Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan Zeroaccess b,c & Trojan Gen 2

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.12.2013, 15:44   #1
ArztNr4
 
Trojan Zeroaccess b,c & Trojan Gen 2 - Standard

Trojan Zeroaccess b,c & Trojan Gen 2



Kategorie: Behobene Sicherheitsrisiken
Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion
01.12.2013 15:33:48,Hoch,80000032.@ (Trojan.Zeroaccess.C) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion erforderlich



Kategorie: Behobene Sicherheitsrisiken
Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion
01.12.2013 15:25:31,Hoch,00000004.@ (Trojan.Zeroaccess.B) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion erforderlich


Kategorie: Behobene Sicherheitsrisiken
Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion
01.12.2013 15:16:57,Hoch,00000008.@ (Trojan.Gen.2) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion erforderlich


Wie einige andere hier im Forum bin ich auch von diesem Trojaner befallen und habe schon versucht, Gegenmaßnahmen einzuleiten: mit FRS 64 habe ich das System gescant, dafür habe ich auch schon einen Scanbericht. Kann jemand helfen?

Alt 01.12.2013, 16:24   #2
Bootsektor
Ruhe in Frieden
† 2019
 
Trojan Zeroaccess b,c & Trojan Gen 2 - Standard

Trojan Zeroaccess b,c & Trojan Gen 2





Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem
  • Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
  • Poste die Logfiles direkt in deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 3 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld

Schritt 1
Bitte poste das Logfile von FRST hier in deinen Thread.
__________________

__________________

Alt 01.12.2013, 21:29   #3
ArztNr4
 
Trojan Zeroaccess b,c & Trojan Gen 2 - Standard

Trojan Zeroaccess b,c & Trojan Gen 2



FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2013
Ran by Guido at 2013-12-01 15:12:39
Running from C:\Users\Guido\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

7-Zip 9.21 (x32 Version: 9.21.00.0)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.6.636)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87)
Bandizip (HKCU Version: 3.08)
Bonjour (Version: 3.0.0.10)
Connected Music powered by Universal Music Group version 1.0 (x32 Version: 1.0)
CyberLink LabelPrint (x32 Version: 2.5.3.6326)
CyberLink Media Suite 10 (x32 Version: 10.0.4.2928)
CyberLink PhotoDirector (x32 Version: 2.0.2.3317)
CyberLink Power2Go 8 (x32 Version: 8.0.3.2527)
CyberLink PowerDirector 10 (x32 Version: 10.0.3.2606)
CyberLink PowerDVD (x32 Version: 10.0.6.4319)
CyberLink YouCam (x32 Version: 3.5.5.5811)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.47.1.0333)
DMUninstaller (x32)
Energy Star (x32 Version: 1.0.9)
FileZilla Client 3.7.2 (x32 Version: 3.7.2)
FirstRowSportApp (x32 Version: 2.1 Build 26473)
Fotogalerie (x32 Version: 16.4.3503.0728)
FreeHDSport TV (x32 Version: 1.27.153.8)
Fussball Manager 2003 (x32)
Google Chrome (x32 Version: 31.0.1650.57)
Google Update Helper (x32 Version: 1.3.21.165)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP 3D DriveGuard (Version: 4.2.9.1)
HP Connected Music (Meridian - installer) (x32 Version: v1.0)
HP Connected Remote (x32 Version: 1.0.1218)
HP CoolSense (x32 Version: 2.10.62)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Documentation (x32 Version: 1.2.0.0)
HP Postscript Converter (Version: 3.1.3591)
HP Quick Launch (x32 Version: 3.0.6)
HP Recovery Manager (x32 Version: 8.00)
HP Registration Service (Version: 1.1.6232.4245)
HP SimplePass (x32 Version: 6.0.100.276)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Utility Center (x32 Version: 1.0.8)
HP Wireless Button Driver (x32 Version: 1.1.2.1)
IDT Audio (x32 Version: 1.0.6425.0)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2857)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.9.1002)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 365 Home Premium - de-de (Version: 15.0.4551.1005)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3503.0728)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1108.0727)
Norton Internet Security (x32 Version: 20.4.0.40)
NVIDIA Grafiktreiber 306.97 (Version: 306.97)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA Systemsteuerung 306.97 (Version: 306.97)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1005)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1005)
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1005)
Oracle VM VirtualBox 4.2.18 (Version: 4.2.18)
Overwolf (x32 Version: 0.46.271)
Photo Common (x32 Version: 16.4.3503.0728)
Photo Gallery (x32 Version: 16.4.3503.0728)
Plus-HD-2.2 (x32 Version: 1.28.153.1) <==== ATTENTION
Ralink Bluetooth Stack64 (Version: 9.0.725.0)
Ralink RT3290 802.11bgn Wi-Fi Adapter (x32 Version: 5.0.5.0)
Realtek Ethernet Controller Driver (x32 Version: 8.2.612.2012)
Realtek PCIE Card Reader (x32 Version: 6.2.8400.29034)
Snap.Do (x32 Version: 1.102.1.11691)
SuperLyrics-16 (x32 Version: 1.30.153.0)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 16.2.15.0)
TeamSpeak 3 Client (x32 Version: 3.0.12)
TeamViewer 8 (x32 Version: 8.0.20935)
Validity WBF DDK (Version: 4.4.234.0)
VLC media player 2.0.8 (x32 Version: 2.0.8)
Windows 7 Upgrade Advisor (x32 Version: 2.0.5000.0)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728)
Windows Live Essentials (x32 Version: 16.4.3503.0728)
Windows Live Installer (x32 Version: 16.4.3503.0728)
Windows Live Photo Common (x32 Version: 16.4.3503.0728)
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728)
Windows Live SOXE (x32 Version: 16.4.3503.0728)
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728)
Windows Live UX Platform (x32 Version: 16.4.3503.0728)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728)
WinZip Driver Updater (x32 Version: 1.0.648.15384)
Wsys Control 10.2.1.2652 (x32 Version: 10.2.1.2652)
XAMPP (x32 Version: 1.8.2-2)

==================== Restore Points  =========================

22-11-2013 13:35:13 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {03D88F6E-D71B-4374-87FF-716E561EDDB2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {04A7DB74-D921-4C25-AB68-71B51ADF7BCE} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {05603BAC-8136-4DD4-B4E0-D708E7B943CF} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Arztpraxis-Guido Arztpraxis => C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE [2013-11-13] (Microsoft Corporation)
Task: {0744CA2B-85DC-4DAE-A468-B71399F08584} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation)
Task: {0765D534-EFB5-4FF0-B2F1-F8026708F798} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-23] (Google Inc.)
Task: {07C86AA6-0DE1-4487-B6B3-F31B150C16B0} - System32\Tasks\FreeHDSport TV-codedownloader => C:\Program Files (x86)\FreeHDSport TV\FreeHDSport TV-codedownloader.exe [2013-08-31] (installdaddy)
Task: {0940C52E-9457-4365-95C1-B464A685FBC9} - System32\Tasks\SuperLyrics-16-chromeinstaller => C:\Program Files (x86)\SuperLyrics-16\SuperLyrics-16-chromeinstaller.exe [2013-11-09] (10superSoftabcd)
Task: {0E823B33-E23D-4B19-B252-E222AC3340EC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {1C7C6728-AD5E-4915-912F-CCCAD5EC0B40} - System32\Tasks\Plus-HD-2.2-chromeinstaller => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-chromeinstaller.exe [2013-08-27] (Plus HD) <==== ATTENTION
Task: {1FAEFE4A-5A09-48B6-9D2A-662128DE15A1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2013-11-13] (Microsoft Corporation)
Task: {33DBBF02-24CB-411C-8811-978A16ECA506} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05] (Hewlett-Packard Development Company, L.P.)
Task: {3461C32B-7BA2-4BE8-88A3-4CE799D2F804} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {35230293-550B-4F10-BE76-344E16D23909} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {39BFAAB2-A215-419C-A6D1-25E3EC0B00B6} - System32\Tasks\Plus-HD-2.2-enabler => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-enabler.exe [2013-08-27] (Plus HD) <==== ATTENTION
Task: {39F29899-9468-4D70-9FE4-C71E877EAA92} - System32\Tasks\SuperLyrics-16-updater => C:\Program Files (x86)\SuperLyrics-16\SuperLyrics-16-updater.exe [2013-11-09] (10superSoftabcd)
Task: {3F770B1B-8430-4710-B241-B4A8B120067D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-23] (Google Inc.)
Task: {40D233E4-B744-48E8-A052-7B6546EACDDE} - System32\Tasks\WinZipDriverUpdater_UPDATES => C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe [2013-07-11] (WinZip Computing, S.L. (WinZip Computing))
Task: {4D9E6627-A0C6-4C29-A391-00830E45CD86} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation)
Task: {5966916E-E995-4372-975D-C6B54C4D5380} - System32\Tasks\Plus-HD-2.2-codedownloader => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-codedownloader.exe [2013-08-27] (Plus HD) <==== ATTENTION
Task: {82105BD2-A46C-4843-9B59-5B2B1118D771} - \DealPlyUpdate No Task File
Task: {9B58F5EB-AED0-4FA4-AB6B-83D2D6640E3E} - System32\Tasks\SuperLyrics-16-codedownloader => C:\Program Files (x86)\SuperLyrics-16\SuperLyrics-16-codedownloader.exe [2013-11-09] (10superSoftabcd)
Task: {9CD1B119-EC19-4D2A-879E-6C156E3FC4B3} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {A6D17F29-AB5E-4779-AA56-18068B69BD16} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {ACF590E3-898D-421B-9229-F75689C7AA03} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {B45F0582-25F2-4FCD-BFDD-153380C6C383} - System32\Tasks\SuperLyrics-16-enabler => C:\Program Files (x86)\SuperLyrics-16\SuperLyrics-16-enabler.exe [2013-11-09] (10superSoftabcd)
Task: {B703BC8C-A3C4-4211-9255-B5D4E1E1017D} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-12] (CyberLink)
Task: {BD784A7F-686A-453F-AAF5-FB8D2CF9688D} - System32\Tasks\SuperLyrics-16-firefoxinstaller => C:\Program Files (x86)\SuperLyrics-16\SuperLyrics-16-firefoxinstaller.exe [2013-11-09] (10superSoftabcd)
Task: {C45768EB-185C-486C-BCFF-E97499BF3A65} - System32\Tasks\FreeHDSport TV-enabler => C:\Program Files (x86)\FreeHDSport TV\FreeHDSport TV-enabler.exe [2013-08-31] (installdaddy)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C7146957-7AD9-4788-BE99-B4A53709E5C4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-09-17] (Microsoft Corporation)
Task: {CA3C3722-90C1-4B9D-BFA3-F299E444B758} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
Task: {DF456D39-7723-4D8D-80F2-28CAAC9830F2} - System32\Tasks\Plus-HD-2.2-updater => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-updater.exe [2013-08-27] (Plus HD) <==== ATTENTION
Task: {E34CCB3E-C807-4F79-900A-78CA5C8A4CA0} - System32\Tasks\WinZipDriverUpdaterRunAtStartup => C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe [2013-07-11] (WinZip Computing, S.L. (WinZip Computing))
Task: {E5016812-F785-4B18-89A2-0393E71BA7D9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {F148786B-E894-48D4-813C-E498F149DDE8} - System32\Tasks\HPCeeScheduleForGuido => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {F63C65B5-D585-4DE2-8FE4-11131B50FC48} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wscstub.exe [2013-06-04] (Symantec Corporation)
Task: C:\Windows\Tasks\FreeHDSport TV-codedownloader.job => C:\Program Files (x86)\FreeHDSport TV\FreeHDSport TV-codedownloader.exe
Task: C:\Windows\Tasks\FreeHDSport TV-enabler.job => C:\Program Files (x86)\FreeHDSport TV\FreeHDSport TV-enabler.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForGuido.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Plus-HD-2.2-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-chromeinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-codedownloader.exe
Task: C:\Windows\Tasks\Plus-HD-2.2-enabler.job => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-enabler.exe
Task: C:\Windows\Tasks\Plus-HD-2.2-updater.job => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-updater.exe
Task: C:\Windows\Tasks\SuperLyrics-16-chromeinstaller.job => C:\Program Files (x86)\SuperLyrics-16\SuperLyrics-16-chromeinstaller.exe
Task: C:\Windows\Tasks\SuperLyrics-16-codedownloader.job => C:\Program Files (x86)\SuperLyrics-16\SuperLyrics-16-codedownloader.exe
Task: C:\Windows\Tasks\SuperLyrics-16-enabler.job => C:\Program Files (x86)\SuperLyrics-16\SuperLyrics-16-enabler.exe
Task: C:\Windows\Tasks\SuperLyrics-16-firefoxinstaller.job => C:\Program Files (x86)\SuperLyrics-16\SuperLyrics-16-firefoxinstaller.exe
Task: C:\Windows\Tasks\SuperLyrics-16-updater.job => C:\Program Files (x86)\SuperLyrics-16\SuperLyrics-16-updater.exe
Task: C:\Windows\Tasks\WinZipDriverUpdater_UPDATES.job => C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe

==================== Loaded Modules (whitelisted) =============

2013-11-11 14:55 - 2013-11-11 14:55 - 00045096 _____ () C:\Program Files (x86)\Overwolf\x64\OWExplorer-20018.dll
2013-08-25 11:47 - 2012-10-11 06:44 - 00355328 _____ () C:\Windows\system32\mswsock.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00017160 _____ () C:\Windows\system32\BsHelpCSps.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00062216 _____ () C:\Windows\system32\BlueSoleilCSps.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00363784 _____ () C:\Windows\system32\BsExtendFunc.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00029960 _____ () C:\Windows\system32\BsTrace.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00039464 _____ () C:\Program Files (x86)\Overwolf\x64\OWLog.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00721960 _____ () C:\Program Files (x86)\Overwolf\x64\OWExplorerLauncher.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00029960 _____ () C:\Windows\SYSTEM32\BsTrace.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00017160 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00062216 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll
2013-08-25 11:47 - 2012-10-11 06:44 - 00355328 _____ () C:\Windows\system32\MSWSOCK.dll
2013-08-26 16:44 - 2013-08-26 16:44 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\580dd8b0082db602dda6a42bf4fb1b17\PSIClient.ni.dll
2013-08-06 18:43 - 2013-08-06 18:43 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-03-12 07:00 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-08-25 11:47 - 2012-10-11 06:44 - 00355328 _____ () C:\Windows\SYSTEM32\MSWSOCK.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00079400 _____ () C:\Program Files (x86)\Overwolf\OWExplorer-20018.dll
2013-06-07 05:16 - 2013-06-07 05:16 - 00019240 _____ () C:\Program Files (x86)\HP SimplePass\DownloadManager.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 22568888 _____ () C:\Program Files (x86)\Overwolf\OverWolf.Client.Core.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00065536 _____ () C:\Program Files (x86)\Overwolf\de\OverWolf.Client.Core.resources.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00093624 _____ () C:\Program Files (x86)\Overwolf\OverWolf.BL.Interfaces.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00010240 _____ () C:\Program Files (x86)\Overwolf\ODK.AddIns.V2.HostView.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00135720 _____ () C:\Program Files (x86)\Overwolf\OWService.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00970792 _____ () C:\Program Files (x86)\Overwolf\OWServer.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00038440 _____ () C:\Program Files (x86)\Overwolf\OWLog.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00839720 _____ () C:\Program Files (x86)\Overwolf\OWAgent.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00087552 _____ () C:\Program Files (x86)\Overwolf\BrowserWindow.dll
2013-08-04 18:50 - 2013-08-04 18:50 - 00032800 _____ () C:\Users\Guido\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2013-08-04 18:50 - 2013-08-04 18:50 - 00056352 _____ () C:\Users\Guido\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll
2013-08-04 18:50 - 2013-08-04 18:50 - 00150560 _____ () C:\Users\Guido\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2013-08-04 18:50 - 2013-08-04 18:50 - 00112672 _____ () C:\Users\Guido\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2013-08-04 18:50 - 2013-08-04 18:50 - 01767456 _____ () C:\Users\Guido\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2013-08-04 18:50 - 2013-08-04 18:50 - 00078880 _____ () C:\Users\Guido\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll
2013-08-04 18:50 - 2013-08-04 18:50 - 00013344 _____ () C:\Users\Guido\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll
2013-08-04 18:50 - 2013-08-04 18:50 - 00726048 _____ () C:\Users\Guido\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2013-08-04 18:50 - 2013-08-04 18:50 - 00081952 _____ () C:\Users\Guido\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2013-08-04 18:50 - 2013-08-04 18:50 - 00014368 _____ () C:\Users\Guido\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2013-08-04 18:50 - 2013-08-04 18:50 - 00016928 _____ () C:\Users\Guido\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2013-08-04 18:51 - 2013-08-04 18:51 - 00020512 _____ () C:\Users\Guido\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll
2013-08-04 18:51 - 2013-08-04 18:51 - 00026144 _____ () C:\Users\Guido\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll
2013-08-04 18:50 - 2013-08-04 18:50 - 00057888 _____ () C:\Users\Guido\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2013-08-04 18:50 - 2013-08-04 18:50 - 00014368 _____ () C:\Users\Guido\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll
2013-08-04 18:50 - 2013-08-04 18:50 - 00014880 _____ () C:\Users\Guido\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll
2013-08-04 18:50 - 2013-08-04 18:50 - 00052256 _____ () C:\Users\Guido\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2013-08-04 18:50 - 2013-08-04 18:50 - 00048160 _____ () C:\Users\Guido\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2013-08-04 18:50 - 2013-08-04 18:50 - 00026144 _____ () C:\Users\Guido\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
2013-08-04 18:51 - 2013-08-04 18:51 - 00026144 _____ () C:\Users\Guido\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2013-08-04 18:41 - 2013-08-04 18:41 - 00194080 _____ () C:\Users\Guido\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.dll
2013-08-04 18:40 - 2013-08-04 18:40 - 00068640 _____ () C:\Users\Guido\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll
2013-08-04 18:50 - 2013-08-04 18:50 - 00246304 _____ () C:\Users\Guido\AppData\Local\Smartbar\Application\Smartbar.Resources.NetSeer.dll
2013-09-29 10:43 - 2013-09-29 10:43 - 00911128 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
2013-10-06 11:21 - 2013-01-27 15:13 - 00806664 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
2013-10-06 11:20 - 2012-09-25 09:32 - 01351792 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\DEU\P2GRC.dll
2013-10-06 11:20 - 2013-01-27 15:13 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll
2013-10-06 11:20 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 10:34 - 2012-06-08 10:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00029224 _____ () C:\Program Files (x86)\Overwolf\OWExplorerLauncher.dll
2013-08-24 18:41 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2013-08-25 11:47 - 2012-10-11 06:44 - 00355328 _____ () C:\Windows\SYSTEM32\mswsock.dll
2013-11-17 01:46 - 2013-11-14 12:28 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
2013-11-17 01:46 - 2013-11-14 12:28 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
2013-11-17 01:46 - 2013-11-14 12:29 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
2013-11-17 01:46 - 2013-11-14 12:29 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
2013-11-17 01:46 - 2013-11-14 12:28 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
2013-08-24 18:41 - 2012-05-30 07:51 - 00699280 ____R () C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll
2013-11-17 01:46 - 2013-11-14 12:29 - 13582800 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Guido\Desktop\Ausweis Rück.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Guido\Desktop\Ausweis Rück.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Guido\Desktop\Ausweis.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Guido\Desktop\Ausweis.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Guido\Desktop\Umschulungsaufstellung.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Guido\Desktop\Umschulungsaufstellung.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Guido\Desktop\Umschulungsaufstellung_1.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Guido\Desktop\Umschulungsaufstellung_1.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Guido\Desktop\Umschulungsaufstellung_2.gif:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Guido\Desktop\Umschulungsaufstellung_2.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Guido\Desktop\Umschulungsnachweis_3.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Guido\Desktop\Umschulungsnachweis_3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/01/2013 00:53:15 PM) (Source: Chrome) (User: NT-AUTORITÄT)
Description: Chrome has encountered a fatal error.
ver=31.0.1650.57;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\0f120f49-a6a1-40a0-9d73-54ce1337f0c5.dmp

Error: (12/01/2013 00:43:42 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error: (12/01/2013 00:17:53 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error: (12/01/2013 11:34:00 AM) (Source: Chrome) (User: NT-AUTORITÄT)
Description: Chrome has encountered a fatal error.
ver=31.0.1650.57;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\09d203ef-9a59-48ee-a194-684c28bc899c.dmp

Error: (11/29/2013 09:25:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3140

Error: (11/29/2013 09:25:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3140

Error: (11/29/2013 09:25:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/29/2013 09:25:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2093

Error: (11/29/2013 09:25:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2093

Error: (11/29/2013 09:25:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (11/30/2013 05:12:33 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "ARZTPRAXIS" auf Transport "NetBT_Tcpip_{332D41F9-A0A1-446A-9D92-7157C0A838EF}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (11/29/2013 10:33:45 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "ARZTPRAXIS" auf Transport "NetBT_Tcpip_{332D41F9-A0A1-446A-9D92-7157C0A838EF}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (11/27/2013 08:08:40 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "ARZTPRAXIS" auf Transport "NetBT_Tcpip_{332D41F9-A0A1-446A-9D92-7157C0A838EF}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (11/26/2013 06:45:16 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "ARZTPRAXIS" auf Transport "NetBT_Tcpip_{332D41F9-A0A1-446A-9D92-7157C0A838EF}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (11/24/2013 07:04:39 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "ARZTPRAXIS" auf Transport "NetBT_Tcpip_{332D41F9-A0A1-446A-9D92-7157C0A838EF}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (11/24/2013 10:31:45 AM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "ARZTPRAXIS" auf Transport "NetBT_Tcpip_{332D41F9-A0A1-446A-9D92-7157C0A838EF}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (11/23/2013 04:43:49 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "ARZTPRAXIS" auf Transport "NetBT_Tcpip_{332D41F9-A0A1-446A-9D92-7157C0A838EF}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (11/23/2013 08:10:04 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Computer Backup (MyPC Backup)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/22/2013 07:00:34 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "ARZTPRAXIS" auf Transport "NetBT_Tcpip_{332D41F9-A0A1-446A-9D92-7157C0A838EF}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (11/22/2013 01:46:03 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "ARZTPRAXIS" auf Transport "NetBT_Tcpip_{332D41F9-A0A1-446A-9D92-7157C0A838EF}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.


Microsoft Office Sessions:
=========================
Error: (12/01/2013 00:53:15 PM) (Source: Chrome)(User: NT-AUTORITÄT)
Description: Chrome has encountered a fatal error.
ver=31.0.1650.57;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\0f120f49-a6a1-40a0-9d73-54ce1337f0c5.dmp

Error: (12/01/2013 00:43:42 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe

Error: (12/01/2013 00:17:53 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe

Error: (12/01/2013 11:34:00 AM) (Source: Chrome)(User: NT-AUTORITÄT)
Description: Chrome has encountered a fatal error.
ver=31.0.1650.57;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\09d203ef-9a59-48ee-a194-684c28bc899c.dmp

Error: (11/29/2013 09:25:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3140

Error: (11/29/2013 09:25:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3140

Error: (11/29/2013 09:25:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/29/2013 09:25:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2093

Error: (11/29/2013 09:25:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2093

Error: (11/29/2013 09:25:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info =========================== 

Percentage of memory in use: 23%
Total physical RAM: 16273.27 MB
Available physical RAM: 12369.34 MB
Total Pagefile: 32657.27 MB
Available Pagefile: 28446.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:912.95 GB) (Free:725.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.79 GB) (Free:2.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (FM2003) (CDROM) (Total:0.68 GB) (Free:0 GB) CDFS
Drive f: (GRMCULXFRER_DE_DVD) (CDROM) (Total:2.97 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: A50E1C7D)

Partition: GPT Partition Type
==================== End Of Log ============================
         
--- --- ---


das ist die Addition


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2013
Ran by Guido (administrator) on ARZTPRAXIS on 01-12-2013 15:11:54
Running from C:\Users\Guido\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Windows\System32\valWBFPolicyService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Overwolf) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Smartbar) C:\Users\Guido\AppData\Local\Smartbar\Application\SnapDo.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft) C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe
(Overwolf) C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2874168 2012-09-14] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-08-25] (IDT, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2013-11-27] (Hewlett-Packard)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [21504 2012-07-26] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [35256 2013-11-11] (Overwolf)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKCU\...\Run: [Browser Infrastructure Helper] - C:\Users\Guido\AppData\Local\Smartbar\Application\SnapDo.exe [21024 2013-08-04] (Smartbar)
HKCU\...\Run: [Power2GoExpress8] - C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKCU\...\Run: [KB01119877.exe] - C:\Users\Guido\AppData\Roaming\KB01119877.exe [118784 2013-11-12] (Microsoft Corporation)
HKCU\...\Run: [SkyDrive] - C:\Users\Guido\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-11-25] (Microsoft Corporation)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
MountPoints2: {50a91e44-8ae6-11e2-be71-806e6f6e6963} - "E:\AUTORUN.EXE" 
HKLM-x32\...\Run: [BtTray] - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [] - [x]
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll  [202600 2012-10-08] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=85c524a1-c54d-80a1-276f-bf422fe73c91&searchtype=hp&installDate=29/09/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=85c524a1-c54d-80a1-276f-bf422fe73c91&searchtype=ds&q={searchTerms}&installDate=29/09/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=85c524a1-c54d-80a1-276f-bf422fe73c91&searchtype=ds&q={searchTerms}&installDate=29/09/2013
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC03205&ts=1383953253&type=default&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=hp&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC03205&ts=1383953253
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=hp&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC03205&ts=1383953253
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC03205&ts=1383953253&type=default&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC03205&ts=1383953253&type=default&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=20.4.0.40
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC03205&ts=1383953253&type=default&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=sc&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC03205&ts=1383953253
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC03205&ts=1383953253&type=default&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {318620FC-36FB-41C7-8B16-07911DE8D345} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC03205&ts=1383953253&type=default&q={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC03205&ts=1383953253&type=default&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=85c524a1-c54d-80a1-276f-bf422fe73c91&searchtype=ds&q={searchTerms}&installDate=29/09/2013
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {318620FC-36FB-41C7-8B16-07911DE8D345} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC03205&ts=1383953253&type=default&q={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=85c524a1-c54d-80a1-276f-bf422fe73c91&searchtype=ds&q={searchTerms}&installDate=29/09/2013
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=85c524a1-c54d-80a1-276f-bf422fe73c91&searchtype=ds&q={searchTerms}&installDate=29/09/2013
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=4223F4B7E2B98BBB&affID=121240&tsp=4987
SearchScopes: HKCU - {318620FC-36FB-41C7-8B16-07911DE8D345} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC03205&ts=1383953253&type=default&q={searchTerms}
SearchScopes: HKCU - {41C86B44-013F-44EE-9835-2C1A0E434C32} URL = hxxp://www.search.ask.com/web?p2=%5EB7J%5EYYYYYY%5EYY%5EDE&gct=&itbv=12.3.0.861&o=APN11289&tpid=CME-V7&apn_uid=2A615C04-7CFA-4962-8AAD-1DEA580A40C6&apn_ptnrs=%5EB7J&apn_dtid=%5EYYYYYY%5EYY%5EDE&apn_dbr=cr_29.0.1547.57&doi=2013-08-27&trgb=IE&q={searchTerms}&psv=barid%253D%257B671D6BF1%252D0F43%252D11E3%252DBE76%252DF4B7E2B98BBA%257D%2526cargo%253DCME%252DV7%2526spr%253Da
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Plus-HD-2.2 - {11111111-1111-1111-1111-110311301136} - C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bho64.dll (Plus HD)
BHO: SuperLyrics-16 - {11111111-1111-1111-1111-110411411162} - C:\Program Files (x86)\SuperLyrics-16\SuperLyrics-16-bho64.dll (10superSoftabcd)
BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: FreeHDSport TV - {11111111-1111-1111-1111-110311531136} - C:\Program Files (x86)\FreeHDSport TV\FreeHDSport TV-bho.dll No File
BHO-x32: SuperLyrics-16 - {11111111-1111-1111-1111-110411411162} - C:\Program Files (x86)\SuperLyrics-16\SuperLyrics-16-bho.dll (10superSoftabcd)
BHO-x32: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: DealPly Shopping - {4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7} - C:\Program Files (x86)\DealPly\DealPlyIE.dll No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog5-x64 04 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Winsock: Catalog9-x64 11 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: fhdp3 - C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\profiles\extensions\fhdp3@freehdsp.tv.xpi
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\

Chrome: 
=======
CHR HomePage: hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=85c524a1-c54d-80a1-276f-bf422fe73c91&searchtype=hp&installDate=29/09/2013
CHR Extension: (Snap.Do ) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0
CHR Extension: (Google Docs) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Extended Protection) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0
CHR Extension: (Adblock Plus) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Add to Amazon Wish List) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0
CHR Extension: (Google Search) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (SuperLyrics-16) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.19_0
CHR Extension: (Website Logon) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm\6.0.100_0
CHR Extension: (Plus-HD-2.2) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.23.57_0
CHR Extension: (Norton Identity Protection) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0
CHR Extension: (Google Wallet) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx
CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [ojcgaoafcmbadjkfdippkdddgkeaipbn] - C:\Program Files (x86)\DealPly\DealPly.crx

==================== Services (Whitelisted) =================

R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-17] (Microsoft Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-11-11] (Overwolf Ltd)
U4 SharedAccess; C:\Windows\System32\svchost.exe [29696 2012-11-13] (Microsoft Corporation)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] ()
S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [x]
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{eaf72390-a5ba-d2bc-3cdc-d79a6f00fe58}\   \...\???\{eaf72390-a5ba-d2bc-3cdc-d79a6f00fe58}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [1524824 2013-10-23] (Symantec Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthHFEnum; 
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-09-29] (DT Soft Ltd)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
U3 EraserUtilDrv11312; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [137648 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-27] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20131128.001\IDSvia64.sys [521816 2013-11-11] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131130.007\ENG64.SYS [126040 2013-08-29] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131130.007\EX64.SYS [2099288 2013-08-29] (Symantec Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2012-08-09] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [692832 2012-10-02] (Ralink Technology, Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-14] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-14] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-08-24] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 UHSfiltv; C:\Windows\system32\drivers\UHSfiltv.sys [23552 2013-07-19] (Creative Technology Ltd.)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-01 15:11 - 2013-12-01 15:12 - 00029804 _____ C:\Users\Guido\Downloads\FRST.txt
2013-12-01 15:11 - 2013-12-01 15:11 - 00000000 ____D C:\FRST
2013-12-01 15:08 - 2013-12-01 15:09 - 01959184 _____ (Farbar) C:\Users\Guido\Downloads\FRST64.exe
2013-12-01 12:30 - 2013-12-01 12:30 - 00002044 _____ C:\Users\Public\Desktop\Fussball Manager 2003.lnk
2013-12-01 12:30 - 2013-12-01 12:30 - 00000567 _____ C:\Windows\eReg.dat
2013-12-01 11:40 - 2013-12-01 11:40 - 00000000 ____D C:\Program Files (x86)\EA SPORTS
2013-12-01 11:36 - 2013-12-01 11:36 - 00000000 ____D C:\Users\Guido\Desktop\Fussball.Manager.2003.keygen.by.FUTURiTY
2013-12-01 11:34 - 2013-12-01 11:34 - 00182423 _____ C:\Users\Guido\Downloads\Fussball.Manager.2003.keygen.by.FUTURiTY.zip
2013-11-29 19:51 - 2013-11-29 19:51 - 00000000 ____D C:\Users\Guido\Documents\New Star Soccer 5
2013-11-29 19:49 - 2013-11-29 19:50 - 42998689 _____ (New Star Games Ltd                                          ) C:\Users\Guido\Downloads\Install_NSS5.exe
2013-11-26 22:52 - 2013-11-26 22:52 - 00014370 _____ C:\Users\Guido\Downloads\Losungen 26.11 .xlsx
2013-11-24 22:16 - 2013-11-28 20:12 - 00005142 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Arztpraxis-Guido Arztpraxis
2013-11-17 14:50 - 2013-11-17 14:49 - 00428436 _____ C:\Users\Guido\Desktop\Umschulungsnachweis_3.jpeg
2013-11-17 14:39 - 2013-11-17 14:38 - 00516514 _____ C:\Users\Guido\Desktop\Umschulungsaufstellung.jpeg
2013-11-17 14:21 - 2013-11-17 14:21 - 00125810 _____ C:\Users\Guido\Desktop\Ausweis.jpeg
2013-11-17 14:19 - 2013-11-17 14:18 - 00127688 _____ C:\Users\Guido\Desktop\Ausweis Rück.jpeg
2013-11-17 14:14 - 2013-11-17 14:50 - 00110592 ___SH C:\Users\Guido\Desktop\Thumbs.db
2013-11-17 14:10 - 2013-11-17 14:10 - 00000000 ____D C:\Users\Guido\Documents\Fax
2013-11-17 10:44 - 2013-11-28 22:36 - 00003168 _____ C:\Windows\System32\Tasks\HPCeeScheduleForGuido
2013-11-14 22:33 - 2013-11-17 14:02 - 00005632 ___SH C:\Users\Guido\Downloads\Thumbs.db
2013-11-14 19:51 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 19:51 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 19:51 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-11-14 19:51 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-11-13 19:15 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 19:15 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 19:15 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 19:15 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 19:15 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 19:15 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 19:15 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 19:15 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 19:15 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 19:15 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 19:15 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 19:15 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-11-13 19:15 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 19:15 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-11-13 19:15 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 19:15 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 19:15 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 19:15 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 19:15 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 19:15 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 19:15 - 2013-09-14 02:15 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-11-13 19:15 - 2013-09-13 23:36 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-11-13 19:15 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-11-13 19:15 - 2013-09-13 23:36 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-11-13 19:15 - 2013-09-13 23:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-11-13 19:15 - 2013-09-13 23:36 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-11-13 19:15 - 2013-09-13 23:34 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-11-13 19:15 - 2013-09-13 23:33 - 03279360 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-11-13 19:15 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 19:15 - 2013-08-30 06:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2013-11-13 19:15 - 2013-08-30 06:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2013-11-13 19:15 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2013-11-13 19:15 - 2013-08-21 07:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-11-13 19:15 - 2013-08-10 07:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2013-11-13 19:15 - 2013-08-10 06:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-11-13 19:15 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-11-13 19:15 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-11-13 19:15 - 2013-07-25 00:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2013-11-13 19:15 - 2013-07-12 02:38 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2013-11-13 19:15 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2013-11-12 21:12 - 2013-11-15 17:25 - 00000000 ___HD C:\Users\Guido\AppData\Roaming\33F0EAA2
2013-11-12 21:12 - 2013-11-12 21:12 - 00118784 _____ (Microsoft Corporation) C:\Users\Guido\AppData\Roaming\KB01119877.exe
2013-11-12 21:11 - 2013-11-12 21:11 - 00001176 _____ C:\Users\Guido\Desktop\Bandizip.lnk
2013-11-12 21:11 - 2013-11-12 21:11 - 00000000 ____D C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bandizip
2013-11-12 21:11 - 2013-11-12 21:11 - 00000000 ____D C:\Users\Guido\AppData\Local\Bandizip
2013-11-12 21:10 - 2013-11-12 21:10 - 04249304 _____ C:\Users\Guido\Downloads\bandizip-setup-gl.exe
2013-11-09 18:15 - 2013-11-09 18:15 - 00004030 _____ C:\Windows\System32\Tasks\LaunchApp
2013-11-09 18:14 - 2013-11-09 18:14 - 00000000 ____D C:\Users\Guido\SyncFolder
2013-11-09 00:30 - 2013-11-16 16:23 - 00000000 ____D C:\ProgramData\eSafe
2013-11-09 00:28 - 2013-12-01 12:28 - 00001374 _____ C:\Windows\Tasks\SuperLyrics-16-updater.job
2013-11-09 00:28 - 2013-12-01 12:28 - 00001280 _____ C:\Windows\Tasks\SuperLyrics-16-codedownloader.job
2013-11-09 00:28 - 2013-12-01 12:28 - 00001180 _____ C:\Windows\Tasks\SuperLyrics-16-enabler.job
2013-11-09 00:28 - 2013-11-09 00:28 - 00004378 _____ C:\Windows\System32\Tasks\SuperLyrics-16-updater
2013-11-09 00:28 - 2013-11-09 00:28 - 00004284 _____ C:\Windows\System32\Tasks\SuperLyrics-16-codedownloader
2013-11-09 00:28 - 2013-11-09 00:28 - 00004184 _____ C:\Windows\System32\Tasks\SuperLyrics-16-enabler
2013-11-09 00:28 - 2013-11-09 00:28 - 00000000 ____D C:\Users\Guido\Documents\Optimizer Pro
2013-11-09 00:27 - 2013-12-01 12:32 - 00001994 _____ C:\Windows\Tasks\SuperLyrics-16-chromeinstaller.job
2013-11-09 00:27 - 2013-12-01 12:27 - 00001918 _____ C:\Windows\Tasks\SuperLyrics-16-firefoxinstaller.job
2013-11-09 00:27 - 2013-11-23 08:14 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-11-09 00:27 - 2013-11-09 00:28 - 00000000 ____D C:\Program Files (x86)\SuperLyrics-16
2013-11-09 00:26 - 2013-11-09 00:26 - 00555776 _____ C:\Users\Guido\Downloads\Java7.exe
2013-11-09 00:26 - 2013-11-09 00:26 - 00000000 ____D C:\Users\Guido\AppData\Local\SearchProtect
2013-11-09 00:26 - 2013-11-09 00:26 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-11-09 00:26 - 2013-11-09 00:26 - 00000000 _____ C:\END
2013-11-08 20:03 - 2013-11-08 20:03 - 00165176 _____ (Firseria·s·l ) C:\Users\Guido\Downloads\Setup.exe
2013-11-07 20:50 - 2013-11-07 20:51 - 57415680 _____ C:\Users\Guido\Downloads\VBoxGuestAdditions_4.2.8.iso
2013-11-07 20:09 - 2013-11-28 19:51 - 00003154 _____ C:\Windows\System32\Tasks\WinZipDriverUpdaterRunAtStartup
2013-11-07 20:09 - 2013-11-27 20:09 - 00000318 _____ C:\Windows\Tasks\WinZipDriverUpdater_UPDATES.job
2013-11-07 20:09 - 2013-11-07 20:09 - 00003044 _____ C:\Windows\System32\Tasks\WinZipDriverUpdater_UPDATES
2013-11-07 20:08 - 2013-11-23 08:10 - 00000000 ____D C:\Program Files (x86)\JustCloud
2013-11-07 20:08 - 2013-11-07 20:08 - 00001098 _____ C:\Users\Public\Desktop\WinZip Driver Updater.lnk
2013-11-07 20:08 - 2013-11-07 20:08 - 00000000 ____D C:\Users\Guido\AppData\Roaming\WinZip
2013-11-07 20:08 - 2013-11-07 20:08 - 00000000 ____D C:\Program Files (x86)\WinZip Driver Updater
2013-11-07 20:06 - 2013-11-07 20:22 - 00000000 ____D C:\Users\Guido\AppData\Roaming\FileZilla
2013-11-07 20:05 - 2013-11-07 20:06 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-11-07 20:02 - 2013-11-07 20:02 - 01077648 _____ (Ask.com) C:\Users\Guido\Downloads\SFInstaller_SFFZ_filezilla_8979715_.exe
2013-11-07 19:59 - 2013-11-07 22:36 - 00000000 ____D C:\xampp
2013-11-07 19:52 - 2013-11-07 19:56 - 104477960 _____ (BitNami) C:\Users\Guido\Downloads\xampp-win32-1.8.2-2-VC9-installer.exe
2013-11-07 08:49 - 2013-11-07 14:11 - 00000000 ____D C:\Users\Guido\Desktop\WBS
2013-11-05 23:21 - 2013-11-05 23:21 - 793389452 _____ C:\Windows\MEMORY.DMP
2013-11-05 23:21 - 2013-11-05 23:21 - 00295056 _____ C:\Windows\Minidump\110513-36984-01.dmp
2013-11-05 23:21 - 2013-11-05 23:21 - 00000000 ____D C:\Windows\Minidump

==================== One Month Modified Files and Folders =======

2013-12-01 15:12 - 2013-12-01 15:11 - 00029804 _____ C:\Users\Guido\Downloads\FRST.txt
2013-12-01 15:11 - 2013-12-01 15:11 - 00000000 ____D C:\FRST
2013-12-01 15:09 - 2013-12-01 15:08 - 01959184 _____ (Farbar) C:\Users\Guido\Downloads\FRST64.exe
2013-12-01 15:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2013-12-01 14:58 - 2013-08-23 17:26 - 01906879 _____ C:\Windows\WindowsUpdate.log
2013-12-01 14:43 - 2013-08-23 17:33 - 00001130 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-01 14:17 - 2013-08-27 19:12 - 00001924 _____ C:\Windows\Tasks\Plus-HD-2.2-chromeinstaller.job
2013-12-01 14:12 - 2013-08-27 19:12 - 00001312 _____ C:\Windows\Tasks\Plus-HD-2.2-updater.job
2013-12-01 14:12 - 2013-08-27 19:12 - 00001216 _____ C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job
2013-12-01 14:12 - 2013-08-27 19:12 - 00001116 _____ C:\Windows\Tasks\Plus-HD-2.2-enabler.job
2013-12-01 14:08 - 2013-08-23 17:36 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3635278824-774868512-842475075-1002
2013-12-01 13:36 - 2013-08-23 17:27 - 00000000 ____D C:\Users\Guido\AppData\Local\VirtualStore
2013-12-01 13:23 - 2013-08-23 17:26 - 00000000 ____D C:\Users\Guido
2013-12-01 12:32 - 2013-11-09 00:27 - 00001994 _____ C:\Windows\Tasks\SuperLyrics-16-chromeinstaller.job
2013-12-01 12:30 - 2013-12-01 12:30 - 00002044 _____ C:\Users\Public\Desktop\Fussball Manager 2003.lnk
2013-12-01 12:30 - 2013-12-01 12:30 - 00000567 _____ C:\Windows\eReg.dat
2013-12-01 12:28 - 2013-11-09 00:28 - 00001374 _____ C:\Windows\Tasks\SuperLyrics-16-updater.job
2013-12-01 12:28 - 2013-11-09 00:28 - 00001280 _____ C:\Windows\Tasks\SuperLyrics-16-codedownloader.job
2013-12-01 12:28 - 2013-11-09 00:28 - 00001180 _____ C:\Windows\Tasks\SuperLyrics-16-enabler.job
2013-12-01 12:27 - 2013-11-09 00:27 - 00001918 _____ C:\Windows\Tasks\SuperLyrics-16-firefoxinstaller.job
2013-12-01 11:40 - 2013-12-01 11:40 - 00000000 ____D C:\Program Files (x86)\EA SPORTS
2013-12-01 11:40 - 2012-11-12 17:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-01 11:36 - 2013-12-01 11:36 - 00000000 ____D C:\Users\Guido\Desktop\Fussball.Manager.2003.keygen.by.FUTURiTY
2013-12-01 11:34 - 2013-12-01 11:34 - 00182423 _____ C:\Users\Guido\Downloads\Fussball.Manager.2003.keygen.by.FUTURiTY.zip
2013-12-01 11:34 - 2013-08-23 17:33 - 00000000 ____D C:\Users\Guido\AppData\Local\Google
2013-12-01 11:34 - 2013-08-23 17:33 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-01 11:27 - 2013-08-25 10:06 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-12-01 11:27 - 2013-08-25 10:06 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-12-01 11:23 - 2013-09-22 18:37 - 00000000 ____D C:\Users\Guido\AppData\Local\Overwolf
2013-12-01 11:22 - 2013-08-27 19:06 - 00001228 _____ C:\Windows\Tasks\FreeHDSport TV-codedownloader.job
2013-12-01 11:22 - 2013-08-27 19:06 - 00001138 _____ C:\Windows\Tasks\FreeHDSport TV-enabler.job
2013-12-01 11:22 - 2013-08-23 17:33 - 00001126 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-29 19:51 - 2013-11-29 19:51 - 00000000 ____D C:\Users\Guido\Documents\New Star Soccer 5
2013-11-29 19:50 - 2013-11-29 19:49 - 42998689 _____ (New Star Games Ltd                                          ) C:\Users\Guido\Downloads\Install_NSS5.exe
2013-11-29 17:32 - 2013-08-23 17:27 - 00000000 ____D C:\Users\Guido\AppData\Local\Packages
2013-11-28 23:06 - 2013-08-27 21:09 - 00000000 ____D C:\Users\Guido\AppData\Roaming\vlc
2013-11-28 22:36 - 2013-11-17 10:44 - 00003168 _____ C:\Windows\System32\Tasks\HPCeeScheduleForGuido
2013-11-28 22:36 - 2013-10-06 08:52 - 00000354 _____ C:\Windows\Tasks\HPCeeScheduleForGuido.job
2013-11-28 20:12 - 2013-11-24 22:16 - 00005142 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Arztpraxis-Guido Arztpraxis
2013-11-28 19:51 - 2013-11-07 20:09 - 00003154 _____ C:\Windows\System32\Tasks\WinZipDriverUpdaterRunAtStartup
2013-11-27 20:09 - 2013-11-07 20:09 - 00000318 _____ C:\Windows\Tasks\WinZipDriverUpdater_UPDATES.job
2013-11-27 15:43 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-11-26 22:52 - 2013-11-26 22:52 - 00014370 _____ C:\Users\Guido\Downloads\Losungen 26.11 .xlsx
2013-11-26 18:46 - 2012-11-13 01:23 - 00831158 _____ C:\Windows\system32\perfh007.dat
2013-11-26 18:46 - 2012-11-13 01:23 - 00188760 _____ C:\Windows\system32\perfc007.dat
2013-11-26 18:46 - 2012-07-26 08:28 - 01952918 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-25 13:01 - 2013-08-23 17:26 - 00002279 _____ C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2013-11-24 19:04 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\NDF
2013-11-23 08:14 - 2013-11-09 00:27 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-11-23 08:14 - 2013-08-23 17:31 - 00000000 ___RD C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-23 08:10 - 2013-11-07 20:08 - 00000000 ____D C:\Program Files (x86)\JustCloud
2013-11-22 13:49 - 2013-09-22 18:38 - 00000000 ____D C:\Program Files (x86)\Overwolf
2013-11-21 14:37 - 2012-09-26 09:53 - 00000950 _____ C:\Windows\SysWOW64\bscs.ini
2013-11-21 14:33 - 2013-03-12 07:12 - 00003620 _____ C:\Windows\SysWOW64\LOCALSERVICE.INI
2013-11-21 14:33 - 2013-03-12 07:12 - 00000043 _____ C:\Windows\SysWOW64\LOCALDEVICE.INI
2013-11-17 14:50 - 2013-11-17 14:14 - 00110592 ___SH C:\Users\Guido\Desktop\Thumbs.db
2013-11-17 14:49 - 2013-11-17 14:50 - 00428436 _____ C:\Users\Guido\Desktop\Umschulungsnachweis_3.jpeg
2013-11-17 14:38 - 2013-11-17 14:39 - 00516514 _____ C:\Users\Guido\Desktop\Umschulungsaufstellung.jpeg
2013-11-17 14:21 - 2013-11-17 14:21 - 00125810 _____ C:\Users\Guido\Desktop\Ausweis.jpeg
2013-11-17 14:18 - 2013-11-17 14:19 - 00127688 _____ C:\Users\Guido\Desktop\Ausweis Rück.jpeg
2013-11-17 14:10 - 2013-11-17 14:10 - 00000000 ____D C:\Users\Guido\Documents\Fax
2013-11-17 14:02 - 2013-11-14 22:33 - 00005632 ___SH C:\Users\Guido\Downloads\Thumbs.db
2013-11-17 11:44 - 2013-10-27 12:43 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-11-17 01:47 - 2013-08-23 17:34 - 00002481 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-16 16:23 - 2013-11-09 00:30 - 00000000 ____D C:\ProgramData\eSafe
2013-11-16 16:08 - 2013-08-27 19:06 - 00000000 ____D C:\Program Files (x86)\FreeHDSport TV
2013-11-15 17:28 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-11-15 17:25 - 2013-11-12 21:12 - 00000000 ___HD C:\Users\Guido\AppData\Roaming\33F0EAA2
2013-11-15 17:23 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-15 17:22 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-11-15 17:21 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ToastData
2013-11-15 17:20 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2013-11-14 21:03 - 2013-08-24 19:30 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 21:00 - 2013-08-24 19:29 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 20:39 - 2013-08-27 19:06 - 00000000 ____D C:\Program Files (x86)\FreeHDSport.TV
2013-11-13 14:06 - 2013-03-12 07:25 - 00000000 ____D C:\ProgramData\CyberLink
2013-11-12 21:12 - 2013-11-12 21:12 - 00118784 _____ (Microsoft Corporation) C:\Users\Guido\AppData\Roaming\KB01119877.exe
2013-11-12 21:11 - 2013-11-12 21:11 - 00001176 _____ C:\Users\Guido\Desktop\Bandizip.lnk
2013-11-12 21:11 - 2013-11-12 21:11 - 00000000 ____D C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bandizip
2013-11-12 21:11 - 2013-11-12 21:11 - 00000000 ____D C:\Users\Guido\AppData\Local\Bandizip
2013-11-12 21:10 - 2013-11-12 21:10 - 04249304 _____ C:\Users\Guido\Downloads\bandizip-setup-gl.exe
2013-11-10 12:52 - 2012-08-04 01:02 - 00000000 ____D C:\SWSetup
2013-11-09 18:15 - 2013-11-09 18:15 - 00004030 _____ C:\Windows\System32\Tasks\LaunchApp
2013-11-09 18:14 - 2013-11-09 18:14 - 00000000 ____D C:\Users\Guido\SyncFolder
2013-11-09 00:29 - 2013-08-23 17:30 - 00001756 _____ C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-09 00:28 - 2013-11-09 00:28 - 00004378 _____ C:\Windows\System32\Tasks\SuperLyrics-16-updater
2013-11-09 00:28 - 2013-11-09 00:28 - 00004284 _____ C:\Windows\System32\Tasks\SuperLyrics-16-codedownloader
2013-11-09 00:28 - 2013-11-09 00:28 - 00004184 _____ C:\Windows\System32\Tasks\SuperLyrics-16-enabler
2013-11-09 00:28 - 2013-11-09 00:28 - 00000000 ____D C:\Users\Guido\Documents\Optimizer Pro
2013-11-09 00:28 - 2013-11-09 00:27 - 00000000 ____D C:\Program Files (x86)\SuperLyrics-16
2013-11-09 00:26 - 2013-11-09 00:26 - 00555776 _____ C:\Users\Guido\Downloads\Java7.exe
2013-11-09 00:26 - 2013-11-09 00:26 - 00000000 ____D C:\Users\Guido\AppData\Local\SearchProtect
2013-11-09 00:26 - 2013-11-09 00:26 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-11-09 00:26 - 2013-11-09 00:26 - 00000000 _____ C:\END
2013-11-08 20:03 - 2013-11-08 20:03 - 00165176 _____ (Firseria·s·l ) C:\Users\Guido\Downloads\Setup.exe
2013-11-07 22:36 - 2013-11-07 19:59 - 00000000 ____D C:\xampp
2013-11-07 20:51 - 2013-11-07 20:50 - 57415680 _____ C:\Users\Guido\Downloads\VBoxGuestAdditions_4.2.8.iso
2013-11-07 20:22 - 2013-11-07 20:06 - 00000000 ____D C:\Users\Guido\AppData\Roaming\FileZilla
2013-11-07 20:09 - 2013-11-07 20:09 - 00003044 _____ C:\Windows\System32\Tasks\WinZipDriverUpdater_UPDATES
2013-11-07 20:08 - 2013-11-07 20:08 - 00001098 _____ C:\Users\Public\Desktop\WinZip Driver Updater.lnk
2013-11-07 20:08 - 2013-11-07 20:08 - 00000000 ____D C:\Users\Guido\AppData\Roaming\WinZip
2013-11-07 20:08 - 2013-11-07 20:08 - 00000000 ____D C:\Program Files (x86)\WinZip Driver Updater
2013-11-07 20:06 - 2013-11-07 20:05 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-11-07 20:02 - 2013-11-07 20:02 - 01077648 _____ (Ask.com) C:\Users\Guido\Downloads\SFInstaller_SFFZ_filezilla_8979715_.exe
2013-11-07 19:56 - 2013-11-07 19:52 - 104477960 _____ (BitNami) C:\Users\Guido\Downloads\xampp-win32-1.8.2-2-VC9-installer.exe
2013-11-07 18:46 - 2013-09-29 11:49 - 00000000 ____D C:\Users\Guido\.VirtualBox
2013-11-07 14:11 - 2013-11-07 08:49 - 00000000 ____D C:\Users\Guido\Desktop\WBS
2013-11-07 13:58 - 2013-09-29 12:03 - 00000000 ____D C:\Users\Guido\VirtualBox VMs
2013-11-07 13:44 - 2012-07-26 08:21 - 00003515 _____ C:\Windows\setupact.log
2013-11-05 23:58 - 2013-08-25 10:56 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-05 23:58 - 2013-08-25 10:56 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-05 23:21 - 2013-11-05 23:21 - 793389452 _____ C:\Windows\MEMORY.DMP
2013-11-05 23:21 - 2013-11-05 23:21 - 00295056 _____ C:\Windows\Minidump\110513-36984-01.dmp
2013-11-05 23:21 - 2013-11-05 23:21 - 00000000 ____D C:\Windows\Minidump
2013-11-03 12:10 - 2012-11-12 17:13 - 00000000 ____D C:\Program Files (x86)\CyberLink
2013-11-03 11:05 - 2013-03-12 07:23 - 00000000 ____D C:\Program Files (x86)\HP SimplePass
2013-11-03 11:03 - 2013-03-12 07:23 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-11-03 10:58 - 2012-11-12 17:09 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-11-03 10:50 - 2013-03-12 07:11 - 00000000 ____D C:\Windows\Hewlett-Packard
2013-11-01 19:44 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
ZeroAccess:
C:\Users\Guido\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Some content of TEMP:
====================
C:\Users\Guido\AppData\Local\Temp\BackupSetup.exe
C:\Users\Guido\AppData\Local\Temp\Extract.exe
C:\Users\Guido\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Guido\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Guido\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Guido\AppData\Local\Temp\sh3qh_r0.dll
C:\Users\Guido\AppData\Local\Temp\SP58764.exe
C:\Users\Guido\AppData\Local\Temp\SP59213.exe
C:\Users\Guido\AppData\Local\Temp\SP60051.exe
C:\Users\Guido\AppData\Local\Temp\SP61037.exe
C:\Users\Guido\AppData\Local\Temp\SP61276.exe
C:\Users\Guido\AppData\Local\Temp\SP61277.exe
C:\Users\Guido\AppData\Local\Temp\SP61280.exe
C:\Users\Guido\AppData\Local\Temp\SP61399.exe
C:\Users\Guido\AppData\Local\Temp\SP61413.exe
C:\Users\Guido\AppData\Local\Temp\SP62364.exe
C:\Users\Guido\AppData\Local\Temp\SP62405.exe
C:\Users\Guido\AppData\Local\Temp\SP62765.exe
C:\Users\Guido\AppData\Local\Temp\SP62991.exe
C:\Users\Guido\AppData\Local\Temp\SP63065.exe
C:\Users\Guido\AppData\Local\Temp\SP63224.exe
C:\Users\Guido\AppData\Local\Temp\SP63340.exe
C:\Users\Guido\AppData\Local\Temp\SP63752.exe
C:\Users\Guido\AppData\Local\Temp\SP63801.exe
C:\Users\Guido\AppData\Local\Temp\uninst1.exe
C:\Users\Guido\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2013-11-18 21:31

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

und das die FRST
__________________

Alt 02.12.2013, 10:44   #4
Bootsektor
Ruhe in Frieden
† 2019
 
Trojan Zeroaccess b,c & Trojan Gen 2 - Standard

Trojan Zeroaccess b,c & Trojan Gen 2



Hallo ArztNr4,
ja, du hast einen ZeroAccess und wirklich eine große Ansammlung an adware auf dem Rechner.
Wir entfernen dies in den nächsten Schritten.

Schritt 1
Mehrere Anti-Virus-Programme

Code:
ATTFilter
Norton Internet Security
Windows Defender
         
Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast. Das ist gefährlich, da sich die Programme in die Quere kommen können und dadurch Viren erst recht auf dem Rechner landen können. Ausserdem bremst es auch das System aus. Entscheide Dich für eine Variante und deinstalliere die andere über Systemsteuerung => Software.


Schritt 2
Bitte deinstalliere folgende Programme (falls vorhanden):

DMUninstaller
Plus-HD-2.2
FreeHDSport TV
Snap.Do
SuperLyrics-16
WinZip Driver Updater
Wsys Control


Dazu drücke gleichzeitig auf:
Windowstaste und X
dann:
Programme und Funktionen --> Programm auswählen --> entfernen

Schritt 3
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 4

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



Schritt 5
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Schritt 6
Starte noch einmal FRST.
  • Setze den Haken bei addition.txt und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

Alt 02.12.2013, 21:05   #5
ArztNr4
 
Trojan Zeroaccess b,c & Trojan Gen 2 - Standard

Trojan Zeroaccess b,c & Trojan Gen 2



Combo Fix


Combofix Logfile:
Code:
ATTFilter
ComboFix 13-12-01.01 - Guido 02.12.2013  20:16:14.1.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.16273.13673 [GMT 1:00]
ausgeführt von:: c:\users\Guido\Downloads\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Google\Desktop\Install
c:\program files (x86)\Google\Desktop\Install\{eaf72390-a5ba-d2bc-3cdc-d79a6f00fe58}\9519~1\A535~1\E628~1\{eaf72390-a5ba-d2bc-3cdc-d79a6f00fe58}\@
c:\program files (x86)\Google\Desktop\Install\{eaf72390-a5ba-d2bc-3cdc-d79a6f00fe58}\9519~1\A535~1\E628~1\{eaf72390-a5ba-d2bc-3cdc-d79a6f00fe58}\GoogleUpdate.exe
c:\program files (x86)\Google\Desktop\Install\{eaf72390-a5ba-d2bc-3cdc-d79a6f00fe58}\9519~1\A535~1\E628~1\{eaf72390-a5ba-d2bc-3cdc-d79a6f00fe58}\L\00000004.@
c:\program files (x86)\Google\Desktop\Install\{eaf72390-a5ba-d2bc-3cdc-d79a6f00fe58}\9519~1\A535~1\E628~1\{eaf72390-a5ba-d2bc-3cdc-d79a6f00fe58}\L\201d3dde
c:\program files (x86)\Google\Desktop\Install\{eaf72390-a5ba-d2bc-3cdc-d79a6f00fe58}\9519~1\A535~1\E628~1\{eaf72390-a5ba-d2bc-3cdc-d79a6f00fe58}\L\76603ac3
c:\program files (x86)\Google\Desktop\Install\{eaf72390-a5ba-d2bc-3cdc-d79a6f00fe58}\9519~1\A535~1\E628~1\{eaf72390-a5ba-d2bc-3cdc-d79a6f00fe58}\U\00000004.@
c:\program files (x86)\Google\Desktop\Install\{eaf72390-a5ba-d2bc-3cdc-d79a6f00fe58}\9519~1\A535~1\E628~1\{eaf72390-a5ba-d2bc-3cdc-d79a6f00fe58}\U\00000008.@
c:\program files (x86)\Google\Desktop\Install\{eaf72390-a5ba-d2bc-3cdc-d79a6f00fe58}\9519~1\A535~1\E628~1\{eaf72390-a5ba-d2bc-3cdc-d79a6f00fe58}\U\000000cb.@
c:\program files (x86)\Google\Desktop\Install\{eaf72390-a5ba-d2bc-3cdc-d79a6f00fe58}\9519~1\A535~1\E628~1\{eaf72390-a5ba-d2bc-3cdc-d79a6f00fe58}\U\80000000.@
c:\program files (x86)\Google\Desktop\Install\{eaf72390-a5ba-d2bc-3cdc-d79a6f00fe58}\9519~1\A535~1\E628~1\{eaf72390-a5ba-d2bc-3cdc-d79a6f00fe58}\U\80000032.@
c:\program files (x86)\Google\Desktop\Install\{eaf72390-a5ba-d2bc-3cdc-d79a6f00fe58}\9519~1\A535~1\E628~1\{eaf72390-a5ba-d2bc-3cdc-d79a6f00fe58}\U\80000064.@
c:\users\Guido\AppData\Local\assembly\tmp
c:\users\Guido\AppData\Local\Google\Desktop\Install
c:\users\Guido\AppData\Local\Google\Desktop\Install\{eaf72390-a5ba-d2bc-3cdc-d79a6f00fe58}\2E2F~1\28F0~1\E628~1\{eaf72390-a5ba-d2bc-3cdc-d79a6f00fe58}\@
c:\users\Guido\AppData\Local\Google\Desktop\Install\{eaf72390-a5ba-d2bc-3cdc-d79a6f00fe58}\2E2F~1\28F0~1\E628~1\{eaf72390-a5ba-d2bc-3cdc-d79a6f00fe58}\GoogleUpdate.exe
c:\users\Guido\AppData\Roaming\33F0EAA2
c:\users\Guido\AppData\Roaming\33F0EAA2\33F0EAA2.srv
c:\users\Guido\AppData\Roaming\KB01119877.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\SysWow64\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-11-02 bis 2013-12-02  ))))))))))))))))))))))))))))))
.
.
2013-12-02 19:21 . 2013-12-02 19:21	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-12-02 19:21 . 2013-12-02 19:21	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-12-02 19:01 . 2013-12-02 19:01	--------	d-----w-	c:\windows\ERUNT
2013-12-02 18:41 . 2013-12-02 18:45	--------	d-----w-	C:\AdwCleaner
2013-12-01 14:11 . 2013-12-01 14:11	--------	d-----w-	C:\FRST
2013-12-01 10:40 . 2013-12-01 10:40	--------	d-----w-	c:\program files (x86)\EA SPORTS
2013-11-30 16:17 . 2013-12-01 10:30	--------	d-----w-	c:\program files (x86)\Common Files\InstallShield
2013-11-23 15:24 . 2013-11-23 15:43	--------	d-----w-	c:\users\Guido\AppData\Local\Diagnostics
2013-11-23 14:50 . 2013-11-23 14:50	280752	----a-w-	c:\program files\Windows Defender\de-DE\systemprofile\AppData\Local\Microsoft\Windows\Sqm\Manifest\Sqm10226.bin
2013-11-23 08:05 . 2013-11-23 08:05	280752	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10226.bin
2013-11-22 12:49 . 2013-11-22 12:49	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-11-22 12:49 . 2013-11-22 12:49	--------	d-----w-	c:\program files (x86)\Common Files\Overwolf
2013-11-14 18:51 . 2013-08-23 07:22	2062848	----a-w-	c:\windows\system32\d3d11.dll
2013-11-14 18:51 . 2013-08-23 01:44	1711616	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-11-14 18:51 . 2013-10-01 23:37	2035712	----a-w-	c:\windows\SysWow64\authui.dll
2013-11-14 18:51 . 2013-10-01 23:26	2304512	----a-w-	c:\windows\system32\authui.dll
2013-11-12 20:11 . 2013-11-12 20:11	--------	d-----w-	c:\users\Guido\AppData\Local\Bandizip
2013-11-09 17:14 . 2013-11-09 17:14	--------	d-----w-	c:\users\Guido\SyncFolder
2013-11-08 23:27 . 2013-11-08 23:27	--------	d-----w-	c:\users\Guido\AppData\Local\Programs
2013-11-07 19:08 . 2013-11-23 07:10	--------	d-----w-	c:\program files (x86)\JustCloud
2013-11-07 19:06 . 2013-11-07 19:22	--------	d-----w-	c:\users\Guido\AppData\Roaming\FileZilla
2013-11-07 19:05 . 2013-11-07 19:06	--------	d-----w-	c:\program files (x86)\FileZilla FTP Client
2013-11-07 18:59 . 2013-11-07 21:36	--------	d-----w-	C:\xampp
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-14 20:00 . 2013-08-24 18:29	82896128	----a-w-	c:\windows\system32\MRT.exe
2013-11-13 13:09 . 2013-10-27 11:50	566480	----a-w-	c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-11-05 22:58 . 2013-08-25 09:56	78296	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-06 10:29 . 2013-03-12 06:24	499712	----a-w-	c:\windows\SysWow64\msvcp71.dll
2013-10-06 10:29 . 2013-03-12 06:24	348160	----a-w-	c:\windows\SysWow64\msvcr71.dll
2013-10-06 10:29 . 2013-03-12 06:24	29480	----a-w-	c:\windows\SysWow64\msxml3a.dll
2013-09-29 09:35 . 2013-09-29 09:35	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2013-09-06 12:27 . 2013-09-29 10:48	238352	----a-w-	c:\windows\system32\drivers\VBoxDrv.sys
2013-09-06 12:25 . 2013-09-29 10:48	119056	----a-w-	c:\windows\system32\drivers\VBoxUSBMon.sys
2013-09-06 12:25 . 2013-09-06 12:25	146704	----a-w-	c:\windows\system32\drivers\VBoxNetFlt.sys
2013-09-06 12:25 . 2013-09-06 12:25	131856	----a-w-	c:\windows\system32\drivers\VBoxNetAdp.sys
2013-09-06 12:25 . 2013-09-06 12:25	204048	----a-w-	c:\windows\system32\VBoxNetFltNobj.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-11-25 12:01	222832	----a-w-	c:\users\Guido\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-11-25 12:01	222832	----a-w-	c:\users\Guido\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-11-25 12:01	222832	----a-w-	c:\users\Guido\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Overwolf"="c:\program files (x86)\Overwolf\Overwolf.exe" [2013-11-11 35256]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"Power2GoExpress8"="c:\program files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe" [2013-01-27 1711680]
"SkyDrive"="c:\users\Guido\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-11-25 257136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BtTray"="c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2012-09-19 371976]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-09-07 581024]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R0 SymELAM;Symantec ELAM Driver;c:\windows\system32\drivers\NISx64\1404000.028\SymELAM.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SymELAM.sys [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 HPConnectedRemote;HP Connected Remote Service;c:\program files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe;c:\program files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [x]
R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\System32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
R3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
R3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\System32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe;c:\program files\Common Files\AuthenTec\TrueService.exe [x]
R3 UHSfiltv;UHSfiltv;c:\windows\system32\drivers\UHSfiltv.sys;c:\windows\SYSNATIVE\drivers\UHSfiltv.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage-Technologie;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 OfficeSvc;Microsoft Office-Dienst;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 valWBFPolicyService;Validity WBF Policy Service;c:\windows\system32\valWBFPolicyService.exe;c:\windows\SYSNATIVE\valWBFPolicyService.exe [x]
S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20131114.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [x]
S3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;c:\windows\System32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\ccSetx64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20131128.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20131128.001\IDSvia64.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\System32\drivers\rtbth.sys;c:\windows\SYSNATIVE\drivers\rtbth.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMDS64.SYS [x]
S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMEFA64.SYS [x]
S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\Ironx64.SYS [x]
S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1404000.028\SYMNETS.SYS [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost	REG_MULTI_SZ   	apphostsvc
iissvcs	REG_MULTI_SZ   	w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-17 00:43	1210320	----a-w-	c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-23 16:33]
.
2013-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-23 16:33]
.
2013-12-02 c:\windows\Tasks\HPCeeScheduleForGuido.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-11-25 12:01	261744	----a-w-	c:\users\Guido\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-11-25 12:01	261744	----a-w-	c:\users\Guido\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-11-25 12:01	261744	----a-w-	c:\users\Guido\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-11-13 13:12	2328776	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-11-13 13:12	2328776	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-11-13 13:12	2328776	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-09-25 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-09-25 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-09-25 441152]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 3933496]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-08-25 1664000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=20.4.0.40
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=20.4.0.40
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-KB01119877.exe - c:\users\Guido\AppData\Roaming\KB01119877.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
c:\program files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
c:\program files (x86)\HP SimplePass\IEWebSiteLogon.exe
c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Common Files\Overwolf\OverwolfHelper.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-12-02  20:34:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-12-02 19:34
.
Vor Suchlauf: 15 Verzeichnis(se), 778.381.221.888 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 780.109.250.560 Bytes frei
.
- - End Of File - - E1670F1D9FD26945A63B6AB547DDF8DE
         
--- --- ---


Adware CleanerAdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.014 - Bericht erstellt am 02/12/2013 um 19:41:33
# Updated 01/12/2013 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Guido - ARZTPRAXIS
# Gestartet von : C:\Users\Guido\Downloads\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****

Dienst Gefunden : WsysSvc

***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\END
Datei Gefunden : C:\Users\Public\Desktop\eBay.lnk
Datei Gefunden : C:\Windows\System32\Tasks\FreeHDSport TV-codedownloader
Datei Gefunden : C:\Windows\System32\Tasks\FreeHDSport TV-enabler
Datei Gefunden : C:\Windows\System32\Tasks\LaunchApp
Datei Gefunden : C:\Windows\Tasks\FreeHDSport TV-codedownloader.job
Datei Gefunden : C:\Windows\Tasks\FreeHDSport TV-enabler.job
Ordner Gefunden : C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Ordner Gefunden : C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Ordner Gefunden C:\Program Files (x86)\FirstRowSportApp.com
Ordner Gefunden C:\Program Files (x86)\FreeHDSport TV
Ordner Gefunden C:\Program Files (x86)\FreeHDSport.TV
Ordner Gefunden C:\Program Files (x86)\MyPC Backup
Ordner Gefunden C:\Program Files (x86)\Searchprotect
Ordner Gefunden C:\ProgramData\apn
Ordner Gefunden C:\ProgramData\Babylon
Ordner Gefunden C:\ProgramData\eSafe
Ordner Gefunden C:\Users\Guido\AppData\Local\Searchprotect
Ordner Gefunden C:\Users\Guido\AppData\Local\Temp\apn
Ordner Gefunden C:\Users\Guido\AppData\Roaming\Babylon
Ordner Gefunden C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FirstRowSportApp.com
Ordner Gefunden C:\Users\Guido\AppData\Roaming\OpenCandy
Ordner Gefunden C:\Users\Guido\Documents\optimizer pro

***** [ Verknüpfungen ] *****

Verknüpfung Gefunden : C:\Users\Public\Desktop\Google Chrome.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=sc&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC03205&ts=1383953253 )
Verknüpfung Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=sc&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC03205&ts=1383953253 )
Verknüpfung Gefunden : C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=sc&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC03205&ts=1383953253 )
Verknüpfung Gefunden : C:\Users\Guido\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=sc&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC03205&ts=1383953253 )
Verknüpfung Gefunden : C:\Users\Guido\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=sc&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC03205&ts=1383953253 )
Verknüpfung Gefunden : C:\Users\Guido\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=sc&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC03205&ts=1383953253 )
Verknüpfung Gefunden : C:\Users\Guido\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=sc&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC03205&ts=1383953253 )

***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=sc&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC03205&ts=1383953253
Schlüssel Gefunden : HKCU\Software\1ClickDownload
Schlüssel Gefunden : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\FreeHDSport TV
Schlüssel Gefunden : HKCU\Software\BabSolution
Schlüssel Gefunden : HKCU\Software\Delta
Schlüssel Gefunden : HKCU\Software\installedbrowserextensions
Schlüssel Gefunden : HKCU\Software\InstalledThirdPartyPrograms
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311531136}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKCU\Software\SmartBar
Schlüssel Gefunden : [x64] HKCU\Software\1ClickDownload
Schlüssel Gefunden : [x64] HKCU\Software\BabSolution
Schlüssel Gefunden : [x64] HKCU\Software\Delta
Schlüssel Gefunden : [x64] HKCU\Software\installedbrowserextensions
Schlüssel Gefunden : [x64] HKCU\Software\InstalledThirdPartyPrograms
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKCU\Software\SmartBar
Schlüssel Gefunden : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gefunden : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311531136}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322302236}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322532236}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0035336.BHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0035336.BHO.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0035336.Sandbox
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0035336.Sandbox.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355535536}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366536636}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344534436}
Schlüssel Gefunden : HKLM\Software\Delta
Schlüssel Gefunden : HKLM\Software\dosearchessoftware
Schlüssel Gefunden : HKLM\Software\eSafeSecControl
Schlüssel Gefunden : HKLM\Software\FreeHDSport TV
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\nbdbmopeebalgaeghmjoegpkngglikgn
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\ojcgaoafcmbadjkfdippkdddgkeaipbn
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12c1f3f5-4fb2-4191-a1fd-ca464e6823c0}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6fa9c2c7-b82c-4944-b077-e1d8ea9e2b3d}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{730c3a0d-8c88-468a-b617-7e9913dd6abc}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aa267627-1ef3-4619-a982-8b57c636ca73}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c11ce4d0-9c73-491d-a95c-23c0b7bbd490}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311531136}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeHDSport TV
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355535536}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366536636}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16537

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=85c524a1-c54d-80a1-276f-bf422fe73c91&searchtype=hp&installDate=29/09/2013
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=85c524a1-c54d-80a1-276f-bf422fe73c91&searchtype=ds&q={searchTerms}&installDate=29/09/2013
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=85c524a1-c54d-80a1-276f-bf422fe73c91&searchtype=ds&q={searchTerms}&installDate=29/09/2013
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC03205&ts=1383953253&type=default&q={searchTerms}
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC03205&ts=1383953253&type=default&q={searchTerms}
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=85c524a1-c54d-80a1-276f-bf422fe73c91&searchtype=ds&q={searchTerms}&installDate=29/09/2013
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=85c524a1-c54d-80a1-276f-bf422fe73c91&searchtype=ds&q={searchTerms}&installDate=29/09/2013
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=85c524a1-c54d-80a1-276f-bf422fe73c91&searchtype=ds&q={searchTerms}&installDate=29/09/2013
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=85c524a1-c54d-80a1-276f-bf422fe73c91&searchtype=ds&q={searchTerms}&installDate=29/09/2013
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC03205&ts=1383953253&type=default&q={searchTerms}
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=hp&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC03205&ts=1383953253
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=hp&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC03205&ts=1383953253
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC03205&ts=1383953253&type=default&q={searchTerms}

-\\ Mozilla Firefox v

-\\ Google Chrome v31.0.1650.57

[ Datei : C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gefunden : homepage
Gefunden : icon_url
Gefunden : search_url
Gefunden : keyword
Gefunden : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [14525 octets] - [02/12/2013 19:41:33]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [14586 octets] ##########
         
--- --- ---
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.014 - Bericht erstellt am 02/12/2013 um 20:40:14
# Updated 01/12/2013 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Guido - ARZTPRAXIS
# Gestartet von : C:\Users\Guido\Downloads\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gefunden : C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v

-\\ Google Chrome v31.0.1650.57

[ Datei : C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gefunden : icon_url
Gefunden : search_url
Gefunden : keyword

*************************

AdwCleaner[R0].txt - [14743 octets] - [02/12/2013 19:41:33]
AdwCleaner[R1].txt - [903 octets] - [02/12/2013 20:40:14]
AdwCleaner[S0].txt - [10653 octets] - [02/12/2013 19:45:06]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1023 octets] ##########
         
--- --- ---
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.014 - Bericht erstellt am 02/12/2013 um 19:45:06
# Updated 01/12/2013 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Guido - ARZTPRAXIS
# Gestartet von : C:\Users\Guido\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : WsysSvc

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\Program Files (x86)\FirstRowSportApp.com
Ordner Gelöscht : C:\Program Files (x86)\FreeHDSport.TV
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\Searchprotect
Ordner Gelöscht : C:\Program Files (x86)\FreeHDSport TV
Ordner Gelöscht : C:\Users\Guido\AppData\Local\Searchprotect
Ordner Gelöscht : C:\Users\Guido\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\Guido\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Guido\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FirstRowSportApp.com
Ordner Gelöscht : C:\Users\Guido\Documents\optimizer pro
Ordner Gelöscht : C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Ordner Gelöscht : C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\Windows\System32\Tasks\LaunchApp
Datei Gelöscht : C:\Windows\Tasks\FreeHDSport TV-codedownloader.job
Datei Gelöscht : C:\Windows\System32\Tasks\FreeHDSport TV-codedownloader
Datei Gelöscht : C:\Windows\Tasks\FreeHDSport TV-enabler.job
Datei Gelöscht : C:\Windows\System32\Tasks\FreeHDSport TV-enabler

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Guido\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Guido\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Guido\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Guido\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\nbdbmopeebalgaeghmjoegpkngglikgn
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ojcgaoafcmbadjkfdippkdddgkeaipbn
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0035336.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0035336.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0035336.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0035336.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311531136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322302236}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322532236}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355535536}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366536636}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344534436}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311531136}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311531136}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12c1f3f5-4fb2-4191-a1fd-ca464e6823c0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6fa9c2c7-b82c-4944-b077-e1d8ea9e2b3d}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{730c3a0d-8c88-468a-b617-7e9913dd6abc}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aa267627-1ef3-4619-a982-8b57c636ca73}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c11ce4d0-9c73-491d-a95c-23c0b7bbd490}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355535536}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366536636}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\InstalledThirdPartyPrograms
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\FreeHDSport TV
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\dosearchessoftware
Schlüssel Gelöscht : HKLM\Software\eSafeSecControl
Schlüssel Gelöscht : HKLM\Software\FreeHDSport TV
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeHDSport TV
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16537

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v

-\\ Google Chrome v31.0.1650.57

[ Datei : C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage
Gelöscht : icon_url
Gelöscht : search_url
Gelöscht : keyword
Gelöscht : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [14743 octets] - [02/12/2013 19:41:33]
AdwCleaner[S0].txt - [10471 octets] - [02/12/2013 19:45:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10532 octets] ##########
         
--- --- ---

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8 x64
Ran by Guido on 02.12.2013 at 20:47:27,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{318620FC-36FB-41C7-8B16-07911DE8D345}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.12.2013 at 20:53:04,42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2013
Ran by Guido (administrator) on ARZTPRAXIS on 02-12-2013 20:59:38
Running from C:\Users\Guido\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Windows\System32\valWBFPolicyService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Overwolf) C:\Program Files (x86)\Overwolf\Overwolf.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft) C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe
(Overwolf) C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2874168 2012-09-14] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-08-25] (IDT, Inc.)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [21504 2012-07-26] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [35256 2013-11-11] (Overwolf)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKCU\...\Run: [Power2GoExpress8] - C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKCU\...\Run: [SkyDrive] - C:\Users\Guido\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-11-25] (Microsoft Corporation)
HKLM-x32\...\Run: [BtTray] - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [] - [x]
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=20.4.0.40
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=20.4.0.40
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {318620FC-36FB-41C7-8B16-07911DE8D345} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 04 %SystemRoot%\System32\mswsock.dll [355328] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: fhdp3 - C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\profiles\extensions\fhdp3@freehdsp.tv.xpi
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Web) - hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=85c524a1-c54d-80a1-276f-bf422fe73c91&searchtype=ds&q={searchTerms}&installDate=29/09/2013
CHR DefaultSuggestURL: (Web) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Extension: (Google Docs) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Add to Amazon Wish List) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0
CHR Extension: (Google Search) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Website Logon) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm\6.0.100_0
CHR Extension: (Norton Identity Protection) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0
CHR Extension: (Google Wallet) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx
CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx

==================== Services (Whitelisted) =================

R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
S2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-17] (Microsoft Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-11-11] (Overwolf Ltd)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [29696 2012-11-13] (Microsoft Corporation)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] ()
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [1524824 2013-10-23] (Symantec Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthHFEnum; 
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-09-29] (DT Soft Ltd)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20131128.001\IDSvia64.sys [521816 2013-11-11] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131202.002\ENG64.SYS [126040 2013-08-29] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131202.002\EX64.SYS [2099288 2013-08-29] (Symantec Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2012-08-09] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [692832 2012-10-02] (Ralink Technology, Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-14] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-14] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-08-24] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 UHSfiltv; C:\Windows\system32\drivers\UHSfiltv.sys [23552 2013-07-19] (Creative Technology Ltd.)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-11-13] (Microsoft Corporation)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-02 20:53 - 2013-12-02 20:53 - 00000834 _____ C:\Users\Guido\Desktop\JRT.txt
2013-12-02 20:34 - 2013-12-02 20:34 - 00024037 _____ C:\ComboFix.txt
2013-12-02 20:10 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-02 20:10 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-02 20:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-02 20:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-02 20:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-02 20:10 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2013-12-02 20:10 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-02 20:10 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-02 20:10 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-02 20:09 - 2013-12-02 20:35 - 00000000 ____D C:\Qoobox
2013-12-02 20:09 - 2013-12-02 20:31 - 00000000 ____D C:\Windows\erdnt
2013-12-02 20:08 - 2013-12-02 20:09 - 05151572 ____R (Swearware) C:\Users\Guido\Downloads\ComboFix.exe
2013-12-02 20:01 - 2013-12-02 20:01 - 00000000 ____D C:\Windows\ERUNT
2013-12-02 20:00 - 2013-12-02 20:00 - 01034531 _____ (Thisisu) C:\Users\Guido\Downloads\JRT.exe
2013-12-02 19:58 - 2013-12-02 19:58 - 00438168 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-02 19:41 - 2013-12-02 20:40 - 00000000 ____D C:\AdwCleaner
2013-12-02 19:40 - 2013-12-02 19:40 - 01110034 _____ C:\Users\Guido\Downloads\adwcleaner.exe
2013-12-01 15:12 - 2013-12-01 15:13 - 00036586 _____ C:\Users\Guido\Downloads\Addition.txt
2013-12-01 15:11 - 2013-12-02 20:59 - 00019990 _____ C:\Users\Guido\Downloads\FRST.txt
2013-12-01 15:11 - 2013-12-01 15:11 - 00000000 ____D C:\FRST
2013-12-01 15:08 - 2013-12-01 15:09 - 01959184 _____ (Farbar) C:\Users\Guido\Downloads\FRST64.exe
2013-12-01 12:30 - 2013-12-01 12:30 - 00002044 _____ C:\Users\Public\Desktop\Fussball Manager 2003.lnk
2013-12-01 12:30 - 2013-12-01 12:30 - 00000567 _____ C:\Windows\eReg.dat
2013-12-01 11:40 - 2013-12-01 11:40 - 00000000 ____D C:\Program Files (x86)\EA SPORTS
2013-12-01 11:36 - 2013-12-01 11:36 - 00000000 ____D C:\Users\Guido\Desktop\Fussball.Manager.2003.keygen.by.FUTURiTY
2013-12-01 11:34 - 2013-12-01 11:34 - 00182423 _____ C:\Users\Guido\Downloads\Fussball.Manager.2003.keygen.by.FUTURiTY.zip
2013-11-29 19:51 - 2013-11-29 19:51 - 00000000 ____D C:\Users\Guido\Documents\New Star Soccer 5
2013-11-29 19:49 - 2013-11-29 19:50 - 42998689 _____ (New Star Games Ltd                                          ) C:\Users\Guido\Downloads\Install_NSS5.exe
2013-11-26 22:52 - 2013-11-26 22:52 - 00014370 _____ C:\Users\Guido\Downloads\Losungen 26.11 .xlsx
2013-11-24 22:16 - 2013-11-28 20:12 - 00005142 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Arztpraxis-Guido Arztpraxis
2013-11-17 14:14 - 2013-11-17 14:50 - 00110592 ___SH C:\Users\Guido\Desktop\Thumbs.db
2013-11-17 14:10 - 2013-11-17 14:10 - 00000000 ____D C:\Users\Guido\Documents\Fax
2013-11-17 10:44 - 2013-11-28 22:36 - 00003168 _____ C:\Windows\System32\Tasks\HPCeeScheduleForGuido
2013-11-14 22:33 - 2013-11-17 14:02 - 00005632 ___SH C:\Users\Guido\Downloads\Thumbs.db
2013-11-14 19:51 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 19:51 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 19:51 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-11-14 19:51 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-11-13 19:15 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 19:15 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 19:15 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 19:15 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 19:15 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 19:15 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 19:15 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 19:15 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 19:15 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 19:15 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 19:15 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 19:15 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-11-13 19:15 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 19:15 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-11-13 19:15 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 19:15 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 19:15 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 19:15 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 19:15 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 19:15 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 19:15 - 2013-09-14 02:15 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-11-13 19:15 - 2013-09-13 23:36 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-11-13 19:15 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-11-13 19:15 - 2013-09-13 23:36 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-11-13 19:15 - 2013-09-13 23:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-11-13 19:15 - 2013-09-13 23:36 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-11-13 19:15 - 2013-09-13 23:34 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-11-13 19:15 - 2013-09-13 23:33 - 03279360 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-11-13 19:15 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 19:15 - 2013-08-30 06:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2013-11-13 19:15 - 2013-08-30 06:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2013-11-13 19:15 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2013-11-13 19:15 - 2013-08-21 07:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-11-13 19:15 - 2013-08-10 07:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2013-11-13 19:15 - 2013-08-10 06:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-11-13 19:15 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-11-13 19:15 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-11-13 19:15 - 2013-07-25 00:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2013-11-13 19:15 - 2013-07-12 02:38 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2013-11-13 19:15 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2013-11-12 21:11 - 2013-11-12 21:11 - 00001176 _____ C:\Users\Guido\Desktop\Bandizip.lnk
2013-11-12 21:11 - 2013-11-12 21:11 - 00000000 ____D C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bandizip
2013-11-12 21:11 - 2013-11-12 21:11 - 00000000 ____D C:\Users\Guido\AppData\Local\Bandizip
2013-11-12 21:10 - 2013-11-12 21:10 - 04249304 _____ C:\Users\Guido\Downloads\bandizip-setup-gl.exe
2013-11-09 18:14 - 2013-11-09 18:14 - 00000000 ____D C:\Users\Guido\SyncFolder
2013-11-09 00:26 - 2013-11-09 00:26 - 00555776 _____ C:\Users\Guido\Downloads\Java7.exe
2013-11-08 20:03 - 2013-11-08 20:03 - 00165176 _____ (Firseria·s·l ) C:\Users\Guido\Downloads\Setup.exe
2013-11-07 20:50 - 2013-11-07 20:51 - 57415680 _____ C:\Users\Guido\Downloads\VBoxGuestAdditions_4.2.8.iso
2013-11-07 20:08 - 2013-11-23 08:10 - 00000000 ____D C:\Program Files (x86)\JustCloud
2013-11-07 20:06 - 2013-11-07 20:22 - 00000000 ____D C:\Users\Guido\AppData\Roaming\FileZilla
2013-11-07 20:05 - 2013-11-07 20:06 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-11-07 20:02 - 2013-11-07 20:02 - 01077648 _____ (Ask.com) C:\Users\Guido\Downloads\SFInstaller_SFFZ_filezilla_8979715_.exe
2013-11-07 19:59 - 2013-11-07 22:36 - 00000000 ____D C:\xampp
2013-11-07 19:52 - 2013-11-07 19:56 - 104477960 _____ (BitNami) C:\Users\Guido\Downloads\xampp-win32-1.8.2-2-VC9-installer.exe
2013-11-05 23:21 - 2013-11-05 23:21 - 793389452 _____ C:\Windows\MEMORY.DMP
2013-11-05 23:21 - 2013-11-05 23:21 - 00295056 _____ C:\Windows\Minidump\110513-36984-01.dmp
2013-11-05 23:21 - 2013-11-05 23:21 - 00000000 ____D C:\Windows\Minidump

==================== One Month Modified Files and Folders =======

2013-12-02 21:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2013-12-02 20:59 - 2013-12-01 15:11 - 00019990 _____ C:\Users\Guido\Downloads\FRST.txt
2013-12-02 20:54 - 2013-08-23 17:36 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3635278824-774868512-842475075-1002
2013-12-02 20:53 - 2013-12-02 20:53 - 00000834 _____ C:\Users\Guido\Desktop\JRT.txt
2013-12-02 20:43 - 2013-08-23 17:33 - 00001130 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-02 20:43 - 2013-08-23 17:33 - 00001126 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-02 20:42 - 2013-08-23 17:26 - 01974868 _____ C:\Windows\WindowsUpdate.log
2013-12-02 20:40 - 2013-12-02 19:41 - 00000000 ____D C:\AdwCleaner
2013-12-02 20:35 - 2013-12-02 20:09 - 00000000 ____D C:\Qoobox
2013-12-02 20:35 - 2012-07-26 06:37 - 00000000 __RHD C:\Users\Default
2013-12-02 20:34 - 2013-12-02 20:34 - 00024037 _____ C:\ComboFix.txt
2013-12-02 20:34 - 2012-11-13 01:23 - 00831158 _____ C:\Windows\system32\perfh007.dat
2013-12-02 20:34 - 2012-11-13 01:23 - 00188760 _____ C:\Windows\system32\perfc007.dat
2013-12-02 20:34 - 2012-07-26 08:28 - 01952554 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-02 20:31 - 2013-12-02 20:09 - 00000000 ____D C:\Windows\erdnt
2013-12-02 20:28 - 2013-09-22 18:37 - 00000000 ____D C:\Users\Guido\AppData\Local\Overwolf
2013-12-02 20:27 - 2012-07-26 06:26 - 00000215 _____ C:\Windows\system.ini
2013-12-02 20:26 - 2012-09-26 09:53 - 00000950 _____ C:\Windows\SysWOW64\bscs.ini
2013-12-02 20:26 - 2012-08-03 23:23 - 00020218 _____ C:\Windows\PFRO.log
2013-12-02 20:26 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-02 20:21 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-12-02 20:09 - 2013-12-02 20:08 - 05151572 ____R (Swearware) C:\Users\Guido\Downloads\ComboFix.exe
2013-12-02 20:03 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-12-02 20:01 - 2013-12-02 20:01 - 00000000 ____D C:\Windows\ERUNT
2013-12-02 20:00 - 2013-12-02 20:00 - 01034531 _____ (Thisisu) C:\Users\Guido\Downloads\JRT.exe
2013-12-02 19:58 - 2013-12-02 19:58 - 00438168 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-02 19:58 - 2013-10-06 08:52 - 00000354 _____ C:\Windows\Tasks\HPCeeScheduleForGuido.job
2013-12-02 19:45 - 2013-08-23 17:34 - 00001278 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-02 19:45 - 2013-08-23 17:30 - 00000995 _____ C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-02 19:40 - 2013-12-02 19:40 - 01110034 _____ C:\Users\Guido\Downloads\adwcleaner.exe
2013-12-01 23:17 - 2013-08-27 21:09 - 00000000 ____D C:\Users\Guido\AppData\Roaming\vlc
2013-12-01 23:07 - 2013-08-23 17:26 - 00000000 ____D C:\Users\Guido
2013-12-01 15:27 - 2013-09-29 10:18 - 00000000 ____D C:\Users\Guido\Desktop\Sicherungsdaten
2013-12-01 15:13 - 2013-12-01 15:12 - 00036586 _____ C:\Users\Guido\Downloads\Addition.txt
2013-12-01 15:11 - 2013-12-01 15:11 - 00000000 ____D C:\FRST
2013-12-01 15:09 - 2013-12-01 15:08 - 01959184 _____ (Farbar) C:\Users\Guido\Downloads\FRST64.exe
2013-12-01 13:36 - 2013-08-23 17:27 - 00000000 ____D C:\Users\Guido\AppData\Local\VirtualStore
2013-12-01 12:30 - 2013-12-01 12:30 - 00002044 _____ C:\Users\Public\Desktop\Fussball Manager 2003.lnk
2013-12-01 12:30 - 2013-12-01 12:30 - 00000567 _____ C:\Windows\eReg.dat
2013-12-01 11:40 - 2013-12-01 11:40 - 00000000 ____D C:\Program Files (x86)\EA SPORTS
2013-12-01 11:40 - 2012-11-12 17:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-01 11:36 - 2013-12-01 11:36 - 00000000 ____D C:\Users\Guido\Desktop\Fussball.Manager.2003.keygen.by.FUTURiTY
2013-12-01 11:34 - 2013-12-01 11:34 - 00182423 _____ C:\Users\Guido\Downloads\Fussball.Manager.2003.keygen.by.FUTURiTY.zip
2013-12-01 11:34 - 2013-08-23 17:33 - 00000000 ____D C:\Users\Guido\AppData\Local\Google
2013-12-01 11:34 - 2013-08-23 17:33 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-01 11:27 - 2013-08-25 10:06 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-12-01 11:27 - 2013-08-25 10:06 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-11-29 19:51 - 2013-11-29 19:51 - 00000000 ____D C:\Users\Guido\Documents\New Star Soccer 5
2013-11-29 19:50 - 2013-11-29 19:49 - 42998689 _____ (New Star Games Ltd                                          ) C:\Users\Guido\Downloads\Install_NSS5.exe
2013-11-29 17:32 - 2013-08-23 17:27 - 00000000 ____D C:\Users\Guido\AppData\Local\Packages
2013-11-28 22:36 - 2013-11-17 10:44 - 00003168 _____ C:\Windows\System32\Tasks\HPCeeScheduleForGuido
2013-11-28 20:12 - 2013-11-24 22:16 - 00005142 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Arztpraxis-Guido Arztpraxis
2013-11-27 15:43 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-11-26 22:52 - 2013-11-26 22:52 - 00014370 _____ C:\Users\Guido\Downloads\Losungen 26.11 .xlsx
2013-11-25 13:01 - 2013-08-23 17:26 - 00002279 _____ C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2013-11-24 19:04 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\NDF
2013-11-23 08:14 - 2013-08-23 17:31 - 00000000 ___RD C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-23 08:10 - 2013-11-07 20:08 - 00000000 ____D C:\Program Files (x86)\JustCloud
2013-11-22 13:49 - 2013-09-22 18:38 - 00000000 ____D C:\Program Files (x86)\Overwolf
2013-11-21 14:33 - 2013-03-12 07:12 - 00003620 _____ C:\Windows\SysWOW64\LOCALSERVICE.INI
2013-11-21 14:33 - 2013-03-12 07:12 - 00000043 _____ C:\Windows\SysWOW64\LOCALDEVICE.INI
2013-11-17 14:50 - 2013-11-17 14:14 - 00110592 ___SH C:\Users\Guido\Desktop\Thumbs.db
2013-11-17 14:10 - 2013-11-17 14:10 - 00000000 ____D C:\Users\Guido\Documents\Fax
2013-11-17 14:02 - 2013-11-14 22:33 - 00005632 ___SH C:\Users\Guido\Downloads\Thumbs.db
2013-11-17 11:44 - 2013-10-27 12:43 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-11-15 17:21 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ToastData
2013-11-15 17:20 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2013-11-14 21:03 - 2013-08-24 19:30 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 21:00 - 2013-08-24 19:29 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 14:06 - 2013-03-12 07:25 - 00000000 ____D C:\ProgramData\CyberLink
2013-11-12 21:11 - 2013-11-12 21:11 - 00001176 _____ C:\Users\Guido\Desktop\Bandizip.lnk
2013-11-12 21:11 - 2013-11-12 21:11 - 00000000 ____D C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bandizip
2013-11-12 21:11 - 2013-11-12 21:11 - 00000000 ____D C:\Users\Guido\AppData\Local\Bandizip
2013-11-12 21:10 - 2013-11-12 21:10 - 04249304 _____ C:\Users\Guido\Downloads\bandizip-setup-gl.exe
2013-11-10 12:52 - 2012-08-04 01:02 - 00000000 ____D C:\SWSetup
2013-11-09 18:14 - 2013-11-09 18:14 - 00000000 ____D C:\Users\Guido\SyncFolder
2013-11-09 00:26 - 2013-11-09 00:26 - 00555776 _____ C:\Users\Guido\Downloads\Java7.exe
2013-11-08 20:03 - 2013-11-08 20:03 - 00165176 _____ (Firseria·s·l ) C:\Users\Guido\Downloads\Setup.exe
2013-11-07 22:36 - 2013-11-07 19:59 - 00000000 ____D C:\xampp
2013-11-07 20:51 - 2013-11-07 20:50 - 57415680 _____ C:\Users\Guido\Downloads\VBoxGuestAdditions_4.2.8.iso
2013-11-07 20:22 - 2013-11-07 20:06 - 00000000 ____D C:\Users\Guido\AppData\Roaming\FileZilla
2013-11-07 20:06 - 2013-11-07 20:05 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-11-07 20:02 - 2013-11-07 20:02 - 01077648 _____ (Ask.com) C:\Users\Guido\Downloads\SFInstaller_SFFZ_filezilla_8979715_.exe
2013-11-07 19:56 - 2013-11-07 19:52 - 104477960 _____ (BitNami) C:\Users\Guido\Downloads\xampp-win32-1.8.2-2-VC9-installer.exe
2013-11-07 18:46 - 2013-09-29 11:49 - 00000000 ____D C:\Users\Guido\.VirtualBox
2013-11-07 13:58 - 2013-09-29 12:03 - 00000000 ____D C:\Users\Guido\VirtualBox VMs
2013-11-07 13:44 - 2012-07-26 08:21 - 00003515 _____ C:\Windows\setupact.log
2013-11-05 23:58 - 2013-08-25 10:56 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-05 23:21 - 2013-11-05 23:21 - 793389452 _____ C:\Windows\MEMORY.DMP
2013-11-05 23:21 - 2013-11-05 23:21 - 00295056 _____ C:\Windows\Minidump\110513-36984-01.dmp
2013-11-05 23:21 - 2013-11-05 23:21 - 00000000 ____D C:\Windows\Minidump
2013-11-03 12:10 - 2012-11-12 17:13 - 00000000 ____D C:\Program Files (x86)\CyberLink
2013-11-03 11:05 - 2013-03-12 07:23 - 00000000 ____D C:\Program Files (x86)\HP SimplePass
2013-11-03 11:03 - 2013-03-12 07:23 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-11-03 10:58 - 2012-11-12 17:09 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-11-03 10:50 - 2013-03-12 07:11 - 00000000 ____D C:\Windows\Hewlett-Packard

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-18 21:31

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2013
Ran by Guido at 2013-12-02 21:00:20
Running from C:\Users\Guido\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

7-Zip 9.21 (x32 Version: 9.21.00.0)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.6.636)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87)
Bandizip (HKCU Version: 3.08)
Bonjour (Version: 3.0.0.10)
Connected Music powered by Universal Music Group version 1.0 (x32 Version: 1.0)
CyberLink LabelPrint (x32 Version: 2.5.3.6326)
CyberLink Media Suite 10 (x32 Version: 10.0.4.2928)
CyberLink PhotoDirector (x32 Version: 2.0.2.3317)
CyberLink Power2Go 8 (x32 Version: 8.0.3.2527)
CyberLink PowerDirector 10 (x32 Version: 10.0.3.2606)
CyberLink PowerDVD (x32 Version: 10.0.6.4319)
CyberLink YouCam (x32 Version: 3.5.5.5811)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.47.1.0333)
Energy Star (x32 Version: 1.0.9)
FileZilla Client 3.7.2 (x32 Version: 3.7.2)
Fotogalerie (x32 Version: 16.4.3503.0728)
Fussball Manager 2003 (x32)
Google Chrome (x32 Version: 31.0.1650.57)
Google Update Helper (x32 Version: 1.3.21.165)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP 3D DriveGuard (Version: 4.2.9.1)
HP Connected Music (Meridian - installer) (x32 Version: v1.0)
HP Connected Remote (x32 Version: 1.0.1218)
HP CoolSense (x32 Version: 2.10.62)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Documentation (x32 Version: 1.2.0.0)
HP Postscript Converter (Version: 3.1.3591)
HP Quick Launch (x32 Version: 3.0.6)
HP Recovery Manager (x32 Version: 8.00)
HP Registration Service (Version: 1.1.6232.4245)
HP SimplePass (x32 Version: 6.0.100.276)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Utility Center (x32 Version: 1.0.8)
HP Wireless Button Driver (x32 Version: 1.1.2.1)
IDT Audio (x32 Version: 1.0.6425.0)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2857)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.9.1002)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 365 Home Premium - de-de (Version: 15.0.4551.1005)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3503.0728)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1108.0727)
Norton Internet Security (x32 Version: 20.4.0.40)
NVIDIA Grafiktreiber 306.97 (Version: 306.97)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA Systemsteuerung 306.97 (Version: 306.97)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1005)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1005)
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1005)
Oracle VM VirtualBox 4.2.18 (Version: 4.2.18)
Overwolf (x32 Version: 0.46.271)
Photo Common (x32 Version: 16.4.3503.0728)
Photo Gallery (x32 Version: 16.4.3503.0728)
Ralink Bluetooth Stack64 (Version: 9.0.725.0)
Ralink RT3290 802.11bgn Wi-Fi Adapter (x32 Version: 5.0.5.0)
Realtek Ethernet Controller Driver (x32 Version: 8.2.612.2012)
Realtek PCIE Card Reader (x32 Version: 6.2.8400.29034)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 16.2.15.0)
TeamSpeak 3 Client (x32 Version: 3.0.12)
TeamViewer 8 (x32 Version: 8.0.20935)
Validity WBF DDK (Version: 4.4.234.0)
VLC media player 2.0.8 (x32 Version: 2.0.8)
Windows 7 Upgrade Advisor (x32 Version: 2.0.5000.0)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728)
Windows Live Essentials (x32 Version: 16.4.3503.0728)
Windows Live Installer (x32 Version: 16.4.3503.0728)
Windows Live Photo Common (x32 Version: 16.4.3503.0728)
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728)
Windows Live SOXE (x32 Version: 16.4.3503.0728)
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728)
Windows Live UX Platform (x32 Version: 16.4.3503.0728)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728)
XAMPP (x32 Version: 1.8.2-2)

==================== Restore Points  =========================

22-11-2013 13:35:13 Geplanter Prüfpunkt
02-12-2013 19:14:33 ComboFix created restore point

==================== Hosts content: ==========================

2012-07-26 06:26 - 2013-12-02 20:27 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {03D88F6E-D71B-4374-87FF-716E561EDDB2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {04A7DB74-D921-4C25-AB68-71B51ADF7BCE} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {05603BAC-8136-4DD4-B4E0-D708E7B943CF} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Arztpraxis-Guido Arztpraxis => C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE [2013-11-13] (Microsoft Corporation)
Task: {0744CA2B-85DC-4DAE-A468-B71399F08584} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation)
Task: {0765D534-EFB5-4FF0-B2F1-F8026708F798} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-23] (Google Inc.)
Task: {07C86AA6-0DE1-4487-B6B3-F31B150C16B0} - \FreeHDSport TV-codedownloader No Task File
Task: {0E823B33-E23D-4B19-B252-E222AC3340EC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {1FAEFE4A-5A09-48B6-9D2A-662128DE15A1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2013-11-13] (Microsoft Corporation)
Task: {33DBBF02-24CB-411C-8811-978A16ECA506} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05] (Hewlett-Packard Development Company, L.P.)
Task: {3461C32B-7BA2-4BE8-88A3-4CE799D2F804} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {35230293-550B-4F10-BE76-344E16D23909} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {3F770B1B-8430-4710-B241-B4A8B120067D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-23] (Google Inc.)
Task: {4D9E6627-A0C6-4C29-A391-00830E45CD86} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation)
Task: {82105BD2-A46C-4843-9B59-5B2B1118D771} - \DealPlyUpdate No Task File
Task: {9CD1B119-EC19-4D2A-879E-6C156E3FC4B3} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {A6D17F29-AB5E-4779-AA56-18068B69BD16} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {ACF590E3-898D-421B-9229-F75689C7AA03} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {B703BC8C-A3C4-4211-9255-B5D4E1E1017D} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-12] (CyberLink)
Task: {C45768EB-185C-486C-BCFF-E97499BF3A65} - \FreeHDSport TV-enabler No Task File
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C7146957-7AD9-4788-BE99-B4A53709E5C4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-09-17] (Microsoft Corporation)
Task: {CA3C3722-90C1-4B9D-BFA3-F299E444B758} - \LaunchApp No Task File
Task: {E5016812-F785-4B18-89A2-0393E71BA7D9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {F148786B-E894-48D4-813C-E498F149DDE8} - System32\Tasks\HPCeeScheduleForGuido => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {F63C65B5-D585-4DE2-8FE4-11131B50FC48} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wscstub.exe [2013-06-04] (Symantec Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForGuido.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-11-11 14:55 - 2013-11-11 14:55 - 00045096 _____ () C:\Program Files (x86)\Overwolf\x64\OWExplorer-20018.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00039464 _____ () C:\Program Files (x86)\Overwolf\x64\OWLog.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00721960 _____ () C:\Program Files (x86)\Overwolf\x64\OWExplorerLauncher.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00029960 _____ () C:\Windows\SYSTEM32\BsTrace.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00017160 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00062216 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00079400 _____ () C:\Program Files (x86)\Overwolf\OWExplorer-20018.dll
2013-10-06 11:20 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 10:34 - 2012-06-08 10:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 22568888 _____ () C:\Program Files (x86)\Overwolf\OverWolf.Client.Core.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00065536 _____ () C:\Program Files (x86)\Overwolf\de\OverWolf.Client.Core.resources.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00093624 _____ () C:\Program Files (x86)\Overwolf\OverWolf.BL.Interfaces.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00010240 _____ () C:\Program Files (x86)\Overwolf\ODK.AddIns.V2.HostView.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00135720 _____ () C:\Program Files (x86)\Overwolf\OWService.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00970792 _____ () C:\Program Files (x86)\Overwolf\OWServer.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00038440 _____ () C:\Program Files (x86)\Overwolf\OWLog.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00839720 _____ () C:\Program Files (x86)\Overwolf\OWAgent.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00087552 _____ () C:\Program Files (x86)\Overwolf\BrowserWindow.dll
2013-10-06 11:21 - 2013-01-27 15:13 - 00806664 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
2013-10-06 11:20 - 2012-09-25 09:32 - 01351792 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\DEU\P2GRC.dll
2013-10-06 11:20 - 2013-01-27 15:13 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00029224 _____ () C:\Program Files (x86)\Overwolf\OWExplorerLauncher.dll
2013-08-26 16:44 - 2013-08-26 16:44 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\580dd8b0082db602dda6a42bf4fb1b17\PSIClient.ni.dll
2013-08-06 18:43 - 2013-08-06 18:43 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-08-24 18:41 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2013-03-12 07:00 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-11-17 01:46 - 2013-11-14 12:28 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
2013-11-17 01:46 - 2013-11-14 12:28 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
2013-11-17 01:46 - 2013-11-14 12:29 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
2013-11-17 01:46 - 2013-11-14 12:29 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
2013-11-17 01:46 - 2013-11-14 12:28 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
2013-08-24 18:41 - 2012-05-30 07:51 - 00699280 ____R () C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll
2013-11-17 01:46 - 2013-11-14 12:29 - 13582800 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-12-02 20:20:32.630
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Percentage of memory in use: 16%
Total physical RAM: 16273.27 MB
Available physical RAM: 13595.05 MB
Total Pagefile: 32657.27 MB
Available Pagefile: 30029.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:912.95 GB) (Free:726.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.79 GB) (Free:2.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (FM2003) (CDROM) (Total:0.68 GB) (Free:0 GB) CDFS
Drive f: (GRMCULXFRER_DE_DVD) (CDROM) (Total:2.97 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: A50E1C7D)

Partition: GPT Partition Type
==================== End Of Log ============================
         
--- --- ---

Ich weiß zwar nicht ob es schlau ist,das jetzt zu sagen aber ich lerne gerade Fachinformatiker Systemintegration. Deshalb wäre ich für viele Details hier auch dankbar, da ich ja dadurch auch nur lernen kann. Vielen Dank für die Hilfe!!!


Alt 03.12.2013, 11:49   #6
Bootsektor
Ruhe in Frieden
† 2019
 
Trojan Zeroaccess b,c & Trojan Gen 2 - Standard

Trojan Zeroaccess b,c & Trojan Gen 2



Hallo ArztNr4,
hattest du beide Anitvirenprogrammen für den Scan von Combofix abgeschaltet? CF zeigt, dass Norton noch an ist. Außerdem schrieb ich dir ja schon, dass es nicht gut ist, zwei Antivirenprogramme zugleich auf dem Rechner zu haben, selbst, wenn eines davon deaktiviert ist.

Zitat:
Ich weiß zwar nicht ob es schlau ist,das jetzt zu sagen aber ich lerne gerade Fachinformatiker Systemintegration. Deshalb wäre ich für viele Details hier auch dankbar, da ich ja dadurch auch nur lernen kann. Vielen Dank für die Hilfe!!!
Falls dich das Thema interessiert kannst du dich gerne um einen unserer Ausbildungsplätze bewerben, sobald wir wieder freie haben.
Ausbildung auf dem Trojaner-Board


Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
CHR DefaultSearchURL: (Web) - hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=85c524a1-c54d-80a1-276f-bf422fe73c91&searchtype=ds&q={searchTerms}&installDate=29/09/2013
Task: {07C86AA6-0DE1-4487-B6B3-F31B150C16B0} - \FreeHDSport TV-codedownloader No Task File
Task: {82105BD2-A46C-4843-9B59-5B2B1118D771} - \DealPlyUpdate No Task File
Task: {C45768EB-185C-486C-BCFF-E97499BF3A65} - \FreeHDSport TV-enabler No Task File
Task: {CA3C3722-90C1-4B9D-BFA3-F299E444B758} - \LaunchApp No Task File
AlternateDataStreams: C:\ProgramData\Temp:373E1720
Winsock: Catalog5 04 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 04 %SystemRoot%\System32\mswsock.dll [355328] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt 2
Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.




Schritt 3
Starte noch einmal FRST.
  • Setze den Haken bei addition.txt und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.
__________________
--> Trojan Zeroaccess b,c & Trojan Gen 2

Alt 03.12.2013, 21:54   #7
ArztNr4
 
Trojan Zeroaccess b,c & Trojan Gen 2 - Standard

Trojan Zeroaccess b,c & Trojan Gen 2



Ich habe alle Firewalls und Virenscanner abgestellt,teilweise manuell. Sie waren alle aus als das Combofix liefJRT Logfile:
JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8 x64
Ran by Guido on 03.12.2013 at 21:27:49,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.12.2013 at 21:34:35,53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8 x64
Ran by Guido on 03.12.2013 at 21:27:49,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.12.2013 at 21:34:35,53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[/CODE]
--- --- ---


is irgendwie doppelt

Farbar Service Scanner Version: 23-11-2013
Ran by Guido (administrator) on 03-12-2013 at 21:41:19
Running from "C:\Users\Guido\Downloads"
Microsoft Windows 8 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to retrieve ServiceDll of RemoteAccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-11-13 19:15] - [2013-09-04 04:11] - 0576512 ____A (Microsoft Corporation) 7C0E0EDF18D6CC565D7BFBB451709FA5

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll
[2013-11-13 19:15] - [2013-10-10 10:20] - 0723968 ____A (Microsoft Corporation) 53AA55632B94622F2DC3695E86EF9363

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2013 02
Ran by Guido at 2013-12-03 21:50:39
Running from C:\Users\Guido\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

7-Zip 9.21 (x32 Version: 9.21.00.0)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.6.636)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87)
Bandizip (HKCU Version: 3.08)
Bonjour (Version: 3.0.0.10)
Connected Music powered by Universal Music Group version 1.0 (x32 Version: 1.0)
CyberLink LabelPrint (x32 Version: 2.5.3.6326)
CyberLink Media Suite 10 (x32 Version: 10.0.4.2928)
CyberLink PhotoDirector (x32 Version: 2.0.2.3317)
CyberLink Power2Go 8 (x32 Version: 8.0.3.2527)
CyberLink PowerDirector 10 (x32 Version: 10.0.3.2606)
CyberLink PowerDVD (x32 Version: 10.0.6.4319)
CyberLink YouCam (x32 Version: 3.5.5.5811)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.47.1.0333)
Energy Star (x32 Version: 1.0.9)
FileZilla Client 3.7.2 (x32 Version: 3.7.2)
Fotogalerie (x32 Version: 16.4.3503.0728)
Fussball Manager 2003 (x32)
Google Chrome (x32 Version: 31.0.1650.57)
Google Update Helper (x32 Version: 1.3.21.165)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP 3D DriveGuard (Version: 4.2.9.1)
HP Connected Music (Meridian - installer) (x32 Version: v1.0)
HP Connected Remote (x32 Version: 1.0.1218)
HP CoolSense (x32 Version: 2.10.62)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Documentation (x32 Version: 1.2.0.0)
HP Postscript Converter (Version: 3.1.3591)
HP Quick Launch (x32 Version: 3.0.6)
HP Recovery Manager (x32 Version: 8.00)
HP Registration Service (Version: 1.1.6232.4245)
HP SimplePass (x32 Version: 6.0.100.276)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Utility Center (x32 Version: 1.0.8)
HP Wireless Button Driver (x32 Version: 1.1.2.1)
IDT Audio (x32 Version: 1.0.6425.0)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2857)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.9.1002)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 365 Home Premium - de-de (Version: 15.0.4551.1005)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3503.0728)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1108.0727)
Norton Internet Security (x32 Version: 20.4.0.40)
NVIDIA Grafiktreiber 306.97 (Version: 306.97)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA Systemsteuerung 306.97 (Version: 306.97)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1005)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1005)
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1005)
Oracle VM VirtualBox 4.2.18 (Version: 4.2.18)
Overwolf (x32 Version: 0.46.271)
Photo Common (x32 Version: 16.4.3503.0728)
Photo Gallery (x32 Version: 16.4.3503.0728)
Ralink Bluetooth Stack64 (Version: 9.0.725.0)
Ralink RT3290 802.11bgn Wi-Fi Adapter (x32 Version: 5.0.5.0)
Realtek Ethernet Controller Driver (x32 Version: 8.2.612.2012)
Realtek PCIE Card Reader (x32 Version: 6.2.8400.29034)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 16.2.15.0)
TeamSpeak 3 Client (x32 Version: 3.0.12)
TeamViewer 8 (x32 Version: 8.0.20935)
Validity WBF DDK (Version: 4.4.234.0)
VLC media player 2.0.8 (x32 Version: 2.0.8)
Windows 7 Upgrade Advisor (x32 Version: 2.0.5000.0)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728)
Windows Live Essentials (x32 Version: 16.4.3503.0728)
Windows Live Installer (x32 Version: 16.4.3503.0728)
Windows Live Photo Common (x32 Version: 16.4.3503.0728)
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728)
Windows Live SOXE (x32 Version: 16.4.3503.0728)
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728)
Windows Live UX Platform (x32 Version: 16.4.3503.0728)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728)
XAMPP (x32 Version: 1.8.2-2)

==================== Restore Points  =========================

22-11-2013 13:35:13 Geplanter Prüfpunkt
02-12-2013 19:14:33 ComboFix created restore point

==================== Hosts content: ==========================

2012-07-26 06:26 - 2013-12-02 20:27 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {03D88F6E-D71B-4374-87FF-716E561EDDB2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {04A7DB74-D921-4C25-AB68-71B51ADF7BCE} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {05603BAC-8136-4DD4-B4E0-D708E7B943CF} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Arztpraxis-Guido Arztpraxis => C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE [2013-11-13] (Microsoft Corporation)
Task: {0744CA2B-85DC-4DAE-A468-B71399F08584} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation)
Task: {0765D534-EFB5-4FF0-B2F1-F8026708F798} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-23] (Google Inc.)
Task: {07C86AA6-0DE1-4487-B6B3-F31B150C16B0} - \FreeHDSport TV-codedownloader No Task File
Task: {0E823B33-E23D-4B19-B252-E222AC3340EC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {1FAEFE4A-5A09-48B6-9D2A-662128DE15A1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2013-11-13] (Microsoft Corporation)
Task: {33DBBF02-24CB-411C-8811-978A16ECA506} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05] (Hewlett-Packard Development Company, L.P.)
Task: {3461C32B-7BA2-4BE8-88A3-4CE799D2F804} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {35230293-550B-4F10-BE76-344E16D23909} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {3F770B1B-8430-4710-B241-B4A8B120067D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-23] (Google Inc.)
Task: {4D9E6627-A0C6-4C29-A391-00830E45CD86} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation)
Task: {82105BD2-A46C-4843-9B59-5B2B1118D771} - \DealPlyUpdate No Task File
Task: {9CD1B119-EC19-4D2A-879E-6C156E3FC4B3} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {A6D17F29-AB5E-4779-AA56-18068B69BD16} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {ACF590E3-898D-421B-9229-F75689C7AA03} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {B703BC8C-A3C4-4211-9255-B5D4E1E1017D} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-12] (CyberLink)
Task: {C45768EB-185C-486C-BCFF-E97499BF3A65} - \FreeHDSport TV-enabler No Task File
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C7146957-7AD9-4788-BE99-B4A53709E5C4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-09-17] (Microsoft Corporation)
Task: {CA3C3722-90C1-4B9D-BFA3-F299E444B758} - \LaunchApp No Task File
Task: {E5016812-F785-4B18-89A2-0393E71BA7D9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {F148786B-E894-48D4-813C-E498F149DDE8} - System32\Tasks\HPCeeScheduleForGuido => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {F63C65B5-D585-4DE2-8FE4-11131B50FC48} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wscstub.exe [2013-06-04] (Symantec Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForGuido.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-11-11 14:55 - 2013-11-11 14:55 - 00045096 _____ () C:\Program Files (x86)\Overwolf\x64\OWExplorer-20018.dll
2012-10-12 17:22 - 2012-10-12 17:22 - 00120224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2013-08-23 17:28 - 2013-08-23 17:28 - 00120224 _____ () C:\Users\Guido\AppData\Local\assembly\dl3\0M87QAMV.OKV\6DLKRMD9.25L\32674416\004b58b8_95a8cd01\HPItunesModule.DLL
2012-10-12 17:22 - 2012-10-12 17:22 - 00048544 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-10-12 17:22 - 2012-10-12 17:22 - 00180224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00039464 _____ () C:\Program Files (x86)\Overwolf\x64\OWLog.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00721960 _____ () C:\Program Files (x86)\Overwolf\x64\OWExplorerLauncher.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00029960 _____ () C:\Windows\SYSTEM32\BsTrace.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00017160 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00062216 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll
2013-08-06 18:43 - 2013-08-06 18:43 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-08-26 16:44 - 2013-08-26 16:44 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\580dd8b0082db602dda6a42bf4fb1b17\PSIClient.ni.dll
2013-03-12 07:00 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-08-24 18:41 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00079400 _____ () C:\Program Files (x86)\Overwolf\OWExplorer-20018.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 22568888 _____ () C:\Program Files (x86)\Overwolf\OverWolf.Client.Core.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00065536 _____ () C:\Program Files (x86)\Overwolf\de\OverWolf.Client.Core.resources.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00093624 _____ () C:\Program Files (x86)\Overwolf\OverWolf.BL.Interfaces.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00010240 _____ () C:\Program Files (x86)\Overwolf\ODK.AddIns.V2.HostView.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00135720 _____ () C:\Program Files (x86)\Overwolf\OWService.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00970792 _____ () C:\Program Files (x86)\Overwolf\OWServer.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00038440 _____ () C:\Program Files (x86)\Overwolf\OWLog.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00839720 _____ () C:\Program Files (x86)\Overwolf\OWAgent.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00087552 _____ () C:\Program Files (x86)\Overwolf\BrowserWindow.dll
2013-10-06 11:21 - 2013-01-27 15:13 - 00806664 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
2013-10-06 11:20 - 2012-09-25 09:32 - 01351792 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\DEU\P2GRC.dll
2013-10-06 11:20 - 2013-01-27 15:13 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll
2013-10-06 11:20 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 10:34 - 2012-06-08 10:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00029224 _____ () C:\Program Files (x86)\Overwolf\OWExplorerLauncher.dll
2013-06-07 05:16 - 2013-06-07 05:16 - 00019240 _____ () C:\Program Files (x86)\HP SimplePass\DownloadManager.dll
2013-11-17 01:46 - 2013-11-14 12:28 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
2013-11-17 01:46 - 2013-11-14 12:28 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
2013-11-17 01:46 - 2013-11-14 12:29 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
2013-11-17 01:46 - 2013-11-14 12:29 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
2013-11-17 01:46 - 2013-11-14 12:28 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
2013-08-24 18:41 - 2012-05-30 07:51 - 00699280 ____R () C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll
2013-11-17 01:46 - 2013-11-14 12:29 - 13582800 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/03/2013 08:58:51 PM) (Source: Chrome) (User: NT-AUTORITÄT)
Description: Chrome has encountered a fatal error.
ver=31.0.1650.57;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\a8bb8551-54f1-4f08-ba2d-f7b8536d9633.dmp

Error: (12/03/2013 08:25:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2687

Error: (12/03/2013 08:25:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2687

Error: (12/03/2013 08:25:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/03/2013 08:25:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1453

Error: (12/03/2013 08:25:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1453

Error: (12/03/2013 08:25:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/03/2013 07:13:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2266

Error: (12/03/2013 07:13:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2266

Error: (12/03/2013 07:13:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (12/03/2013 08:31:00 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "ARZTPRAXIS" auf Transport "NetBT_Tcpip_{332D41F9-A0A1-446A-9D92-7157C0A838EF}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (12/03/2013 07:44:30 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "ARZTPRAXIS" auf Transport "NetBT_Tcpip_{332D41F9-A0A1-446A-9D92-7157C0A838EF}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (12/02/2013 10:37:15 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "ARZTPRAXIS" auf Transport "NetBT_Tcpip_{332D41F9-A0A1-446A-9D92-7157C0A838EF}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (12/02/2013 10:36:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Firewall" wurde mit dem folgenden dienstspezifischen Fehler beendet: 
%%2


Microsoft Office Sessions:
=========================
Error: (12/03/2013 08:58:51 PM) (Source: Chrome)(User: NT-AUTORITÄT)
Description: Chrome has encountered a fatal error.
ver=31.0.1650.57;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\a8bb8551-54f1-4f08-ba2d-f7b8536d9633.dmp

Error: (12/03/2013 08:25:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2687

Error: (12/03/2013 08:25:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2687

Error: (12/03/2013 08:25:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/03/2013 08:25:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1453

Error: (12/03/2013 08:25:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1453

Error: (12/03/2013 08:25:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/03/2013 07:13:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2266

Error: (12/03/2013 07:13:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2266

Error: (12/03/2013 07:13:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2013-12-02 20:20:32.630
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 16273.27 MB
Available physical RAM: 13672.9 MB
Total Pagefile: 32657.27 MB
Available Pagefile: 29985.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:912.95 GB) (Free:726.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.79 GB) (Free:2.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (FM2003) (CDROM) (Total:0.68 GB) (Free:0 GB) CDFS
Drive f: (GRMCULXFRER_DE_DVD) (CDROM) (Total:2.97 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: A50E1C7D)

Partition: GPT Partition Type
==================== End Of Log ============================
         
--- --- ---


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2013 02
Ran by Guido (administrator) on ARZTPRAXIS on 03-12-2013 21:49:49
Running from C:\Users\Guido\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Windows\System32\valWBFPolicyService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Overwolf) C:\Program Files (x86)\Overwolf\Overwolf.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft) C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe
(Overwolf) C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper64.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2874168 2012-09-14] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-08-25] (IDT, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [35256 2013-11-11] (Overwolf)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKCU\...\Run: [Power2GoExpress8] - C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKCU\...\Run: [SkyDrive] - C:\Users\Guido\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-11-25] (Microsoft Corporation)
HKLM-x32\...\Run: [BtTray] - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [] - [x]
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=20.4.0.40
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=20.4.0.40
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {318620FC-36FB-41C7-8B16-07911DE8D345} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 04 %SystemRoot%\System32\mswsock.dll [355328] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: fhdp3 - C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\profiles\extensions\fhdp3@freehdsp.tv.xpi
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Web) - hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=85c524a1-c54d-80a1-276f-bf422fe73c91&searchtype=ds&q={searchTerms}&installDate=29/09/2013
CHR DefaultSuggestURL: (Web) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Extension: (Google Docs) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Add to Amazon Wish List) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0
CHR Extension: (Google Search) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Website Logon) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm\6.0.100_0
CHR Extension: (Norton Identity Protection) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0
CHR Extension: (Google Wallet) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx
CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx

==================== Services (Whitelisted) =================

R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-17] (Microsoft Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-11-11] (Overwolf Ltd)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [29696 2012-11-13] (Microsoft Corporation)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [1524824 2013-10-23] (Symantec Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthHFEnum; 
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-09-29] (DT Soft Ltd)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20131202.001\IDSvia64.sys [521816 2013-11-11] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131203.002\ENG64.SYS [126040 2013-08-29] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131203.002\EX64.SYS [2099288 2013-08-29] (Symantec Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2012-08-09] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [692832 2012-10-02] (Ralink Technology, Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-14] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-14] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-08-24] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 UHSfiltv; C:\Windows\system32\drivers\UHSfiltv.sys [23552 2013-07-19] (Creative Technology Ltd.)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-11-13] (Microsoft Corporation)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-03 21:49 - 2013-12-03 21:49 - 01959614 _____ (Farbar) C:\Users\Guido\Downloads\FRST64.exe
2013-12-03 21:48 - 2013-12-03 21:48 - 00003120 _____ C:\Windows\System32\Tasks\{FFED7106-26C1-4399-809C-38CF6BDA7619}
2013-12-03 21:47 - 2013-12-03 21:47 - 01092545 _____ (Farbar) C:\Users\Guido\Downloads\FRST.exe
2013-12-03 21:41 - 2013-12-03 21:41 - 00003186 _____ C:\Users\Guido\Downloads\FSS.txt
2013-12-03 21:39 - 2013-12-03 21:39 - 00360881 _____ (Farbar) C:\Users\Guido\Downloads\FSS.exe
2013-12-03 21:34 - 2013-12-03 21:34 - 00000612 _____ C:\Users\Guido\Desktop\JRT.txt
2013-12-03 21:26 - 2013-12-03 21:26 - 01034531 _____ (Thisisu) C:\Users\Guido\Downloads\JRT (1).exe
2013-12-03 21:17 - 2013-12-03 21:17 - 00000887 _____ C:\Users\Guido\Desktop\fixlist.txt
2013-12-02 20:34 - 2013-12-02 20:34 - 00024037 _____ C:\ComboFix.txt
2013-12-02 20:10 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-02 20:10 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-02 20:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-02 20:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-02 20:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-02 20:10 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2013-12-02 20:10 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-02 20:10 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-02 20:10 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-02 20:09 - 2013-12-02 20:35 - 00000000 ____D C:\Qoobox
2013-12-02 20:09 - 2013-12-02 20:31 - 00000000 ____D C:\Windows\erdnt
2013-12-02 20:08 - 2013-12-02 20:09 - 05151572 ____R (Swearware) C:\Users\Guido\Downloads\ComboFix.exe
2013-12-02 20:01 - 2013-12-02 20:01 - 00000000 ____D C:\Windows\ERUNT
2013-12-02 19:58 - 2013-12-02 19:58 - 00438168 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-02 19:41 - 2013-12-02 20:40 - 00000000 ____D C:\AdwCleaner
2013-12-02 19:40 - 2013-12-02 19:40 - 01110034 _____ C:\Users\Guido\Downloads\adwcleaner.exe
2013-12-01 15:12 - 2013-12-02 21:00 - 00017916 _____ C:\Users\Guido\Downloads\Addition.txt
2013-12-01 15:11 - 2013-12-03 21:50 - 00020634 _____ C:\Users\Guido\Downloads\FRST.txt
2013-12-01 15:11 - 2013-12-01 15:11 - 00000000 ____D C:\FRST
2013-12-01 12:30 - 2013-12-01 12:30 - 00002044 _____ C:\Users\Public\Desktop\Fussball Manager 2003.lnk
2013-12-01 12:30 - 2013-12-01 12:30 - 00000567 _____ C:\Windows\eReg.dat
2013-12-01 11:40 - 2013-12-01 11:40 - 00000000 ____D C:\Program Files (x86)\EA SPORTS
2013-12-01 11:36 - 2013-12-01 11:36 - 00000000 ____D C:\Users\Guido\Desktop\Fussball.Manager.2003.keygen.by.FUTURiTY
2013-12-01 11:34 - 2013-12-01 11:34 - 00182423 _____ C:\Users\Guido\Downloads\Fussball.Manager.2003.keygen.by.FUTURiTY.zip
2013-11-29 19:51 - 2013-11-29 19:51 - 00000000 ____D C:\Users\Guido\Documents\New Star Soccer 5
2013-11-29 19:49 - 2013-11-29 19:50 - 42998689 _____ (New Star Games Ltd                                          ) C:\Users\Guido\Downloads\Install_NSS5.exe
2013-11-26 22:52 - 2013-11-26 22:52 - 00014370 _____ C:\Users\Guido\Downloads\Losungen 26.11 .xlsx
2013-11-24 22:16 - 2013-12-02 22:59 - 00005142 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Arztpraxis-Guido Arztpraxis
2013-11-17 14:14 - 2013-11-17 14:50 - 00110592 ___SH C:\Users\Guido\Desktop\Thumbs.db
2013-11-17 14:10 - 2013-11-17 14:10 - 00000000 ____D C:\Users\Guido\Documents\Fax
2013-11-17 10:44 - 2013-11-28 22:36 - 00003168 _____ C:\Windows\System32\Tasks\HPCeeScheduleForGuido
2013-11-14 22:33 - 2013-11-17 14:02 - 00005632 ___SH C:\Users\Guido\Downloads\Thumbs.db
2013-11-14 19:51 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 19:51 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 19:51 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-11-14 19:51 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-11-13 19:15 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 19:15 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 19:15 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 19:15 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 19:15 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 19:15 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 19:15 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 19:15 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 19:15 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 19:15 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 19:15 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 19:15 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-11-13 19:15 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 19:15 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-11-13 19:15 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 19:15 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 19:15 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 19:15 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 19:15 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 19:15 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 19:15 - 2013-09-14 02:15 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-11-13 19:15 - 2013-09-13 23:36 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-11-13 19:15 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-11-13 19:15 - 2013-09-13 23:36 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-11-13 19:15 - 2013-09-13 23:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-11-13 19:15 - 2013-09-13 23:36 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-11-13 19:15 - 2013-09-13 23:34 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-11-13 19:15 - 2013-09-13 23:33 - 03279360 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-11-13 19:15 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 19:15 - 2013-08-30 06:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2013-11-13 19:15 - 2013-08-30 06:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2013-11-13 19:15 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2013-11-13 19:15 - 2013-08-21 07:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-11-13 19:15 - 2013-08-10 07:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2013-11-13 19:15 - 2013-08-10 06:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-11-13 19:15 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-11-13 19:15 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-11-13 19:15 - 2013-07-25 00:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2013-11-13 19:15 - 2013-07-12 02:38 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2013-11-13 19:15 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2013-11-12 21:11 - 2013-11-12 21:11 - 00001176 _____ C:\Users\Guido\Desktop\Bandizip.lnk
2013-11-12 21:11 - 2013-11-12 21:11 - 00000000 ____D C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bandizip
2013-11-12 21:11 - 2013-11-12 21:11 - 00000000 ____D C:\Users\Guido\AppData\Local\Bandizip
2013-11-12 21:10 - 2013-11-12 21:10 - 04249304 _____ C:\Users\Guido\Downloads\bandizip-setup-gl.exe
2013-11-09 18:14 - 2013-11-09 18:14 - 00000000 ____D C:\Users\Guido\SyncFolder
2013-11-09 00:26 - 2013-11-09 00:26 - 00555776 _____ C:\Users\Guido\Downloads\Java7.exe
2013-11-08 20:03 - 2013-11-08 20:03 - 00165176 _____ (Firseria·s·l ) C:\Users\Guido\Downloads\Setup.exe
2013-11-07 20:50 - 2013-11-07 20:51 - 57415680 _____ C:\Users\Guido\Downloads\VBoxGuestAdditions_4.2.8.iso
2013-11-07 20:08 - 2013-11-23 08:10 - 00000000 ____D C:\Program Files (x86)\JustCloud
2013-11-07 20:06 - 2013-11-07 20:22 - 00000000 ____D C:\Users\Guido\AppData\Roaming\FileZilla
2013-11-07 20:05 - 2013-11-07 20:06 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-11-07 20:02 - 2013-11-07 20:02 - 01077648 _____ (Ask.com) C:\Users\Guido\Downloads\SFInstaller_SFFZ_filezilla_8979715_.exe
2013-11-07 19:59 - 2013-11-07 22:36 - 00000000 ____D C:\xampp
2013-11-07 19:52 - 2013-11-07 19:56 - 104477960 _____ (BitNami) C:\Users\Guido\Downloads\xampp-win32-1.8.2-2-VC9-installer.exe
2013-11-05 23:21 - 2013-11-05 23:21 - 793389452 _____ C:\Windows\MEMORY.DMP
2013-11-05 23:21 - 2013-11-05 23:21 - 00295056 _____ C:\Windows\Minidump\110513-36984-01.dmp
2013-11-05 23:21 - 2013-11-05 23:21 - 00000000 ____D C:\Windows\Minidump

==================== One Month Modified Files and Folders =======

2013-12-03 21:50 - 2013-12-01 15:11 - 00020634 _____ C:\Users\Guido\Downloads\FRST.txt
2013-12-03 21:49 - 2013-12-03 21:49 - 01959614 _____ (Farbar) C:\Users\Guido\Downloads\FRST64.exe
2013-12-03 21:48 - 2013-12-03 21:48 - 00003120 _____ C:\Windows\System32\Tasks\{FFED7106-26C1-4399-809C-38CF6BDA7619}
2013-12-03 21:47 - 2013-12-03 21:47 - 01092545 _____ (Farbar) C:\Users\Guido\Downloads\FRST.exe
2013-12-03 21:43 - 2013-08-23 17:33 - 00001130 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-03 21:41 - 2013-12-03 21:41 - 00003186 _____ C:\Users\Guido\Downloads\FSS.txt
2013-12-03 21:39 - 2013-12-03 21:39 - 00360881 _____ (Farbar) C:\Users\Guido\Downloads\FSS.exe
2013-12-03 21:34 - 2013-12-03 21:34 - 00000612 _____ C:\Users\Guido\Desktop\JRT.txt
2013-12-03 21:34 - 2013-08-23 17:36 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3635278824-774868512-842475075-1002
2013-12-03 21:26 - 2013-12-03 21:26 - 01034531 _____ (Thisisu) C:\Users\Guido\Downloads\JRT (1).exe
2013-12-03 21:17 - 2013-12-03 21:17 - 00000887 _____ C:\Users\Guido\Desktop\fixlist.txt
2013-12-03 21:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2013-12-03 20:43 - 2013-08-23 17:33 - 00001126 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-03 20:40 - 2013-08-23 17:26 - 02002143 _____ C:\Windows\WindowsUpdate.log
2013-12-03 18:44 - 2013-09-22 18:37 - 00000000 ____D C:\Users\Guido\AppData\Local\Overwolf
2013-12-02 22:59 - 2013-11-24 22:16 - 00005142 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Arztpraxis-Guido Arztpraxis
2013-12-02 22:43 - 2012-11-13 01:23 - 00831158 _____ C:\Windows\system32\perfh007.dat
2013-12-02 22:43 - 2012-11-13 01:23 - 00188760 _____ C:\Windows\system32\perfc007.dat
2013-12-02 22:43 - 2012-07-26 08:28 - 01952554 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-02 22:37 - 2012-09-26 09:53 - 00000950 _____ C:\Windows\SysWOW64\bscs.ini
2013-12-02 22:36 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-02 21:00 - 2013-12-01 15:12 - 00017916 _____ C:\Users\Guido\Downloads\Addition.txt
2013-12-02 20:40 - 2013-12-02 19:41 - 00000000 ____D C:\AdwCleaner
2013-12-02 20:35 - 2013-12-02 20:09 - 00000000 ____D C:\Qoobox
2013-12-02 20:35 - 2012-07-26 06:37 - 00000000 __RHD C:\Users\Default
2013-12-02 20:34 - 2013-12-02 20:34 - 00024037 _____ C:\ComboFix.txt
2013-12-02 20:31 - 2013-12-02 20:09 - 00000000 ____D C:\Windows\erdnt
2013-12-02 20:27 - 2012-07-26 06:26 - 00000215 _____ C:\Windows\system.ini
2013-12-02 20:26 - 2012-08-03 23:23 - 00020218 _____ C:\Windows\PFRO.log
2013-12-02 20:21 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-12-02 20:09 - 2013-12-02 20:08 - 05151572 ____R (Swearware) C:\Users\Guido\Downloads\ComboFix.exe
2013-12-02 20:03 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-12-02 20:01 - 2013-12-02 20:01 - 00000000 ____D C:\Windows\ERUNT
2013-12-02 19:58 - 2013-12-02 19:58 - 00438168 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-02 19:58 - 2013-10-06 08:52 - 00000354 _____ C:\Windows\Tasks\HPCeeScheduleForGuido.job
2013-12-02 19:45 - 2013-08-23 17:34 - 00001278 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-02 19:45 - 2013-08-23 17:30 - 00000995 _____ C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-02 19:40 - 2013-12-02 19:40 - 01110034 _____ C:\Users\Guido\Downloads\adwcleaner.exe
2013-12-01 23:17 - 2013-08-27 21:09 - 00000000 ____D C:\Users\Guido\AppData\Roaming\vlc
2013-12-01 23:07 - 2013-08-23 17:26 - 00000000 ____D C:\Users\Guido
2013-12-01 15:27 - 2013-09-29 10:18 - 00000000 ____D C:\Users\Guido\Desktop\Sicherungsdaten
2013-12-01 15:11 - 2013-12-01 15:11 - 00000000 ____D C:\FRST
2013-12-01 13:36 - 2013-08-23 17:27 - 00000000 ____D C:\Users\Guido\AppData\Local\VirtualStore
2013-12-01 12:30 - 2013-12-01 12:30 - 00002044 _____ C:\Users\Public\Desktop\Fussball Manager 2003.lnk
2013-12-01 12:30 - 2013-12-01 12:30 - 00000567 _____ C:\Windows\eReg.dat
2013-12-01 11:40 - 2013-12-01 11:40 - 00000000 ____D C:\Program Files (x86)\EA SPORTS
2013-12-01 11:40 - 2012-11-12 17:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-01 11:36 - 2013-12-01 11:36 - 00000000 ____D C:\Users\Guido\Desktop\Fussball.Manager.2003.keygen.by.FUTURiTY
2013-12-01 11:34 - 2013-12-01 11:34 - 00182423 _____ C:\Users\Guido\Downloads\Fussball.Manager.2003.keygen.by.FUTURiTY.zip
2013-12-01 11:34 - 2013-08-23 17:33 - 00000000 ____D C:\Users\Guido\AppData\Local\Google
2013-12-01 11:34 - 2013-08-23 17:33 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-01 11:27 - 2013-08-25 10:06 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-12-01 11:27 - 2013-08-25 10:06 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-11-29 19:51 - 2013-11-29 19:51 - 00000000 ____D C:\Users\Guido\Documents\New Star Soccer 5
2013-11-29 19:50 - 2013-11-29 19:49 - 42998689 _____ (New Star Games Ltd                                          ) C:\Users\Guido\Downloads\Install_NSS5.exe
2013-11-29 17:32 - 2013-08-23 17:27 - 00000000 ____D C:\Users\Guido\AppData\Local\Packages
2013-11-28 22:36 - 2013-11-17 10:44 - 00003168 _____ C:\Windows\System32\Tasks\HPCeeScheduleForGuido
2013-11-27 15:43 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-11-26 22:52 - 2013-11-26 22:52 - 00014370 _____ C:\Users\Guido\Downloads\Losungen 26.11 .xlsx
2013-11-25 13:01 - 2013-08-23 17:26 - 00002279 _____ C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2013-11-24 19:04 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\NDF
2013-11-23 08:14 - 2013-08-23 17:31 - 00000000 ___RD C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-23 08:10 - 2013-11-07 20:08 - 00000000 ____D C:\Program Files (x86)\JustCloud
2013-11-22 13:49 - 2013-09-22 18:38 - 00000000 ____D C:\Program Files (x86)\Overwolf
2013-11-21 14:33 - 2013-03-12 07:12 - 00003620 _____ C:\Windows\SysWOW64\LOCALSERVICE.INI
2013-11-21 14:33 - 2013-03-12 07:12 - 00000043 _____ C:\Windows\SysWOW64\LOCALDEVICE.INI
2013-11-17 14:50 - 2013-11-17 14:14 - 00110592 ___SH C:\Users\Guido\Desktop\Thumbs.db
2013-11-17 14:10 - 2013-11-17 14:10 - 00000000 ____D C:\Users\Guido\Documents\Fax
2013-11-17 14:02 - 2013-11-14 22:33 - 00005632 ___SH C:\Users\Guido\Downloads\Thumbs.db
2013-11-17 11:44 - 2013-10-27 12:43 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-11-15 17:21 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ToastData
2013-11-15 17:20 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2013-11-14 21:03 - 2013-08-24 19:30 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 21:00 - 2013-08-24 19:29 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 14:06 - 2013-03-12 07:25 - 00000000 ____D C:\ProgramData\CyberLink
2013-11-12 21:11 - 2013-11-12 21:11 - 00001176 _____ C:\Users\Guido\Desktop\Bandizip.lnk
2013-11-12 21:11 - 2013-11-12 21:11 - 00000000 ____D C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bandizip
2013-11-12 21:11 - 2013-11-12 21:11 - 00000000 ____D C:\Users\Guido\AppData\Local\Bandizip
2013-11-12 21:10 - 2013-11-12 21:10 - 04249304 _____ C:\Users\Guido\Downloads\bandizip-setup-gl.exe
2013-11-10 12:52 - 2012-08-04 01:02 - 00000000 ____D C:\SWSetup
2013-11-09 18:14 - 2013-11-09 18:14 - 00000000 ____D C:\Users\Guido\SyncFolder
2013-11-09 00:26 - 2013-11-09 00:26 - 00555776 _____ C:\Users\Guido\Downloads\Java7.exe
2013-11-08 20:03 - 2013-11-08 20:03 - 00165176 _____ (Firseria·s·l ) C:\Users\Guido\Downloads\Setup.exe
2013-11-07 22:36 - 2013-11-07 19:59 - 00000000 ____D C:\xampp
2013-11-07 20:51 - 2013-11-07 20:50 - 57415680 _____ C:\Users\Guido\Downloads\VBoxGuestAdditions_4.2.8.iso
2013-11-07 20:22 - 2013-11-07 20:06 - 00000000 ____D C:\Users\Guido\AppData\Roaming\FileZilla
2013-11-07 20:06 - 2013-11-07 20:05 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-11-07 20:02 - 2013-11-07 20:02 - 01077648 _____ (Ask.com) C:\Users\Guido\Downloads\SFInstaller_SFFZ_filezilla_8979715_.exe
2013-11-07 19:56 - 2013-11-07 19:52 - 104477960 _____ (BitNami) C:\Users\Guido\Downloads\xampp-win32-1.8.2-2-VC9-installer.exe
2013-11-07 18:46 - 2013-09-29 11:49 - 00000000 ____D C:\Users\Guido\.VirtualBox
2013-11-07 13:58 - 2013-09-29 12:03 - 00000000 ____D C:\Users\Guido\VirtualBox VMs
2013-11-07 13:44 - 2012-07-26 08:21 - 00003515 _____ C:\Windows\setupact.log
2013-11-05 23:58 - 2013-08-25 10:56 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-05 23:21 - 2013-11-05 23:21 - 793389452 _____ C:\Windows\MEMORY.DMP
2013-11-05 23:21 - 2013-11-05 23:21 - 00295056 _____ C:\Windows\Minidump\110513-36984-01.dmp
2013-11-05 23:21 - 2013-11-05 23:21 - 00000000 ____D C:\Windows\Minidump
2013-11-03 12:10 - 2012-11-12 17:13 - 00000000 ____D C:\Program Files (x86)\CyberLink
2013-11-03 11:05 - 2013-03-12 07:23 - 00000000 ____D C:\Program Files (x86)\HP SimplePass
2013-11-03 11:03 - 2013-03-12 07:23 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-11-03 10:58 - 2012-11-12 17:09 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-11-03 10:50 - 2013-03-12 07:11 - 00000000 ____D C:\Windows\Hewlett-Packard

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-18 21:31

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 04.12.2013, 09:22   #8
Bootsektor
Ruhe in Frieden
† 2019
 
Trojan Zeroaccess b,c & Trojan Gen 2 - Standard

Trojan Zeroaccess b,c & Trojan Gen 2



Hallo ArztNr4,
es sieht so aus, als hättest du meinen Fix, den ich dir im vorherigen Post unter Schritt 1 gepostet habe, nicht ausgeführt.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
CHR DefaultSearchURL: (Web) - hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=85c524a1-c54d-80a1-276f-bf422fe73c91&searchtype=ds&q={searchTerms}&installDate=29/09/2013
Task: {07C86AA6-0DE1-4487-B6B3-F31B150C16B0} - \FreeHDSport TV-codedownloader No Task File
Task: {82105BD2-A46C-4843-9B59-5B2B1118D771} - \DealPlyUpdate No Task File
Task: {C45768EB-185C-486C-BCFF-E97499BF3A65} - \FreeHDSport TV-enabler No Task File
Task: {CA3C3722-90C1-4B9D-BFA3-F299E444B758} - \LaunchApp No Task File
AlternateDataStreams: C:\ProgramData\Temp:373E1720
Winsock: Catalog5 04 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 04 %SystemRoot%\System32\mswsock.dll [355328] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt 2
Bitte lade Dir von hier die RemoteAccess.reg Datei herunter, führe sie aus und starte deinen Rechner erneut.

Schritt 3
Führe einen erneuten Scan mit Farbars Service Scanner durch, du brauchst ihn dir aber nicht extra wieder downloaden!
Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.




Schritt 4
Starte noch einmal FRST.
  • Setze den Haken bei addition.txt und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

Alt 04.12.2013, 23:00   #9
ArztNr4
 
Trojan Zeroaccess b,c & Trojan Gen 2 - Standard

Trojan Zeroaccess b,c & Trojan Gen 2



doch,habe ich. Nur leider war es etwas missverständlich,wenn ich den hier posten sollte.

CHR DefaultSearchURL: (Web) - hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=85c524a1-c54d-80a1-276f-bf422fe73c91&searchtype=ds&q={searchTerms}&installDate=29/09/2013 Task: {07C86AA6-0DE1-4487-B6B3-F31B150C16B0} - \FreeHDSport TV-codedownloader No Task File Task: {82105BD2-A46C-4843-9B59-5B2B1118D771} - \DealPlyUpdate No Task File Task: {C45768EB-185C-486C-BCFF-E97499BF3A65} - \FreeHDSport TV-enabler No Task File Task: {CA3C3722-90C1-4B9D-BFA3-F299E444B758} - \LaunchApp No Task File AlternateDataStreams: C:\ProgramData\Temp:373E1720 Winsock: Catalog5 04 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 04 %SystemRoot%\System32\mswsock.dll [355328] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Farbar Service Scanner Version: 23-11-2013
Ran by Guido (administrator) on 04-12-2013 at 22:53:36
Running from "C:\Users\Guido\Downloads"
Microsoft Windows 8 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-11-13 19:15] - [2013-09-04 04:11] - 0576512 ____A (Microsoft Corporation) 7C0E0EDF18D6CC565D7BFBB451709FA5

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll
[2013-11-13 19:15] - [2013-10-10 10:20] - 0723968 ____A (Microsoft Corporation) 53AA55632B94622F2DC3695E86EF9363

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2013 02
Ran by Guido (administrator) on ARZTPRAXIS on 04-12-2013 22:55:08
Running from C:\Users\Guido\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Windows\System32\valWBFPolicyService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Overwolf) C:\Program Files (x86)\Overwolf\Overwolf.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft) C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Overwolf) C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Guido\Downloads\FSS.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2874168 2012-09-14] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-08-25] (IDT, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [35256 2013-11-11] (Overwolf)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKCU\...\Run: [Power2GoExpress8] - C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKCU\...\Run: [SkyDrive] - C:\Users\Guido\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-11-25] (Microsoft Corporation)
HKLM-x32\...\Run: [BtTray] - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [] - [x]
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Fixhomepage
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Fixhomepage
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {318620FC-36FB-41C7-8B16-07911DE8D345} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 04 %SystemRoot%\System32\mswsock.dll [355328] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: fhdp3 - C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\profiles\extensions\fhdp3@freehdsp.tv.xpi
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Web) - hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=85c524a1-c54d-80a1-276f-bf422fe73c91&searchtype=ds&q={searchTerms}&installDate=29/09/2013
CHR DefaultSuggestURL: (Web) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Extension: (Google Docs) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Add to Amazon Wish List) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0
CHR Extension: (Google Search) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Website Logon) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm\6.0.100_0
CHR Extension: (Norton Identity Protection) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0
CHR Extension: (Google Wallet) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx
CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx

==================== Services (Whitelisted) =================

R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-17] (Microsoft Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-11-11] (Overwolf Ltd)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthHFEnum; 
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-09-29] (DT Soft Ltd)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20131203.002\IDSvia64.sys [521816 2013-11-11] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131204.001\ENG64.SYS [126040 2013-08-29] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131204.001\EX64.SYS [2099288 2013-08-29] (Symantec Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2012-08-09] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [692832 2012-10-02] (Ralink Technology, Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-14] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-14] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-08-24] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 UHSfiltv; C:\Windows\system32\drivers\UHSfiltv.sys [23552 2013-07-19] (Creative Technology Ltd.)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-11-13] (Microsoft Corporation)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-04 22:53 - 2013-12-04 22:53 - 00002862 _____ C:\Windows\SysWOW64\FSS.txt
2013-12-04 22:39 - 2013-12-04 22:39 - 00039108 _____ C:\Users\Guido\Downloads\RemoteAccess.reg
2013-12-03 21:49 - 2013-12-03 21:49 - 01959614 _____ (Farbar) C:\Users\Guido\Downloads\FRST64.exe
2013-12-03 21:48 - 2013-12-03 21:48 - 00003120 _____ C:\Windows\System32\Tasks\{FFED7106-26C1-4399-809C-38CF6BDA7619}
2013-12-03 21:47 - 2013-12-03 21:47 - 01092545 _____ (Farbar) C:\Users\Guido\Downloads\FRST.exe
2013-12-03 21:41 - 2013-12-03 21:41 - 00003186 _____ C:\Users\Guido\Downloads\FSS.txt
2013-12-03 21:39 - 2013-12-03 21:39 - 00360881 _____ (Farbar) C:\Users\Guido\Downloads\FSS.exe
2013-12-03 21:34 - 2013-12-03 21:34 - 00000612 _____ C:\Users\Guido\Desktop\JRT.txt
2013-12-03 21:26 - 2013-12-03 21:26 - 01034531 _____ (Thisisu) C:\Users\Guido\Downloads\JRT (1).exe
2013-12-03 21:17 - 2013-12-03 21:17 - 00000887 _____ C:\Users\Guido\Desktop\fixlist.txt
2013-12-02 20:34 - 2013-12-02 20:34 - 00024037 _____ C:\ComboFix.txt
2013-12-02 20:10 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-02 20:10 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-02 20:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-02 20:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-02 20:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-02 20:10 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2013-12-02 20:10 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-02 20:10 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-02 20:10 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-02 20:09 - 2013-12-02 20:35 - 00000000 ____D C:\Qoobox
2013-12-02 20:09 - 2013-12-02 20:31 - 00000000 ____D C:\Windows\erdnt
2013-12-02 20:08 - 2013-12-02 20:09 - 05151572 ____R (Swearware) C:\Users\Guido\Downloads\ComboFix.exe
2013-12-02 20:01 - 2013-12-02 20:01 - 00000000 ____D C:\Windows\ERUNT
2013-12-02 19:58 - 2013-12-02 19:58 - 00438168 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-02 19:41 - 2013-12-02 20:40 - 00000000 ____D C:\AdwCleaner
2013-12-02 19:40 - 2013-12-02 19:40 - 01110034 _____ C:\Users\Guido\Downloads\adwcleaner.exe
2013-12-01 15:12 - 2013-12-03 21:51 - 00023009 _____ C:\Users\Guido\Downloads\Addition.txt
2013-12-01 15:11 - 2013-12-04 22:55 - 00020786 _____ C:\Users\Guido\Downloads\FRST.txt
2013-12-01 15:11 - 2013-12-01 15:11 - 00000000 ____D C:\FRST
2013-12-01 12:30 - 2013-12-01 12:30 - 00002044 _____ C:\Users\Public\Desktop\Fussball Manager 2003.lnk
2013-12-01 12:30 - 2013-12-01 12:30 - 00000567 _____ C:\Windows\eReg.dat
2013-12-01 11:40 - 2013-12-01 11:40 - 00000000 ____D C:\Program Files (x86)\EA SPORTS
2013-12-01 11:36 - 2013-12-01 11:36 - 00000000 ____D C:\Users\Guido\Desktop\Fussball.Manager.2003.keygen.by.FUTURiTY
2013-12-01 11:34 - 2013-12-01 11:34 - 00182423 _____ C:\Users\Guido\Downloads\Fussball.Manager.2003.keygen.by.FUTURiTY.zip
2013-11-29 19:51 - 2013-11-29 19:51 - 00000000 ____D C:\Users\Guido\Documents\New Star Soccer 5
2013-11-29 19:49 - 2013-11-29 19:50 - 42998689 _____ (New Star Games Ltd                                          ) C:\Users\Guido\Downloads\Install_NSS5.exe
2013-11-26 22:52 - 2013-11-26 22:52 - 00014370 _____ C:\Users\Guido\Downloads\Losungen 26.11 .xlsx
2013-11-24 22:16 - 2013-12-04 22:50 - 00005144 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Arztpraxis-Guido Arztpraxis
2013-11-17 14:14 - 2013-11-17 14:50 - 00110592 ___SH C:\Users\Guido\Desktop\Thumbs.db
2013-11-17 14:10 - 2013-11-17 14:10 - 00000000 ____D C:\Users\Guido\Documents\Fax
2013-11-17 10:44 - 2013-12-03 22:36 - 00003168 _____ C:\Windows\System32\Tasks\HPCeeScheduleForGuido
2013-11-14 22:33 - 2013-11-17 14:02 - 00005632 ___SH C:\Users\Guido\Downloads\Thumbs.db
2013-11-14 19:51 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 19:51 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 19:51 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-11-14 19:51 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-11-13 19:15 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 19:15 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 19:15 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 19:15 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 19:15 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 19:15 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 19:15 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 19:15 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 19:15 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 19:15 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 19:15 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 19:15 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-11-13 19:15 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 19:15 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-11-13 19:15 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 19:15 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 19:15 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 19:15 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 19:15 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 19:15 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 19:15 - 2013-09-14 02:15 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-11-13 19:15 - 2013-09-13 23:36 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-11-13 19:15 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-11-13 19:15 - 2013-09-13 23:36 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-11-13 19:15 - 2013-09-13 23:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-11-13 19:15 - 2013-09-13 23:36 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-11-13 19:15 - 2013-09-13 23:34 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-11-13 19:15 - 2013-09-13 23:33 - 03279360 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-11-13 19:15 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 19:15 - 2013-08-30 06:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2013-11-13 19:15 - 2013-08-30 06:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2013-11-13 19:15 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2013-11-13 19:15 - 2013-08-21 07:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-11-13 19:15 - 2013-08-10 07:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2013-11-13 19:15 - 2013-08-10 06:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-11-13 19:15 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-11-13 19:15 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-11-13 19:15 - 2013-07-25 00:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2013-11-13 19:15 - 2013-07-12 02:38 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2013-11-13 19:15 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2013-11-12 21:11 - 2013-11-12 21:11 - 00001176 _____ C:\Users\Guido\Desktop\Bandizip.lnk
2013-11-12 21:11 - 2013-11-12 21:11 - 00000000 ____D C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bandizip
2013-11-12 21:11 - 2013-11-12 21:11 - 00000000 ____D C:\Users\Guido\AppData\Local\Bandizip
2013-11-12 21:10 - 2013-11-12 21:10 - 04249304 _____ C:\Users\Guido\Downloads\bandizip-setup-gl.exe
2013-11-09 18:14 - 2013-11-09 18:14 - 00000000 ____D C:\Users\Guido\SyncFolder
2013-11-09 00:26 - 2013-11-09 00:26 - 00555776 _____ C:\Users\Guido\Downloads\Java7.exe
2013-11-08 20:03 - 2013-11-08 20:03 - 00165176 _____ (Firseria·s·l ) C:\Users\Guido\Downloads\Setup.exe
2013-11-07 20:50 - 2013-11-07 20:51 - 57415680 _____ C:\Users\Guido\Downloads\VBoxGuestAdditions_4.2.8.iso
2013-11-07 20:08 - 2013-11-23 08:10 - 00000000 ____D C:\Program Files (x86)\JustCloud
2013-11-07 20:06 - 2013-11-07 20:22 - 00000000 ____D C:\Users\Guido\AppData\Roaming\FileZilla
2013-11-07 20:05 - 2013-11-07 20:06 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-11-07 20:02 - 2013-11-07 20:02 - 01077648 _____ (Ask.com) C:\Users\Guido\Downloads\SFInstaller_SFFZ_filezilla_8979715_.exe
2013-11-07 19:59 - 2013-11-07 22:36 - 00000000 ____D C:\xampp
2013-11-07 19:52 - 2013-11-07 19:56 - 104477960 _____ (BitNami) C:\Users\Guido\Downloads\xampp-win32-1.8.2-2-VC9-installer.exe
2013-11-05 23:21 - 2013-11-05 23:21 - 793389452 _____ C:\Windows\MEMORY.DMP
2013-11-05 23:21 - 2013-11-05 23:21 - 00295056 _____ C:\Windows\Minidump\110513-36984-01.dmp
2013-11-05 23:21 - 2013-11-05 23:21 - 00000000 ____D C:\Windows\Minidump

==================== One Month Modified Files and Folders =======

2013-12-04 22:55 - 2013-12-01 15:11 - 00020786 _____ C:\Users\Guido\Downloads\FRST.txt
2013-12-04 22:55 - 2013-08-23 17:26 - 02028987 _____ C:\Windows\WindowsUpdate.log
2013-12-04 22:53 - 2013-12-04 22:53 - 00002862 _____ C:\Windows\SysWOW64\FSS.txt
2013-12-04 22:50 - 2013-11-24 22:16 - 00005144 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Arztpraxis-Guido Arztpraxis
2013-12-04 22:49 - 2013-08-23 17:36 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3635278824-774868512-842475075-1002
2013-12-04 22:46 - 2013-09-22 18:37 - 00000000 ____D C:\Users\Guido\AppData\Local\Overwolf
2013-12-04 22:44 - 2013-10-06 08:52 - 00000354 _____ C:\Windows\Tasks\HPCeeScheduleForGuido.job
2013-12-04 22:44 - 2013-08-23 17:33 - 00001126 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-04 22:44 - 2012-09-26 09:53 - 00000950 _____ C:\Windows\SysWOW64\bscs.ini
2013-12-04 22:44 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-04 22:39 - 2013-12-04 22:39 - 00039108 _____ C:\Users\Guido\Downloads\RemoteAccess.reg
2013-12-04 22:02 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2013-12-04 21:43 - 2013-08-23 17:33 - 00001130 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-03 22:36 - 2013-11-17 10:44 - 00003168 _____ C:\Windows\System32\Tasks\HPCeeScheduleForGuido
2013-12-03 22:36 - 2013-08-23 17:26 - 00000000 ____D C:\Users\Guido
2013-12-03 21:51 - 2013-12-01 15:12 - 00023009 _____ C:\Users\Guido\Downloads\Addition.txt
2013-12-03 21:49 - 2013-12-03 21:49 - 01959614 _____ (Farbar) C:\Users\Guido\Downloads\FRST64.exe
2013-12-03 21:48 - 2013-12-03 21:48 - 00003120 _____ C:\Windows\System32\Tasks\{FFED7106-26C1-4399-809C-38CF6BDA7619}
2013-12-03 21:47 - 2013-12-03 21:47 - 01092545 _____ (Farbar) C:\Users\Guido\Downloads\FRST.exe
2013-12-03 21:41 - 2013-12-03 21:41 - 00003186 _____ C:\Users\Guido\Downloads\FSS.txt
2013-12-03 21:39 - 2013-12-03 21:39 - 00360881 _____ (Farbar) C:\Users\Guido\Downloads\FSS.exe
2013-12-03 21:34 - 2013-12-03 21:34 - 00000612 _____ C:\Users\Guido\Desktop\JRT.txt
2013-12-03 21:26 - 2013-12-03 21:26 - 01034531 _____ (Thisisu) C:\Users\Guido\Downloads\JRT (1).exe
2013-12-03 21:17 - 2013-12-03 21:17 - 00000887 _____ C:\Users\Guido\Desktop\fixlist.txt
2013-12-02 22:43 - 2012-11-13 01:23 - 00831158 _____ C:\Windows\system32\perfh007.dat
2013-12-02 22:43 - 2012-11-13 01:23 - 00188760 _____ C:\Windows\system32\perfc007.dat
2013-12-02 22:43 - 2012-07-26 08:28 - 01952554 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-02 20:40 - 2013-12-02 19:41 - 00000000 ____D C:\AdwCleaner
2013-12-02 20:35 - 2013-12-02 20:09 - 00000000 ____D C:\Qoobox
2013-12-02 20:35 - 2012-07-26 06:37 - 00000000 __RHD C:\Users\Default
2013-12-02 20:34 - 2013-12-02 20:34 - 00024037 _____ C:\ComboFix.txt
2013-12-02 20:31 - 2013-12-02 20:09 - 00000000 ____D C:\Windows\erdnt
2013-12-02 20:27 - 2012-07-26 06:26 - 00000215 _____ C:\Windows\system.ini
2013-12-02 20:26 - 2012-08-03 23:23 - 00020218 _____ C:\Windows\PFRO.log
2013-12-02 20:21 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-12-02 20:09 - 2013-12-02 20:08 - 05151572 ____R (Swearware) C:\Users\Guido\Downloads\ComboFix.exe
2013-12-02 20:03 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-12-02 20:01 - 2013-12-02 20:01 - 00000000 ____D C:\Windows\ERUNT
2013-12-02 19:58 - 2013-12-02 19:58 - 00438168 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-02 19:45 - 2013-08-23 17:34 - 00001278 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-02 19:45 - 2013-08-23 17:30 - 00000995 _____ C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-02 19:40 - 2013-12-02 19:40 - 01110034 _____ C:\Users\Guido\Downloads\adwcleaner.exe
2013-12-01 23:17 - 2013-08-27 21:09 - 00000000 ____D C:\Users\Guido\AppData\Roaming\vlc
2013-12-01 15:27 - 2013-09-29 10:18 - 00000000 ____D C:\Users\Guido\Desktop\Sicherungsdaten
2013-12-01 15:11 - 2013-12-01 15:11 - 00000000 ____D C:\FRST
2013-12-01 13:36 - 2013-08-23 17:27 - 00000000 ____D C:\Users\Guido\AppData\Local\VirtualStore
2013-12-01 12:30 - 2013-12-01 12:30 - 00002044 _____ C:\Users\Public\Desktop\Fussball Manager 2003.lnk
2013-12-01 12:30 - 2013-12-01 12:30 - 00000567 _____ C:\Windows\eReg.dat
2013-12-01 11:40 - 2013-12-01 11:40 - 00000000 ____D C:\Program Files (x86)\EA SPORTS
2013-12-01 11:40 - 2012-11-12 17:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-01 11:36 - 2013-12-01 11:36 - 00000000 ____D C:\Users\Guido\Desktop\Fussball.Manager.2003.keygen.by.FUTURiTY
2013-12-01 11:34 - 2013-12-01 11:34 - 00182423 _____ C:\Users\Guido\Downloads\Fussball.Manager.2003.keygen.by.FUTURiTY.zip
2013-12-01 11:34 - 2013-08-23 17:33 - 00000000 ____D C:\Users\Guido\AppData\Local\Google
2013-12-01 11:34 - 2013-08-23 17:33 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-01 11:27 - 2013-08-25 10:06 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-12-01 11:27 - 2013-08-25 10:06 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-11-29 19:51 - 2013-11-29 19:51 - 00000000 ____D C:\Users\Guido\Documents\New Star Soccer 5
2013-11-29 19:50 - 2013-11-29 19:49 - 42998689 _____ (New Star Games Ltd                                          ) C:\Users\Guido\Downloads\Install_NSS5.exe
2013-11-29 17:32 - 2013-08-23 17:27 - 00000000 ____D C:\Users\Guido\AppData\Local\Packages
2013-11-27 15:43 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-11-26 22:52 - 2013-11-26 22:52 - 00014370 _____ C:\Users\Guido\Downloads\Losungen 26.11 .xlsx
2013-11-25 13:01 - 2013-08-23 17:26 - 00002279 _____ C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2013-11-24 19:04 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\NDF
2013-11-23 08:14 - 2013-08-23 17:31 - 00000000 ___RD C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-23 08:10 - 2013-11-07 20:08 - 00000000 ____D C:\Program Files (x86)\JustCloud
2013-11-22 13:49 - 2013-09-22 18:38 - 00000000 ____D C:\Program Files (x86)\Overwolf
2013-11-21 14:33 - 2013-03-12 07:12 - 00003620 _____ C:\Windows\SysWOW64\LOCALSERVICE.INI
2013-11-21 14:33 - 2013-03-12 07:12 - 00000043 _____ C:\Windows\SysWOW64\LOCALDEVICE.INI
2013-11-17 14:50 - 2013-11-17 14:14 - 00110592 ___SH C:\Users\Guido\Desktop\Thumbs.db
2013-11-17 14:10 - 2013-11-17 14:10 - 00000000 ____D C:\Users\Guido\Documents\Fax
2013-11-17 14:02 - 2013-11-14 22:33 - 00005632 ___SH C:\Users\Guido\Downloads\Thumbs.db
2013-11-17 11:44 - 2013-10-27 12:43 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-11-15 17:21 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ToastData
2013-11-15 17:20 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2013-11-14 21:03 - 2013-08-24 19:30 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 21:00 - 2013-08-24 19:29 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 14:06 - 2013-03-12 07:25 - 00000000 ____D C:\ProgramData\CyberLink
2013-11-12 21:11 - 2013-11-12 21:11 - 00001176 _____ C:\Users\Guido\Desktop\Bandizip.lnk
2013-11-12 21:11 - 2013-11-12 21:11 - 00000000 ____D C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bandizip
2013-11-12 21:11 - 2013-11-12 21:11 - 00000000 ____D C:\Users\Guido\AppData\Local\Bandizip
2013-11-12 21:10 - 2013-11-12 21:10 - 04249304 _____ C:\Users\Guido\Downloads\bandizip-setup-gl.exe
2013-11-10 12:52 - 2012-08-04 01:02 - 00000000 ____D C:\SWSetup
2013-11-09 18:14 - 2013-11-09 18:14 - 00000000 ____D C:\Users\Guido\SyncFolder
2013-11-09 00:26 - 2013-11-09 00:26 - 00555776 _____ C:\Users\Guido\Downloads\Java7.exe
2013-11-08 20:03 - 2013-11-08 20:03 - 00165176 _____ (Firseria·s·l ) C:\Users\Guido\Downloads\Setup.exe
2013-11-07 22:36 - 2013-11-07 19:59 - 00000000 ____D C:\xampp
2013-11-07 20:51 - 2013-11-07 20:50 - 57415680 _____ C:\Users\Guido\Downloads\VBoxGuestAdditions_4.2.8.iso
2013-11-07 20:22 - 2013-11-07 20:06 - 00000000 ____D C:\Users\Guido\AppData\Roaming\FileZilla
2013-11-07 20:06 - 2013-11-07 20:05 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-11-07 20:02 - 2013-11-07 20:02 - 01077648 _____ (Ask.com) C:\Users\Guido\Downloads\SFInstaller_SFFZ_filezilla_8979715_.exe
2013-11-07 19:56 - 2013-11-07 19:52 - 104477960 _____ (BitNami) C:\Users\Guido\Downloads\xampp-win32-1.8.2-2-VC9-installer.exe
2013-11-07 18:46 - 2013-09-29 11:49 - 00000000 ____D C:\Users\Guido\.VirtualBox
2013-11-07 13:58 - 2013-09-29 12:03 - 00000000 ____D C:\Users\Guido\VirtualBox VMs
2013-11-07 13:44 - 2012-07-26 08:21 - 00003515 _____ C:\Windows\setupact.log
2013-11-05 23:58 - 2013-08-25 10:56 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-05 23:21 - 2013-11-05 23:21 - 793389452 _____ C:\Windows\MEMORY.DMP
2013-11-05 23:21 - 2013-11-05 23:21 - 00295056 _____ C:\Windows\Minidump\110513-36984-01.dmp
2013-11-05 23:21 - 2013-11-05 23:21 - 00000000 ____D C:\Windows\Minidump

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-18 21:31

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2013 02
Ran by Guido (administrator) on ARZTPRAXIS on 04-12-2013 22:55:08
Running from C:\Users\Guido\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Windows\System32\valWBFPolicyService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Overwolf) C:\Program Files (x86)\Overwolf\Overwolf.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft) C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Overwolf) C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Guido\Downloads\FSS.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2874168 2012-09-14] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-08-25] (IDT, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [35256 2013-11-11] (Overwolf)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKCU\...\Run: [Power2GoExpress8] - C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKCU\...\Run: [SkyDrive] - C:\Users\Guido\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-11-25] (Microsoft Corporation)
HKLM-x32\...\Run: [BtTray] - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [] - [x]
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Fixhomepage
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Fixhomepage
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {318620FC-36FB-41C7-8B16-07911DE8D345} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 04 %SystemRoot%\System32\mswsock.dll [355328] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: fhdp3 - C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\profiles\extensions\fhdp3@freehdsp.tv.xpi
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Web) - hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=85c524a1-c54d-80a1-276f-bf422fe73c91&searchtype=ds&q={searchTerms}&installDate=29/09/2013
CHR DefaultSuggestURL: (Web) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Extension: (Google Docs) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Add to Amazon Wish List) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0
CHR Extension: (Google Search) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Website Logon) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm\6.0.100_0
CHR Extension: (Norton Identity Protection) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0
CHR Extension: (Google Wallet) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx
CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx

==================== Services (Whitelisted) =================

R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-17] (Microsoft Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-11-11] (Overwolf Ltd)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthHFEnum; 
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-09-29] (DT Soft Ltd)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20131203.002\IDSvia64.sys [521816 2013-11-11] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131204.001\ENG64.SYS [126040 2013-08-29] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131204.001\EX64.SYS [2099288 2013-08-29] (Symantec Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2012-08-09] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [692832 2012-10-02] (Ralink Technology, Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-14] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-14] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-08-24] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 UHSfiltv; C:\Windows\system32\drivers\UHSfiltv.sys [23552 2013-07-19] (Creative Technology Ltd.)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-11-13] (Microsoft Corporation)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-04 22:53 - 2013-12-04 22:53 - 00002862 _____ C:\Windows\SysWOW64\FSS.txt
2013-12-04 22:39 - 2013-12-04 22:39 - 00039108 _____ C:\Users\Guido\Downloads\RemoteAccess.reg
2013-12-03 21:49 - 2013-12-03 21:49 - 01959614 _____ (Farbar) C:\Users\Guido\Downloads\FRST64.exe
2013-12-03 21:48 - 2013-12-03 21:48 - 00003120 _____ C:\Windows\System32\Tasks\{FFED7106-26C1-4399-809C-38CF6BDA7619}
2013-12-03 21:47 - 2013-12-03 21:47 - 01092545 _____ (Farbar) C:\Users\Guido\Downloads\FRST.exe
2013-12-03 21:41 - 2013-12-03 21:41 - 00003186 _____ C:\Users\Guido\Downloads\FSS.txt
2013-12-03 21:39 - 2013-12-03 21:39 - 00360881 _____ (Farbar) C:\Users\Guido\Downloads\FSS.exe
2013-12-03 21:34 - 2013-12-03 21:34 - 00000612 _____ C:\Users\Guido\Desktop\JRT.txt
2013-12-03 21:26 - 2013-12-03 21:26 - 01034531 _____ (Thisisu) C:\Users\Guido\Downloads\JRT (1).exe
2013-12-03 21:17 - 2013-12-03 21:17 - 00000887 _____ C:\Users\Guido\Desktop\fixlist.txt
2013-12-02 20:34 - 2013-12-02 20:34 - 00024037 _____ C:\ComboFix.txt
2013-12-02 20:10 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-02 20:10 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-02 20:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-02 20:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-02 20:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-02 20:10 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2013-12-02 20:10 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-02 20:10 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-02 20:10 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-02 20:09 - 2013-12-02 20:35 - 00000000 ____D C:\Qoobox
2013-12-02 20:09 - 2013-12-02 20:31 - 00000000 ____D C:\Windows\erdnt
2013-12-02 20:08 - 2013-12-02 20:09 - 05151572 ____R (Swearware) C:\Users\Guido\Downloads\ComboFix.exe
2013-12-02 20:01 - 2013-12-02 20:01 - 00000000 ____D C:\Windows\ERUNT
2013-12-02 19:58 - 2013-12-02 19:58 - 00438168 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-02 19:41 - 2013-12-02 20:40 - 00000000 ____D C:\AdwCleaner
2013-12-02 19:40 - 2013-12-02 19:40 - 01110034 _____ C:\Users\Guido\Downloads\adwcleaner.exe
2013-12-01 15:12 - 2013-12-03 21:51 - 00023009 _____ C:\Users\Guido\Downloads\Addition.txt
2013-12-01 15:11 - 2013-12-04 22:55 - 00020786 _____ C:\Users\Guido\Downloads\FRST.txt
2013-12-01 15:11 - 2013-12-01 15:11 - 00000000 ____D C:\FRST
2013-12-01 12:30 - 2013-12-01 12:30 - 00002044 _____ C:\Users\Public\Desktop\Fussball Manager 2003.lnk
2013-12-01 12:30 - 2013-12-01 12:30 - 00000567 _____ C:\Windows\eReg.dat
2013-12-01 11:40 - 2013-12-01 11:40 - 00000000 ____D C:\Program Files (x86)\EA SPORTS
2013-12-01 11:36 - 2013-12-01 11:36 - 00000000 ____D C:\Users\Guido\Desktop\Fussball.Manager.2003.keygen.by.FUTURiTY
2013-12-01 11:34 - 2013-12-01 11:34 - 00182423 _____ C:\Users\Guido\Downloads\Fussball.Manager.2003.keygen.by.FUTURiTY.zip
2013-11-29 19:51 - 2013-11-29 19:51 - 00000000 ____D C:\Users\Guido\Documents\New Star Soccer 5
2013-11-29 19:49 - 2013-11-29 19:50 - 42998689 _____ (New Star Games Ltd                                          ) C:\Users\Guido\Downloads\Install_NSS5.exe
2013-11-26 22:52 - 2013-11-26 22:52 - 00014370 _____ C:\Users\Guido\Downloads\Losungen 26.11 .xlsx
2013-11-24 22:16 - 2013-12-04 22:50 - 00005144 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Arztpraxis-Guido Arztpraxis
2013-11-17 14:14 - 2013-11-17 14:50 - 00110592 ___SH C:\Users\Guido\Desktop\Thumbs.db
2013-11-17 14:10 - 2013-11-17 14:10 - 00000000 ____D C:\Users\Guido\Documents\Fax
2013-11-17 10:44 - 2013-12-03 22:36 - 00003168 _____ C:\Windows\System32\Tasks\HPCeeScheduleForGuido
2013-11-14 22:33 - 2013-11-17 14:02 - 00005632 ___SH C:\Users\Guido\Downloads\Thumbs.db
2013-11-14 19:51 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 19:51 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 19:51 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-11-14 19:51 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-11-13 19:15 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 19:15 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 19:15 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 19:15 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 19:15 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 19:15 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 19:15 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 19:15 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 19:15 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 19:15 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 19:15 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 19:15 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-11-13 19:15 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 19:15 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-11-13 19:15 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 19:15 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 19:15 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 19:15 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 19:15 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 19:15 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 19:15 - 2013-09-14 02:15 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-11-13 19:15 - 2013-09-13 23:36 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-11-13 19:15 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-11-13 19:15 - 2013-09-13 23:36 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-11-13 19:15 - 2013-09-13 23:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-11-13 19:15 - 2013-09-13 23:36 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-11-13 19:15 - 2013-09-13 23:34 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-11-13 19:15 - 2013-09-13 23:33 - 03279360 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-11-13 19:15 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 19:15 - 2013-08-30 06:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2013-11-13 19:15 - 2013-08-30 06:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2013-11-13 19:15 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2013-11-13 19:15 - 2013-08-21 07:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-11-13 19:15 - 2013-08-10 07:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2013-11-13 19:15 - 2013-08-10 06:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-11-13 19:15 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-11-13 19:15 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-11-13 19:15 - 2013-07-25 00:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2013-11-13 19:15 - 2013-07-12 02:38 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2013-11-13 19:15 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2013-11-12 21:11 - 2013-11-12 21:11 - 00001176 _____ C:\Users\Guido\Desktop\Bandizip.lnk
2013-11-12 21:11 - 2013-11-12 21:11 - 00000000 ____D C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bandizip
2013-11-12 21:11 - 2013-11-12 21:11 - 00000000 ____D C:\Users\Guido\AppData\Local\Bandizip
2013-11-12 21:10 - 2013-11-12 21:10 - 04249304 _____ C:\Users\Guido\Downloads\bandizip-setup-gl.exe
2013-11-09 18:14 - 2013-11-09 18:14 - 00000000 ____D C:\Users\Guido\SyncFolder
2013-11-09 00:26 - 2013-11-09 00:26 - 00555776 _____ C:\Users\Guido\Downloads\Java7.exe
2013-11-08 20:03 - 2013-11-08 20:03 - 00165176 _____ (Firseria·s·l ) C:\Users\Guido\Downloads\Setup.exe
2013-11-07 20:50 - 2013-11-07 20:51 - 57415680 _____ C:\Users\Guido\Downloads\VBoxGuestAdditions_4.2.8.iso
2013-11-07 20:08 - 2013-11-23 08:10 - 00000000 ____D C:\Program Files (x86)\JustCloud
2013-11-07 20:06 - 2013-11-07 20:22 - 00000000 ____D C:\Users\Guido\AppData\Roaming\FileZilla
2013-11-07 20:05 - 2013-11-07 20:06 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-11-07 20:02 - 2013-11-07 20:02 - 01077648 _____ (Ask.com) C:\Users\Guido\Downloads\SFInstaller_SFFZ_filezilla_8979715_.exe
2013-11-07 19:59 - 2013-11-07 22:36 - 00000000 ____D C:\xampp
2013-11-07 19:52 - 2013-11-07 19:56 - 104477960 _____ (BitNami) C:\Users\Guido\Downloads\xampp-win32-1.8.2-2-VC9-installer.exe
2013-11-05 23:21 - 2013-11-05 23:21 - 793389452 _____ C:\Windows\MEMORY.DMP
2013-11-05 23:21 - 2013-11-05 23:21 - 00295056 _____ C:\Windows\Minidump\110513-36984-01.dmp
2013-11-05 23:21 - 2013-11-05 23:21 - 00000000 ____D C:\Windows\Minidump

==================== One Month Modified Files and Folders =======

2013-12-04 22:55 - 2013-12-01 15:11 - 00020786 _____ C:\Users\Guido\Downloads\FRST.txt
2013-12-04 22:55 - 2013-08-23 17:26 - 02028987 _____ C:\Windows\WindowsUpdate.log
2013-12-04 22:53 - 2013-12-04 22:53 - 00002862 _____ C:\Windows\SysWOW64\FSS.txt
2013-12-04 22:50 - 2013-11-24 22:16 - 00005144 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Arztpraxis-Guido Arztpraxis
2013-12-04 22:49 - 2013-08-23 17:36 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3635278824-774868512-842475075-1002
2013-12-04 22:46 - 2013-09-22 18:37 - 00000000 ____D C:\Users\Guido\AppData\Local\Overwolf
2013-12-04 22:44 - 2013-10-06 08:52 - 00000354 _____ C:\Windows\Tasks\HPCeeScheduleForGuido.job
2013-12-04 22:44 - 2013-08-23 17:33 - 00001126 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-04 22:44 - 2012-09-26 09:53 - 00000950 _____ C:\Windows\SysWOW64\bscs.ini
2013-12-04 22:44 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-04 22:39 - 2013-12-04 22:39 - 00039108 _____ C:\Users\Guido\Downloads\RemoteAccess.reg
2013-12-04 22:02 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2013-12-04 21:43 - 2013-08-23 17:33 - 00001130 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-03 22:36 - 2013-11-17 10:44 - 00003168 _____ C:\Windows\System32\Tasks\HPCeeScheduleForGuido
2013-12-03 22:36 - 2013-08-23 17:26 - 00000000 ____D C:\Users\Guido
2013-12-03 21:51 - 2013-12-01 15:12 - 00023009 _____ C:\Users\Guido\Downloads\Addition.txt
2013-12-03 21:49 - 2013-12-03 21:49 - 01959614 _____ (Farbar) C:\Users\Guido\Downloads\FRST64.exe
2013-12-03 21:48 - 2013-12-03 21:48 - 00003120 _____ C:\Windows\System32\Tasks\{FFED7106-26C1-4399-809C-38CF6BDA7619}
2013-12-03 21:47 - 2013-12-03 21:47 - 01092545 _____ (Farbar) C:\Users\Guido\Downloads\FRST.exe
2013-12-03 21:41 - 2013-12-03 21:41 - 00003186 _____ C:\Users\Guido\Downloads\FSS.txt
2013-12-03 21:39 - 2013-12-03 21:39 - 00360881 _____ (Farbar) C:\Users\Guido\Downloads\FSS.exe
2013-12-03 21:34 - 2013-12-03 21:34 - 00000612 _____ C:\Users\Guido\Desktop\JRT.txt
2013-12-03 21:26 - 2013-12-03 21:26 - 01034531 _____ (Thisisu) C:\Users\Guido\Downloads\JRT (1).exe
2013-12-03 21:17 - 2013-12-03 21:17 - 00000887 _____ C:\Users\Guido\Desktop\fixlist.txt
2013-12-02 22:43 - 2012-11-13 01:23 - 00831158 _____ C:\Windows\system32\perfh007.dat
2013-12-02 22:43 - 2012-11-13 01:23 - 00188760 _____ C:\Windows\system32\perfc007.dat
2013-12-02 22:43 - 2012-07-26 08:28 - 01952554 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-02 20:40 - 2013-12-02 19:41 - 00000000 ____D C:\AdwCleaner
2013-12-02 20:35 - 2013-12-02 20:09 - 00000000 ____D C:\Qoobox
2013-12-02 20:35 - 2012-07-26 06:37 - 00000000 __RHD C:\Users\Default
2013-12-02 20:34 - 2013-12-02 20:34 - 00024037 _____ C:\ComboFix.txt
2013-12-02 20:31 - 2013-12-02 20:09 - 00000000 ____D C:\Windows\erdnt
2013-12-02 20:27 - 2012-07-26 06:26 - 00000215 _____ C:\Windows\system.ini
2013-12-02 20:26 - 2012-08-03 23:23 - 00020218 _____ C:\Windows\PFRO.log
2013-12-02 20:21 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-12-02 20:09 - 2013-12-02 20:08 - 05151572 ____R (Swearware) C:\Users\Guido\Downloads\ComboFix.exe
2013-12-02 20:03 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-12-02 20:01 - 2013-12-02 20:01 - 00000000 ____D C:\Windows\ERUNT
2013-12-02 19:58 - 2013-12-02 19:58 - 00438168 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-02 19:45 - 2013-08-23 17:34 - 00001278 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-02 19:45 - 2013-08-23 17:30 - 00000995 _____ C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-02 19:40 - 2013-12-02 19:40 - 01110034 _____ C:\Users\Guido\Downloads\adwcleaner.exe
2013-12-01 23:17 - 2013-08-27 21:09 - 00000000 ____D C:\Users\Guido\AppData\Roaming\vlc
2013-12-01 15:27 - 2013-09-29 10:18 - 00000000 ____D C:\Users\Guido\Desktop\Sicherungsdaten
2013-12-01 15:11 - 2013-12-01 15:11 - 00000000 ____D C:\FRST
2013-12-01 13:36 - 2013-08-23 17:27 - 00000000 ____D C:\Users\Guido\AppData\Local\VirtualStore
2013-12-01 12:30 - 2013-12-01 12:30 - 00002044 _____ C:\Users\Public\Desktop\Fussball Manager 2003.lnk
2013-12-01 12:30 - 2013-12-01 12:30 - 00000567 _____ C:\Windows\eReg.dat
2013-12-01 11:40 - 2013-12-01 11:40 - 00000000 ____D C:\Program Files (x86)\EA SPORTS
2013-12-01 11:40 - 2012-11-12 17:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-01 11:36 - 2013-12-01 11:36 - 00000000 ____D C:\Users\Guido\Desktop\Fussball.Manager.2003.keygen.by.FUTURiTY
2013-12-01 11:34 - 2013-12-01 11:34 - 00182423 _____ C:\Users\Guido\Downloads\Fussball.Manager.2003.keygen.by.FUTURiTY.zip
2013-12-01 11:34 - 2013-08-23 17:33 - 00000000 ____D C:\Users\Guido\AppData\Local\Google
2013-12-01 11:34 - 2013-08-23 17:33 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-01 11:27 - 2013-08-25 10:06 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-12-01 11:27 - 2013-08-25 10:06 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-11-29 19:51 - 2013-11-29 19:51 - 00000000 ____D C:\Users\Guido\Documents\New Star Soccer 5
2013-11-29 19:50 - 2013-11-29 19:49 - 42998689 _____ (New Star Games Ltd                                          ) C:\Users\Guido\Downloads\Install_NSS5.exe
2013-11-29 17:32 - 2013-08-23 17:27 - 00000000 ____D C:\Users\Guido\AppData\Local\Packages
2013-11-27 15:43 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-11-26 22:52 - 2013-11-26 22:52 - 00014370 _____ C:\Users\Guido\Downloads\Losungen 26.11 .xlsx
2013-11-25 13:01 - 2013-08-23 17:26 - 00002279 _____ C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2013-11-24 19:04 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\NDF
2013-11-23 08:14 - 2013-08-23 17:31 - 00000000 ___RD C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-23 08:10 - 2013-11-07 20:08 - 00000000 ____D C:\Program Files (x86)\JustCloud
2013-11-22 13:49 - 2013-09-22 18:38 - 00000000 ____D C:\Program Files (x86)\Overwolf
2013-11-21 14:33 - 2013-03-12 07:12 - 00003620 _____ C:\Windows\SysWOW64\LOCALSERVICE.INI
2013-11-21 14:33 - 2013-03-12 07:12 - 00000043 _____ C:\Windows\SysWOW64\LOCALDEVICE.INI
2013-11-17 14:50 - 2013-11-17 14:14 - 00110592 ___SH C:\Users\Guido\Desktop\Thumbs.db
2013-11-17 14:10 - 2013-11-17 14:10 - 00000000 ____D C:\Users\Guido\Documents\Fax
2013-11-17 14:02 - 2013-11-14 22:33 - 00005632 ___SH C:\Users\Guido\Downloads\Thumbs.db
2013-11-17 11:44 - 2013-10-27 12:43 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-11-15 17:21 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ToastData
2013-11-15 17:20 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2013-11-14 21:03 - 2013-08-24 19:30 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 21:00 - 2013-08-24 19:29 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 14:06 - 2013-03-12 07:25 - 00000000 ____D C:\ProgramData\CyberLink
2013-11-12 21:11 - 2013-11-12 21:11 - 00001176 _____ C:\Users\Guido\Desktop\Bandizip.lnk
2013-11-12 21:11 - 2013-11-12 21:11 - 00000000 ____D C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bandizip
2013-11-12 21:11 - 2013-11-12 21:11 - 00000000 ____D C:\Users\Guido\AppData\Local\Bandizip
2013-11-12 21:10 - 2013-11-12 21:10 - 04249304 _____ C:\Users\Guido\Downloads\bandizip-setup-gl.exe
2013-11-10 12:52 - 2012-08-04 01:02 - 00000000 ____D C:\SWSetup
2013-11-09 18:14 - 2013-11-09 18:14 - 00000000 ____D C:\Users\Guido\SyncFolder
2013-11-09 00:26 - 2013-11-09 00:26 - 00555776 _____ C:\Users\Guido\Downloads\Java7.exe
2013-11-08 20:03 - 2013-11-08 20:03 - 00165176 _____ (Firseria·s·l ) C:\Users\Guido\Downloads\Setup.exe
2013-11-07 22:36 - 2013-11-07 19:59 - 00000000 ____D C:\xampp
2013-11-07 20:51 - 2013-11-07 20:50 - 57415680 _____ C:\Users\Guido\Downloads\VBoxGuestAdditions_4.2.8.iso
2013-11-07 20:22 - 2013-11-07 20:06 - 00000000 ____D C:\Users\Guido\AppData\Roaming\FileZilla
2013-11-07 20:06 - 2013-11-07 20:05 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-11-07 20:02 - 2013-11-07 20:02 - 01077648 _____ (Ask.com) C:\Users\Guido\Downloads\SFInstaller_SFFZ_filezilla_8979715_.exe
2013-11-07 19:56 - 2013-11-07 19:52 - 104477960 _____ (BitNami) C:\Users\Guido\Downloads\xampp-win32-1.8.2-2-VC9-installer.exe
2013-11-07 18:46 - 2013-09-29 11:49 - 00000000 ____D C:\Users\Guido\.VirtualBox
2013-11-07 13:58 - 2013-09-29 12:03 - 00000000 ____D C:\Users\Guido\VirtualBox VMs
2013-11-07 13:44 - 2012-07-26 08:21 - 00003515 _____ C:\Windows\setupact.log
2013-11-05 23:58 - 2013-08-25 10:56 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-05 23:21 - 2013-11-05 23:21 - 793389452 _____ C:\Windows\MEMORY.DMP
2013-11-05 23:21 - 2013-11-05 23:21 - 00295056 _____ C:\Windows\Minidump\110513-36984-01.dmp
2013-11-05 23:21 - 2013-11-05 23:21 - 00000000 ____D C:\Windows\Minidump

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-18 21:31

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2013 02
Ran by Guido at 2013-12-04 22:55:45
Running from C:\Users\Guido\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

7-Zip 9.21 (x32 Version: 9.21.00.0)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.6.636)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87)
Bandizip (HKCU Version: 3.08)
Bonjour (Version: 3.0.0.10)
Connected Music powered by Universal Music Group version 1.0 (x32 Version: 1.0)
CyberLink LabelPrint (x32 Version: 2.5.3.6326)
CyberLink Media Suite 10 (x32 Version: 10.0.4.2928)
CyberLink PhotoDirector (x32 Version: 2.0.2.3317)
CyberLink Power2Go 8 (x32 Version: 8.0.3.2527)
CyberLink PowerDirector 10 (x32 Version: 10.0.3.2606)
CyberLink PowerDVD (x32 Version: 10.0.6.4319)
CyberLink YouCam (x32 Version: 3.5.5.5811)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.47.1.0333)
Energy Star (x32 Version: 1.0.9)
FileZilla Client 3.7.2 (x32 Version: 3.7.2)
Fotogalerie (x32 Version: 16.4.3503.0728)
Fussball Manager 2003 (x32)
Google Chrome (x32 Version: 31.0.1650.57)
Google Update Helper (x32 Version: 1.3.21.165)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP 3D DriveGuard (Version: 4.2.9.1)
HP Connected Music (Meridian - installer) (x32 Version: v1.0)
HP Connected Remote (x32 Version: 1.0.1218)
HP CoolSense (x32 Version: 2.10.62)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Documentation (x32 Version: 1.2.0.0)
HP Postscript Converter (Version: 3.1.3591)
HP Quick Launch (x32 Version: 3.0.6)
HP Recovery Manager (x32 Version: 8.00)
HP Registration Service (Version: 1.1.6232.4245)
HP SimplePass (x32 Version: 6.0.100.276)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Utility Center (x32 Version: 1.0.8)
HP Wireless Button Driver (x32 Version: 1.1.2.1)
IDT Audio (x32 Version: 1.0.6425.0)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2857)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.9.1002)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 365 Home Premium - de-de (Version: 15.0.4551.1005)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3503.0728)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1108.0727)
Norton Internet Security (x32 Version: 20.4.0.40)
NVIDIA Grafiktreiber 306.97 (Version: 306.97)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA Systemsteuerung 306.97 (Version: 306.97)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1005)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1005)
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1005)
Oracle VM VirtualBox 4.2.18 (Version: 4.2.18)
Overwolf (x32 Version: 0.46.271)
Photo Common (x32 Version: 16.4.3503.0728)
Photo Gallery (x32 Version: 16.4.3503.0728)
Ralink Bluetooth Stack64 (Version: 9.0.725.0)
Ralink RT3290 802.11bgn Wi-Fi Adapter (x32 Version: 5.0.5.0)
Realtek Ethernet Controller Driver (x32 Version: 8.2.612.2012)
Realtek PCIE Card Reader (x32 Version: 6.2.8400.29034)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 16.2.15.0)
TeamSpeak 3 Client (x32 Version: 3.0.12)
TeamViewer 8 (x32 Version: 8.0.20935)
Validity WBF DDK (Version: 4.4.234.0)
VLC media player 2.0.8 (x32 Version: 2.0.8)
Windows 7 Upgrade Advisor (x32 Version: 2.0.5000.0)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728)
Windows Live Essentials (x32 Version: 16.4.3503.0728)
Windows Live Installer (x32 Version: 16.4.3503.0728)
Windows Live Photo Common (x32 Version: 16.4.3503.0728)
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728)
Windows Live SOXE (x32 Version: 16.4.3503.0728)
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728)
Windows Live UX Platform (x32 Version: 16.4.3503.0728)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728)
XAMPP (x32 Version: 1.8.2-2)

==================== Restore Points  =========================

22-11-2013 13:35:13 Geplanter Prüfpunkt
02-12-2013 19:14:33 ComboFix created restore point

==================== Hosts content: ==========================

2012-07-26 06:26 - 2013-12-02 20:27 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {03D88F6E-D71B-4374-87FF-716E561EDDB2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {04A7DB74-D921-4C25-AB68-71B51ADF7BCE} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {05603BAC-8136-4DD4-B4E0-D708E7B943CF} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Arztpraxis-Guido Arztpraxis => C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE [2013-11-13] (Microsoft Corporation)
Task: {0744CA2B-85DC-4DAE-A468-B71399F08584} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation)
Task: {0765D534-EFB5-4FF0-B2F1-F8026708F798} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-23] (Google Inc.)
Task: {07C86AA6-0DE1-4487-B6B3-F31B150C16B0} - \FreeHDSport TV-codedownloader No Task File
Task: {0E823B33-E23D-4B19-B252-E222AC3340EC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {1FAEFE4A-5A09-48B6-9D2A-662128DE15A1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2013-11-13] (Microsoft Corporation)
Task: {33DBBF02-24CB-411C-8811-978A16ECA506} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05] (Hewlett-Packard Development Company, L.P.)
Task: {3461C32B-7BA2-4BE8-88A3-4CE799D2F804} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {35230293-550B-4F10-BE76-344E16D23909} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {3F770B1B-8430-4710-B241-B4A8B120067D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-23] (Google Inc.)
Task: {4D9E6627-A0C6-4C29-A391-00830E45CD86} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation)
Task: {82105BD2-A46C-4843-9B59-5B2B1118D771} - \DealPlyUpdate No Task File
Task: {9CD1B119-EC19-4D2A-879E-6C156E3FC4B3} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {A6D17F29-AB5E-4779-AA56-18068B69BD16} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {ACF590E3-898D-421B-9229-F75689C7AA03} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {B703BC8C-A3C4-4211-9255-B5D4E1E1017D} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-12] (CyberLink)
Task: {C45768EB-185C-486C-BCFF-E97499BF3A65} - \FreeHDSport TV-enabler No Task File
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Windows.Storage.ApplicationData.dll [2012-07-26] (Microsoft Corporation)
Task: {C7146957-7AD9-4788-BE99-B4A53709E5C4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-09-17] (Microsoft Corporation)
Task: {CA3C3722-90C1-4B9D-BFA3-F299E444B758} - \LaunchApp No Task File
Task: {E5016812-F785-4B18-89A2-0393E71BA7D9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {F148786B-E894-48D4-813C-E498F149DDE8} - System32\Tasks\HPCeeScheduleForGuido => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {F63C65B5-D585-4DE2-8FE4-11131B50FC48} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wscstub.exe [2013-06-04] (Symantec Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForGuido.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-11-11 14:55 - 2013-11-11 14:55 - 00045096 _____ () C:\Program Files (x86)\Overwolf\x64\OWExplorer-20018.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00039464 _____ () C:\Program Files (x86)\Overwolf\x64\OWLog.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00721960 _____ () C:\Program Files (x86)\Overwolf\x64\OWExplorerLauncher.dll
2012-10-12 17:22 - 2012-10-12 17:22 - 00120224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2013-08-23 17:28 - 2013-08-23 17:28 - 00120224 _____ () C:\Users\Guido\AppData\Local\assembly\dl3\0M87QAMV.OKV\6DLKRMD9.25L\32674416\004b58b8_95a8cd01\HPItunesModule.DLL
2012-10-12 17:22 - 2012-10-12 17:22 - 00048544 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-10-12 17:22 - 2012-10-12 17:22 - 00180224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00079400 _____ () C:\Program Files (x86)\Overwolf\OWExplorer-20018.dll
2013-06-07 05:16 - 2013-06-07 05:16 - 00019240 _____ () C:\Program Files (x86)\HP SimplePass\DownloadManager.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00029960 _____ () C:\Windows\SYSTEM32\BsTrace.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00017160 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2013-10-06 11:20 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 10:34 - 2012-06-08 10:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 22568888 _____ () C:\Program Files (x86)\Overwolf\OverWolf.Client.Core.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00065536 _____ () C:\Program Files (x86)\Overwolf\de\OverWolf.Client.Core.resources.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00093624 _____ () C:\Program Files (x86)\Overwolf\OverWolf.BL.Interfaces.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00010240 _____ () C:\Program Files (x86)\Overwolf\ODK.AddIns.V2.HostView.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00135720 _____ () C:\Program Files (x86)\Overwolf\OWService.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00970792 _____ () C:\Program Files (x86)\Overwolf\OWServer.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00038440 _____ () C:\Program Files (x86)\Overwolf\OWLog.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00839720 _____ () C:\Program Files (x86)\Overwolf\OWAgent.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00087552 _____ () C:\Program Files (x86)\Overwolf\BrowserWindow.dll
2013-10-06 11:21 - 2013-01-27 15:13 - 00806664 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
2013-10-06 11:20 - 2012-09-25 09:32 - 01351792 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\DEU\P2GRC.dll
2013-10-06 11:20 - 2013-01-27 15:13 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll
2013-08-06 18:43 - 2013-08-06 18:43 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-11-17 01:46 - 2013-11-14 12:28 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
2013-11-17 01:46 - 2013-11-14 12:28 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
2013-11-17 01:46 - 2013-11-14 12:29 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
2013-11-17 01:46 - 2013-11-14 12:29 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
2013-11-17 01:46 - 2013-11-14 12:28 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
2013-11-13 06:30 - 2013-11-13 06:30 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2013-11-13 06:30 - 2013-11-13 06:30 - 00359592 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\c2r32.dll
2013-08-24 18:41 - 2012-05-30 07:51 - 00699280 ____R () C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll
2013-08-24 18:41 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00029224 _____ () C:\Program Files (x86)\Overwolf\OWExplorerLauncher.dll
2013-08-26 16:44 - 2013-08-26 16:44 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\580dd8b0082db602dda6a42bf4fb1b17\PSIClient.ni.dll
2013-03-12 07:00 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-11-17 01:46 - 2013-11-14 12:29 - 13582800 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/04/2013 08:46:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3219

Error: (12/04/2013 08:46:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3219

Error: (12/04/2013 08:46:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/04/2013 07:20:02 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/03/2013 10:06:06 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1187

Error: (12/03/2013 10:06:06 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1187

Error: (12/03/2013 10:06:06 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/03/2013 08:58:51 PM) (Source: Chrome) (User: NT-AUTORITÄT)
Description: Chrome has encountered a fatal error.
ver=31.0.1650.57;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\a8bb8551-54f1-4f08-ba2d-f7b8536d9633.dmp

Error: (12/03/2013 08:25:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2687

Error: (12/03/2013 08:25:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2687


System errors:
=============
Error: (12/04/2013 10:44:46 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "ARZTPRAXIS" auf Transport "NetBT_Tcpip_{332D41F9-A0A1-446A-9D92-7157C0A838EF}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (12/04/2013 10:44:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Firewall" wurde mit dem folgenden dienstspezifischen Fehler beendet: 
%%2

Error: (12/04/2013 10:13:25 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "ARZTPRAXIS" auf Transport "NetBT_Tcpip_{332D41F9-A0A1-446A-9D92-7157C0A838EF}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (12/04/2013 08:46:23 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst hpsrv erreicht.

Error: (12/04/2013 07:10:06 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "ARZTPRAXIS" auf Transport "NetBT_Tcpip_{332D41F9-A0A1-446A-9D92-7157C0A838EF}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (12/03/2013 08:31:00 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "ARZTPRAXIS" auf Transport "NetBT_Tcpip_{332D41F9-A0A1-446A-9D92-7157C0A838EF}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (12/03/2013 07:44:30 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "ARZTPRAXIS" auf Transport "NetBT_Tcpip_{332D41F9-A0A1-446A-9D92-7157C0A838EF}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (12/02/2013 10:37:15 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "ARZTPRAXIS" auf Transport "NetBT_Tcpip_{332D41F9-A0A1-446A-9D92-7157C0A838EF}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (12/02/2013 10:36:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Firewall" wurde mit dem folgenden dienstspezifischen Fehler beendet: 
%%2


Microsoft Office Sessions:
=========================
Error: (12/04/2013 08:46:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3219

Error: (12/04/2013 08:46:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3219

Error: (12/04/2013 08:46:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/04/2013 07:20:02 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/03/2013 10:06:06 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1187

Error: (12/03/2013 10:06:06 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1187

Error: (12/03/2013 10:06:06 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/03/2013 08:58:51 PM) (Source: Chrome)(User: NT-AUTORITÄT)
Description: Chrome has encountered a fatal error.
ver=31.0.1650.57;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\a8bb8551-54f1-4f08-ba2d-f7b8536d9633.dmp

Error: (12/03/2013 08:25:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2687

Error: (12/03/2013 08:25:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2687


CodeIntegrity Errors:
===================================
  Date: 2013-12-02 20:20:32.630
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Percentage of memory in use: 16%
Total physical RAM: 16273.27 MB
Available physical RAM: 13587.05 MB
Total Pagefile: 18577.27 MB
Available Pagefile: 15758.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:912.95 GB) (Free:740.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.79 GB) (Free:2.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (FM2003) (CDROM) (Total:0.68 GB) (Free:0 GB) CDFS
Drive f: (GRMCULXFRER_DE_DVD) (CDROM) (Total:2.97 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: A50E1C7D)

Partition: GPT Partition Type
==================== End Of Log ============================
         
--- --- ---

Alt 05.12.2013, 10:04   #10
Bootsektor
Ruhe in Frieden
† 2019
 
Trojan Zeroaccess b,c & Trojan Gen 2 - Standard

Trojan Zeroaccess b,c & Trojan Gen 2



Hallo ArztNr4,
ok, der Fix hat nicht funktioniert.
Du musst den Text genauso aus der Codebox in das Notepad speichern, hier sind keine Zeilenumbrüche zu erkennen.
Klicke oberhalb der Codebox am besten auf alles auswählen -> rechtsklick Maustaste -> kopieren -> Notepad öffnen -> rechtsklick Maustaste -> einfügen -> und dann im Notepad speichern unter fixlist.txt

Bitte wiederhole den Fix nochmal:

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
CHR DefaultSearchURL: (Web) - hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=85c524a1-c54d-80a1-276f-bf422fe73c91&searchtype=ds&q={searchTerms}&installDate=29/09/2013
Task: {07C86AA6-0DE1-4487-B6B3-F31B150C16B0} - \FreeHDSport TV-codedownloader No Task File
Task: {82105BD2-A46C-4843-9B59-5B2B1118D771} - \DealPlyUpdate No Task File
Task: {C45768EB-185C-486C-BCFF-E97499BF3A65} - \FreeHDSport TV-enabler No Task File
Task: {CA3C3722-90C1-4B9D-BFA3-F299E444B758} - \LaunchApp No Task File
AlternateDataStreams: C:\ProgramData\Temp:373E1720
Winsock: Catalog5 04 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 04 %SystemRoot%\System32\mswsock.dll [355328] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt 2
Starte noch einmal FRST.
  • Setze den Haken bei addition.txt und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

Alt 08.12.2013, 22:18   #11
Bootsektor
Ruhe in Frieden
† 2019
 
Trojan Zeroaccess b,c & Trojan Gen 2 - Standard

Trojan Zeroaccess b,c & Trojan Gen 2



Hallo ArztNr4,

ich habe schon länger keine Antwort mehr von Dir erhalten. Benötigst Du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von Dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.

Alt 09.12.2013, 21:12   #12
ArztNr4
 
Trojan Zeroaccess b,c & Trojan Gen 2 - Standard

Trojan Zeroaccess b,c & Trojan Gen 2



sorry, ich war nicht am Rechner übers Wochenende

Das Fix geht nicht, ich habe die Fixlist in den Ordner des FRST kopiert, aber das Programm zeigt mir an No Fixlist found ..

Alt 10.12.2013, 10:37   #13
Bootsektor
Ruhe in Frieden
† 2019
 
Trojan Zeroaccess b,c & Trojan Gen 2 - Standard

Trojan Zeroaccess b,c & Trojan Gen 2



Hallo ArztNr4,
Zitat:
Das Fix geht nicht, ich habe die Fixlist in den Ordner des FRST kopiert, aber das Programm zeigt mir an No Fixlist found ..
Du musst die Fixlist im gleichen Ordner speichern, wo auch FRST liegt, speichere FRST64.exe auf dem Desktop und versuche es nochmals.


Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
CHR DefaultSearchURL: (Web) - hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=85c524a1-c54d-80a1-276f-bf422fe73c91&searchtype=ds&q={searchTerms}&installDate=29/09/2013
Task: {07C86AA6-0DE1-4487-B6B3-F31B150C16B0} - \FreeHDSport TV-codedownloader No Task File
Task: {82105BD2-A46C-4843-9B59-5B2B1118D771} - \DealPlyUpdate No Task File
Task: {C45768EB-185C-486C-BCFF-E97499BF3A65} - \FreeHDSport TV-enabler No Task File
Task: {CA3C3722-90C1-4B9D-BFA3-F299E444B758} - \LaunchApp No Task File
AlternateDataStreams: C:\ProgramData\Temp:373E1720
Winsock: Catalog5 04 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 04 %SystemRoot%\System32\mswsock.dll [355328] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt 2
Starte noch einmal FRST.
  • Setze den Haken bei addition.txt und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

Alt 14.12.2013, 01:25   #14
Bootsektor
Ruhe in Frieden
† 2019
 
Trojan Zeroaccess b,c & Trojan Gen 2 - Standard

Trojan Zeroaccess b,c & Trojan Gen 2



Hallo,

ich habe schon länger keine Antwort mehr von Dir erhalten. Benötigst Du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von Dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.

Antwort

Themen zu Trojan Zeroaccess b,c & Trojan Gen 2
00000008.@, aktivität, andere, befallen, blockiert, erkannt, forum, gegenmaßnahmen, gen, gen 2, maßnahme, maßnahmen, risiko, status, system, troja, trojan, trojan gen, trojan.gen.2, trojan.zeroaccess.b, trojan.zeroaccess.c, trojaner, versuch, versucht, zeroaccess



Ähnliche Themen: Trojan Zeroaccess b,c & Trojan Gen 2


  1. [Win XP] botnet: ntp-muliplier; desinfect: Trojan.Script.Iframer, Trojan.Heur.TP, Win.Trojan.Iniduoh, Win.Trojan.Ramnit
    Log-Analyse und Auswertung - 08.02.2014 (16)
  2. Trojanerbefall mit Trojan.Zeroaccess.C
    Log-Analyse und Auswertung - 25.11.2013 (16)
  3. Trojan.Zeroaccess.C entfernen? Windows 7 64 bit
    Plagegeister aller Art und deren Bekämpfung - 15.11.2013 (13)
  4. Habe Trojaner: Trojan.Zeroaccess.C, Trojan.Zeroaccess.B,Trojan.Gen.2
    Log-Analyse und Auswertung - 10.11.2013 (3)
  5. Win 7 /64 - mit Trojan.ZeroAccess.C. + Trojan.Gen.2
    Log-Analyse und Auswertung - 14.10.2013 (20)
  6. Trojan.Zeroaccess!inf4
    Log-Analyse und Auswertung - 30.09.2013 (9)
  7. Windows XP mit Trojan.ZeroAccess.C.
    Log-Analyse und Auswertung - 21.08.2013 (5)
  8. Trojan.Zeroaccess.C / Trojan.Zeroaccess!inf4
    Plagegeister aller Art und deren Bekämpfung - 29.06.2013 (6)
  9. Trojan ZeroAccess!inf4
    Plagegeister aller Art und deren Bekämpfung - 02.05.2013 (10)
  10. Trojan.Zeroaccess!inf4
    Log-Analyse und Auswertung - 21.10.2012 (7)
  11. Spyware Trojan.Zeroaccess!inf4 - Virus
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (1)
  12. Trojan.Zeroaccess.B / Trojan.Gen.2 / Trojan.Zeroaccess.B
    Log-Analyse und Auswertung - 04.09.2012 (3)
  13. Norton meldet Trojan.Zeroaccess
    Plagegeister aller Art und deren Bekämpfung - 27.08.2012 (1)
  14. Trojan.gen/ Rootkit Zeroaccess
    Plagegeister aller Art und deren Bekämpfung - 24.08.2012 (4)
  15. Symantec meldet: Trojan.Zeroaccess.B | Trojan.Gen.2 | services.exe gefunden
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (2)
  16. trojan.zeroaccess.
    Plagegeister aller Art und deren Bekämpfung - 04.04.2012 (1)
  17. Trojan.zeroaccess!kmem - nichts geht mehr
    Plagegeister aller Art und deren Bekämpfung - 02.02.2012 (1)

Zum Thema Trojan Zeroaccess b,c & Trojan Gen 2 - Kategorie: Behobene Sicherheitsrisiken Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion 01.12.2013 15:33:48,Hoch,80000032.@ (Trojan.Zeroaccess.C) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion erforderlich Kategorie: Behobene Sicherheitsrisiken Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion 01.12.2013 15:25:31,Hoch,00000004.@ (Trojan.Zeroaccess.B) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion erforderlich - Trojan Zeroaccess b,c & Trojan Gen 2...
Archiv
Du betrachtest: Trojan Zeroaccess b,c & Trojan Gen 2 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.