Ich habe alle Firewalls und Virenscanner abgestellt,teilweise manuell. Sie waren alle aus als das Combofix liefJRT Logfile:
JRT Logfile:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8 x64
Ran by Guido on 03.12.2013 at 21:27:49,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.12.2013 at 21:34:35,53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8 x64
Ran by Guido on 03.12.2013 at 21:27:49,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.12.2013 at 21:34:35,53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[/CODE]
--- --- ---
is irgendwie doppelt
Farbar Service Scanner Version: 23-11-2013
Ran by Guido (administrator) on 03-12-2013 at 21:41:19
Running from "C:\Users\Guido\Downloads"
Microsoft Windows 8 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to retrieve ServiceDll of RemoteAccess. The value does not exist.
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-11-13 19:15] - [2013-09-04 04:11] - 0576512 ____A (Microsoft Corporation) 7C0E0EDF18D6CC565D7BFBB451709FA5
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll
[2013-11-13 19:15] - [2013-10-10 10:20] - 0723968 ____A (Microsoft Corporation) 53AA55632B94622F2DC3695E86EF9363
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2013 02
Ran by Guido at 2013-12-03 21:50:39
Running from C:\Users\Guido\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
7-Zip 9.21 (x32 Version: 9.21.00.0)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.6.636)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87)
Bandizip (HKCU Version: 3.08)
Bonjour (Version: 3.0.0.10)
Connected Music powered by Universal Music Group version 1.0 (x32 Version: 1.0)
CyberLink LabelPrint (x32 Version: 2.5.3.6326)
CyberLink Media Suite 10 (x32 Version: 10.0.4.2928)
CyberLink PhotoDirector (x32 Version: 2.0.2.3317)
CyberLink Power2Go 8 (x32 Version: 8.0.3.2527)
CyberLink PowerDirector 10 (x32 Version: 10.0.3.2606)
CyberLink PowerDVD (x32 Version: 10.0.6.4319)
CyberLink YouCam (x32 Version: 3.5.5.5811)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.47.1.0333)
Energy Star (x32 Version: 1.0.9)
FileZilla Client 3.7.2 (x32 Version: 3.7.2)
Fotogalerie (x32 Version: 16.4.3503.0728)
Fussball Manager 2003 (x32)
Google Chrome (x32 Version: 31.0.1650.57)
Google Update Helper (x32 Version: 1.3.21.165)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP 3D DriveGuard (Version: 4.2.9.1)
HP Connected Music (Meridian - installer) (x32 Version: v1.0)
HP Connected Remote (x32 Version: 1.0.1218)
HP CoolSense (x32 Version: 2.10.62)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Documentation (x32 Version: 1.2.0.0)
HP Postscript Converter (Version: 3.1.3591)
HP Quick Launch (x32 Version: 3.0.6)
HP Recovery Manager (x32 Version: 8.00)
HP Registration Service (Version: 1.1.6232.4245)
HP SimplePass (x32 Version: 6.0.100.276)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Utility Center (x32 Version: 1.0.8)
HP Wireless Button Driver (x32 Version: 1.1.2.1)
IDT Audio (x32 Version: 1.0.6425.0)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2857)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.9.1002)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 365 Home Premium - de-de (Version: 15.0.4551.1005)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3503.0728)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1108.0727)
Norton Internet Security (x32 Version: 20.4.0.40)
NVIDIA Grafiktreiber 306.97 (Version: 306.97)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA Systemsteuerung 306.97 (Version: 306.97)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1005)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1005)
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1005)
Oracle VM VirtualBox 4.2.18 (Version: 4.2.18)
Overwolf (x32 Version: 0.46.271)
Photo Common (x32 Version: 16.4.3503.0728)
Photo Gallery (x32 Version: 16.4.3503.0728)
Ralink Bluetooth Stack64 (Version: 9.0.725.0)
Ralink RT3290 802.11bgn Wi-Fi Adapter (x32 Version: 5.0.5.0)
Realtek Ethernet Controller Driver (x32 Version: 8.2.612.2012)
Realtek PCIE Card Reader (x32 Version: 6.2.8400.29034)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 16.2.15.0)
TeamSpeak 3 Client (x32 Version: 3.0.12)
TeamViewer 8 (x32 Version: 8.0.20935)
Validity WBF DDK (Version: 4.4.234.0)
VLC media player 2.0.8 (x32 Version: 2.0.8)
Windows 7 Upgrade Advisor (x32 Version: 2.0.5000.0)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728)
Windows Live Essentials (x32 Version: 16.4.3503.0728)
Windows Live Installer (x32 Version: 16.4.3503.0728)
Windows Live Photo Common (x32 Version: 16.4.3503.0728)
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728)
Windows Live SOXE (x32 Version: 16.4.3503.0728)
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728)
Windows Live UX Platform (x32 Version: 16.4.3503.0728)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728)
XAMPP (x32 Version: 1.8.2-2)
==================== Restore Points =========================
22-11-2013 13:35:13 Geplanter Prüfpunkt
02-12-2013 19:14:33 ComboFix created restore point
==================== Hosts content: ==========================
2012-07-26 06:26 - 2013-12-02 20:27 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {03D88F6E-D71B-4374-87FF-716E561EDDB2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {04A7DB74-D921-4C25-AB68-71B51ADF7BCE} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {05603BAC-8136-4DD4-B4E0-D708E7B943CF} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Arztpraxis-Guido Arztpraxis => C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE [2013-11-13] (Microsoft Corporation)
Task: {0744CA2B-85DC-4DAE-A468-B71399F08584} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation)
Task: {0765D534-EFB5-4FF0-B2F1-F8026708F798} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-23] (Google Inc.)
Task: {07C86AA6-0DE1-4487-B6B3-F31B150C16B0} - \FreeHDSport TV-codedownloader No Task File
Task: {0E823B33-E23D-4B19-B252-E222AC3340EC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {1FAEFE4A-5A09-48B6-9D2A-662128DE15A1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2013-11-13] (Microsoft Corporation)
Task: {33DBBF02-24CB-411C-8811-978A16ECA506} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05] (Hewlett-Packard Development Company, L.P.)
Task: {3461C32B-7BA2-4BE8-88A3-4CE799D2F804} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {35230293-550B-4F10-BE76-344E16D23909} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {3F770B1B-8430-4710-B241-B4A8B120067D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-23] (Google Inc.)
Task: {4D9E6627-A0C6-4C29-A391-00830E45CD86} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation)
Task: {82105BD2-A46C-4843-9B59-5B2B1118D771} - \DealPlyUpdate No Task File
Task: {9CD1B119-EC19-4D2A-879E-6C156E3FC4B3} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {A6D17F29-AB5E-4779-AA56-18068B69BD16} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {ACF590E3-898D-421B-9229-F75689C7AA03} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {B703BC8C-A3C4-4211-9255-B5D4E1E1017D} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-12] (CyberLink)
Task: {C45768EB-185C-486C-BCFF-E97499BF3A65} - \FreeHDSport TV-enabler No Task File
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C7146957-7AD9-4788-BE99-B4A53709E5C4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-09-17] (Microsoft Corporation)
Task: {CA3C3722-90C1-4B9D-BFA3-F299E444B758} - \LaunchApp No Task File
Task: {E5016812-F785-4B18-89A2-0393E71BA7D9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {F148786B-E894-48D4-813C-E498F149DDE8} - System32\Tasks\HPCeeScheduleForGuido => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {F63C65B5-D585-4DE2-8FE4-11131B50FC48} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wscstub.exe [2013-06-04] (Symantec Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForGuido.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2013-11-11 14:55 - 2013-11-11 14:55 - 00045096 _____ () C:\Program Files (x86)\Overwolf\x64\OWExplorer-20018.dll
2012-10-12 17:22 - 2012-10-12 17:22 - 00120224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2013-08-23 17:28 - 2013-08-23 17:28 - 00120224 _____ () C:\Users\Guido\AppData\Local\assembly\dl3\0M87QAMV.OKV\6DLKRMD9.25L\32674416\004b58b8_95a8cd01\HPItunesModule.DLL
2012-10-12 17:22 - 2012-10-12 17:22 - 00048544 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-10-12 17:22 - 2012-10-12 17:22 - 00180224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00039464 _____ () C:\Program Files (x86)\Overwolf\x64\OWLog.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00721960 _____ () C:\Program Files (x86)\Overwolf\x64\OWExplorerLauncher.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00029960 _____ () C:\Windows\SYSTEM32\BsTrace.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00017160 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00062216 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll
2013-08-06 18:43 - 2013-08-06 18:43 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-08-26 16:44 - 2013-08-26 16:44 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\580dd8b0082db602dda6a42bf4fb1b17\PSIClient.ni.dll
2013-03-12 07:00 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-08-24 18:41 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00079400 _____ () C:\Program Files (x86)\Overwolf\OWExplorer-20018.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 22568888 _____ () C:\Program Files (x86)\Overwolf\OverWolf.Client.Core.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00065536 _____ () C:\Program Files (x86)\Overwolf\de\OverWolf.Client.Core.resources.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00093624 _____ () C:\Program Files (x86)\Overwolf\OverWolf.BL.Interfaces.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00010240 _____ () C:\Program Files (x86)\Overwolf\ODK.AddIns.V2.HostView.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00135720 _____ () C:\Program Files (x86)\Overwolf\OWService.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00970792 _____ () C:\Program Files (x86)\Overwolf\OWServer.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00038440 _____ () C:\Program Files (x86)\Overwolf\OWLog.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00839720 _____ () C:\Program Files (x86)\Overwolf\OWAgent.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00087552 _____ () C:\Program Files (x86)\Overwolf\BrowserWindow.dll
2013-10-06 11:21 - 2013-01-27 15:13 - 00806664 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
2013-10-06 11:20 - 2012-09-25 09:32 - 01351792 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\DEU\P2GRC.dll
2013-10-06 11:20 - 2013-01-27 15:13 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll
2013-10-06 11:20 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 10:34 - 2012-06-08 10:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-11-11 14:55 - 2013-11-11 14:55 - 00029224 _____ () C:\Program Files (x86)\Overwolf\OWExplorerLauncher.dll
2013-06-07 05:16 - 2013-06-07 05:16 - 00019240 _____ () C:\Program Files (x86)\HP SimplePass\DownloadManager.dll
2013-11-17 01:46 - 2013-11-14 12:28 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
2013-11-17 01:46 - 2013-11-14 12:28 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
2013-11-17 01:46 - 2013-11-14 12:29 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
2013-11-17 01:46 - 2013-11-14 12:29 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
2013-11-17 01:46 - 2013-11-14 12:28 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
2013-08-24 18:41 - 2012-05-30 07:51 - 00699280 ____R () C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll
2013-11-17 01:46 - 2013-11-14 12:29 - 13582800 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:373E1720
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/03/2013 08:58:51 PM) (Source: Chrome) (User: NT-AUTORITÄT)
Description: Chrome has encountered a fatal error.
ver=31.0.1650.57;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\a8bb8551-54f1-4f08-ba2d-f7b8536d9633.dmp
Error: (12/03/2013 08:25:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2687
Error: (12/03/2013 08:25:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2687
Error: (12/03/2013 08:25:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/03/2013 08:25:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1453
Error: (12/03/2013 08:25:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1453
Error: (12/03/2013 08:25:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/03/2013 07:13:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2266
Error: (12/03/2013 07:13:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2266
Error: (12/03/2013 07:13:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (12/03/2013 08:31:00 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "ARZTPRAXIS" auf Transport "NetBT_Tcpip_{332D41F9-A0A1-446A-9D92-7157C0A838EF}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
Error: (12/03/2013 07:44:30 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "ARZTPRAXIS" auf Transport "NetBT_Tcpip_{332D41F9-A0A1-446A-9D92-7157C0A838EF}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
Error: (12/02/2013 10:37:15 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "ARZTPRAXIS" auf Transport "NetBT_Tcpip_{332D41F9-A0A1-446A-9D92-7157C0A838EF}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
Error: (12/02/2013 10:36:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Firewall" wurde mit dem folgenden dienstspezifischen Fehler beendet:
%%2
Microsoft Office Sessions:
=========================
Error: (12/03/2013 08:58:51 PM) (Source: Chrome)(User: NT-AUTORITÄT)
Description: Chrome has encountered a fatal error.
ver=31.0.1650.57;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\a8bb8551-54f1-4f08-ba2d-f7b8536d9633.dmp
Error: (12/03/2013 08:25:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2687
Error: (12/03/2013 08:25:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2687
Error: (12/03/2013 08:25:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/03/2013 08:25:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1453
Error: (12/03/2013 08:25:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1453
Error: (12/03/2013 08:25:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/03/2013 07:13:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2266
Error: (12/03/2013 07:13:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2266
Error: (12/03/2013 07:13:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
CodeIntegrity Errors:
===================================
Date: 2013-12-02 20:20:32.630
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 15%
Total physical RAM: 16273.27 MB
Available physical RAM: 13672.9 MB
Total Pagefile: 32657.27 MB
Available Pagefile: 29985.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:912.95 GB) (Free:726.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.79 GB) (Free:2.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (FM2003) (CDROM) (Total:0.68 GB) (Free:0 GB) CDFS
Drive f: (GRMCULXFRER_DE_DVD) (CDROM) (Total:2.97 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: A50E1C7D)
Partition: GPT Partition Type
==================== End Of Log ============================
--- --- ---
FRST Logfile:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2013 02
Ran by Guido (administrator) on ARZTPRAXIS on 03-12-2013 21:49:49
Running from C:\Users\Guido\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Windows\System32\valWBFPolicyService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Overwolf) C:\Program Files (x86)\Overwolf\Overwolf.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft) C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe
(Overwolf) C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper64.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2874168 2012-09-14] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-08-25] (IDT, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [35256 2013-11-11] (Overwolf)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKCU\...\Run: [Power2GoExpress8] - C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKCU\...\Run: [SkyDrive] - C:\Users\Guido\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-11-25] (Microsoft Corporation)
HKLM-x32\...\Run: [BtTray] - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [] - [x]
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=20.4.0.40
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=20.4.0.40
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {318620FC-36FB-41C7-8B16-07911DE8D345} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 04 %SystemRoot%\System32\mswsock.dll [355328] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: fhdp3 - C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\profiles\extensions\fhdp3@freehdsp.tv.xpi
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Web) - hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=85c524a1-c54d-80a1-276f-bf422fe73c91&searchtype=ds&q={searchTerms}&installDate=29/09/2013
CHR DefaultSuggestURL: (Web) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Extension: (Google Docs) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Add to Amazon Wish List) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0
CHR Extension: (Google Search) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Website Logon) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm\6.0.100_0
CHR Extension: (Norton Identity Protection) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0
CHR Extension: (Google Wallet) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx
CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx
==================== Services (Whitelisted) =================
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-17] (Microsoft Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-11-11] (Overwolf Ltd)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [29696 2012-11-13] (Microsoft Corporation)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [1524824 2013-10-23] (Symantec Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthHFEnum;
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-09-29] (DT Soft Ltd)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20131202.001\IDSvia64.sys [521816 2013-11-11] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131203.002\ENG64.SYS [126040 2013-08-29] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131203.002\EX64.SYS [2099288 2013-08-29] (Symantec Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2012-08-09] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [692832 2012-10-02] (Ralink Technology, Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-14] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-14] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-08-24] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 UHSfiltv; C:\Windows\system32\drivers\UHSfiltv.sys [23552 2013-07-19] (Creative Technology Ltd.)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-11-13] (Microsoft Corporation)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-03 21:49 - 2013-12-03 21:49 - 01959614 _____ (Farbar) C:\Users\Guido\Downloads\FRST64.exe
2013-12-03 21:48 - 2013-12-03 21:48 - 00003120 _____ C:\Windows\System32\Tasks\{FFED7106-26C1-4399-809C-38CF6BDA7619}
2013-12-03 21:47 - 2013-12-03 21:47 - 01092545 _____ (Farbar) C:\Users\Guido\Downloads\FRST.exe
2013-12-03 21:41 - 2013-12-03 21:41 - 00003186 _____ C:\Users\Guido\Downloads\FSS.txt
2013-12-03 21:39 - 2013-12-03 21:39 - 00360881 _____ (Farbar) C:\Users\Guido\Downloads\FSS.exe
2013-12-03 21:34 - 2013-12-03 21:34 - 00000612 _____ C:\Users\Guido\Desktop\JRT.txt
2013-12-03 21:26 - 2013-12-03 21:26 - 01034531 _____ (Thisisu) C:\Users\Guido\Downloads\JRT (1).exe
2013-12-03 21:17 - 2013-12-03 21:17 - 00000887 _____ C:\Users\Guido\Desktop\fixlist.txt
2013-12-02 20:34 - 2013-12-02 20:34 - 00024037 _____ C:\ComboFix.txt
2013-12-02 20:10 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-02 20:10 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-02 20:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-02 20:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-02 20:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-02 20:10 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2013-12-02 20:10 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-02 20:10 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-02 20:10 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-02 20:09 - 2013-12-02 20:35 - 00000000 ____D C:\Qoobox
2013-12-02 20:09 - 2013-12-02 20:31 - 00000000 ____D C:\Windows\erdnt
2013-12-02 20:08 - 2013-12-02 20:09 - 05151572 ____R (Swearware) C:\Users\Guido\Downloads\ComboFix.exe
2013-12-02 20:01 - 2013-12-02 20:01 - 00000000 ____D C:\Windows\ERUNT
2013-12-02 19:58 - 2013-12-02 19:58 - 00438168 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-02 19:41 - 2013-12-02 20:40 - 00000000 ____D C:\AdwCleaner
2013-12-02 19:40 - 2013-12-02 19:40 - 01110034 _____ C:\Users\Guido\Downloads\adwcleaner.exe
2013-12-01 15:12 - 2013-12-02 21:00 - 00017916 _____ C:\Users\Guido\Downloads\Addition.txt
2013-12-01 15:11 - 2013-12-03 21:50 - 00020634 _____ C:\Users\Guido\Downloads\FRST.txt
2013-12-01 15:11 - 2013-12-01 15:11 - 00000000 ____D C:\FRST
2013-12-01 12:30 - 2013-12-01 12:30 - 00002044 _____ C:\Users\Public\Desktop\Fussball Manager 2003.lnk
2013-12-01 12:30 - 2013-12-01 12:30 - 00000567 _____ C:\Windows\eReg.dat
2013-12-01 11:40 - 2013-12-01 11:40 - 00000000 ____D C:\Program Files (x86)\EA SPORTS
2013-12-01 11:36 - 2013-12-01 11:36 - 00000000 ____D C:\Users\Guido\Desktop\Fussball.Manager.2003.keygen.by.FUTURiTY
2013-12-01 11:34 - 2013-12-01 11:34 - 00182423 _____ C:\Users\Guido\Downloads\Fussball.Manager.2003.keygen.by.FUTURiTY.zip
2013-11-29 19:51 - 2013-11-29 19:51 - 00000000 ____D C:\Users\Guido\Documents\New Star Soccer 5
2013-11-29 19:49 - 2013-11-29 19:50 - 42998689 _____ (New Star Games Ltd ) C:\Users\Guido\Downloads\Install_NSS5.exe
2013-11-26 22:52 - 2013-11-26 22:52 - 00014370 _____ C:\Users\Guido\Downloads\Losungen 26.11 .xlsx
2013-11-24 22:16 - 2013-12-02 22:59 - 00005142 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Arztpraxis-Guido Arztpraxis
2013-11-17 14:14 - 2013-11-17 14:50 - 00110592 ___SH C:\Users\Guido\Desktop\Thumbs.db
2013-11-17 14:10 - 2013-11-17 14:10 - 00000000 ____D C:\Users\Guido\Documents\Fax
2013-11-17 10:44 - 2013-11-28 22:36 - 00003168 _____ C:\Windows\System32\Tasks\HPCeeScheduleForGuido
2013-11-14 22:33 - 2013-11-17 14:02 - 00005632 ___SH C:\Users\Guido\Downloads\Thumbs.db
2013-11-14 19:51 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 19:51 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 19:51 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-11-14 19:51 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-11-13 19:15 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 19:15 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 19:15 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 19:15 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 19:15 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 19:15 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 19:15 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 19:15 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 19:15 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 19:15 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 19:15 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 19:15 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 19:15 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-11-13 19:15 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 19:15 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-11-13 19:15 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 19:15 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 19:15 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 19:15 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 19:15 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 19:15 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 19:15 - 2013-09-14 02:15 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-11-13 19:15 - 2013-09-13 23:36 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-11-13 19:15 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-11-13 19:15 - 2013-09-13 23:36 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-11-13 19:15 - 2013-09-13 23:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-11-13 19:15 - 2013-09-13 23:36 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-11-13 19:15 - 2013-09-13 23:34 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-11-13 19:15 - 2013-09-13 23:33 - 03279360 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-11-13 19:15 - 2013-09-13 23:33 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-11-13 19:15 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 19:15 - 2013-08-30 06:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2013-11-13 19:15 - 2013-08-30 06:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2013-11-13 19:15 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2013-11-13 19:15 - 2013-08-21 07:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-11-13 19:15 - 2013-08-10 07:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2013-11-13 19:15 - 2013-08-10 06:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-11-13 19:15 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-11-13 19:15 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-11-13 19:15 - 2013-07-25 00:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2013-11-13 19:15 - 2013-07-12 02:38 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2013-11-13 19:15 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2013-11-12 21:11 - 2013-11-12 21:11 - 00001176 _____ C:\Users\Guido\Desktop\Bandizip.lnk
2013-11-12 21:11 - 2013-11-12 21:11 - 00000000 ____D C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bandizip
2013-11-12 21:11 - 2013-11-12 21:11 - 00000000 ____D C:\Users\Guido\AppData\Local\Bandizip
2013-11-12 21:10 - 2013-11-12 21:10 - 04249304 _____ C:\Users\Guido\Downloads\bandizip-setup-gl.exe
2013-11-09 18:14 - 2013-11-09 18:14 - 00000000 ____D C:\Users\Guido\SyncFolder
2013-11-09 00:26 - 2013-11-09 00:26 - 00555776 _____ C:\Users\Guido\Downloads\Java7.exe
2013-11-08 20:03 - 2013-11-08 20:03 - 00165176 _____ (Firseria·s·l ) C:\Users\Guido\Downloads\Setup.exe
2013-11-07 20:50 - 2013-11-07 20:51 - 57415680 _____ C:\Users\Guido\Downloads\VBoxGuestAdditions_4.2.8.iso
2013-11-07 20:08 - 2013-11-23 08:10 - 00000000 ____D C:\Program Files (x86)\JustCloud
2013-11-07 20:06 - 2013-11-07 20:22 - 00000000 ____D C:\Users\Guido\AppData\Roaming\FileZilla
2013-11-07 20:05 - 2013-11-07 20:06 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-11-07 20:02 - 2013-11-07 20:02 - 01077648 _____ (Ask.com) C:\Users\Guido\Downloads\SFInstaller_SFFZ_filezilla_8979715_.exe
2013-11-07 19:59 - 2013-11-07 22:36 - 00000000 ____D C:\xampp
2013-11-07 19:52 - 2013-11-07 19:56 - 104477960 _____ (BitNami) C:\Users\Guido\Downloads\xampp-win32-1.8.2-2-VC9-installer.exe
2013-11-05 23:21 - 2013-11-05 23:21 - 793389452 _____ C:\Windows\MEMORY.DMP
2013-11-05 23:21 - 2013-11-05 23:21 - 00295056 _____ C:\Windows\Minidump\110513-36984-01.dmp
2013-11-05 23:21 - 2013-11-05 23:21 - 00000000 ____D C:\Windows\Minidump
==================== One Month Modified Files and Folders =======
2013-12-03 21:50 - 2013-12-01 15:11 - 00020634 _____ C:\Users\Guido\Downloads\FRST.txt
2013-12-03 21:49 - 2013-12-03 21:49 - 01959614 _____ (Farbar) C:\Users\Guido\Downloads\FRST64.exe
2013-12-03 21:48 - 2013-12-03 21:48 - 00003120 _____ C:\Windows\System32\Tasks\{FFED7106-26C1-4399-809C-38CF6BDA7619}
2013-12-03 21:47 - 2013-12-03 21:47 - 01092545 _____ (Farbar) C:\Users\Guido\Downloads\FRST.exe
2013-12-03 21:43 - 2013-08-23 17:33 - 00001130 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-03 21:41 - 2013-12-03 21:41 - 00003186 _____ C:\Users\Guido\Downloads\FSS.txt
2013-12-03 21:39 - 2013-12-03 21:39 - 00360881 _____ (Farbar) C:\Users\Guido\Downloads\FSS.exe
2013-12-03 21:34 - 2013-12-03 21:34 - 00000612 _____ C:\Users\Guido\Desktop\JRT.txt
2013-12-03 21:34 - 2013-08-23 17:36 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3635278824-774868512-842475075-1002
2013-12-03 21:26 - 2013-12-03 21:26 - 01034531 _____ (Thisisu) C:\Users\Guido\Downloads\JRT (1).exe
2013-12-03 21:17 - 2013-12-03 21:17 - 00000887 _____ C:\Users\Guido\Desktop\fixlist.txt
2013-12-03 21:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2013-12-03 20:43 - 2013-08-23 17:33 - 00001126 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-03 20:40 - 2013-08-23 17:26 - 02002143 _____ C:\Windows\WindowsUpdate.log
2013-12-03 18:44 - 2013-09-22 18:37 - 00000000 ____D C:\Users\Guido\AppData\Local\Overwolf
2013-12-02 22:59 - 2013-11-24 22:16 - 00005142 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Arztpraxis-Guido Arztpraxis
2013-12-02 22:43 - 2012-11-13 01:23 - 00831158 _____ C:\Windows\system32\perfh007.dat
2013-12-02 22:43 - 2012-11-13 01:23 - 00188760 _____ C:\Windows\system32\perfc007.dat
2013-12-02 22:43 - 2012-07-26 08:28 - 01952554 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-02 22:37 - 2012-09-26 09:53 - 00000950 _____ C:\Windows\SysWOW64\bscs.ini
2013-12-02 22:36 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-02 21:00 - 2013-12-01 15:12 - 00017916 _____ C:\Users\Guido\Downloads\Addition.txt
2013-12-02 20:40 - 2013-12-02 19:41 - 00000000 ____D C:\AdwCleaner
2013-12-02 20:35 - 2013-12-02 20:09 - 00000000 ____D C:\Qoobox
2013-12-02 20:35 - 2012-07-26 06:37 - 00000000 __RHD C:\Users\Default
2013-12-02 20:34 - 2013-12-02 20:34 - 00024037 _____ C:\ComboFix.txt
2013-12-02 20:31 - 2013-12-02 20:09 - 00000000 ____D C:\Windows\erdnt
2013-12-02 20:27 - 2012-07-26 06:26 - 00000215 _____ C:\Windows\system.ini
2013-12-02 20:26 - 2012-08-03 23:23 - 00020218 _____ C:\Windows\PFRO.log
2013-12-02 20:21 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-12-02 20:09 - 2013-12-02 20:08 - 05151572 ____R (Swearware) C:\Users\Guido\Downloads\ComboFix.exe
2013-12-02 20:03 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-12-02 20:01 - 2013-12-02 20:01 - 00000000 ____D C:\Windows\ERUNT
2013-12-02 19:58 - 2013-12-02 19:58 - 00438168 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-02 19:58 - 2013-10-06 08:52 - 00000354 _____ C:\Windows\Tasks\HPCeeScheduleForGuido.job
2013-12-02 19:45 - 2013-08-23 17:34 - 00001278 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-02 19:45 - 2013-08-23 17:30 - 00000995 _____ C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-02 19:40 - 2013-12-02 19:40 - 01110034 _____ C:\Users\Guido\Downloads\adwcleaner.exe
2013-12-01 23:17 - 2013-08-27 21:09 - 00000000 ____D C:\Users\Guido\AppData\Roaming\vlc
2013-12-01 23:07 - 2013-08-23 17:26 - 00000000 ____D C:\Users\Guido
2013-12-01 15:27 - 2013-09-29 10:18 - 00000000 ____D C:\Users\Guido\Desktop\Sicherungsdaten
2013-12-01 15:11 - 2013-12-01 15:11 - 00000000 ____D C:\FRST
2013-12-01 13:36 - 2013-08-23 17:27 - 00000000 ____D C:\Users\Guido\AppData\Local\VirtualStore
2013-12-01 12:30 - 2013-12-01 12:30 - 00002044 _____ C:\Users\Public\Desktop\Fussball Manager 2003.lnk
2013-12-01 12:30 - 2013-12-01 12:30 - 00000567 _____ C:\Windows\eReg.dat
2013-12-01 11:40 - 2013-12-01 11:40 - 00000000 ____D C:\Program Files (x86)\EA SPORTS
2013-12-01 11:40 - 2012-11-12 17:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-01 11:36 - 2013-12-01 11:36 - 00000000 ____D C:\Users\Guido\Desktop\Fussball.Manager.2003.keygen.by.FUTURiTY
2013-12-01 11:34 - 2013-12-01 11:34 - 00182423 _____ C:\Users\Guido\Downloads\Fussball.Manager.2003.keygen.by.FUTURiTY.zip
2013-12-01 11:34 - 2013-08-23 17:33 - 00000000 ____D C:\Users\Guido\AppData\Local\Google
2013-12-01 11:34 - 2013-08-23 17:33 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-01 11:27 - 2013-08-25 10:06 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-12-01 11:27 - 2013-08-25 10:06 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-11-29 19:51 - 2013-11-29 19:51 - 00000000 ____D C:\Users\Guido\Documents\New Star Soccer 5
2013-11-29 19:50 - 2013-11-29 19:49 - 42998689 _____ (New Star Games Ltd ) C:\Users\Guido\Downloads\Install_NSS5.exe
2013-11-29 17:32 - 2013-08-23 17:27 - 00000000 ____D C:\Users\Guido\AppData\Local\Packages
2013-11-28 22:36 - 2013-11-17 10:44 - 00003168 _____ C:\Windows\System32\Tasks\HPCeeScheduleForGuido
2013-11-27 15:43 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-11-26 22:52 - 2013-11-26 22:52 - 00014370 _____ C:\Users\Guido\Downloads\Losungen 26.11 .xlsx
2013-11-25 13:01 - 2013-08-23 17:26 - 00002279 _____ C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2013-11-24 19:04 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\NDF
2013-11-23 08:14 - 2013-08-23 17:31 - 00000000 ___RD C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-23 08:10 - 2013-11-07 20:08 - 00000000 ____D C:\Program Files (x86)\JustCloud
2013-11-22 13:49 - 2013-09-22 18:38 - 00000000 ____D C:\Program Files (x86)\Overwolf
2013-11-21 14:33 - 2013-03-12 07:12 - 00003620 _____ C:\Windows\SysWOW64\LOCALSERVICE.INI
2013-11-21 14:33 - 2013-03-12 07:12 - 00000043 _____ C:\Windows\SysWOW64\LOCALDEVICE.INI
2013-11-17 14:50 - 2013-11-17 14:14 - 00110592 ___SH C:\Users\Guido\Desktop\Thumbs.db
2013-11-17 14:10 - 2013-11-17 14:10 - 00000000 ____D C:\Users\Guido\Documents\Fax
2013-11-17 14:02 - 2013-11-14 22:33 - 00005632 ___SH C:\Users\Guido\Downloads\Thumbs.db
2013-11-17 11:44 - 2013-10-27 12:43 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-11-15 17:21 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ToastData
2013-11-15 17:20 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2013-11-14 21:03 - 2013-08-24 19:30 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 21:00 - 2013-08-24 19:29 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 14:06 - 2013-03-12 07:25 - 00000000 ____D C:\ProgramData\CyberLink
2013-11-12 21:11 - 2013-11-12 21:11 - 00001176 _____ C:\Users\Guido\Desktop\Bandizip.lnk
2013-11-12 21:11 - 2013-11-12 21:11 - 00000000 ____D C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bandizip
2013-11-12 21:11 - 2013-11-12 21:11 - 00000000 ____D C:\Users\Guido\AppData\Local\Bandizip
2013-11-12 21:10 - 2013-11-12 21:10 - 04249304 _____ C:\Users\Guido\Downloads\bandizip-setup-gl.exe
2013-11-10 12:52 - 2012-08-04 01:02 - 00000000 ____D C:\SWSetup
2013-11-09 18:14 - 2013-11-09 18:14 - 00000000 ____D C:\Users\Guido\SyncFolder
2013-11-09 00:26 - 2013-11-09 00:26 - 00555776 _____ C:\Users\Guido\Downloads\Java7.exe
2013-11-08 20:03 - 2013-11-08 20:03 - 00165176 _____ (Firseria·s·l ) C:\Users\Guido\Downloads\Setup.exe
2013-11-07 22:36 - 2013-11-07 19:59 - 00000000 ____D C:\xampp
2013-11-07 20:51 - 2013-11-07 20:50 - 57415680 _____ C:\Users\Guido\Downloads\VBoxGuestAdditions_4.2.8.iso
2013-11-07 20:22 - 2013-11-07 20:06 - 00000000 ____D C:\Users\Guido\AppData\Roaming\FileZilla
2013-11-07 20:06 - 2013-11-07 20:05 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-11-07 20:02 - 2013-11-07 20:02 - 01077648 _____ (Ask.com) C:\Users\Guido\Downloads\SFInstaller_SFFZ_filezilla_8979715_.exe
2013-11-07 19:56 - 2013-11-07 19:52 - 104477960 _____ (BitNami) C:\Users\Guido\Downloads\xampp-win32-1.8.2-2-VC9-installer.exe
2013-11-07 18:46 - 2013-09-29 11:49 - 00000000 ____D C:\Users\Guido\.VirtualBox
2013-11-07 13:58 - 2013-09-29 12:03 - 00000000 ____D C:\Users\Guido\VirtualBox VMs
2013-11-07 13:44 - 2012-07-26 08:21 - 00003515 _____ C:\Windows\setupact.log
2013-11-05 23:58 - 2013-08-25 10:56 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-05 23:21 - 2013-11-05 23:21 - 793389452 _____ C:\Windows\MEMORY.DMP
2013-11-05 23:21 - 2013-11-05 23:21 - 00295056 _____ C:\Windows\Minidump\110513-36984-01.dmp
2013-11-05 23:21 - 2013-11-05 23:21 - 00000000 ____D C:\Windows\Minidump
2013-11-03 12:10 - 2012-11-12 17:13 - 00000000 ____D C:\Program Files (x86)\CyberLink
2013-11-03 11:05 - 2013-03-12 07:23 - 00000000 ____D C:\Program Files (x86)\HP SimplePass
2013-11-03 11:03 - 2013-03-12 07:23 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-11-03 10:58 - 2012-11-12 17:09 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-11-03 10:50 - 2013-03-12 07:11 - 00000000 ____D C:\Windows\Hewlett-Packard
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-18 21:31
==================== End Of Log ============================
--- --- ---
--- --- ---