LOG-File von AdwCleaner zu TUbeSaver unter Win7 64bit

patti-berlin · 24.11.2013, 11:07

Im IE 9 32 bit erhalte ich seit einiger Zeit unzählige Werbefenster und Pop-Ups. In der Systemsteuerung fand ich nun die Software TubeSaver. Diese lässt sich jedoch nicht deinstallieren, da sich NIS meldet und den Zugriff verweigert.

AdwCleaner bringt mir folgende LOG-Datei:

Code:

ATTFilter

# AdwCleaner v3.010 - Bericht erstellt am 24/11/2013 um 10:42:30
# Updated 20/10/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : patti - PATTIS
# Gestartet von : C:\Users\patti\Desktop\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\END
Datei Gefunden : C:\Windows\System32\Tasks\TubeSaver Update
Datei Gefunden : C:\Windows\Tasks\TubeSaver Update.job
Ordner Gefunden C:\Program Files (x86)\Conduit
Ordner Gefunden C:\Program Files (x86)\tubesaver
Ordner Gefunden C:\ProgramData\boost_interprocess
Ordner Gefunden C:\Users\patti\AppData\Local\Conduit
Ordner Gefunden C:\Users\patti\AppData\LocalLow\Conduit

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\smartbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\TubeSaver
Schlüssel Gefunden : [x64] HKCU\Software\APN PIP
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gefunden : HKLM\Software\PIP
Schlüssel Gefunden : HKLM\Software\systweak
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16520


*************************

AdwCleaner[R0].txt - [2792 octets] - [24/11/2013 10:42:30]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2852 octets] ##########

Was kann ich tun???

Danke für die Mühe, patti

M-K-D-B · 24.11.2013, 12:30

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 4 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
beide Logdateien von FRST.

patti-berlin · 24.11.2013, 14:22

Hallo Matthias,

vielen lieben Dank für deine Mühe. Hier die aktuelle LOG-Datei von AdwCleaner:

Code:

ATTFilter

# AdwCleaner v3.013 - Bericht erstellt am 24/11/2013 um 14:04:37
# Updated 24/11/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : patti - PATTIS
# Gestartet von : C:\Users\patti\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\tubesaver
Ordner Gelöscht : C:\Users\patti\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\patti\AppData\LocalLow\Conduit
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\Tasks\TubeSaver Update.job
Datei Gelöscht : C:\Windows\System32\Tasks\TubeSaver Update

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\TubeSaver
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\systweak

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16520


*************************

AdwCleaner[R0].txt - [2944 octets] - [24/11/2013 10:42:30]
AdwCleaner[R1].txt - [3182 octets] - [24/11/2013 14:04:07]
AdwCleaner[S0].txt - [3055 octets] - [24/11/2013 14:04:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3115 octets] ##########

Dazu die FRST.txt

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2013 03
Ran by patti (administrator) on PATTIS on 24-11-2013 14:10:05
Running from C:\Users\patti\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Cambridge Silicon Radio Limited) P:\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe
(Cambridge Silicon Radio Limited) P:\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
(Cambridge Silicon Radio Limited) P:\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe
(Ellora Assets Corp.) P:\Freemake\Freemake\CaptureLib\CaptureLibService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\nis.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) D:\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(STRATO) P:\Strato_HiDrive\STRATO HiDrive Service.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Cambridge Silicon Radio Limited) P:\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\nis.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Cambridge Silicon Radio Limited) P:\CSR\CSR Harmony Wireless Software Stack\CsrHCRPServer.exe
(Cambridge Silicon Radio Limited) P:\CSR\CSR Harmony Wireless Software Stack\CsrAudioguiCtrl.exe
() P:\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe
(Cambridge Silicon Radio Limited) P:\CSR\CSR Harmony Wireless Software Stack\vksts.exe
(Cambridge Silicon Radio Limited) P:\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe
(Cambridge Silicon Radio Limited) C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe
(Cambridge Silicon Radio Limited) P:\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() P:\Rainlendar2\Rainlendar2.exe
(Samsung) P:\KIES\External\FirmwareUpdate\KiesPDLR.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\FritzDsl.exe
(Logitech Inc.) P:\Logitech_Webcam\LWS\Webcam Software\LWS.exe
(Acronis) P:\TrueImage2012\TrueImageHome\TrueImageMonitor.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
(Acronis) P:\TrueImage2012\TrueImageHome\TimounterMonitor.exe
(Energenie) P:\Gembird\Power Manager\pm.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403688 2012-06-28] (Acronis)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [CsrHCRPServer] - P:\CSR\CSR Harmony Wireless Software Stack\CsrHCRPServer.exe [1134288 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [CsrAudioguiCtrl] - P:\CSR\CSR Harmony Wireless Software Stack\CsrAudioguiCtrl.exe [511696 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [CsrSyncMLServer] - P:\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe [244944 2012-03-22] ()
HKLM\...\Run: [vksts] - P:\CSR\CSR Harmony Wireless Software Stack\vksts.exe [25792 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [HarmonyUserStartup] - P:\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe [39128 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [CSRHarmonySkypePlugin] - C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe [146656 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [TrayApplication] - P:\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe [529616 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [Rainlendar2] - P:\Rainlendar2\Rainlendar2.exe [3931136 2012-07-02] ()
HKCU\...\Run: [] - P:\KIES\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKCU\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden-Rechtschreibpruefung\DKTray.exe [357992 2013-01-29] (Expert System S.p.A.)
MountPoints2: {249405ba-21d4-11e2-b65a-c86000d13906} - H:\LaunchU3.exe -a
MountPoints2: {3fbb328d-5279-11e3-9168-c86000d13906} - "E:\WD Drive Unlock.exe" autoplay=true
HKLM-x32\...\Run: [LWS] - P:\Logitech_Webcam\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - P:\TrueImage2012\TrueImageHome\TrueImageMonitor.exe [5993216 2012-06-28] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] - P:\TrueImage2012\TrueImageHome\TimounterMonitor.exe [1173712 2012-06-28] (Acronis)
HKLM-x32\...\Run: [Power Manager] - P:\Gembird\Power Manager\pm.exe [26848256 2013-02-22] (Energenie)
HKLM-x32\...\Run: [AVMFBoxMonitor] - C:\Program Files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe [1503232 2009-07-06] (AVM Berlin)
HKLM-x32\...\Run: [WD Drive Unlocker] - C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-04-01] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.)
HKU\Familie\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2012-07-02] (Hewlett-Packard Company)
HKU\Familie\...\Run: [Rainlendar2] - P:\Rainlendar2\Rainlendar2.exe [3931136 2012-07-02] ()
HKU\Familie\...\Run: [] - P:\KIES\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKU\Familie\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden-Rechtschreibpruefung\DKTray.exe [357992 2013-01-29] (Expert System S.p.A.)
Startup: C:\Users\patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk
ShortcutTarget: FRITZ!DSL Internet.lnk -> C:\Program Files\FRITZ!DSL\FritzDsl.exe (AVM Berlin)
Startup: C:\Users\patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Users\patti\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe ()
Startup: C:\Users\patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7B5326663995CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coieplg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: TubeSaver - {345458b9-506f-4fcc-803b-d02843989662} - C:\Program Files (x86)\TubeSaver\133.dll No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coieplg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

==================== Services (Whitelisted) =================

R2 BtSwitcherService; P:\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe [64216 2012-03-22] (Cambridge Silicon Radio Limited)
R2 CSRBtAudioService; P:\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe [465624 2012-03-22] (Cambridge Silicon Radio Limited)
R2 CsrBtOBEX-Dienst; P:\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe [1041616 2012-03-22] (Cambridge Silicon Radio Limited)
R2 CsrBtService; P:\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe [825032 2012-03-22] (Cambridge Silicon Radio Limited)
R2 FreemakeVideoCapture; P:\Freemake\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-08-26] (Ellora Assets Corp.)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-08] (NVIDIA Corporation)
R2 StarMoney 9.0 OnlineUpdate; D:\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [663184 2013-10-11] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 STRATO HiDrive Service; P:\Strato_HiDrive\STRATO HiDrive Service.exe [32768 2011-11-15] (STRATO)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-08-14] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-08-14] (Western Digital Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [1524824 2013-10-23] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
S3 cpuz135; P:\CPUID\PC Wizard 2012\pcwiz_x64.sys [24368 2012-08-11] (CPUID)
R3 csravrcp; C:\Windows\System32\DRIVERS\csravrcp.sys [26304 2012-03-22] (Cambridge Silicon Radio Limited)
R3 CsrBtPort; C:\Windows\System32\DRIVERS\CsrBtPort.sys [2784968 2012-03-22] (Cambridge Silicon Radio Limited)
R3 csrpan; C:\Windows\System32\DRIVERS\csrpan.sys [39616 2012-03-22] (Cambridge Silicon Radio Limited)
R3 csrserial; C:\Windows\System32\DRIVERS\csrserial.sys [61128 2012-03-22] (Cambridge Silicon Radio Limited)
R3 csrusb; C:\Windows\System32\Drivers\csrusb.sys [47296 2012-03-22] (Cambridge Silicon Radio Limited)
R3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Limited)
R3 csr_bthav; C:\Windows\System32\drivers\csrbthav.sys [99520 2012-03-22] (Cambridge Silicon Radio Limited)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\IPSDefs\20131122.001\IDSvia64.sys [521816 2013-10-28] (Symantec Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\VirusDefs\20131123.001\ENG64.SYS [126040 2013-09-04] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\VirusDefs\20131123.001\EX64.SYS [2099288 2013-09-04] (Symantec Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203672 2013-06-04] (DEVGURU Co., LTD.(www.devguru.co.kr))
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-09-05] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-08-07] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-24 14:08 - 2013-11-24 14:10 - 00018122 _____ C:\Users\patti\Desktop\FRST.txt
2013-11-24 14:08 - 2013-11-24 14:08 - 00003203 _____ C:\Users\patti\Desktop\AdwCleaner[S0].txt
2013-11-24 14:08 - 2013-11-24 14:08 - 00000000 ____D C:\Users\patti\VIRUS
2013-11-24 13:58 - 2013-11-24 14:06 - 00000336 _____ C:\Windows\setupact.log
2013-11-24 13:58 - 2013-11-24 13:58 - 00000000 _____ C:\Windows\setuperr.log
2013-11-24 13:57 - 2013-11-24 13:57 - 00026868 _____ C:\Windows\PFRO.log
2013-11-24 11:53 - 2013-11-24 11:53 - 01958396 _____ (Farbar) C:\Users\patti\Desktop\FRST64.exe
2013-11-24 11:53 - 2013-11-24 11:53 - 00000000 ____D C:\FRST
2013-11-24 10:42 - 2013-11-24 14:04 - 00000000 ____D C:\AdwCleaner
2013-11-24 10:42 - 2013-11-24 14:03 - 01091882 _____ C:\Users\patti\Desktop\adwcleaner.exe
2013-11-20 14:42 - 2013-11-14 12:56 - 30361888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 12613408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-11-20 14:42 - 2013-11-14 12:56 - 11600432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 11514624 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433182.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433182.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 00707360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 00657184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-11-20 14:42 - 2013-11-14 12:56 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-11-20 14:06 - 2013-11-08 21:47 - 01064224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-11-20 14:06 - 2013-11-08 21:47 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-11-20 14:04 - 2013-09-28 00:01 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-11-20 14:04 - 2013-09-28 00:01 - 00028960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-11-18 19:35 - 2013-11-18 19:35 - 00000000 ____D C:\Program Files\Logitech
2013-11-18 19:14 - 2013-11-18 19:15 - 81855696 _____ (Logitech Inc.) C:\Users\patti\Downloads\setpoint6.61.15_64.exe
2013-11-18 19:13 - 2013-11-18 19:13 - 04116816 _____ (Logitech Inc.) C:\Users\patti\Downloads\unifying210.exe
2013-11-18 19:13 - 2013-11-18 19:13 - 03672832 _____ (Logitech Inc.) C:\Users\patti\Downloads\setpoint6.61.15_smart.exe
2013-11-17 10:39 - 2013-11-17 10:39 - 04313088 _____ (Microsoft Corporation) C:\Users\patti\Downloads\Setup_SportTracks_3.1.5064.exe
2013-11-14 07:08 - 2013-10-13 15:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 07:08 - 2013-10-13 15:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-14 07:08 - 2013-10-13 15:42 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-14 07:08 - 2013-10-13 15:36 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-14 07:08 - 2013-10-13 15:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 07:08 - 2013-10-13 15:29 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 07:08 - 2013-10-13 10:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 07:08 - 2013-10-13 10:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-14 07:08 - 2013-10-13 10:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-14 07:08 - 2013-10-13 10:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-14 07:08 - 2013-10-13 10:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-14 07:08 - 2013-10-13 10:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 07:08 - 2013-10-13 10:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 07:07 - 2013-10-13 16:58 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 07:07 - 2013-10-13 16:09 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 07:07 - 2013-10-13 15:55 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 07:07 - 2013-10-13 15:48 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 07:07 - 2013-10-13 15:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-14 07:07 - 2013-10-13 15:44 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 07:07 - 2013-10-13 15:42 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 07:07 - 2013-10-13 15:42 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-14 07:07 - 2013-10-13 15:39 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 07:07 - 2013-10-13 15:38 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 07:07 - 2013-10-13 11:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 07:07 - 2013-10-13 11:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 07:07 - 2013-10-13 10:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 07:07 - 2013-10-13 10:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 07:07 - 2013-10-13 10:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-14 07:07 - 2013-10-13 10:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 07:07 - 2013-10-13 10:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 07:07 - 2013-10-13 10:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 07:07 - 2013-10-13 10:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 17:34 - 2013-11-13 17:34 - 00001417 _____ C:\Users\patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-11-13 07:04 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-11-13 07:04 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-11-13 07:04 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-11-13 07:04 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-11-13 07:04 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-11-13 07:04 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-11-13 07:04 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-11-13 07:04 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2013-11-13 07:04 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-11-13 07:04 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-11-13 07:04 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-11-13 07:04 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-11-13 07:04 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-11-13 07:04 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-11-13 07:04 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2013-11-13 07:04 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-11-13 07:04 - 2013-10-01 21:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-11-13 07:04 - 2013-10-01 21:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-11-13 07:02 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 07:02 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 07:02 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 07:02 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 07:02 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 07:02 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 07:02 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 07:02 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 07:02 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 07:02 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2013-11-13 07:02 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2013-11-13 07:01 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 07:01 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 07:01 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 07:01 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 07:01 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 07:01 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 07:01 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 07:01 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 07:01 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 07:01 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 07:01 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 07:01 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 07:01 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 07:01 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 07:01 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 07:01 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 07:01 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 07:01 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 07:01 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 07:01 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 07:01 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 06:53 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-11 08:59 - 2013-11-11 08:59 - 00590112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-11-06 17:54 - 2013-11-06 17:54 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_csrserial_01009.Wdf
2013-11-06 17:53 - 2013-11-06 17:55 - 00000000 ____D C:\BluetoothExchangeFolder
2013-11-06 17:53 - 2013-11-06 17:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_csrusb_01009.Wdf
2013-11-06 17:53 - 2013-11-06 17:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_csrpan_01009.Wdf
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Windows\system32\gl-ES
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Windows\system32\fr-CA
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Windows\system32\eu-ES
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Windows\system32\es-cl
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Windows\system32\ca-ES
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Program Files (x86)\CSR
2013-10-27 09:12 - 2013-11-14 12:56 - 15218504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-10-27 09:12 - 2013-10-27 09:12 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433165.dll
2013-10-27 09:12 - 2013-10-27 09:12 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433165.dll
2013-10-26 09:55 - 2013-10-26 09:55 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-10-26 09:55 - 2013-10-26 09:55 - 00000000 ____D C:\Program Files\Realtek
2013-10-26 09:55 - 2013-03-29 20:42 - 03379272 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2013-10-26 09:55 - 2013-03-29 17:04 - 21170176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2013-10-26 09:55 - 2013-03-29 16:52 - 00914992 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2013-10-26 09:55 - 2013-03-29 16:10 - 00449481 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-10-26 09:55 - 2013-03-27 15:57 - 00135240 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2013-10-26 09:55 - 2013-03-26 16:06 - 02797128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2013-10-26 09:55 - 2013-03-26 16:04 - 02734624 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2013-10-26 09:55 - 2013-03-26 14:40 - 03693128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-10-26 09:55 - 2013-03-26 13:38 - 01659464 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2013-10-26 09:55 - 2013-03-25 16:32 - 03180264 _____ C:\Windows\system32\Drivers\rtvienna.dat
2013-10-26 09:55 - 2013-03-23 02:43 - 00208072 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2013-10-26 09:55 - 2013-03-20 12:17 - 09123608 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2013-10-26 09:55 - 2013-03-20 12:16 - 02102040 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2013-10-26 09:55 - 2013-03-20 12:16 - 01900312 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2013-10-26 09:55 - 2013-03-20 12:16 - 00910104 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2013-10-26 09:55 - 2013-03-15 18:34 - 04957976 _____ (A-volute) C:\Windows\system32\RTKSMlfx.dll
2013-10-26 09:55 - 2013-03-15 18:33 - 00887640 _____ (A-Volute) C:\Windows\system32\RTKSMSettingsIPC.dll
2013-10-26 09:55 - 2013-03-12 17:16 - 00613448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2013-10-26 09:55 - 2013-03-08 11:51 - 00904752 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2013-10-26 09:55 - 2013-02-28 12:10 - 14021912 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2013-10-26 09:55 - 2013-02-28 12:10 - 02032408 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2013-10-26 09:55 - 2013-02-27 04:37 - 00823072 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2013-10-26 09:55 - 2013-02-27 04:37 - 00633632 _____ (SRS Labs, Inc.) C:\Windows\system32\sltech64.dll
2013-10-26 09:55 - 2013-02-27 04:37 - 00517408 _____ (SRS Labs, Inc.) C:\Windows\system32\sl3apo64.dll
2013-10-26 09:55 - 2013-02-27 04:37 - 00213792 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2013-10-26 09:55 - 2013-02-21 16:26 - 00858032 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2013-10-26 09:55 - 2013-02-21 16:26 - 00148912 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2013-10-26 09:55 - 2013-02-21 16:25 - 00569256 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2013-10-26 09:55 - 2013-02-20 17:55 - 01284680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2013-10-26 09:55 - 2013-02-19 17:52 - 00991816 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2013-10-26 09:55 - 2013-01-17 18:32 - 00719640 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2013-10-26 09:55 - 2012-12-12 10:17 - 00395208 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2013-10-26 09:55 - 2012-10-02 13:41 - 00501192 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2013-10-26 09:55 - 2012-10-02 13:41 - 00487368 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2013-10-26 09:55 - 2012-10-02 13:41 - 00415688 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2013-10-26 09:55 - 2012-09-10 19:06 - 00612728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2013-10-26 09:55 - 2012-08-31 18:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2013-10-26 09:55 - 2012-08-31 18:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2013-10-26 09:55 - 2012-08-31 18:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2013-10-26 09:55 - 2012-08-31 18:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2013-10-26 09:55 - 2012-08-31 18:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2013-10-26 09:55 - 2012-07-15 20:13 - 00394616 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2013-10-26 09:55 - 2012-06-20 16:26 - 00110592 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-10-26 09:55 - 2012-03-08 10:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2013-10-26 09:55 - 2012-01-30 10:43 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2013-10-26 09:55 - 2012-01-10 09:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2013-10-26 09:55 - 2011-12-20 14:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2013-10-26 09:55 - 2011-11-22 15:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2013-10-26 09:55 - 2011-09-02 13:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2013-10-26 09:55 - 2011-09-02 13:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2013-10-26 09:55 - 2011-09-02 13:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2013-10-26 09:55 - 2011-08-23 16:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2013-10-26 09:55 - 2011-05-31 08:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2013-10-26 09:55 - 2011-05-31 08:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2013-10-26 09:55 - 2011-05-31 08:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2013-10-26 09:55 - 2011-05-31 08:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2013-10-26 09:55 - 2011-05-31 08:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2013-10-26 09:55 - 2011-05-31 08:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2013-10-26 09:55 - 2011-05-31 08:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2013-10-26 09:55 - 2011-05-31 08:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2013-10-26 09:55 - 2011-05-31 08:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2013-10-26 09:55 - 2011-05-31 08:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2013-10-26 09:55 - 2011-05-31 08:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2013-10-26 09:55 - 2011-05-31 08:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2013-10-26 09:55 - 2011-03-17 11:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2013-10-26 09:55 - 2011-03-07 16:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2013-10-26 09:55 - 2010-11-08 06:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2013-10-26 09:55 - 2010-11-08 06:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2013-10-26 09:55 - 2010-11-08 06:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2013-10-26 09:55 - 2010-11-08 06:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2013-10-26 09:55 - 2010-11-08 06:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2013-10-26 09:55 - 2010-11-08 06:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2013-10-26 09:55 - 2010-11-03 17:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2013-10-26 09:55 - 2010-09-27 08:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2013-10-26 09:55 - 2010-07-22 15:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2013-10-26 09:55 - 2009-11-24 08:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2013-10-26 09:55 - 2009-11-24 08:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2013-10-26 09:55 - 2009-11-24 08:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2013-10-26 09:55 - 2009-11-24 08:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2013-10-26 09:39 - 2013-10-26 09:41 - 81891861 _____ (Realtek Semiconductor Corp.) C:\Users\patti\Downloads\64bit_Vista_Win7_Win8_R271.exe
2013-10-26 09:38 - 2013-10-26 09:38 - 06382059 _____ C:\Users\patti\Downloads\3DSoundBack_Beta0.1.zip
2013-10-26 09:27 - 2013-10-26 09:27 - 00000000 ____D C:\Users\patti\AppData\Local\DriverTuner
2013-10-26 09:26 - 2013-10-26 09:26 - 02816072 _____ (LionSea SoftWare                                            ) C:\Users\patti\Downloads\setup.exe
2013-10-26 09:14 - 2013-10-26 09:15 - 81891861 _____ (Realtek Semiconductor Corp.) C:\Users\patti\Downloads\ALC887HDAudioCodecR2.71.exe

==================== One Month Modified Files and Folders =======

2013-11-24 14:10 - 2013-11-24 14:08 - 00018122 _____ C:\Users\patti\Desktop\FRST.txt
2013-11-24 14:09 - 2012-10-23 22:12 - 01171435 _____ C:\Windows\WindowsUpdate.log
2013-11-24 14:08 - 2013-11-24 14:08 - 00003203 _____ C:\Users\patti\Desktop\AdwCleaner[S0].txt
2013-11-24 14:08 - 2013-11-24 14:08 - 00000000 ____D C:\Users\patti\VIRUS
2013-11-24 14:08 - 2012-11-03 08:49 - 00108032 ___SH C:\Users\patti\Thumbs.db
2013-11-24 14:08 - 2012-10-23 22:11 - 00000000 ____D C:\Users\patti
2013-11-24 14:07 - 2012-11-12 22:13 - 00000000 ____D C:\Users\patti\.rainlendar2
2013-11-24 14:07 - 2012-10-24 08:52 - 00336279 _____ C:\Users\patti\DesktopStCenter.txt
2013-11-24 14:06 - 2013-11-24 13:58 - 00000336 _____ C:\Windows\setupact.log
2013-11-24 14:06 - 2013-10-11 16:02 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2013-11-24 14:06 - 2012-10-25 18:51 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-24 14:06 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-24 14:05 - 2011-04-12 08:43 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-11-24 14:05 - 2011-04-12 08:43 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-11-24 14:05 - 2009-07-14 06:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-24 14:05 - 2009-07-14 05:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-24 14:05 - 2009-07-14 05:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-24 14:04 - 2013-11-24 10:42 - 00000000 ____D C:\AdwCleaner
2013-11-24 14:03 - 2013-11-24 10:42 - 01091882 _____ C:\Users\patti\Desktop\adwcleaner.exe
2013-11-24 13:58 - 2013-11-24 13:58 - 00000000 _____ C:\Windows\setuperr.log
2013-11-24 13:57 - 2013-11-24 13:57 - 00026868 _____ C:\Windows\PFRO.log
2013-11-24 11:53 - 2013-11-24 11:53 - 01958396 _____ (Farbar) C:\Users\patti\Desktop\FRST64.exe
2013-11-24 11:53 - 2013-11-24 11:53 - 00000000 ____D C:\FRST
2013-11-24 11:50 - 2013-09-11 15:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-24 11:22 - 2013-10-17 18:41 - 00000000 ____D C:\Users\patti\AppData\Local\CrashDumps
2013-11-24 11:22 - 2012-10-26 16:13 - 00000000 ____D C:\Users\patti\AppData\Roaming\Winamp
2013-11-24 11:22 - 2012-10-23 23:06 - 00000000 ____D C:\Windows\Panther
2013-11-20 19:57 - 2013-04-04 11:50 - 00000000 ____D C:\ProgramData\Duden
2013-11-20 15:56 - 2012-10-31 18:54 - 00000000 ____D C:\Users\patti\AppData\Roaming\MyPhoneExplorer
2013-11-20 14:44 - 2012-10-25 18:51 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-11-20 14:06 - 2012-10-24 05:39 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-11-20 14:06 - 2012-10-24 05:39 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-11-19 18:53 - 2012-11-25 14:51 - 00000173 _____ C:\Users\patti\AppData\Local\msmathematics.qat.patti
2013-11-18 19:36 - 2012-10-23 22:11 - 00000000 ___RD C:\Users\patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-18 19:35 - 2013-11-18 19:35 - 00000000 ____D C:\Program Files\Logitech
2013-11-18 19:35 - 2012-10-24 20:52 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-11-18 19:35 - 2012-10-24 20:52 - 00000000 ____D C:\ProgramData\Logishrd
2013-11-18 19:35 - 2012-10-24 20:52 - 00000000 ____D C:\Program Files\Common Files\Logishrd
2013-11-18 19:18 - 2012-12-24 19:54 - 00000000 ____D C:\ProgramData\Logitech
2013-11-18 19:15 - 2013-11-18 19:14 - 81855696 _____ (Logitech Inc.) C:\Users\patti\Downloads\setpoint6.61.15_64.exe
2013-11-18 19:13 - 2013-11-18 19:13 - 04116816 _____ (Logitech Inc.) C:\Users\patti\Downloads\unifying210.exe
2013-11-18 19:13 - 2013-11-18 19:13 - 03672832 _____ (Logitech Inc.) C:\Users\patti\Downloads\setpoint6.61.15_smart.exe
2013-11-17 16:25 - 2013-09-11 15:38 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-17 16:25 - 2013-03-14 19:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-17 16:25 - 2013-03-14 19:37 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-17 16:25 - 2012-10-31 21:22 - 00000000 ____D C:\Users\patti\AppData\Local\Adobe
2013-11-17 10:39 - 2013-11-17 10:39 - 04313088 _____ (Microsoft Corporation) C:\Users\patti\Downloads\Setup_SportTracks_3.1.5064.exe
2013-11-15 14:18 - 2012-10-23 22:48 - 00000000 ____D C:\Program Files (x86)\Everything
2013-11-14 12:56 - 2013-11-20 14:42 - 30361888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 12613408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-11-14 12:56 - 2013-11-20 14:42 - 11600432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 11514624 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433182.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433182.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 00707360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 00657184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-11-14 12:56 - 2013-11-20 14:42 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-11-14 12:56 - 2013-10-27 09:12 - 15218504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-11-14 12:56 - 2013-09-11 15:55 - 02697248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-11-14 12:56 - 2012-10-10 20:23 - 18208624 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-11-14 12:56 - 2012-10-10 20:23 - 03069608 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-11-14 12:56 - 2012-02-09 21:43 - 00023754 _____ C:\Windows\system32\nvinfo.pb
2013-11-14 12:56 - 2009-07-13 22:59 - 18293608 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-11-14 07:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-13 21:47 - 2012-10-24 21:29 - 00000000 ____D C:\Users\patti\AppData\Roaming\Skype
2013-11-13 17:34 - 2013-11-13 17:34 - 00001417 _____ C:\Users\patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-11-13 17:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-13 07:05 - 2012-10-24 06:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 07:04 - 2013-07-12 13:03 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 07:02 - 2012-10-24 00:31 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 16:02 - 2012-10-25 18:51 - 06674208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-11-11 16:02 - 2012-10-25 18:51 - 03490080 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-11-11 16:01 - 2012-10-25 18:51 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-11-11 16:01 - 2012-10-25 18:51 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-11-11 16:01 - 2012-10-25 18:51 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-11-11 16:01 - 2012-10-25 18:51 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-11-11 08:59 - 2013-11-11 08:59 - 00590112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-11-08 21:47 - 2013-11-20 14:06 - 01064224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-11-08 21:47 - 2013-11-20 14:06 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-11-06 17:55 - 2013-11-06 17:53 - 00000000 ____D C:\BluetoothExchangeFolder
2013-11-06 17:54 - 2013-11-06 17:54 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_csrserial_01009.Wdf
2013-11-06 17:53 - 2013-11-06 17:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_csrusb_01009.Wdf
2013-11-06 17:53 - 2013-11-06 17:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_csrpan_01009.Wdf
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Windows\system32\gl-ES
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Windows\system32\fr-CA
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Windows\system32\eu-ES
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Windows\system32\es-cl
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Windows\system32\ca-ES
2013-11-06 17:49 - 2013-11-06 17:49 - 00000000 ____D C:\Program Files (x86)\CSR
2013-11-06 17:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-11-06 17:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\th-TH
2013-11-06 17:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\sk-SK
2013-11-06 17:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\he-IL
2013-11-06 17:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\ar-SA
2013-11-03 20:26 - 2013-10-19 19:06 - 00000000 ____D C:\Users\patti\AppData\Roaming\XnView
2013-10-27 20:00 - 2012-10-24 08:54 - 00000000 ____D C:\Program Files (x86)\FRITZ!Box Monitor
2013-10-27 09:12 - 2013-10-27 09:12 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433165.dll
2013-10-27 09:12 - 2013-10-27 09:12 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433165.dll
2013-10-27 06:26 - 2013-07-13 20:10 - 00000000 ____D C:\ProgramData\PowerManagerDatabase
2013-10-26 09:56 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-26 09:55 - 2013-10-26 09:55 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-10-26 09:55 - 2013-10-26 09:55 - 00000000 ____D C:\Program Files\Realtek
2013-10-26 09:55 - 2012-10-23 22:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-26 09:41 - 2013-10-26 09:39 - 81891861 _____ (Realtek Semiconductor Corp.) C:\Users\patti\Downloads\64bit_Vista_Win7_Win8_R271.exe
2013-10-26 09:38 - 2013-10-26 09:38 - 06382059 _____ C:\Users\patti\Downloads\3DSoundBack_Beta0.1.zip
2013-10-26 09:27 - 2013-10-26 09:27 - 00000000 ____D C:\Users\patti\AppData\Local\DriverTuner
2013-10-26 09:26 - 2013-10-26 09:26 - 02816072 _____ (LionSea SoftWare                                            ) C:\Users\patti\Downloads\setup.exe
2013-10-26 09:15 - 2013-10-26 09:14 - 81891861 _____ (Realtek Semiconductor Corp.) C:\Users\patti\Downloads\ALC887HDAudioCodecR2.71.exe
2013-10-25 16:59 - 2013-03-26 19:46 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-25 16:59 - 2012-10-24 21:29 - 00000000 ____D C:\ProgramData\Skype

Some content of TEMP:
====================
C:\Users\patti\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-20 18:49

==================== End Of Log ============================

--- --- ---

--- --- ---

und schließlich die Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2013 03
Ran by patti at 2013-11-24 14:10:31
Running from C:\Users\patti\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.8)
7-Zip 9.25 (x64 edition) (Version: 9.25.00.0)
8500A909_eDocs (x32 Version: 1.00.0000)
8500A909_Help (x32 Version: 1.00.0000)
8500A909a (x32 Version: 140.0.000.000)
Acronis*True*Image*Home 2012 (x32 Version: 15.0.7133)
Adobe AIR (x32 Version: 3.4.0.2710)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152)
Ashampoo Burning Studio 12 v.12.0.1 (x32 Version: 12.0.1)
Ashampoo Burning Studio 12 v.12.0.5 (x32 Version: 12.0.5)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.14.3.0)
ATI Catalyst Install Manager (Version: 3.0.762.0)
AVM FRITZ!Box Monitor (x32)
BPD_DSWizards (x32 Version: 1.00.0000)
bpd_scan (x32 Version: 3.00.0000)
BPDSoftware (x32 Version: 140.0.000.000)
BPDSoftware_Ini (x32 Version: 1.00.0000)
BufferChm (x32 Version: 140.0.213.000)
CameraHelperMsi (x32 Version: 13.51.815.0)
CCleaner (Version: 4.00)
CDex - Open Source Digital Audio CD Extractor (x32 Version: 1.70.4.2009)
CrystalDiskInfo 5.0.5 (x32 Version: 5.0.5)
CrystalDiskMark 3.0.2c (Version: 3.0.2c)
CSR Harmony Wireless Software Stack (Version: 2.1.63.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Destinations (x32 Version: 130.0.0.0)
DeviceDiscovery (x32 Version: 140.0.213.000)
DocMgr (x32 Version: 140.0.65.000)
DocProc (x32 Version: 140.0.100.000)
Duden Patch 3261 (x32 Version: 9.0.0)
Duden-Rechtschreibprüfung PLUS Update (x32 Version: 9.0.0)
eReg (x32 Version: 1.20.138.34)
Everything 1.2.1.371 (x32)
Fax (x32 Version: 140.0.213.000)
Fotogalerie (x32 Version: 16.4.3508.0205)
Free M4a to MP3 Converter 7.2 (x32)
Freemake Video Converter Version 4.0.1 (x32 Version: 4.0.1)
Freemake Youtube Mp3 Converter (x32 Version: 3.5.4)
FRITZ!DSL64 (Version: 2.04.03)
Garmin Communicator Plugin (x32 Version: 4.0.4)
Garmin Communicator Plugin x64 (Version: 4.0.4)
Garmin USB Drivers (x32 Version: 2.3.1.0)
GeForce Experience NvStream Client Components (Version: 1.6.28)
GPBaseService2 (x32 Version: 140.0.212.000)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Officejet Pro 8500 A909 Series (Version: 14.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HPProductAssistant (x32 Version: 140.0.213.000)
HPSSupply (x32 Version: 140.0.212.000)
IrfanView (remove only) (x32 Version: 4.36)
Java 7 Update 9 (64-bit) (Version: 7.0.90)
Junk Mail filter update (x32 Version: 16.4.3508.0205)
LightScribe System Software (x32 Version: 1.18.26.7)
Logitech SetPoint 6.61 (Version: 6.61.15)
Logitech Webcam-Software (x32 Version: 2.51)
LWS Facebook (x32 Version: 13.50.854.0)
LWS Gallery (x32 Version: 13.51.827.0)
LWS Help_main (x32 Version: 13.51.828.0)
LWS Launcher (x32 Version: 13.51.828.0)
LWS Motion Detection (x32 Version: 13.51.815.0)
LWS Pictures And Video (x32 Version: 13.51.815.0)
LWS Twitter (x32 Version: 13.30.1346.0)
LWS Webcam Software (x32 Version: 13.51.815.0)
LWS WLM Plugin (x32 Version: 1.30.1201.0)
LWS YouTube Plugin (x32 Version: 13.31.1038.0)
MarketResearch (x32 Version: 140.0.214.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Flight (x32 Version: 1.0.0005.129)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Mathematics (64-Bit) (Version: 4.0)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.7015.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Movie Maker (x32 Version: 16.4.3508.0205)
MPM (x32 Version: 1.00.0000)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MusicBrainz Picard (x32 Version: 1.1)
MyPhoneExplorer (x32 Version: 1.8.5)
NAVIGON Fresh 3.4.1 (x32 Version: 3.4.1)
Network64 (Version: 140.0.215.000)
Network64 (Version: 140.0.221.000)
Norton Internet Security (x32 Version: 21.1.0.18)
NVIDIA 3D Vision Controller-Treiber 331.82 (Version: 331.82)
NVIDIA 3D Vision Treiber 331.82 (Version: 331.82)
NVIDIA GeForce Experience 1.7.1 (Version: 1.7.1)
NVIDIA Grafiktreiber 331.82 (Version: 331.82)
NVIDIA Install Application (Version: 2.1002.140.952)
NVIDIA LED Visualizer 1.0 (Version: 1.0)
NVIDIA PhysX (x32 Version: 9.13.0725)
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725)
NVIDIA ShadowPlay 9.3.21 (Version: 9.3.21)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3182)
NVIDIA Systemsteuerung 331.82 (Version: 331.82)
NVIDIA Update 9.3.21 (Version: 9.3.21)
NVIDIA Update Components (Version: 9.3.21)
NVIDIA Virtual Audio 1.2.9 (Version: 1.2.9)
OCR Software by I.R.I.S. 14.0 (Version: 14.0)
Opera 12.16 (x32 Version: 12.16.1860)
PC Wizard 2012.2.11 (x32)
PDF-Viewer (Version: 2.5.212.0)
Photo Common (x32 Version: 16.4.3508.0205)
Photo Gallery (x32 Version: 16.4.3508.0205)
PhotoFiltre 7 (HKCU)
Plus Pack für Acronis True Image Home 2012 (x32 Version: 15.0.7133)
Power Manager Version 6.0.0.6 (Version: 6.0.0.6)
ProductContext (x32 Version: 140.0.000.000)
Rainlendar2 (remove only) (x32)
Realtek Ethernet Controller Driver (x32 Version: 7.50.1123.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6873)
Samsung Kies (x32 Version: 2.5.0.12114_1)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.16.0)
Scan (x32 Version: 140.0.167.000)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
SHIELD Streaming (Version: 1.6.53)
Shop for HP Supplies (Version: 14.0)
Sigma Data Center 2.1 (x32 Version: 2.1.0)
Skype™ 6.9 (x32 Version: 6.9.106)
SmartWebPrinting (x32 Version: 140.0.213.000)
SolutionCenter (x32 Version: 140.0.214.000)
SportTracks 3.1 (x32 Version: 3.1.5064)
SSD Fresh (x32 Version: 2013)
StarMoney (x32 Version: 3.0.5.8)
StarMoney (x32 Version: 4.0.0.203)
StarMoney 9.0  (x32 Version: 9.0)
Status (x32 Version: 140.0.256.000)
STRATO HiDrive (remove only) (x32)
StreamTransport version: 1.0.2.2171 (x32)
Toolbox (x32 Version: 140.0.428.000)
TrayApp (x32 Version: 140.0.213.000)
TrueCrypt (x32 Version: 7.1a)
TubeSaver (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 64-Bit Edition
WD Drive Utilities (x32 Version: 1.0.4.11)
WD Quick View (x32 Version: 2.2.0.8)
WD Security (x32 Version: 1.0.4.11)
WD SmartWare (Version: 2.2.0.8)
WD SmartWare Installer (x32 Version: 2.2.0.8)
WebReg (x32 Version: 140.0.213.017)
Win7 Taskbar v2.0 (x32 Version: 2.0)
Winamp (x32 Version: 5.65 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Mail (x32 Version: 16.4.3508.0205)
Windows Live MIME IFilter (Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
Windows Live Writer (x32 Version: 16.4.3508.0205)
Windows Live Writer Resources (x32 Version: 16.4.3508.0205)
WinPcap 4.1.2 (x32 Version: 4.1.0.2001)
XnView 2.05 (x32 Version: 2.05)

==================== Restore Points  =========================

13-11-2013 06:02:17 Windows Update
13-11-2013 16:30:00 Windows Modules Installer
14-11-2013 06:07:47 Windows Update
21-11-2013 07:56:42 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0A777C07-19AC-4049-99C4-973E047D53D1} - \TubeSaver Update No Task File
Task: {2DFF05DE-1C97-4BA2-9AFF-630FC5E5BFD7} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {76D59B7C-4712-4B97-9BC3-7C92C9BF3420} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-17] (Adobe Systems Incorporated)
Task: {775476BA-7B80-4B16-B94C-A21C42441BF3} - System32\Tasks\CCleanerSkipUAC => P:\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {8E820F91-6779-4C89-91A8-BDF447F9022A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D0C979C7-A7A9-44E7-AA4E-E35DE00F5E57} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {E4A43FD6-6DAF-492D-BB6F-252A2DDE77AB} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\wscstub.exe [2013-10-08] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-10-25 18:51 - 2013-11-11 16:02 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-12-09 23:01 - 2011-12-09 23:01 - 00041472 _____ () P:\MyPhoneExplorer\DLL\mpe_gadget_connector_net.dll
2012-05-16 20:12 - 2012-05-16 20:12 - 00179200 _____ () P:\Rainlendar2\lua52.dll
2012-07-02 08:11 - 2012-07-02 08:11 - 00312320 _____ () P:\Rainlendar2\plugins\iCalendarPlugin.dll
2012-06-17 14:21 - 2012-06-17 14:21 - 00015360 _____ () P:\Rainlendar2\lfs.dll
2007-12-06 10:19 - 2007-12-06 10:19 - 00258560 _____ () C:\Program Files\FRITZ!DSL\C90dll.dll
2013-10-15 18:00 - 2011-01-13 10:44 - 00232800 _____ () D:\StarMoney 9.0\ouservice\PATCHW32.dll
2012-06-28 16:58 - 2012-06-28 16:58 - 00435584 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () P:\Logitech_Webcam\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () P:\Logitech_Webcam\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () P:\Logitech_Webcam\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () P:\Logitech_Webcam\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () P:\Logitech_Webcam\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-06-28 20:46 - 2012-06-28 20:46 - 13005184 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll
2012-06-28 17:34 - 2012-06-28 17:34 - 00018816 _____ () P:\TrueImage2012\TrueImageHome\ti_managers_proxy_stub.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Officejet Pro 8500 A909a
Description: Officejet Pro 8500 A909a
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/24/2013 02:07:51 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (11/24/2013 01:59:51 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (11/24/2013 01:59:21 PM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/24/2013 01:59:21 PM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/24/2013 01:59:21 PM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/24/2013 01:59:21 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (11/24/2013 01:59:21 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/24/2013 01:59:21 PM) (Source: Windows Search Service) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (11/24/2013 01:59:21 PM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/24/2013 01:59:21 PM) (Source: Windows Search Service) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (11/24/2013 02:07:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2140993535

Error: (11/24/2013 02:07:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 
%%-2140993535

Error: (11/24/2013 02:07:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2140993535

Error: (11/24/2013 02:07:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 
%%-2140993535

Error: (11/24/2013 02:07:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2140993535

Error: (11/24/2013 02:07:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 
%%-2140993535

Error: (11/24/2013 02:07:43 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (11/24/2013 02:07:43 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (11/24/2013 02:07:43 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (11/24/2013 02:07:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2140993535


Microsoft Office Sessions:
=========================
Error: (11/24/2013 02:07:51 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2013 01:59:51 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2013 01:59:21 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/24/2013 01:59:21 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/24/2013 01:59:21 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/24/2013 01:59:21 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (11/24/2013 01:59:21 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (11/24/2013 01:59:21 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (11/24/2013 01:59:21 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (11/24/2013 01:59:21 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
4700


==================== Memory info =========================== 

Percentage of memory in use: 13%
Total physical RAM: 16382.12 MB
Available physical RAM: 14164.77 MB
Total Pagefile: 20476.3 MB
Available Pagefile: 18126.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.79 GB) (Free:51.71 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATEN) (Fixed) (Total:390.62 GB) (Free:229.14 GB) NTFS
Drive f: (FOTOS) (Fixed) (Total:1524.86 GB) (Free:1352.13 GB) NTFS
Drive m: (MUSIK) (Fixed) (Total:488.28 GB) (Free:401.32 GB) NTFS
Drive p: (PROGRAMME) (Fixed) (Total:390.62 GB) (Free:385.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 112 GB) (Disk ID: 6B4D85AD)
Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2795 GB) (Disk ID: C8C36D8F)

Partition: GPT Partition Type
==================== End Of Log ============================

Unter SYSTEMSTEUERUNG, PROGRAMME UND FUNKTIONEN existiert noch der Eintrag 'TubeSaver'. Seit dem ersten Versuch der Deinstallation über die Systemsteuerung - vor dem Kontakt hier - meldet sich NIS ab und zu und blockiert Versuche von '?u.exe' mit der Bedrohung 'Suspicious.Cloud.9'

Bekommen habe ich das Ding mit der Software MyPhoneExplorer

Vorab vielen Dank für deine Mühe,

patti

M-K-D-B · 25.11.2013, 16:11

Servus,

Schritt 1

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/

Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen
Starte Zoek.exe mit einem Doppelklick.
Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
Code:
ATTFilter
```
FFdefaults;
CHRdefaults;
iedefaults;
emptyclsid;
autoclean;
         
```
Nun klicke auf "Run script" und sei geduldig bis das Skript durchläuft.
Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)

Bitte poste mit deiner nächsten Antwort

die Logdatei von JRT,
die Logdatei von MBAM,
die Logdatei von Zoek.

patti-berlin · 25.11.2013, 19:26

Hallo Matthias,

habe alle drei Programme durchlaufen lassen - wie beschrieben.

1.)

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x64
Ran by patti on 25.11.2013 at 16:25:07,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{345458b9-506f-4fcc-803b-d02843989662}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{345458b9-506f-4fcc-803b-d02843989662}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.11.2013 at 16:33:12,49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2.)

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.25.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
patti :: PATTIS [Administrator]

Schutz: Aktiviert

25.11.2013 17:18:28
MBAM-log-2013-11-25 (17-24-11).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 257812
Laufzeit: 2 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\patti\Downloads\FreemakeVideoConverterSetup.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\patti\Downloads\MyPhoneExplorer_Setup_v1.8.5.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\patti\Downloads\winamp565_full_emusic-7plus_de-de.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.

(Ende)

3.)

Code:

ATTFilter

Zoek.exe Version 4.0.0.5 Updated 24-November-2013
Tool run by patti on 25.11.2013 at 17:34:33,30.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\patti\Desktop\zoek\zoek.exe [Script inserted] 

==== System Restore Info ======================

25.11.2013 17:35:07 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3965852666-880147142-4208818141-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} deleted successfully
HKEY_USERS\S-1-5-21-3965852666-880147142-4208818141-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} deleted successfully
HKEY_USERS\S-1-5-21-3965852666-880147142-4208818141-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} deleted successfully
HKEY_USERS\S-1-5-21-3965852666-880147142-4208818141-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} deleted successfully
HKEY_USERS\S-1-5-21-3965852666-880147142-4208818141-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{345458B9-506F-4FCC-803B-D02843989662} deleted successfully
HKEY_USERS\S-1-5-21-3965852666-880147142-4208818141-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{345458B9-506F-4FCC-803B-D02843989662} deleted successfully
HKEY_USERS\S-1-5-21-3965852666-880147142-4208818141-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{345458B9-506F-4FCC-803B-D02843989662} deleted successfully
HKEY_USERS\S-1-5-21-3965852666-880147142-4208818141-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{345458B9-506F-4FCC-803B-D02843989662} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3965852666-880147142-4208818141-1000\Software\Mozilla\Firefox\Extensions\{af9433c0-d475-48fd-8223-97aab85432eb} deleted successfully

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

"C:\Users\patti\AppData\Roaming\FRITZ" not found
C:\ProgramData\Package Cache deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.1.3\IPSFF" [09.10.2013 18:32]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [24.10.2012 08:34]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bpegkgagfojjbcpkihigfmkojdmmimdf - P:\Freemake\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx[16.08.2013 06:36]
ehgldbbpchgpcfagfpfjgoomddhccfgh - P:\Freemake\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx[16.08.2013 06:36]
jbolfgndggfhhpbnkgnpjkfhinclbigj - P:\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx[08.05.2013 02:24]
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx[06.10.2013 04:26]
ojcdnngpmbenohhjlickdajclhbcaada - C:\Program Files (x86)\TubeSaver\133.crx[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ojcdnngpmbenohhjlickdajclhbcaada deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Familie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Familie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\patti\AppData\Local\Temp\Temporary Internet Files\Content.IE5\HAB0OY2Z will be deleted at reboot
C:\Users\patti\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\patti\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\patti\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\patti\AppData\Local\Temp\Temporary Internet Files\Content.IE5\HAB0OY2Z" not found

==== EOF on 25.11.2013 at 17:51:57,69 ======================

Ich ziehe meinen Hut vor den Menschen, die da durchblicken.
Zum Glück gibt es hier einen SPENDE-Button!!!

Gruß, patti

Hallo Matthias,

bei der Installation von zoek.exe wurde eine Datei mitentpackt, die sich 'zoek.scr' nennt. Diese wurde von NIS geblockt. Ich habe daraufhin NIS deaktiviert und zoek vollständig entpackt (3 Dateien).

Nachdem ich alles wie beschrieben gemacht habe, habe ich NIS wieder aktiviert. Nun meldet NIS immer wieder, dass zoek.exe vom Virenscanner erkannt, isoliert und entfernt wurde mit dem Klammervermerk: Suspicious.Cloud.2 und Suspicious.Cloud.9

Die Datei zoek.exe wurde nun von NIS tatsächlich aus dem Ordner gelöscht.

Ist das okay???

LG, patti

M-K-D-B · 26.11.2013, 19:09

Servus,

Zoek brauchen wir nicht, also halb so schlimm.

Du brauchst dir aber keine Sorgen machen, das ist ein Fehlalarm von NIS.

Wir spüren die letzten Reste auf, damit wir sie später entfernen können:

Schritt 1
Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus.
Setze dazu eine Haken bei Addition.txt rechts unten und klicke auf Scan.
Es werden wieder zwei Logdateien erzeugt. Poste mir diese.

Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.

Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

ATTFilter

:filefind
*TubeSaver*
*Conduit*

:folderfind
*TubeSaver*
*Conduit*

:regfind
TubeSaver
Conduit

Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.

Gibt es noch Probleme mit Malware? Wenn ja, welche?
Wie läuft der Rechner derzeit?

Bitte poste mit deiner nächsten Antwort

die beiden Logdateien von FRST,
die Logdatei von SystemLook,
die Beantwortung der gestellten Fragen.

LOG-File von AdwCleaner zu TUbeSaver unter Win7 64bit

Log-Analyse und Auswertung: LOG-File von AdwCleaner zu TUbeSaver unter Win7 64bit