\DeviceManager\DIFxAPI.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS2A97\InstallDiagnosticAlert.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\HP-DQEX5.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\Setup.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\utils\HPInstallLogCollector.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\utils\hpUrlLauncher.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\utils\x86\DIFxAPI.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\utils\x86\RemovePreinstalledDrivers.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\utils\x64\DIFxAPI.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\utils\x64\RemovePreinstalledDrivers.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\Toolbar\BingBarSetup.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\Toolbar\smartprintsetup.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\i386\hpfime51.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\i386\hpinkcoi5912.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\i386\hpinkins5912.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\i386\hpinksts5912.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\i386\hpinksts5912LM.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\i386\hpvpldrv09.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\i386\hpvplres09.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\i386\hpvplui09.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\i386\unidrv.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\i386\unidrvui.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\i386\unires.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\HP\Setup\hpssres.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\scanner\x64\HPScanTRDrv_OJ8600.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\scanner\x64\HPWia1_OJ8600.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\scanner\x64\HPWia2_OJ8600.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\scanner\x32\HPScanTRDrv_OJ8600.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\scanner\x32\HPWia1_OJ8600.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\scanner\x32\HPWia2_OJ8600.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\fax\x64\HPOJ8600_FaxPCSendDialogUI.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\fax\x64\HPOJ8600_FaxPCSendRenderPlugin.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\fax\x64\Unidrv.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\fax\x64\UnidrvUI.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\fax\x64\Unires.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\fax\x32\HPOJ8600_FaxPCSendDialogUI.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\fax\x32\HPOJ8600_FaxPCSendRenderPlugin.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\fax\x32\Unidrv.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\fax\x32\UnidrvUI.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\drivers\fax\x32\Unires.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\amd64\hpfime51.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\amd64\hpinkcoi5912.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\amd64\hpinkins5912.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\amd64\hpinksts5912.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\amd64\hpinksts5912LM.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\amd64\hpvpldrv09.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\amd64\hpvplres09.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\amd64\hpvplui09.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\amd64\unidrv.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\amd64\unidrvui.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS291D\amd64\unires.dll
C:\Users\CHRIST~1\AppData\Local\Temp\7zS2853\EnterpriseDU.exe
C:\Users\CHRIST~1\AppData\Local\Temp\7zS2853\EnterpriseDUUI.dll
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\BExternal.dll
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\BUSolForMontiera.dll
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\BUSolution.dll
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\ChromeToolbarSetup.dll
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\CrxInstaller.dll
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\GUninstaller.exe
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\IEHelper.dll
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\MntrDLLInstall.dll
C:\Users\CHRIST~1\AppData\Local\Temp\5A16627A-BAB0-7891-A67A-A4653A82640F\Latest\sqlite3.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 10:26

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-08-2013
Ran by Christoph at 2013-08-28 10:01:50
Running from C:\Users\Christoph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I2J13Q6Z
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Bit HP CIO Components Installer (Version: 13.2.1)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.7)
Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch (x32 Version: 1.1)
Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch (x32)
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch (x32 Version: 1.4)
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch (x32)
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch (x32)
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch (x32 Version: 1.5)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32)
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7)
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32)
Dot4 (Version: 1.0.0.0)
Google Update Helper (x32 Version: 1.3.23.0)
HP FWUpdateEDO2 (x32 Version: 1.2.0.0)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (Version: 28.0.1315.0)
HP Officejet Pro 8600 Hilfe (x32 Version: 28.0.0)
HP Update (x32 Version: 5.003.003.001)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HTC Driver Installer (x32 Version: 4.3.0.001)
I.R.I.S. OCR (x32 Version: 12.3.4.0)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2849)
Intel(R) WiDi (Version: 3.5.34.0)
IPTInstaller (x32 Version: 4.0.8)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8)
MyPhoneExplorer (x32 Version: 1.8.4)
Norton Internet Security CBE (x32 Version: 20.1.1.2)
NVIDIA GeForce Experience 1.5.1 (Version: 1.5.1)
NVIDIA Grafiktreiber 320.49 (Version: 320.49)
NVIDIA Install Application (Version: 2.1002.125.816)
NVIDIA Optimus 6.4.23 (Version: 6.4.23)
NVIDIA PhysX (x32 Version: 9.13.0604)
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604)
NVIDIA Systemsteuerung 320.49 (Version: 320.49)
NVIDIA Update 6.4.23 (Version: 6.4.23)
NVIDIA Update Components (Version: 6.4.23)
Quickset64 (Version: 11.1.27)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.39030)
Skype™ 6.6 (x32 Version: 6.6.106)
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (Version: 28.0.1315.0)
TeamViewer 8 (x32 Version: 8.0.20202)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.6 (Version: 2.6.2.0)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition (x32)
XSManager (x32 Version: 3.0)

==================== Restore Points  =========================

11-08-2013 16:13:54 Geplanter Prüfpunkt
14-08-2013 18:35:56 Windows Update
21-08-2013 15:45:44 Windows Update
26-08-2013 09:59:28 Uniblue SpeedUpMyPC installation
27-08-2013 11:43:57 Removed SpyHunter

==================== Hosts content: ==========================

2012-07-26 07:26 - 2013-08-27 17:20 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0934AF59-05C7-4B9A-9E60-A0658DDDF251} - System32\Tasks\{298BB8E3-A60E-4C29-9CDD-BFA05E508556} => c:\program files (x86)\mozilla firefox\firefox.exe [2013-08-21] (Mozilla Corporation)
Task: {0B6091EF-2668-472B-930B-F551036AAB37} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {10079164-7C57-4B94-B7E7-AD616362EB5C} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation)
Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {115A30F5-9629-4E2E-993E-F2EF77734558} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => C:\Windows\System32\bfe.dll [2012-11-27] (Microsoft Corporation)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\System32\sysmain.dll [2013-05-04] (Microsoft Corporation)
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\WSClient.dll [2012-09-20] (Microsoft Corporation)
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {307D8C75-FDA3-49D3-AA9F-DB79F405FB59} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => C:\Windows\System32\acproxy.dll [2012-07-26] (Microsoft Corporation)
Task: {32ACAC3E-EE76-4C8A-A239-C1CB4286ED9F} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {38D429E1-980E-4454-B754-D92C8AA91A0C} - \DealPlyLiveUpdateTaskMachineCore No Task File
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {420B00DC-77A6-4FF9-B624-02899C23EAF2} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation)
Task: {4998F38D-EE96-4963-A742-C6F481DB9F69} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe No File
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {5786EB7D-7A36-4A31-9750-FEB4EE04CF49} - System32\Tasks\Norton Internet Security CBE\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.1.1.2\SymErr.exe [2012-08-17] (Symantec Corporation)
Task: {57CDB7CC-BAF2-4706-83BD-77B2DC3E66A5} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2125518474-1797576930-2400602621-1001
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {67229DF8-B971-4F31-933D-0FD466D45DE1} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\System32\aepdu.dll [2012-07-26] (Microsoft Corporation)
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {72F579FD-A844-4CEF-9D50-8A908B03444D} - System32\Tasks\Norton Internet Security CBE\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.1.1.2\SymErr.exe [2012-08-17] (Symantec Corporation)
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {97DB00E2-886A-4C16-8AF3-B6328CAF1700} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe [2012-08-15] (Microsoft Corporation)
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {A6A57D2E-503B-4562-B41F-F547D9A00475} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.1.1.2\WSCStub.exe [2012-08-29] (Symantec Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\WSClient.dll [2012-09-20] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C2D41E62-029E-4898-B7F8-9277A536AB99} - \DealPlyLiveUpdateTaskMachineUA No Task File
Task: {C349513B-1076-4999-8B23-2044EEDDA1C7} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\Windows\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\System32\Windows.Storage.ApplicationData.dll [2012-07-26] (Microsoft Corporation)
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {CE71C66F-2CF7-4165-BC24-9EFF4DB125B9} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E1A6ACC8-6B90-49DB-900D-C0328DDED93E} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\System32\Startupscan.dll [2012-07-26] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {F64ED41B-18B4-4F36-959D-0F00EC7E1136} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => C:\Windows\System32\dfdts.dll [2012-07-26] (Microsoft Corporation)

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Christoph\Desktop\Thumbs.db:encryptable
AlternateDataStreams: C:\Users\Christoph\Downloads\Thumbs.db:encryptable
AlternateDataStreams: C:\Users\Christoph\Documents\Thumbs.db:encryptable


==================== Faulty Device Manager Devices =============

Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/28/2013 09:58:41 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_p2psvc, Version: 6.2.9200.16420, Zeitstempel: 0x505a9a4e
Name des fehlerhaften Moduls: ESENT.dll, Version: 6.2.9200.16384, Zeitstempel: 0x5010aad8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000eaa3
ID des fehlerhaften Prozesses: 0x12c0
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_p2psvc0
Pfad der fehlerhaften Anwendung: svchost.exe_p2psvc1
Pfad des fehlerhaften Moduls: svchost.exe_p2psvc2
Berichtskennung: svchost.exe_p2psvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_p2psvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_p2psvc5

Error: (08/28/2013 09:57:07 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_p2psvc, Version: 6.2.9200.16420, Zeitstempel: 0x505a9a4e
Name des fehlerhaften Moduls: ESENT.dll, Version: 6.2.9200.16384, Zeitstempel: 0x5010aad8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000eaa3
ID des fehlerhaften Prozesses: 0x15c8
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_p2psvc0
Pfad der fehlerhaften Anwendung: svchost.exe_p2psvc1
Pfad des fehlerhaften Moduls: svchost.exe_p2psvc2
Berichtskennung: svchost.exe_p2psvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_p2psvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_p2psvc5

Error: (08/27/2013 09:30:25 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_p2psvc, Version: 6.2.9200.16420, Zeitstempel: 0x505a9a4e
Name des fehlerhaften Moduls: ESENT.dll, Version: 6.2.9200.16384, Zeitstempel: 0x5010aad8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000eaa3
ID des fehlerhaften Prozesses: 0x664
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_p2psvc0
Pfad der fehlerhaften Anwendung: svchost.exe_p2psvc1
Pfad des fehlerhaften Moduls: svchost.exe_p2psvc2
Berichtskennung: svchost.exe_p2psvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_p2psvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_p2psvc5


System errors:
=============
Error: (08/28/2013 09:58:41 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Peer Name Resolution-Protokoll" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (08/28/2013 09:58:41 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Peernetzwerk-Gruppenzuordnung" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (08/28/2013 09:58:41 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Peernetzwerkidentitäts-Manager" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (08/28/2013 09:57:07 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/28/2013 09:57:07 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/28/2013 09:57:07 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerkidentitäts-Manager" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/27/2013 09:30:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/27/2013 09:30:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/27/2013 09:30:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerkidentitäts-Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/27/2013 08:47:56 PM) (Source: BTHUSB) (User: )
Description: Der lokale Adapter bietet keine Unterstützung für einen wichtigen Controllerstatus für energiearme Geräte. Die mindestens erforderliche unterstützte Statusmaske ist "0x1f7fffff", vorhanden ist jedoch "0x1f3fffff". Die Funktionalität für energiearme Geräte wird deaktiviert.


Microsoft Office Sessions:
=========================
Error: (08/26/2013 09:14:39 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5992 seconds with 900 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 22%
Total physical RAM: 8048.93 MB
Available physical RAM: 6275.87 MB
Total Pagefile: 9264.93 MB
Available Pagefile: 7397.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.31 GB) (Free:143.43 GB) NTFS
Drive d: (Daten) (Fixed) (Total:194.97 GB) (Free:180.64 GB) NTFS
Drive e: (Media) (Fixed) (Total:540.89 GB) (Free:540.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 8E40B229)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=541 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=195 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 10:05 on 28/08/2013 by Christoph
Administrator - Elevation successful

========== filefind ==========

Searching for "*dealply*"
C:\AdwCleaner\Quarantine\C\ProgramData\DealPlyLive\Update\Log\DealPlyLive.log.vir	--a---- 60256 bytes	[08:02 22/06/2013]	[16:26 23/06/2013] 23CEEA83095EA83BFA5E22467A0A610B
C:\AdwCleaner\Quarantine\C\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore.vir	--a---- 3658 bytes	[08:02 22/06/2013]	[08:02 22/06/2013] 34DE885923717246C02CC9CBCE3A0263
C:\AdwCleaner\Quarantine\C\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA.vir	--a---- 3894 bytes	[08:02 22/06/2013]	[08:02 22/06/2013] 521FC22170710CCAC8E26DE5D4A61331
C:\AdwCleaner\Quarantine\C\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job.vir	--a---- 918 bytes	[08:02 22/06/2013]	[12:05 27/08/2013] FD3D1C490FD30526E0053C083690BB00
C:\AdwCleaner\Quarantine\C\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job.vir	--a---- 922 bytes	[08:02 22/06/2013]	[17:07 27/08/2013] 09CEFC98BD18386FE8C8D513F9363939
C:\Windows\Prefetch\DEALPLYUPDATEVER.EXE-D0F043B6.pf	--a---- 38458 bytes	[08:02 22/06/2013]	[12:59 23/06/2013] 00044C2057895759199501DA79FEE57D

Searching for "*eSafe*"
No files found.

Searching for "*Desk 365*"
C:\Windows\System32\Tasks\Desk 365 RunAsStdUser	--a---- 3384 bytes	[10:00 26/08/2013]	[10:00 26/08/2013] FD089F3EA41B5BF9D2EF368B4026B48A

Searching for "*optimizer pro*"
No files found.

Searching for "*VideoSaver*"
No files found.

Searching for "*portaldosites*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mozilla Firefox\searchplugins\portaldosites.xml.vir	--a---- 802 bytes	[10:00 26/08/2013]	[10:00 26/08/2013] 07F1F0846F11528AC40A373243DEAD4A
C:\Users\Christoph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LFXFNUOG\portaldosites_com[1].htm	--a---- 21892 bytes	[14:11 27/08/2013]	[14:12 27/08/2013] 6DC321E0C6552718398CE193A710244B
C:\Users\Christoph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W1TIU28I\portaldosites-big[1].png	--a---- 3730 bytes	[14:12 27/08/2013]	[14:12 27/08/2013] EF889D81765B40334EDE21BD904C94DF
C:\Users\Christoph\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\K0YB0306\www.portaldosites[1].xml	--a---- 13 bytes	[14:12 27/08/2013]	[14:12 27/08/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5

Searching for "*speedupmypc*"
C:\Windows\Prefetch\SPEEDUPMYPC-STANDALONE-SETUP.-C3F6A117.pf	--a---- 276058 bytes	[10:00 26/08/2013]	[10:00 26/08/2013] 80BD343EB8F58DCA96F5E18EB37D5D39

Searching for "*WebCake*"
C:\Users\Christoph\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\WebCakeDesktop.Updater.exe.log	--a---- 1249 bytes	[09:59 26/08/2013]	[09:59 26/08/2013] 7C0716CB0991E615B3461D3983A323C9
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\WebCakeDesktop.Updater.exe.log	--a---- 510 bytes	[12:04 26/08/2013]	[12:04 26/08/2013] 784A988FE063DEB08B7BF3B7FC76D0DA

Searching for "*DataMngr*"
C:\Users\Christoph\AppData\Local\Temp\jrt\datamngr_del.reg	--a---- 386 bytes	[18:29 27/08/2013]	[03:41 22/08/2013] 95F42A3D43416D3BB978F174C83F494C

Searching for "*Crossrider*"
No files found.

========== folderfind ==========

Searching for "*dealply*"
C:\AdwCleaner\Quarantine\C\ProgramData\DealPlyLive	d------	[17:41 27/08/2013]
C:\AdwCleaner\Quarantine\C\Users\Christoph\AppData\Roaming\DealPly	d------	[17:41 27/08/2013]

Searching for "*eSafe*"
C:\AdwCleaner\Quarantine\C\ProgramData\eSafe	d------	[17:41 27/08/2013]

Searching for "*Desk 365*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Desk 365	d------	[17:41 27/08/2013]
C:\AdwCleaner\Quarantine\C\Users\Christoph\AppData\Roaming\Desk 365	d------	[17:41 27/08/2013]

Searching for "*optimizer pro*"
No folders found.

Searching for "*VideoSaver*"
No folders found.

Searching for "*portaldosites*"
No folders found.

Searching for "*speedupmypc*"
No folders found.

Searching for "*WebCake*"
No folders found.

Searching for "*DataMngr*"
No folders found.

Searching for "*Crossrider*"
No folders found.

========== regfind ==========

Searching for "dealply"
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\DealPly\uninst.exe"="$ Win7RTM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\SourceList]
"PackageName"="DealPlyLiveHelper.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\SourceList]
"LastUsedSource"="n;1;C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\SourceList\Net]
"1"="C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"InstallSource"="C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"Publisher"="DealPly Technologies Ltd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38D429E1-980E-4454-B754-D92C8AA91A0C}]
"Path"="\DealPlyLiveUpdateTaskMachineCore"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2D41E62-029E-4898-B7F8-9277A536AB99}]
"Path"="\DealPlyLiveUpdateTaskMachineUA"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyLiveUpdateTaskMachineCore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyLiveUpdateTaskMachineUA]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"InstallSource"="C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"Publisher"="DealPly Technologies Ltd"
[HKEY_USERS\S-1-5-21-2125518474-1797576930-2400602621-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\DealPly\uninst.exe"="$ Win7RTM"

Searching for "eSafe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AAA5AE38-06BB-4331-B0B8-9D2892FE559D}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\eSafe\eGdpSvc.exe|Name=WsysSvc|EmbedCtxt=WsysSvc|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AAA5AE38-06BB-4331-B0B8-9D2892FE559D}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\eSafe\eGdpSvc.exe|Name=WsysSvc|EmbedCtxt=WsysSvc|"

Searching for "Desk 365"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths]
"url2"="Users\Christoph\AppData\Roaming\Desk 365"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths]
"url4"="C:\Program Files (x86)\Desk 365"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths]
"url5"="C:\Users\Christoph\AppData\Roaming\Desk 365"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4998F38D-EE96-4963-A742-C6F481DB9F69}]
"Path"="\Desk 365 RunAsStdUser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4998F38D-EE96-4963-A742-C6F481DB9F69}]
"Author"="Desk 365 RunAsStdUser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser]
[HKEY_USERS\S-1-5-21-2125518474-1797576930-2400602621-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths]
"url2"="Users\Christoph\AppData\Roaming\Desk 365"
[HKEY_USERS\S-1-5-21-2125518474-1797576930-2400602621-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths]
"url4"="C:\Program Files (x86)\Desk 365"
[HKEY_USERS\S-1-5-21-2125518474-1797576930-2400602621-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths]
"url5"="C:\Users\Christoph\AppData\Roaming\Desk 365"

Searching for "optimizer pro"
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe"="RUNASADMIN ELEVATECREATEPROCESS"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe.FriendlyAppName"="Optimizer Pro"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe.ApplicationCompany"="PC Utilities Pro"
[HKEY_USERS\S-1-5-21-2125518474-1797576930-2400602621-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe"="RUNASADMIN ELEVATECREATEPROCESS"
[HKEY_USERS\S-1-5-21-2125518474-1797576930-2400602621-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe.FriendlyAppName"="Optimizer Pro"
[HKEY_USERS\S-1-5-21-2125518474-1797576930-2400602621-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe.ApplicationCompany"="PC Utilities Pro"
[HKEY_USERS\S-1-5-21-2125518474-1797576930-2400602621-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe.FriendlyAppName"="Optimizer Pro"
[HKEY_USERS\S-1-5-21-2125518474-1797576930-2400602621-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe.ApplicationCompany"="PC Utilities Pro"
[HKEY_USERS\S-1-5-21-2125518474-1797576930-2400602621-1002\Software\Optimizer Pro]

Searching for "VideoSaver"
No data found.

Searching for "portaldosites"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://www.portaldosites.com/?utm_source=b&utm_medium=spfs2&from=spfs2&uid=WDCXWD10JPVT-75A1YT0_WX51AA2M9153AA2M9153&ts=1377511227"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.portaldosites.com/?utm_source=b&utm_medium=spfs2&from=spfs2&uid=WDCXWD10JPVT-75A1YT0_WX51AA2M9153AA2M9153&ts=1377511227"

Searching for "speedupmypc"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\UFH\SHC]
"1"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\SpeedUpMyPC\SpeedUpMyPC.lnk C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe"
[HKEY_USERS\S-1-5-21-2125518474-1797576930-2400602621-1001\Software\Microsoft\Windows\CurrentVersion\UFH\SHC]
"1"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\SpeedUpMyPC\SpeedUpMyPC.lnk C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe"

Searching for "WebCake"
No data found.

Searching for "DataMngr"
No data found.

Searching for "Crossrider"
No data found.

Searching for "         "
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 12"="[F00000000][T01CE9F0BF911E800]*D:\PRIVAT\Nicole\Schreiben allg\Esprit Online Shop                                                                                                             Hannover.docx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" Enabled="true" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="3.0"/>                 </InitializationParameters>                 <Resources>                     <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                         <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                         <Capability Type="Shell"/>                     </Reso
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell.Workflow]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell.workflow" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" UseSharedProcess="true" ProcessIdleTimeoutSec="28800" RunAsUser="" RunAsPassword="" AutoRestart="false"     Enabled="true" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="3.0"/>                     <Param Name="AssemblyName" Value="Microsoft.PowerShell.Workflow.ServiceCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL"/>                     <Param Name="PSSessionConfigurationTypeName" Value="Microsoft.PowerShell.Workflow.PSWorkflowSessionConfiguration"/>                     <Param Name="SessionConfigurationData"                          Value="                         
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" Architecture="32" Enabled="true" >                         <InitializationParameters>                             <Param Name="PSVersion" Value="3.0"/>                         </InitializationParameters>                         <Resources>                             <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                 <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_HTC&PROD_DESIRE&REV_0100#7&D6E50CC&0&HT06LPL01769&0#]
"DeviceDesc"="Desire          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_HTC&PROD_DESIRE&REV_0100#HT06LPL01769&0#]
"DeviceDesc"="Desire          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_USBMODEM&PROD_DISK&REV_2.31#7&2CF065CB&0&1234567890ABCDEF&0#]
"DeviceDesc"="Disk            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_HTC&PROD_DESIRE&REV_0100#7&D6E50CC&0&HT06LPL01769&0#]
"DeviceDesc"="Desire          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_HTC&PROD_DESIRE&REV_0100#HT06LPL01769&0#]
"DeviceDesc"="Desire          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_USBMODEM&PROD_DISK&REV_2.31#7&2CF065CB&0&1234567890ABCDEF&0#]
"DeviceDesc"="Disk            "
[HKEY_USERS\S-1-5-21-2125518474-1797576930-2400602621-1001\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 12"="[F00000000][T01CE9F0BF911E800]*D:\PRIVAT\Nicole\Schreiben allg\Esprit Online Shop                                                                                                             Hannover.docx"

-= EOF =-
         
Hm, Probleme mit Malware, ich denke nicht, zumindest ist mir nichts weiter aufgefallen.
Nun läuft alles wieder wie vorher.

Danke erst einmal an dieser Stelle für die schnelle und kompetente Hilfe.

Nun mal eine Frage für die Zukunft, da ich mich bisher nur sehr oberflächlich mit dem Thema Schutzsoftware beschäftigt habe. Wie schütze ich meinen PC richtig? Ist der falsche Thread dafür aber vielleicht kannst du mir ja auch einen passenden Thread empfelen. Bisher habe ich immer Kaspersky CBE und nun Norten CBE verwendet.

Alt 28.08.2013, 09:29   #15
M-K-D-B
/// TB-Ausbilder
 
portaldosites als Startseite im IE und FireFox lässt sich nicht löschen! - Standard

portaldosites als Startseite im IE und FireFox lässt sich nicht löschen!



Servus,



wir entfernen die letzten Reste und kontrollieren nochmal alles:




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=spfs2&from=spfs2&uid=WDCXWD10JPVT-75A1YT0_WX51AA2M9153AA2M9153&ts=1377511227
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=spfs2&from=spfs2&uid=WDCXWD10JPVT-75A1YT0_WX51AA2M9153AA2M9153&ts=1377511227
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
C:\Program Files\Enigma Software Group
Task: {38D429E1-980E-4454-B754-D92C8AA91A0C} - \DealPlyLiveUpdateTaskMachineCore No Task File
Task: {4998F38D-EE96-4963-A742-C6F481DB9F69} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe No File
Task: {C2D41E62-029E-4898-B7F8-9277A536AB99} - \DealPlyLiveUpdateTaskMachineUA No Task File
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
C:\Users\Christoph\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\K0YB0306\www.portaldosites[1].xml
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v {AAA5AE38-06BB-4331-B0B8-9D2892FE559D} /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths" /v url2 /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths" /v url4 /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths" /v url5 /f
Reg: reg delete "HKEY_USERS\S-1-5-21-2125518474-1797576930-2400602621-1002\Software\Optimizer Pro" /f
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.






Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von FRST,
  • die Logdatei von MBAM,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Antwort

Themen zu portaldosites als Startseite im IE und FireFox lässt sich nicht löschen!
als startseite, beheben, benötige, dringend, drucker, firefox, ie und firefox, installation, installier, löschen, nicht löschen, portaldosites, programme, seite, startseite, tools



Ähnliche Themen: portaldosites als Startseite im IE und FireFox lässt sich nicht löschen!


  1. TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren
    Plagegeister aller Art und deren Bekämpfung - 14.01.2015 (29)
  2. webssearches.com als Startseite in Firefox lässt sich nicht deinstallieren
    Plagegeister aller Art und deren Bekämpfung - 12.08.2014 (13)
  3. Windows 7: IE11 FF30 Startseite lässt sich nicht ändern bzw. setzt sich zurück
    Log-Analyse und Auswertung - 05.07.2014 (9)
  4. Laptop ruckelt nur noch, Iminent lässt sich nicht löschen und Radio schaltet sich alleine an und aus und lässt sich ebenfalls nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 27.06.2014 (3)
  5. Startseite bei Firefox lässt sich nicht ändern.
    Log-Analyse und Auswertung - 16.04.2014 (27)
  6. Startseite Awesomehp lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 04.02.2014 (7)
  7. nationzoom startseite bei firefox lässt sich nicht ändern
    Log-Analyse und Auswertung - 21.01.2014 (1)
  8. Firefox "Neuer Tab": mixidj.delta-search.com, lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 27.04.2013 (24)
  9. Firefox Startseite http://www.searchnu.com/406 lässt sich nicht mehr ändern!
    Log-Analyse und Auswertung - 29.11.2012 (13)
  10. FireFox Lesezeichen lässt sich nicht Löschen www.erosdating.de
    Plagegeister aller Art und deren Bekämpfung - 28.11.2012 (1)
  11. Claro Serch - Firefox startseite - Win7: lässt sich nicht entfernen. (FirmenPC)
    Plagegeister aller Art und deren Bekämpfung - 06.11.2012 (5)
  12. Searchqu im Firefox lässt sich nicht löschen!
    Log-Analyse und Auswertung - 19.01.2012 (39)
  13. [doppelt] Searchqu im Firefox lässt sich nicht löschen!
    Mülltonne - 17.01.2012 (0)
  14. Searchqu Startseite im Mozilla lässt sich nicht löschen
    Log-Analyse und Auswertung - 20.12.2011 (18)
  15. Datei/virus lässt sich nicht löschen und lässt Explorer crashen!
    Plagegeister aller Art und deren Bekämpfung - 11.04.2010 (2)
  16. Startseite: "searchfor" lässt sich nicht löschen. Außerdem lässtige Nachrichtena
    Log-Analyse und Auswertung - 10.01.2005 (7)
  17. Startseite lässt sich nicht ändern
    Log-Analyse und Auswertung - 31.08.2004 (30)

Zum Thema portaldosites als Startseite im IE und FireFox lässt sich nicht löschen! - Hallo, nach der Installation eines vermeintlichen HP druckertolls habe ich nun auch das portaldosites Problem. Es haben sich ein paar Programme und Tools selber installiert. Die habe ich wieder deinstalliert. - portaldosites als Startseite im IE und FireFox lässt sich nicht löschen!...
Archiv
Du betrachtest: portaldosites als Startseite im IE und FireFox lässt sich nicht löschen! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.