| |
| |||||||
Log-Analyse und Auswertung: GVU Trojaner, frst durchgeführt, txt dateiWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
08.07.2013, 13:22
| #1 |
| |  GVU Trojaner, frst durchgeführt, txt datei Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013 Ran by SYSTEM on 08-07-2013 14:03:16 Running from H:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [524800 2010-12-13] (IDT, Inc.) HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-07-21] (Hewlett-Packard Company) HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2010-12-17] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation) HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [111640 2010-07-23] () HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation) HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-12-13] (EasyBits Software AS) HKLM-x32\...\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_17_Plus\TrayServer.exe [90112 2008-08-07] (MAGIX AG) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.) HKLM-x32\...\Run: [EPSON_UD_START] "C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" -UDCONNECT [329632 2008-05-22] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.) HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKU\Wiens\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-11-22] (Hewlett-Packard Company) HKU\Wiens\...\Run: [Google Update] "C:\Users\Wiens\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-04-04] (Google Inc.) HKU\Wiens\...\Run: [Facebook Update] "C:\Users\Wiens\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.) HKU\Wiens\...\Run: [MusicManager] "C:\Users\Wiens\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [7345664 2013-06-20] (Google Inc.) HKU\Wiens\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.) HKU\Wiens\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Wiens\AppData\Local\Temp\cyaovpqwrsvqdlmwa.exe [47104 2013-07-08] (NVIDIA Corporation) <===== ATTENTION HKU\Wiens\...\Policies\system: [DisableLockWorkstation] 0 HKU\Wiens\...\Policies\system: [DisableChangePassword] 0 HKU\Wiens\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION HKU\Wiens\...\Command Processor: "C:\Users\Wiens\AppData\Local\Temp\cyaovpqwrsvqdlmwa.exe" <===== ATTENTION! Startup: C:\ProgramData\Start Menu\Programs\Startup\Snapfish PictureMover.lnk ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company) Startup: C:\Users\Wiens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) Startup: C:\Users\Wiens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk ShortcutTarget: Facebook Messenger.lnk -> (No File) Startup: C:\Users\Wiens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk ShortcutTarget: tbhcn.lnk -> (No File) ==================== Services (Whitelisted) ================= S2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [94208 2008-05-28] (SEIKO EPSON CORPORATION) S2 NIS; C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation) S2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR) S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR) ==================== Drivers (Whitelisted) ==================== S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation) S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation) S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation) S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-06-03] (Symantec Corporation) S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-06-03] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-17] (Symantec Corporation) S3 ghsmdm; C:\Windows\System32\DRIVERS\ghsmdm.sys [129304 2011-08-15] (ZTE Incorporated) S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130705.001\IDSvia64.sys [513184 2013-05-08] (Symantec Corporation) S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130705.001\IDSvia64.sys [513184 2013-05-08] (Symantec Corporation) S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [18456 2011-08-15] (HandSet Incorporated) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130707.005\ENG64.SYS [126040 2013-06-03] (Symantec Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130707.005\ENG64.SYS [126040 2013-06-03] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130707.005\EX64.SYS [2098776 2013-06-03] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130707.005\EX64.SYS [2098776 2013-06-03] (Symantec Corporation) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation) S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation) S0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation) S0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation) S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation) S1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation) S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation) S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x] S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP4c\WNt500x64\Sandra.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-08 14:03 - 2013-07-08 14:03 - 00000000 ____D C:\FRST 2013-07-08 03:23 - 2013-07-08 03:23 - 00393538 ____A C:\Users\Wiens\AppData\Local\2433f433 2013-07-08 03:23 - 2013-07-08 03:23 - 00393524 ____A C:\ProgramData\2433f433 2013-07-08 03:23 - 2013-07-08 03:23 - 00393459 ____A C:\Users\Wiens\AppData\Roaming\2433f433 2013-07-06 04:14 - 2013-07-06 04:14 - 00000243 ____A C:\Users\Wiens\Downloads\smil (3).xml 2013-07-06 01:49 - 2013-07-06 01:49 - 00000520 ____A C:\Windows\PFRO.log 2013-07-05 09:16 - 2013-07-08 03:46 - 00001243 ____A C:\Windows\setupact.log 2013-07-05 09:16 - 2013-07-05 09:16 - 00000000 ____A C:\Windows\setuperr.log 2013-07-01 22:39 - 2013-07-01 22:39 - 04396440 ____A (Piriform Ltd) C:\Users\Wiens\Downloads\ccsetup403.exe 2013-07-01 21:39 - 2013-07-01 21:39 - 00001126 ____A C:\Users\Public\Desktop\TeamViewer 8.lnk 2013-07-01 21:39 - 2013-07-01 21:39 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2013-07-01 21:35 - 2013-07-01 21:35 - 05140064 ____A (TeamViewer GmbH) C:\Users\Wiens\Downloads\TeamViewer_Setup_de (1).exe 2013-07-01 21:33 - 2013-07-01 21:33 - 05140064 ____A (TeamViewer GmbH) C:\Users\Wiens\Downloads\TeamViewer_Setup_de.exe 2013-06-29 02:01 - 2013-06-29 02:47 - 41891941 ____A C:\Users\Wiens\Downloads\Candy Crush Saga_1.13.1.apk 2013-06-27 02:04 - 2013-06-27 02:04 - 00043631 ____A C:\Users\Wiens\Downloads\Stammbaum Heinrich Wiens.ged 2013-06-27 01:56 - 2013-06-27 01:56 - 00080806 ____A C:\Users\Wiens\Downloads\1m5208_283612g258c70bkc229q1c.ged 2013-06-26 22:31 - 2013-06-27 05:30 - 00000000 ____D C:\Users\Wiens\AppData\Roaming\Ahnenblatt 2013-06-26 22:31 - 2013-06-26 22:31 - 00001889 ____A C:\Users\Wiens\Desktop\Ahnenblatt.lnk 2013-06-26 22:31 - 2013-06-26 22:31 - 00000000 ____D C:\Users\Wiens\Documents\Ahnenblatt 2013-06-26 22:31 - 2013-06-26 22:31 - 00000000 ____D C:\Program Files (x86)\Ahnenblatt 2013-06-26 22:23 - 2013-06-26 22:23 - 04707624 ____A (Dirk Boettcher ) C:\Users\Wiens\Downloads\absetup_2.74.exe 2013-06-26 22:21 - 2013-06-26 22:22 - 00000022 ____A C:\Users\Wiens\Downloads\Stammbaum.zip 2013-06-26 07:59 - 2013-06-26 22:16 - 00000000 ____D C:\Program Files (x86)\PDFCreator 2013-06-26 07:59 - 2013-06-26 07:59 - 00000995 ____A C:\Users\Public\Desktop\PDFCreator.lnk 2013-06-26 07:59 - 2013-06-26 07:59 - 00000000 ____D C:\Users\Wiens\AppData\Roaming\pdfforge 2013-06-26 07:59 - 2013-04-09 05:13 - 00110264 ____A (pdfforge GmbH) C:\Windows\System32\pdfcmon.dll 2013-06-26 07:59 - 2012-05-05 01:54 - 00137000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX 2013-06-26 07:59 - 2012-05-05 01:54 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL 2013-06-26 07:59 - 1998-07-06 08:56 - 00125712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL 2013-06-26 07:59 - 1998-07-06 08:55 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL 2013-06-26 07:36 - 2013-06-26 07:36 - 17502040 ____A (pdfforge GbR) C:\Users\Wiens\Downloads\PDFCreator-1_7_0_setup.exe 2013-06-26 07:17 - 2013-06-26 07:17 - 00264192 ____H C:\Users\Wiens\Downloads\~WRL0005.tmp 2013-06-24 09:46 - 2013-06-24 09:46 - 00000000 ____D C:\Users\Wiens\AppData\Local\{8CBB581C-DC10-422D-93F9-684E4BB05696} 2013-06-21 05:01 - 2013-06-21 05:01 - 00000000 ____D C:\Users\Wiens\AppData\Local\Brand Thunder 2013-06-21 05:00 - 2013-06-21 05:00 - 00331112 ____A C:\Users\Wiens\Downloads\blackhawks_chrome_installer.exe 2013-06-21 00:59 - 2013-06-21 01:00 - 00000000 ____D C:\Users\Wiens\AppData\Local\{8A254666-6FE0-4103-A74F-835517AEB4B9} 2013-06-19 10:02 - 2013-06-20 02:01 - 00000000 ____D C:\Users\Wiens\AppData\Local\{E6F8212E-47D6-4199-966F-66C637356F49} 2013-06-16 23:37 - 2013-06-08 06:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-16 23:37 - 2013-06-08 06:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-16 23:37 - 2013-06-08 06:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-16 23:37 - 2013-06-08 06:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-16 23:37 - 2013-06-08 06:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-16 23:37 - 2013-06-08 04:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-16 23:37 - 2013-06-08 03:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-16 23:37 - 2013-06-08 03:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-16 23:37 - 2013-06-08 03:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-16 23:37 - 2013-06-08 03:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-16 23:37 - 2013-06-08 03:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-16 23:37 - 2013-06-08 03:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-12 21:08 - 2013-05-16 17:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-12 21:08 - 2013-05-16 17:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-12 21:08 - 2013-05-16 17:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-12 21:08 - 2013-05-16 17:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-12 21:08 - 2013-05-16 17:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-12 21:08 - 2013-05-16 17:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-12 21:08 - 2013-05-16 17:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-12 21:08 - 2013-05-16 17:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-12 21:08 - 2013-05-16 16:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-12 21:08 - 2013-05-16 16:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-12 21:08 - 2013-05-16 16:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-12 21:08 - 2013-05-16 16:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-12 21:08 - 2013-05-16 16:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-12 21:08 - 2013-05-16 16:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-12 21:08 - 2013-05-16 16:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-12 21:08 - 2013-05-16 16:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-12 21:08 - 2013-05-16 16:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-12 21:08 - 2013-05-14 04:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-12 21:08 - 2013-05-14 00:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-12 06:45 - 2013-06-12 08:23 - 00000000 ____D C:\Users\Wiens\Desktop\Luka Ebay 2013-06-12 02:37 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-12 02:37 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-12 02:37 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-12 02:37 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-12 02:37 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-12 02:37 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-12 02:37 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-12 02:37 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-12 02:37 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-12 02:37 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-12 02:37 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-12 02:35 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-12 02:35 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-12 02:35 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 02:35 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-12 02:35 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-12 02:35 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-12 02:34 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-12 02:34 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll ==================== One Month Modified Files and Folders ======= 2013-07-08 14:03 - 2013-07-08 14:03 - 00000000 ____D C:\FRST 2013-07-08 03:50 - 2013-01-27 11:18 - 01312585 ____A C:\Windows\WindowsUpdate.log 2013-07-08 03:47 - 2011-04-04 10:33 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-08 03:46 - 2013-07-05 09:16 - 00001243 ____A C:\Windows\setupact.log 2013-07-08 03:46 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-08 03:30 - 2011-09-03 22:16 - 00001116 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1701580033-1802787508-3007128120-1001Core.job 2013-07-08 03:25 - 2011-04-04 10:33 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-08 03:23 - 2013-07-08 03:23 - 00393538 ____A C:\Users\Wiens\AppData\Local\2433f433 2013-07-08 03:23 - 2013-07-08 03:23 - 00393524 ____A C:\ProgramData\2433f433 2013-07-08 03:23 - 2013-07-08 03:23 - 00393459 ____A C:\Users\Wiens\AppData\Roaming\2433f433 2013-07-08 03:23 - 2011-03-25 12:06 - 00000000 ____D C:\Users\Wiens\Documents\Youcam 2013-07-08 03:18 - 2011-07-27 14:48 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1701580033-1802787508-3007128120-1001UA.job 2013-07-08 03:18 - 2011-01-09 16:49 - 41104322 ____A C:\Windows\System32\perfh007.dat 2013-07-08 03:18 - 2011-01-09 16:49 - 13348256 ____A C:\Windows\System32\perfc007.dat 2013-07-08 03:18 - 2009-07-13 21:13 - 00005426 ____A C:\Windows\System32\PerfStringBackup.INI 2013-07-08 03:16 - 2012-07-27 10:14 - 00000000 ____D C:\Users\Wiens\AppData\Roaming\BrowserCompanion 2013-07-08 03:16 - 2012-05-25 03:37 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-08 03:16 - 2011-09-03 22:16 - 00001138 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1701580033-1802787508-3007128120-1001UA.job 2013-07-08 03:16 - 2011-03-28 13:10 - 00000000 ____D C:\Users\Wiens\AppData\Roaming\Skype 2013-07-07 10:18 - 2011-07-27 14:48 - 00001068 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1701580033-1802787508-3007128120-1001Core.job 2013-07-07 05:33 - 2011-11-20 09:17 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt 2013-07-07 05:33 - 2011-03-27 07:37 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log 2013-07-06 04:30 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-06 04:30 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-06 04:23 - 2011-07-13 13:03 - 00000000 ___RD C:\Users\Wiens\Dropbox 2013-07-06 04:23 - 2011-07-13 13:02 - 00000000 ____D C:\Users\Wiens\AppData\Roaming\Dropbox 2013-07-06 04:14 - 2013-07-06 04:14 - 00000243 ____A C:\Users\Wiens\Downloads\smil (3).xml 2013-07-06 01:50 - 2013-02-10 13:53 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForWiens.job 2013-07-06 01:50 - 2009-07-13 20:45 - 00407864 ____A C:\Windows\System32\FNTCACHE.DAT 2013-07-06 01:49 - 2013-07-06 01:49 - 00000520 ____A C:\Windows\PFRO.log 2013-07-05 09:16 - 2013-07-05 09:16 - 00000000 ____A C:\Windows\setuperr.log 2013-07-04 21:48 - 2011-03-28 09:45 - 00000000 ____D C:\Users\Wiens\AppData\Local\CrashDumps 2013-07-03 06:13 - 2011-03-25 10:46 - 00114104 ____A C:\Users\Wiens\AppData\Local\GDIPFONTCACHEV1.DAT 2013-07-03 02:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF 2013-07-01 22:40 - 2011-04-04 10:34 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk 2013-07-01 22:40 - 2011-04-04 10:34 - 00000000 ____D C:\Program Files\CCleaner 2013-07-01 22:39 - 2013-07-01 22:39 - 04396440 ____A (Piriform Ltd) C:\Users\Wiens\Downloads\ccsetup403.exe 2013-07-01 21:39 - 2013-07-01 21:39 - 00001126 ____A C:\Users\Public\Desktop\TeamViewer 8.lnk 2013-07-01 21:39 - 2013-07-01 21:39 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2013-07-01 21:35 - 2013-07-01 21:35 - 05140064 ____A (TeamViewer GmbH) C:\Users\Wiens\Downloads\TeamViewer_Setup_de (1).exe 2013-07-01 21:33 - 2013-07-01 21:33 - 05140064 ____A (TeamViewer GmbH) C:\Users\Wiens\Downloads\TeamViewer_Setup_de.exe 2013-06-30 14:47 - 2011-03-28 13:10 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-06-30 14:47 - 2011-03-28 13:10 - 00000000 ____D C:\ProgramData\Skype 2013-06-30 14:45 - 2009-09-06 16:40 - 00000000 ____D C:\SwSetup 2013-06-29 02:47 - 2013-06-29 02:01 - 41891941 ____A C:\Users\Wiens\Downloads\Candy Crush Saga_1.13.1.apk 2013-06-28 00:09 - 2011-03-28 12:48 - 00000000 ____D C:\Users\Wiens\Documents\CSL Junioren 2013-06-27 20:36 - 2012-04-09 20:04 - 00000000 ____D C:\Users\Wiens\Documents\Camp 2012 2013-06-27 10:43 - 2011-03-25 13:26 - 00000000 ____D C:\Users\Wiens\AppData\Local\Microsoft Games 2013-06-27 05:30 - 2013-06-26 22:31 - 00000000 ____D C:\Users\Wiens\AppData\Roaming\Ahnenblatt 2013-06-27 02:04 - 2013-06-27 02:04 - 00043631 ____A C:\Users\Wiens\Downloads\Stammbaum Heinrich Wiens.ged 2013-06-27 01:56 - 2013-06-27 01:56 - 00080806 ____A C:\Users\Wiens\Downloads\1m5208_283612g258c70bkc229q1c.ged 2013-06-26 22:31 - 2013-06-26 22:31 - 00001889 ____A C:\Users\Wiens\Desktop\Ahnenblatt.lnk 2013-06-26 22:31 - 2013-06-26 22:31 - 00000000 ____D C:\Users\Wiens\Documents\Ahnenblatt 2013-06-26 22:31 - 2013-06-26 22:31 - 00000000 ____D C:\Program Files (x86)\Ahnenblatt 2013-06-26 22:23 - 2013-06-26 22:23 - 04707624 ____A (Dirk Boettcher ) C:\Users\Wiens\Downloads\absetup_2.74.exe 2013-06-26 22:22 - 2013-06-26 22:21 - 00000022 ____A C:\Users\Wiens\Downloads\Stammbaum.zip 2013-06-26 22:16 - 2013-06-26 07:59 - 00000000 ____D C:\Program Files (x86)\PDFCreator 2013-06-26 07:59 - 2013-06-26 07:59 - 00000995 ____A C:\Users\Public\Desktop\PDFCreator.lnk 2013-06-26 07:59 - 2013-06-26 07:59 - 00000000 ____D C:\Users\Wiens\AppData\Roaming\pdfforge 2013-06-26 07:36 - 2013-06-26 07:36 - 17502040 ____A (pdfforge GbR) C:\Users\Wiens\Downloads\PDFCreator-1_7_0_setup.exe 2013-06-26 07:35 - 2013-02-23 13:48 - 00000000 ____D C:\Users\Wiens\Documents\CSL Jugend 2013-06-26 07:17 - 2013-06-26 07:17 - 00264192 ____H C:\Users\Wiens\Downloads\~WRL0005.tmp 2013-06-24 09:46 - 2013-06-24 09:46 - 00000000 ____D C:\Users\Wiens\AppData\Local\{8CBB581C-DC10-422D-93F9-684E4BB05696} 2013-06-23 04:21 - 2013-05-08 11:19 - 00002505 ____A C:\Users\Public\Desktop\Norton Internet Security CBE.lnk 2013-06-23 04:21 - 2013-05-08 11:18 - 00000000 ____D C:\Windows\System32\Drivers\NISx64 2013-06-21 05:11 - 2013-06-21 05:01 - 00000000 ____D C:\Users\Wiens\AppData\Local\Brand Thunder 2013-06-21 05:00 - 2013-06-21 05:00 - 00331112 ____A C:\Users\Wiens\Downloads\blackhawks_chrome_installer.exe 2013-06-21 01:00 - 2013-06-21 00:59 - 00000000 ____D C:\Users\Wiens\AppData\Local\{8A254666-6FE0-4103-A74F-835517AEB4B9} 2013-06-20 02:01 - 2013-06-19 10:02 - 00000000 ____D C:\Users\Wiens\AppData\Local\{E6F8212E-47D6-4199-966F-66C637356F49} 2013-06-19 02:15 - 2013-05-08 11:19 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS 2013-06-19 02:15 - 2013-05-08 11:19 - 00007631 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT 2013-06-17 11:49 - 2009-09-06 17:57 - 00000000 ____D C:\Windows\Panther 2013-06-16 04:51 - 2012-12-15 11:23 - 00000342 ____A C:\Windows\Tasks\HPCeeScheduleForWIENS-HP$.job 2013-06-13 06:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-06-12 21:09 - 2011-05-15 19:53 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-12 08:23 - 2013-06-12 06:45 - 00000000 ____D C:\Users\Wiens\Desktop\Luka Ebay 2013-06-11 23:03 - 2012-05-25 03:37 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-11 23:03 - 2011-08-31 14:03 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-09 08:38 - 2011-09-04 11:00 - 00001017 ____A C:\Users\Wiens\Desktop\Dropbox.lnk 2013-06-08 06:08 - 2013-06-16 23:37 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-08 06:07 - 2013-06-16 23:37 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-08 06:06 - 2013-06-16 23:37 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-08 06:06 - 2013-06-16 23:37 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-08 06:06 - 2013-06-16 23:37 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-08 04:28 - 2013-06-16 23:37 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-08 03:42 - 2013-06-16 23:37 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-08 03:40 - 2013-06-16 23:37 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-08 03:40 - 2013-06-16 23:37 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-08 03:40 - 2013-06-16 23:37 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-08 03:40 - 2013-06-16 23:37 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-08 03:13 - 2013-06-16 23:37 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb Files to move or delete: ==================== C:\Users\Wiens\ccsetup305.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-06-12 21:07:06 Restore point made on: 2013-06-13 20:47:28 Restore point made on: 2013-06-16 23:37:04 Restore point made on: 2013-06-26 02:37:34 Restore point made on: 2013-06-30 14:38:56 Restore point made on: 2013-06-30 14:40:11 ==================== Memory info =========================== Percentage of memory in use: 19% Total physical RAM: 3893.86 MB Available physical RAM: 3141.64 MB Total Pagefile: 3892.01 MB Available Pagefile: 3137.66 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:450.93 GB) (Free:259.2 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)] Drive e: (RECOVERY) (Fixed) (Total:14.53 GB) (Free:1.79 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)] Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 (Disk=0 Partition=4) Drive h: () (Removable) (Total:1.85 GB) (Free:1.85 GB) FAT32 (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: FBCCF9BA) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ======================================================== Disk: 1 (Size: 2 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=2 GB) - (Type=0B) LastRegBack: 2013-07-03 09:45 ==================== End Of Log ============================ |
|
08.07.2013, 13:28
| #2 |
| /// TB-Ausbilder   | GVU Trojaner, frst durchgeführt, txt datei Hi,
__________________startet der Rechner nach folgendem Fix wieder normal? Drücke auf einem Zweitrechner bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument: Code:
ATTFilter 2013-07-08 03:23 - 2013-07-08 03:23 - 00393538 ____A C:\Users\Wiens\AppData\Local\2433f433
2013-07-08 03:23 - 2013-07-08 03:23 - 00393524 ____A C:\ProgramData\2433f433
2013-07-08 03:23 - 2013-07-08 03:23 - 00393459 ____A C:\Users\Wiens\AppData\Roaming\2433f433
HKU\Wiens\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Wiens\...\Command Processor: "C:\Users\Wiens\AppData\Local\Temp\cyaovpqwrsvqdlmwa.exe" <===== ATTENTION!
C:\Users\Wiens\AppData\Local\Temp\cyaovpqwrsvqdlmwa.exe
C:\Users\Wiens\AppData\Local\Temp\cyaovpqwrsvqdlmwa.dll
HKU\Wiens\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Wiens\AppData\Local\Temp\cyaovpqwrsvqdlmwa.exe [47104 2013-07-08] (NVIDIA Corporation) <===== ATTENTION
__________________ |
|
08.07.2013, 14:14
| #3 |
| | GVU Trojaner, frst durchgeführt, txt datei Hallo,
__________________vielen Dank, der Rechner startet ganz normal. Hier die Fixlog.txt Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-07-2013 Ran by SYSTEM at 2013-07-08 14:40:55 Run:1 Running from H:\ Boot Mode: Recovery ============================================== C:\Users\Wiens\AppData\Local\2433f433 => Moved successfully. C:\ProgramData\2433f433 => Moved successfully. C:\Users\Wiens\AppData\Roaming\2433f433 => Moved successfully. HKU\Wiens\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. HKU\Wiens\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully. C:\Users\Wiens\AppData\Local\Temp\cyaovpqwrsvqdlmwa.exe => Moved successfully. "C:\Users\Wiens\AppData\Local\Temp\cyaovpqwrsvqdlmwa.dll" => File/Directory not found. HKU\Wiens\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Wiens\AppData\Local\Temp\cyaovpqwrsvqdlmwa.exe [47104 2013-07-08 => Value not found. ==== End of Fixlog ==== |
|
08.07.2013, 14:45
| #4 |
| /// TB-Ausbilder | GVU Trojaner, frst durchgeführt, txt datei Ok, dann weiter im normalen Modus weiter: Verschiebe die frst64.exe vom USB-Stick auf den Desktop.
__________________ cheers, Leo |
|
08.07.2013, 15:14
| #5 |
| | GVU Trojaner, frst durchgeführt, txt datei frst.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by Wiens (administrator) on 08-07-2013 16:09:40
Running from C:\Users\Wiens\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe
(Google Inc.) C:\Users\Wiens\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Dropbox, Inc.) C:\Users\Wiens\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Facebook) C:\Users\Wiens\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Users\Wiens\AppData\Roaming\BrowserCompanion\tbhcn.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [524800 2010-12-14] (IDT, Inc.)
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-07-21] (Hewlett-Packard Company)
HKCU\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-11-22] (Hewlett-Packard Company)
HKCU\...\Run: [Google Update] "C:\Users\Wiens\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-04-04] (Google Inc.)
HKCU\...\Run: [Facebook Update] "C:\Users\Wiens\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKCU\...\Run: [MusicManager] "C:\Users\Wiens\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [7345664 2013-06-21] (Google Inc.)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
MountPoints2: H - H:\EMP_UDSe.exe /autorun
MountPoints2: {1d824580-eacb-11e0-9cfa-984be1b1e8fc} - G:\AutoRun.exe
MountPoints2: {1d82458b-eacb-11e0-9cfa-984be1b1e8fc} - G:\AutoRun.exe
MountPoints2: {34d65d4d-fe0d-11e0-9c1c-984be1b1e8fc} - G:\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083
MountPoints2: {5438bc9e-5cf8-11e0-a37e-984be1b1e8fc} - G:\EMP_UDSe.exe /autorun
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2010-12-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [111640 2010-07-23] ()
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-12-13] (EasyBits Software AS)
HKLM-x32\...\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_17_Plus\TrayServer.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [EPSON_UD_START] "C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" -UDCONNECT [329632 2008-05-22] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Wiens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Wiens\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Wiens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Wiens\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
Startup: C:\Users\Wiens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk
ShortcutTarget: tbhcn.lnk -> C:\Users\Wiens\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
URLSearchHook: (No Name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - No File
URLSearchHook: (No Name) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
HKLM-x32 SearchScopes: DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {4327FABE-3C22-4689-8DBF-D226CF777FE9} URL = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Browser Companion Helper - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( )
BHO-x32: AC-Pro - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
BHO-x32: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Browser Companion Helper Verifier - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( )
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No File
Toolbar: HKCU - No Name - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No File
DPF: HKLM-x32 {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://navigram.com/engine/v1026/Navigram.cab
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - No File
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - No File
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
Handler-x32: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
Handler-x32: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52920 2011-01-09] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Wiens\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Wiens\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Wiens\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Wiens\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchstonicde.xml
FF Extension: No Name - C:\Users\Wiens\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF HKLM-x32\...\Firefox\Extensions: [support@predictad.com] C:\Program Files (x86)\AutocompletePro\support@predictad.com
FF Extension: No Name - C:\Program Files (x86)\AutocompletePro\support@predictad.com
FF HKLM-x32\...\Firefox\Extensions: [{6E19037A-12E3-4295-8915-ED48BC341614}] C:\Program Files (x86)\RelevantKnowledge
FF HKLM-x32\...\Firefox\Extensions: [{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}] C:\Program Files (x86)\RelevantKnowledge
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Wiens\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0
CHR Extension: (James White) - C:\Users\Wiens\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0
CHR Extension: (Browser Companion Helper) - C:\Users\Wiens\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0
CHR Extension: (Ice Hockey) - C:\Users\Wiens\AppData\Local\Google\Chrome\User Data\Default\Extensions\egfmjkcakpiiklaofjplehfealdnlnci\5.0_0
CHR Extension: (Google Calendar) - C:\Users\Wiens\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0
CHR Extension: (Norton Identity Protection) - C:\Users\Wiens\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0
CHR Extension: (youGolf) - C:\Users\Wiens\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnkhpcedgmhjjfihdohdacjomilgeand\1.1_0
CHR Extension: (Springpad Extension) - C:\Users\Wiens\AppData\Local\Google\Chrome\User Data\Default\Extensions\njhgeimnepehieioinbhmfpphfoocmng\2.5.1109.21_0
==================== Services (Whitelisted) =================
R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [94208 2008-05-28] (SEIKO EPSON CORPORATION)
R2 NIS; C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
==================== Drivers (Whitelisted) ====================
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-06-03] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-06-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-18] (Symantec Corporation)
S3 ghsmdm; C:\Windows\System32\DRIVERS\ghsmdm.sys [129304 2011-08-15] (ZTE Incorporated)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130705.001\IDSvia64.sys [513184 2013-05-08] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130705.001\IDSvia64.sys [513184 2013-05-08] (Symantec Corporation)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [18456 2011-08-15] (HandSet Incorporated)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130707.005\ENG64.SYS [126040 2013-06-03] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130707.005\ENG64.SYS [126040 2013-06-03] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130707.005\EX64.SYS [2098776 2013-06-03] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130707.005\EX64.SYS [2098776 2013-06-03] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP4c\WNt500x64\Sandra.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-09 00:03 - 2013-07-09 00:03 - 00000000 ____D C:\FRST
2013-07-08 16:08 - 2013-07-08 14:00 - 01934636 ____A (Farbar) C:\Users\Wiens\Desktop\FRST64.exe
2013-07-06 14:14 - 2013-07-06 14:14 - 00000243 ____A C:\Users\Wiens\Downloads\smil (3).xml
2013-07-02 08:39 - 2013-07-02 08:39 - 04396440 ____A (Piriform Ltd) C:\Users\Wiens\Downloads\ccsetup403.exe
2013-07-02 07:39 - 2013-07-02 07:39 - 00001126 ____A C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-07-02 07:39 - 2013-07-02 07:39 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-07-02 07:35 - 2013-07-02 07:35 - 05140064 ____A (TeamViewer GmbH) C:\Users\Wiens\Downloads\TeamViewer_Setup_de (1).exe
2013-07-02 07:33 - 2013-07-02 07:33 - 05140064 ____A (TeamViewer GmbH) C:\Users\Wiens\Downloads\TeamViewer_Setup_de.exe
2013-06-29 12:01 - 2013-06-29 12:47 - 41891941 ____A C:\Users\Wiens\Downloads\Candy Crush Saga_1.13.1.apk
2013-06-27 12:04 - 2013-06-27 12:04 - 00043631 ____A C:\Users\Wiens\Downloads\Stammbaum Heinrich Wiens.ged
2013-06-27 11:56 - 2013-06-27 11:56 - 00080806 ____A C:\Users\Wiens\Downloads\1m5208_283612g258c70bkc229q1c.ged
2013-06-27 08:31 - 2013-06-27 15:30 - 00000000 ____D C:\Users\Wiens\AppData\Roaming\Ahnenblatt
2013-06-27 08:31 - 2013-06-27 08:31 - 00001889 ____A C:\Users\Wiens\Desktop\Ahnenblatt.lnk
2013-06-27 08:31 - 2013-06-27 08:31 - 00000000 ____D C:\Users\Wiens\Documents\Ahnenblatt
2013-06-27 08:31 - 2013-06-27 08:31 - 00000000 ____D C:\Program Files (x86)\Ahnenblatt
2013-06-27 08:23 - 2013-06-27 08:23 - 04707624 ____A (Dirk Boettcher ) C:\Users\Wiens\Downloads\absetup_2.74.exe
2013-06-27 08:21 - 2013-06-27 08:22 - 00000022 ____A C:\Users\Wiens\Downloads\Stammbaum.zip
2013-06-26 17:59 - 2013-06-27 08:16 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-06-26 17:59 - 2013-06-26 17:59 - 00000995 ____A C:\Users\Public\Desktop\PDFCreator.lnk
2013-06-26 17:59 - 2013-06-26 17:59 - 00000000 ____D C:\Users\Wiens\AppData\Roaming\pdfforge
2013-06-26 17:59 - 2013-04-09 15:13 - 00110264 ____A (pdfforge GmbH) C:\Windows\System32\pdfcmon.dll
2013-06-26 17:59 - 2012-05-05 11:54 - 00137000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2013-06-26 17:59 - 2012-05-05 11:54 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2013-06-26 17:59 - 1998-07-06 18:56 - 00125712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2013-06-26 17:59 - 1998-07-06 18:55 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2013-06-26 17:36 - 2013-06-26 17:36 - 17502040 ____A (pdfforge GbR) C:\Users\Wiens\Downloads\PDFCreator-1_7_0_setup.exe
2013-06-26 17:17 - 2013-06-26 17:17 - 00264192 ____H C:\Users\Wiens\Downloads\~WRL0005.tmp
2013-06-24 19:46 - 2013-06-24 19:46 - 00000000 ____D C:\Users\Wiens\AppData\Local\{8CBB581C-DC10-422D-93F9-684E4BB05696}
2013-06-21 15:01 - 2013-06-21 15:11 - 00000000 ____D C:\Users\Wiens\AppData\Local\Brand Thunder
2013-06-21 15:00 - 2013-06-21 15:00 - 00331112 ____A C:\Users\Wiens\Downloads\blackhawks_chrome_installer.exe
2013-06-21 10:59 - 2013-06-21 11:00 - 00000000 ____D C:\Users\Wiens\AppData\Local\{8A254666-6FE0-4103-A74F-835517AEB4B9}
2013-06-19 20:02 - 2013-06-20 12:01 - 00000000 ____D C:\Users\Wiens\AppData\Local\{E6F8212E-47D6-4199-966F-66C637356F49}
2013-06-17 09:37 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-17 09:37 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-17 09:37 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-17 09:37 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-17 09:37 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-17 09:37 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-17 09:37 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-17 09:37 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-17 09:37 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-17 09:37 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-17 09:37 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-17 09:37 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 07:08 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 07:08 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 07:08 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 07:08 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 07:08 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 07:08 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 07:08 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 07:08 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 07:08 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 07:08 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 07:08 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 07:08 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 07:08 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 07:08 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 07:08 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 07:08 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 07:08 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 07:08 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 07:08 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 16:45 - 2013-06-12 18:23 - 00000000 ____D C:\Users\Wiens\Desktop\Luka Ebay
2013-06-12 12:37 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 12:37 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 12:37 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 12:37 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 12:37 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 12:37 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 12:37 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 12:37 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 12:37 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 12:37 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 12:37 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 12:35 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 12:35 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 12:35 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 12:35 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 12:35 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 12:35 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 12:34 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 12:34 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
==================== One Month Modified Files and Folders =======
2013-07-09 00:03 - 2013-07-09 00:03 - 00000000 ____D C:\FRST
2013-07-08 16:03 - 2012-05-25 13:37 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-08 15:25 - 2011-04-04 20:33 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-08 15:18 - 2011-07-28 00:48 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1701580033-1802787508-3007128120-1001UA.job
2013-07-08 15:16 - 2011-03-28 23:10 - 00000000 ____D C:\Users\Wiens\AppData\Roaming\Skype
2013-07-08 15:09 - 2011-07-13 23:03 - 00000000 ___RD C:\Users\Wiens\Dropbox
2013-07-08 15:09 - 2011-07-13 23:02 - 00000000 ____D C:\Users\Wiens\AppData\Roaming\Dropbox
2013-07-08 15:04 - 2012-07-27 20:14 - 00000000 ____D C:\Users\Wiens\AppData\Roaming\BrowserCompanion
2013-07-08 14:52 - 2009-07-14 06:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-08 14:52 - 2009-07-14 06:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-08 14:48 - 2013-01-27 21:18 - 01318320 ____A C:\Windows\WindowsUpdate.log
2013-07-08 14:44 - 2011-04-04 20:33 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-08 14:43 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-08 14:00 - 2013-07-08 16:08 - 01934636 ____A (Farbar) C:\Users\Wiens\Desktop\FRST64.exe
2013-07-08 13:30 - 2011-09-04 08:16 - 00001116 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1701580033-1802787508-3007128120-1001Core.job
2013-07-08 13:23 - 2011-03-25 22:06 - 00000000 ____D C:\Users\Wiens\Documents\Youcam
2013-07-08 13:18 - 2011-01-10 02:49 - 41104322 ____A C:\Windows\System32\perfh007.dat
2013-07-08 13:18 - 2011-01-10 02:49 - 13348256 ____A C:\Windows\System32\perfc007.dat
2013-07-08 13:18 - 2009-07-14 07:13 - 00005426 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-08 13:16 - 2011-09-04 08:16 - 00001138 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1701580033-1802787508-3007128120-1001UA.job
2013-07-07 20:18 - 2011-07-28 00:48 - 00001068 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1701580033-1802787508-3007128120-1001Core.job
2013-07-07 15:33 - 2011-11-20 19:17 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-07-07 15:33 - 2011-03-27 17:37 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-07-06 14:14 - 2013-07-06 14:14 - 00000243 ____A C:\Users\Wiens\Downloads\smil (3).xml
2013-07-06 11:50 - 2013-02-10 23:53 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForWiens.job
2013-07-06 11:50 - 2009-07-14 06:45 - 00407864 ____A C:\Windows\System32\FNTCACHE.DAT
2013-07-05 07:48 - 2011-03-28 19:45 - 00000000 ____D C:\Users\Wiens\AppData\Local\CrashDumps
2013-07-03 16:13 - 2011-03-25 20:46 - 00114104 ____A C:\Users\Wiens\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-03 12:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-02 08:40 - 2011-04-04 20:34 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-07-02 08:40 - 2011-04-04 20:34 - 00000000 ____D C:\Program Files\CCleaner
2013-07-02 08:39 - 2013-07-02 08:39 - 04396440 ____A (Piriform Ltd) C:\Users\Wiens\Downloads\ccsetup403.exe
2013-07-02 07:39 - 2013-07-02 07:39 - 00001126 ____A C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-07-02 07:39 - 2013-07-02 07:39 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-07-02 07:35 - 2013-07-02 07:35 - 05140064 ____A (TeamViewer GmbH) C:\Users\Wiens\Downloads\TeamViewer_Setup_de (1).exe
2013-07-02 07:33 - 2013-07-02 07:33 - 05140064 ____A (TeamViewer GmbH) C:\Users\Wiens\Downloads\TeamViewer_Setup_de.exe
2013-07-01 00:47 - 2011-03-28 23:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-01 00:47 - 2011-03-28 23:10 - 00000000 ____D C:\ProgramData\Skype
2013-07-01 00:45 - 2009-09-07 02:40 - 00000000 ____D C:\SwSetup
2013-06-29 12:47 - 2013-06-29 12:01 - 41891941 ____A C:\Users\Wiens\Downloads\Candy Crush Saga_1.13.1.apk
2013-06-28 10:09 - 2011-03-28 22:48 - 00000000 ____D C:\Users\Wiens\Documents\CSL Junioren
2013-06-28 06:36 - 2012-04-10 06:04 - 00000000 ____D C:\Users\Wiens\Documents\Camp 2012
2013-06-27 20:43 - 2011-03-25 23:26 - 00000000 ____D C:\Users\Wiens\AppData\Local\Microsoft Games
2013-06-27 15:30 - 2013-06-27 08:31 - 00000000 ____D C:\Users\Wiens\AppData\Roaming\Ahnenblatt
2013-06-27 12:04 - 2013-06-27 12:04 - 00043631 ____A C:\Users\Wiens\Downloads\Stammbaum Heinrich Wiens.ged
2013-06-27 11:56 - 2013-06-27 11:56 - 00080806 ____A C:\Users\Wiens\Downloads\1m5208_283612g258c70bkc229q1c.ged
2013-06-27 08:31 - 2013-06-27 08:31 - 00001889 ____A C:\Users\Wiens\Desktop\Ahnenblatt.lnk
2013-06-27 08:31 - 2013-06-27 08:31 - 00000000 ____D C:\Users\Wiens\Documents\Ahnenblatt
2013-06-27 08:31 - 2013-06-27 08:31 - 00000000 ____D C:\Program Files (x86)\Ahnenblatt
2013-06-27 08:23 - 2013-06-27 08:23 - 04707624 ____A (Dirk Boettcher ) C:\Users\Wiens\Downloads\absetup_2.74.exe
2013-06-27 08:22 - 2013-06-27 08:21 - 00000022 ____A C:\Users\Wiens\Downloads\Stammbaum.zip
2013-06-27 08:16 - 2013-06-26 17:59 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-06-26 17:59 - 2013-06-26 17:59 - 00000995 ____A C:\Users\Public\Desktop\PDFCreator.lnk
2013-06-26 17:59 - 2013-06-26 17:59 - 00000000 ____D C:\Users\Wiens\AppData\Roaming\pdfforge
2013-06-26 17:36 - 2013-06-26 17:36 - 17502040 ____A (pdfforge GbR) C:\Users\Wiens\Downloads\PDFCreator-1_7_0_setup.exe
2013-06-26 17:35 - 2013-02-23 23:48 - 00000000 ____D C:\Users\Wiens\Documents\CSL Jugend
2013-06-26 17:17 - 2013-06-26 17:17 - 00264192 ____H C:\Users\Wiens\Downloads\~WRL0005.tmp
2013-06-24 19:46 - 2013-06-24 19:46 - 00000000 ____D C:\Users\Wiens\AppData\Local\{8CBB581C-DC10-422D-93F9-684E4BB05696}
2013-06-23 14:21 - 2013-05-08 21:19 - 00002505 ____A C:\Users\Public\Desktop\Norton Internet Security CBE.lnk
2013-06-23 14:21 - 2013-05-08 21:18 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
2013-06-21 15:11 - 2013-06-21 15:01 - 00000000 ____D C:\Users\Wiens\AppData\Local\Brand Thunder
2013-06-21 15:00 - 2013-06-21 15:00 - 00331112 ____A C:\Users\Wiens\Downloads\blackhawks_chrome_installer.exe
2013-06-21 11:00 - 2013-06-21 10:59 - 00000000 ____D C:\Users\Wiens\AppData\Local\{8A254666-6FE0-4103-A74F-835517AEB4B9}
2013-06-20 12:01 - 2013-06-19 20:02 - 00000000 ____D C:\Users\Wiens\AppData\Local\{E6F8212E-47D6-4199-966F-66C637356F49}
2013-06-19 12:15 - 2013-05-08 21:19 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2013-06-19 12:15 - 2013-05-08 21:19 - 00007631 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2013-06-17 21:49 - 2009-09-07 03:57 - 00000000 ____D C:\Windows\Panther
2013-06-16 14:51 - 2012-12-15 21:23 - 00000342 ____A C:\Windows\Tasks\HPCeeScheduleForWIENS-HP$.job
2013-06-13 16:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 07:09 - 2011-05-16 05:53 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 18:23 - 2013-06-12 16:45 - 00000000 ____D C:\Users\Wiens\Desktop\Luka Ebay
2013-06-12 09:03 - 2012-05-25 13:37 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 09:03 - 2011-09-01 00:03 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-09 18:38 - 2011-09-04 21:00 - 00001017 ____A C:\Users\Wiens\Desktop\Dropbox.lnk
2013-06-08 16:08 - 2013-06-17 09:37 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-17 09:37 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-17 09:37 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-17 09:37 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-17 09:37 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-17 09:37 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-17 09:37 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-17 09:37 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-17 09:37 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-17 09:37 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-17 09:37 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-17 09:37 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
Files to move or delete:
====================
C:\Users\Wiens\ccsetup305.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-03 19:45
==================== End Of Log ============================
Addition.txt FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-07-2013
Ran by Wiens at 2013-07-08 16:10:24
Running from C:\Users\Wiens\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Update for Microsoft Office 2007 (KB2508958) (x32)
7-Zip 9.20 (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.8.612)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
Ahnenblatt 2.74 (x32 Version: 2.74.0.1)
Amazon MP3-Downloader 1.0.17 (x32 Version: 1.0.17)
Apple Application Support (x32 Version: 2.3)
Apple Software Update (x32 Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.804.0)
AutocompletePro (x32)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Blasterball 3 (x32 Version: 2.2.0.95)
Bounce Symphony (x32 Version: 2.2.0.95)
BrowserCompanion (x32)
Build-a-Lot - The Elizabethan Era (x32 Version: 2.2.0.95)
Cake Mania (x32 Version: 2.2.0.95)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.1217.1530.27758)
Catalyst Control Center InstallProxy (x32 Version: 2010.1217.1530.27758)
Catalyst Control Center Localization All (x32 Version: 2010.1217.1530.27758)
Catalyst Control Center Profiles Mobile (x32 Version: 2010.1217.1530.27758)
CCC Help Chinese Standard (x32 Version: 2010.1217.1529.27758)
CCC Help Chinese Traditional (x32 Version: 2010.1217.1529.27758)
CCC Help Czech (x32 Version: 2010.1217.1529.27758)
CCC Help Danish (x32 Version: 2010.1217.1529.27758)
CCC Help Dutch (x32 Version: 2010.1217.1529.27758)
CCC Help English (x32 Version: 2010.1217.1529.27758)
CCC Help Finnish (x32 Version: 2010.1217.1529.27758)
CCC Help French (x32 Version: 2010.1217.1529.27758)
CCC Help German (x32 Version: 2010.1217.1529.27758)
CCC Help Greek (x32 Version: 2010.1217.1529.27758)
CCC Help Hungarian (x32 Version: 2010.1217.1529.27758)
CCC Help Italian (x32 Version: 2010.1217.1529.27758)
CCC Help Japanese (x32 Version: 2010.1217.1529.27758)
CCC Help Korean (x32 Version: 2010.1217.1529.27758)
CCC Help Norwegian (x32 Version: 2010.1217.1529.27758)
CCC Help Polish (x32 Version: 2010.1217.1529.27758)
CCC Help Portuguese (x32 Version: 2010.1217.1529.27758)
CCC Help Russian (x32 Version: 2010.1217.1529.27758)
CCC Help Spanish (x32 Version: 2010.1217.1529.27758)
CCC Help Swedish (x32 Version: 2010.1217.1529.27758)
CCC Help Thai (x32 Version: 2010.1217.1529.27758)
ccc-core-static (x32 Version: 2010.1217.1530.27758)
ccc-utility64 (Version: 2010.1217.1530.27758)
CCleaner (Version: 4.03)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
CyberLink DVD Suite (x32 Version: 7.0.3525)
CyberLink YouCam (x32 Version: 3.2.1.3609)
D3DX10 (x32 Version: 15.4.2368.0902)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
Dropbox (HKCU Version: 2.0.22)
Energy Star Digital Logo (x32 Version: 1.0.1)
EPSON USB Display (x32 Version: 1.40.000)
ESU for Microsoft Windows 7 (x32 Version: 1.0.0)
Express Zip (x32)
Facebook Messenger 2.1.4814.0 (x32 Version: 2.1.4814.0)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Farm Frenzy (x32 Version: 2.2.0.95)
FATE (x32 Version: 2.2.0.95)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.27.0)
Free YouTube Download version 3.2.1.320 (x32 Version: 3.2.1.320)
GIMP 2.6.11 (x32 Version: 2.6.11)
Google Chrome (x32 Version: 27.0.1453.116)
Google Earth (x32 Version: 7.0.3.8542)
Google SketchUp 8 (x32 Version: 3.0.4993)
Google Update Helper (x32 Version: 1.3.21.149)
Handset USB Driver (Version: 5.2066.1.9B05)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP Auto (Version: 1.0.12494.3472)
HP Client Services (Version: 1.0.12656.3472)
HP CloudDrive (x32)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Documentation (x32 Version: 1.1.0.0)
HP Game Console (x32)
HP Games (x32 Version: 1.0.1.5)
HP On Screen Display (x32 Version: 1.3.5)
HP Power Manager (x32 Version: 1.1.2)
HP Quick Launch (x32 Version: 2.7.2)
HP Setup (x32 Version: 8.4.4487.3576)
HP Setup Manager (x32 Version: 1.0.12845.3522)
HP Software Framework (x32 Version: 4.6.10.1)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Wireless Assistant (Version: 4.0.10.0)
IDT Audio (x32 Version: 1.0.6315.0)
Insaniquarium Deluxe (x32 Version: 2.2.0.95)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Display Audio Driver (x32 Version: 6.14.00.3074)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.2.1004)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.02.00.1002)
Java 7 Update 13 (x32 Version: 7.0.130)
Java Auto Updater (x32 Version: 2.1.9.0)
Java(TM) 6 Update 11 (x32 Version: 6.0.110)
Java(TM) 6 Update 22 (64-bit) (Version: 6.0.220)
Java(TM) 6 Update 31 (x32 Version: 6.0.310)
JavaFX 2.1.1 (x32 Version: 2.1.1)
Jewel Quest II (x32 Version: 2.2.0.95)
Jewel Quest Solitaire (x32 Version: 2.2.0.95)
John Deere Drive Green (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
LabelPrint (x32 Version: 2.5.3429)
LightScribe System Software (x32 Version: 1.18.20.1)
Magic Desktop (x32 Version: 3.0)
MAGIX Screenshare (x32 Version: 4.3.6.1987)
MAGIX Speed burnR (MSI) (x32 Version: 7.0.2.6)
MAGIX Video deluxe 17 Plus (x32 Version: 10.0.2.8)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (x32 Version: 2.2.114.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP1 English (x32 Version: 3.5.5692.0)
Microsoft SQL Server Compact 3.5 SP1 x64 English (Version: 3.5.5692.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Thunderbird 12.0.1 (x86 de) (x32 Version: 12.0.1)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (x32 Version: 1.0.3.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Music Manager (HKCU)
MusicStation (x32 Version: 2.0.5.71)
Norton Internet Security CBE (x32 Version: 20.4.0.40)
PC Connectivity Solution (x32 Version: 10.50.2.0)
PDF Architect (x32 Version: 1.0.52.8917)
PDFCreator (x32 Version: 1.7.0)
PDF-XChange Viewer (Version: 2.5.195.0)
Penguins! (x32 Version: 2.2.0.95)
PhotoScape (x32)
Picasa 3 (x32 Version: 3.9)
PictureMover (x32 Version: 3.5.0.35)
Plants vs. Zombies (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.95)
Power2Go (x32 Version: 6.1.4725)
PX Profile Update (x32 Version: 1.00.1.)
QuickTime (x32 Version: 7.73.80.64)
Ralink RT5390 802.11b/g/n WiFi Adapter (x32 Version: 3.2.13.0)
Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011)
Realtek PCIE Card Reader (x32 Version: 6.1.7600.69)
Recovery Manager (x32 Version: 1.0.22)
Skype Click to Call (x32 Version: 6.3.11079)
Skype™ 6.5 (x32 Version: 6.5.158)
Slingo Deluxe (x32 Version: 2.2.0.95)
Switch Sound File Converter (x32)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.2.4.4)
TeamViewer 8 (x32 Version: 8.0.19045)
Tinypic 3.16 (x32 Version: Tinypic 3.16)
Tunatic (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95)
VLC media player 2.0.1 (x32 Version: 2.0.1)
VLC media player 2.0.2 (Version: 2.0.2)
Wedding Dash (x32 Version: 2.2.0.95)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Windows Movie Maker 2.6 (x32 Version: 2.6.4037.0)
Winload Toolbar (x32 Version: 6.3.3.3)
WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0)
Zeitnehmer 2013 Version 2.0.0 (x32 Version: 2.0.0)
ZTE Handset USB Driver
Zuma Deluxe (x32 Version: 2.2.0.95)
==================== Restore Points =========================
13-06-2013 05:06:41 Windows Update
14-06-2013 04:47:03 Windows Update
17-06-2013 07:36:38 Windows Update
26-06-2013 10:37:11 Geplanter Prüfpunkt
30-06-2013 22:38:31 HPSF Applying updates
30-06-2013 22:38:31 HPSF Applying updates
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {2A136CFE-A238-4880-95D1-0F60CD6E8A8A} - System32\Tasks\Norton Internet Security CBE\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {2B25FA4C-D53B-4E2A-8489-590CDDE2F5F4} - System32\Tasks\HPCeeScheduleForWIENS-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {3D378CC5-6614-4708-8F4A-0C532C4E8770} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {4C1238AC-3C97-496F-B473-57DD921FC72A} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-11-17] ()
Task: {4C46E181-A857-4FFA-A862-C7F9E9CEDF1B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1701580033-1802787508-3007128120-1001Core => C:\Users\Wiens\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-04] (Google Inc.)
Task: {530E7E3E-A3DA-46F0-A5D7-A5E5116782FE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {662C8B58-6201-44C5-98B9-45532817D888} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1701580033-1802787508-3007128120-1001Core => C:\Users\Wiens\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {67E74CB8-6134-4A03-999D-DEF07139C09D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {74A89AE7-9B5D-4509-B9A8-3DFA79B7068A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1701580033-1802787508-3007128120-1001UA => C:\Users\Wiens\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {8894398D-6F0B-4558-868D-A0A7049735C0} - System32\Tasks\Norton Internet Security CBE\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {8D02111E-20FE-4A25-8663-68C1AB9F923E} - System32\Tasks\NCH Software\ExpressZipDowngrade => C:\Program Files (x86)\NCH Software\ExpressZip\expresszip.exe [2012-10-12] (NCH Software)
Task: {A14B1CC1-FA3C-4DE1-8C38-32AE6D61B98C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {A7E1D4CA-EDC1-44C4-B8C1-59502B0C7936} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-04] (Google Inc.)
Task: {B16D24DC-5EA9-40DD-97E1-BC908992AD2D} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {CBA243C1-0B2D-40A7-9F23-B82144D7405A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-12-11] (CyberLink)
Task: {D9701848-252C-4894-AEF0-3669F6E8F7A6} - System32\Tasks\HPCeeScheduleForWiens => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {DD85A624-DE60-4D90-8343-757CBDE76CD4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {F0A0CB60-2795-46E1-9DD7-1F0572A067AB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-04] (Google Inc.)
Task: {F2BB17D4-A01D-465D-B1E1-8D0E3AC109BF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {F5282FEF-6F97-4BB1-BD4C-CAF534AF128B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {FA4E7226-C5A7-4E62-B69B-B5A861B91B3B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1701580033-1802787508-3007128120-1001UA => C:\Users\Wiens\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-04] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1701580033-1802787508-3007128120-1001Core.job => C:\Users\Wiens\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1701580033-1802787508-3007128120-1001UA.job => C:\Users\Wiens\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1701580033-1802787508-3007128120-1001Core.job => C:\Users\Wiens\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1701580033-1802787508-3007128120-1001UA.job => C:\Users\Wiens\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForWIENS-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForWiens.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/08/2013 02:55:15 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error: (07/08/2013 01:18:25 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (07/08/2013 01:18:25 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (07/08/2013 01:18:25 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (07/07/2013 09:47:19 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (07/07/2013 09:47:19 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (07/07/2013 09:47:19 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (07/07/2013 09:43:53 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (07/07/2013 09:43:53 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (07/07/2013 09:43:53 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
System errors:
=============
Error: (07/08/2013 02:44:59 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HPWMISVC erreicht.
Error: (07/08/2013 02:43:22 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?08.?07.?2013 um 14:08:19 unerwartet heruntergefahren.
Error: (07/08/2013 02:07:38 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?08.?07.?2013 um 13:53:58 unerwartet heruntergefahren.
Error: (07/08/2013 01:47:32 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (07/08/2013 01:44:52 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD
BHDrvx64
ccSet_NIS
DfsC
discache
eeCtrl
IDSVia64
NetBIOS
NetBT
nsiproxy
Psched
rdbss
spldr
SRTSPX
SymIRON
SymNetS
tdx
vwififlt
Wanarpv6
WfpLwf
Error: (07/08/2013 01:44:52 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Client Virtualization Handler" ist vom Dienst "Application Virtualization Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/08/2013 01:44:52 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/08/2013 01:44:52 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/08/2013 01:44:52 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/08/2013 01:44:52 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst "Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%31
Microsoft Office Sessions:
=========================
Error: (05/31/2012 09:01:08 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 11 seconds with 0 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 71%
Total physical RAM: 3893.86 MB
Available physical RAM: 1102.98 MB
Total Pagefile: 7785.9 MB
Available Pagefile: 4269.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:450.93 GB) (Free:259.46 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.53 GB) (Free:1.79 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 (Disk=0 Partition=4)
Drive g: () (Removable) (Total:1.85 GB) (Free:1.85 GB) FAT32 (Disk=2 Partition=1)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: FBCCF9BA)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
========================================================
Disk: 2 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=2 GB) - (Type=0B)
==================== End Of Log ============================
|
|
08.07.2013, 15:23
| #6 |
| /// TB-Ausbilder | GVU Trojaner, frst durchgeführt, txt datei Ok, weiter: Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Starte noch einmal FRST.
Bitte poste in deiner nächsten Antwort:
__________________ --> GVU Trojaner, frst durchgeführt, txt datei |
|
08.07.2013, 15:37
| #7 |
| | GVU Trojaner, frst durchgeführt, txt datei AdwCleaner.txtAdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.304 - Datei am 08/07/2013 um 16:28:45 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Wiens - WIENS-HP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Wiens\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\Users\Wiens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk
Datei Gelöscht : C:\Users\Wiens\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Windows\SysWOW64\conduitEngine.tmp
Ordner Gelöscht : C:\Program Files (x86)\AutocompletePro
Ordner Gelöscht : C:\Program Files (x86)\BrowserCompanion
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\ConduitEngine
Ordner Gelöscht : C:\Program Files (x86)\Ilivid
Ordner Gelöscht : C:\Program Files (x86)\Winload
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
Ordner Gelöscht : C:\Users\Wiens\AppData\Local\APN
Ordner Gelöscht : C:\Users\Wiens\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Wiens\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf
Ordner Gelöscht : C:\Users\Wiens\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Wiens\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Wiens\AppData\LocalLow\bbrs_002.tb
Ordner Gelöscht : C:\Users\Wiens\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Wiens\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Wiens\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\Wiens\AppData\LocalLow\Winload
Ordner Gelöscht : C:\Users\Wiens\AppData\Roaming\BrowserCompanion
Ordner Gelöscht : C:\Users\Wiens\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Wiens\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Winload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AutocompletePro
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Schlüssel Gelöscht : HKLM\Software\BrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{415C1A67-4A26-4B4E-BAF0-7F901B23E622}
Schlüssel Gelöscht : HKLM\Software\Winload
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{415C1A67-4A26-4B4E-BAF0-7F901B23E622}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3654A0D4-2DAE-4B83-9C24-B2415CAA41F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C011004-A20A-4D5D-96D7-B412E1A2C854}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A21CAFD0-BA42-4D34-939A-4093A1DA40CE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AutocompletePro2_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winload Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [support@predictad.com]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16611
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.startfenster.com --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4 --> hxxp://www.google.com
-\\ Google Chrome v27.0.1453.116
Datei : C:\Users\Wiens\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v [Version kann nicht ermittelt werden]
Datei : C:\Users\Wiens\AppData\Roaming\Opera\Opera\operaprefs.ini
Gelöscht : Home URL=hxxp://www.startfenster.com
*************************
AdwCleaner[S1].txt - [14022 octets] - [08/07/2013 16:28:45]
########## EOF - C:\AdwCleaner[S1].txt - [14083 octets] ##########
frst.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by Wiens (administrator) on 08-07-2013 16:34:33
Running from C:\Users\Wiens\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Google Inc.) C:\Users\Wiens\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Wiens\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Facebook) C:\Users\Wiens\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [524800 2010-12-14] (IDT, Inc.)
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-07-21] (Hewlett-Packard Company)
HKCU\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-11-22] (Hewlett-Packard Company)
HKCU\...\Run: [Google Update] "C:\Users\Wiens\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-04-04] (Google Inc.)
HKCU\...\Run: [Facebook Update] "C:\Users\Wiens\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKCU\...\Run: [MusicManager] "C:\Users\Wiens\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [7345664 2013-06-21] (Google Inc.)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
MountPoints2: H - H:\EMP_UDSe.exe /autorun
MountPoints2: {1d824580-eacb-11e0-9cfa-984be1b1e8fc} - G:\AutoRun.exe
MountPoints2: {1d82458b-eacb-11e0-9cfa-984be1b1e8fc} - G:\AutoRun.exe
MountPoints2: {34d65d4d-fe0d-11e0-9c1c-984be1b1e8fc} - G:\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083
MountPoints2: {5438bc9e-5cf8-11e0-a37e-984be1b1e8fc} - G:\EMP_UDSe.exe /autorun
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2010-12-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [111640 2010-07-23] ()
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-12-13] (EasyBits Software AS)
HKLM-x32\...\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_17_Plus\TrayServer.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [EPSON_UD_START] "C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" -UDCONNECT [329632 2008-05-22] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Wiens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Wiens\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Wiens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Wiens\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
URLSearchHook: (No Name) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No File
DPF: HKLM-x32 {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://navigram.com/engine/v1026/Navigram.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52920 2011-01-09] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Wiens\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Wiens\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Wiens\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Wiens\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchstonicde.xml
FF Extension: No Name - C:\Users\Wiens\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF HKLM-x32\...\Firefox\Extensions: [{6E19037A-12E3-4295-8915-ED48BC341614}] C:\Program Files (x86)\RelevantKnowledge
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.de/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: ( "name": "",) - C:\Users\Wiens\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\chromeNPAPI.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
CHR Plugin: (Facebook Desktop) - C:\Users\Wiens\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Wiens\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Wiens\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0
CHR Extension: (James White) - C:\Users\Wiens\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0
CHR Extension: (Ice Hockey) - C:\Users\Wiens\AppData\Local\Google\Chrome\User Data\Default\Extensions\egfmjkcakpiiklaofjplehfealdnlnci\5.0_0
CHR Extension: (Google Calendar) - C:\Users\Wiens\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0
CHR Extension: (Norton Identity Protection) - C:\Users\Wiens\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0
CHR Extension: (youGolf) - C:\Users\Wiens\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnkhpcedgmhjjfihdohdacjomilgeand\1.1_0
CHR Extension: (Springpad Extension) - C:\Users\Wiens\AppData\Local\Google\Chrome\User Data\Default\Extensions\njhgeimnepehieioinbhmfpphfoocmng\2.5.1109.21_0
==================== Services (Whitelisted) =================
R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [94208 2008-05-28] (SEIKO EPSON CORPORATION)
R2 NIS; C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
==================== Drivers (Whitelisted) ====================
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-06-03] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-06-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-18] (Symantec Corporation)
S3 ghsmdm; C:\Windows\System32\DRIVERS\ghsmdm.sys [129304 2011-08-15] (ZTE Incorporated)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130705.001\IDSvia64.sys [513184 2013-05-08] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130705.001\IDSvia64.sys [513184 2013-05-08] (Symantec Corporation)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [18456 2011-08-15] (HandSet Incorporated)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130707.005\ENG64.SYS [126040 2013-06-03] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130707.005\ENG64.SYS [126040 2013-06-03] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130707.005\EX64.SYS [2098776 2013-06-03] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130707.005\EX64.SYS [2098776 2013-06-03] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP4c\WNt500x64\Sandra.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-09 00:03 - 2013-07-09 00:03 - 00000000 ____D C:\FRST
2013-07-08 16:31 - 2013-07-08 16:31 - 00000056 ____A C:\Windows\setupact.log
2013-07-08 16:31 - 2013-07-08 16:31 - 00000000 ____A C:\Windows\setuperr.log
2013-07-08 16:28 - 2013-07-08 16:29 - 00014127 ____A C:\AdwCleaner[S1].txt
2013-07-08 16:27 - 2013-07-08 16:27 - 00650027 ____A C:\Users\Wiens\Downloads\adwcleaner.exe
2013-07-08 16:10 - 2013-07-08 16:10 - 00027662 ____A C:\Users\Wiens\Desktop\Addition.txt
2013-07-08 16:08 - 2013-07-08 14:00 - 01934636 ____A (Farbar) C:\Users\Wiens\Desktop\FRST64.exe
2013-07-06 14:14 - 2013-07-06 14:14 - 00000243 ____A C:\Users\Wiens\Downloads\smil (3).xml
2013-07-02 08:39 - 2013-07-02 08:39 - 04396440 ____A (Piriform Ltd) C:\Users\Wiens\Downloads\ccsetup403.exe
2013-07-02 07:39 - 2013-07-02 07:39 - 00001126 ____A C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-07-02 07:39 - 2013-07-02 07:39 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-07-02 07:35 - 2013-07-02 07:35 - 05140064 ____A (TeamViewer GmbH) C:\Users\Wiens\Downloads\TeamViewer_Setup_de (1).exe
2013-07-02 07:33 - 2013-07-02 07:33 - 05140064 ____A (TeamViewer GmbH) C:\Users\Wiens\Downloads\TeamViewer_Setup_de.exe
2013-06-29 12:01 - 2013-06-29 12:47 - 41891941 ____A C:\Users\Wiens\Downloads\Candy Crush Saga_1.13.1.apk
2013-06-27 12:04 - 2013-06-27 12:04 - 00043631 ____A C:\Users\Wiens\Downloads\Stammbaum Heinrich Wiens.ged
2013-06-27 11:56 - 2013-06-27 11:56 - 00080806 ____A C:\Users\Wiens\Downloads\1m5208_283612g258c70bkc229q1c.ged
2013-06-27 08:31 - 2013-06-27 15:30 - 00000000 ____D C:\Users\Wiens\AppData\Roaming\Ahnenblatt
2013-06-27 08:31 - 2013-06-27 08:31 - 00001889 ____A C:\Users\Wiens\Desktop\Ahnenblatt.lnk
2013-06-27 08:31 - 2013-06-27 08:31 - 00000000 ____D C:\Users\Wiens\Documents\Ahnenblatt
2013-06-27 08:31 - 2013-06-27 08:31 - 00000000 ____D C:\Program Files (x86)\Ahnenblatt
2013-06-27 08:23 - 2013-06-27 08:23 - 04707624 ____A (Dirk Boettcher ) C:\Users\Wiens\Downloads\absetup_2.74.exe
2013-06-27 08:21 - 2013-06-27 08:22 - 00000022 ____A C:\Users\Wiens\Downloads\Stammbaum.zip
2013-06-26 17:59 - 2013-06-27 08:16 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-06-26 17:59 - 2013-06-26 17:59 - 00000995 ____A C:\Users\Public\Desktop\PDFCreator.lnk
2013-06-26 17:59 - 2013-04-09 15:13 - 00110264 ____A (pdfforge GmbH) C:\Windows\System32\pdfcmon.dll
2013-06-26 17:59 - 2012-05-05 11:54 - 00137000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2013-06-26 17:59 - 2012-05-05 11:54 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2013-06-26 17:59 - 1998-07-06 18:56 - 00125712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2013-06-26 17:59 - 1998-07-06 18:55 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2013-06-26 17:36 - 2013-06-26 17:36 - 17502040 ____A (pdfforge GbR) C:\Users\Wiens\Downloads\PDFCreator-1_7_0_setup.exe
2013-06-26 17:17 - 2013-06-26 17:17 - 00264192 ____H C:\Users\Wiens\Downloads\~WRL0005.tmp
2013-06-24 19:46 - 2013-06-24 19:46 - 00000000 ____D C:\Users\Wiens\AppData\Local\{8CBB581C-DC10-422D-93F9-684E4BB05696}
2013-06-21 15:01 - 2013-06-21 15:11 - 00000000 ____D C:\Users\Wiens\AppData\Local\Brand Thunder
2013-06-21 15:00 - 2013-06-21 15:00 - 00331112 ____A C:\Users\Wiens\Downloads\blackhawks_chrome_installer.exe
2013-06-21 10:59 - 2013-06-21 11:00 - 00000000 ____D C:\Users\Wiens\AppData\Local\{8A254666-6FE0-4103-A74F-835517AEB4B9}
2013-06-19 20:02 - 2013-06-20 12:01 - 00000000 ____D C:\Users\Wiens\AppData\Local\{E6F8212E-47D6-4199-966F-66C637356F49}
2013-06-17 09:37 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-17 09:37 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-17 09:37 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-17 09:37 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-17 09:37 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-17 09:37 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-17 09:37 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-17 09:37 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-17 09:37 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-17 09:37 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-17 09:37 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-17 09:37 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 07:08 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 07:08 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 07:08 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 07:08 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 07:08 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 07:08 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 07:08 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 07:08 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 07:08 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 07:08 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 07:08 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 07:08 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 07:08 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 07:08 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 07:08 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 07:08 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 07:08 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 07:08 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 07:08 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 16:45 - 2013-06-12 18:23 - 00000000 ____D C:\Users\Wiens\Desktop\Luka Ebay
2013-06-12 12:37 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 12:37 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 12:37 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 12:37 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 12:37 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 12:37 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 12:37 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 12:37 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 12:37 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 12:37 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 12:37 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 12:35 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 12:35 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 12:35 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 12:35 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 12:35 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 12:35 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 12:34 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 12:34 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
==================== One Month Modified Files and Folders =======
2013-07-09 00:03 - 2013-07-09 00:03 - 00000000 ____D C:\FRST
2013-07-08 16:33 - 2011-03-28 23:10 - 00000000 ____D C:\Users\Wiens\AppData\Roaming\Skype
2013-07-08 16:32 - 2011-07-13 23:03 - 00000000 ___RD C:\Users\Wiens\Dropbox
2013-07-08 16:32 - 2011-07-13 23:02 - 00000000 ____D C:\Users\Wiens\AppData\Roaming\Dropbox
2013-07-08 16:31 - 2013-07-08 16:31 - 00000056 ____A C:\Windows\setupact.log
2013-07-08 16:31 - 2013-07-08 16:31 - 00000000 ____A C:\Windows\setuperr.log
2013-07-08 16:31 - 2011-04-04 20:33 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-08 16:31 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-08 16:29 - 2013-07-08 16:28 - 00014127 ____A C:\AdwCleaner[S1].txt
2013-07-08 16:29 - 2013-01-27 21:18 - 01323636 ____A C:\Windows\WindowsUpdate.log
2013-07-08 16:27 - 2013-07-08 16:27 - 00650027 ____A C:\Users\Wiens\Downloads\adwcleaner.exe
2013-07-08 16:25 - 2011-04-04 20:33 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-08 16:18 - 2011-07-28 00:48 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1701580033-1802787508-3007128120-1001UA.job
2013-07-08 16:10 - 2013-07-08 16:10 - 00027662 ____A C:\Users\Wiens\Desktop\Addition.txt
2013-07-08 16:03 - 2012-05-25 13:37 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-08 14:52 - 2009-07-14 06:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-08 14:52 - 2009-07-14 06:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-08 14:00 - 2013-07-08 16:08 - 01934636 ____A (Farbar) C:\Users\Wiens\Desktop\FRST64.exe
2013-07-08 13:30 - 2011-09-04 08:16 - 00001116 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1701580033-1802787508-3007128120-1001Core.job
2013-07-08 13:23 - 2011-03-25 22:06 - 00000000 ____D C:\Users\Wiens\Documents\Youcam
2013-07-08 13:18 - 2011-01-10 02:49 - 41104322 ____A C:\Windows\System32\perfh007.dat
2013-07-08 13:18 - 2011-01-10 02:49 - 13348256 ____A C:\Windows\System32\perfc007.dat
2013-07-08 13:18 - 2009-07-14 07:13 - 00005426 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-08 13:16 - 2011-09-04 08:16 - 00001138 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1701580033-1802787508-3007128120-1001UA.job
2013-07-07 20:18 - 2011-07-28 00:48 - 00001068 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1701580033-1802787508-3007128120-1001Core.job
2013-07-07 15:33 - 2011-11-20 19:17 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-07-07 15:33 - 2011-03-27 17:37 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-07-06 14:14 - 2013-07-06 14:14 - 00000243 ____A C:\Users\Wiens\Downloads\smil (3).xml
2013-07-06 11:50 - 2013-02-10 23:53 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForWiens.job
2013-07-06 11:50 - 2009-07-14 06:45 - 00407864 ____A C:\Windows\System32\FNTCACHE.DAT
2013-07-05 07:48 - 2011-03-28 19:45 - 00000000 ____D C:\Users\Wiens\AppData\Local\CrashDumps
2013-07-03 16:13 - 2011-03-25 20:46 - 00114104 ____A C:\Users\Wiens\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-03 12:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-02 08:40 - 2011-04-04 20:34 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-07-02 08:40 - 2011-04-04 20:34 - 00000000 ____D C:\Program Files\CCleaner
2013-07-02 08:39 - 2013-07-02 08:39 - 04396440 ____A (Piriform Ltd) C:\Users\Wiens\Downloads\ccsetup403.exe
2013-07-02 07:39 - 2013-07-02 07:39 - 00001126 ____A C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-07-02 07:39 - 2013-07-02 07:39 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-07-02 07:35 - 2013-07-02 07:35 - 05140064 ____A (TeamViewer GmbH) C:\Users\Wiens\Downloads\TeamViewer_Setup_de (1).exe
2013-07-02 07:33 - 2013-07-02 07:33 - 05140064 ____A (TeamViewer GmbH) C:\Users\Wiens\Downloads\TeamViewer_Setup_de.exe
2013-07-01 00:47 - 2011-03-28 23:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-01 00:47 - 2011-03-28 23:10 - 00000000 ____D C:\ProgramData\Skype
2013-07-01 00:45 - 2009-09-07 02:40 - 00000000 ____D C:\SwSetup
2013-06-29 12:47 - 2013-06-29 12:01 - 41891941 ____A C:\Users\Wiens\Downloads\Candy Crush Saga_1.13.1.apk
2013-06-28 10:09 - 2011-03-28 22:48 - 00000000 ____D C:\Users\Wiens\Documents\CSL Junioren
2013-06-28 06:36 - 2012-04-10 06:04 - 00000000 ____D C:\Users\Wiens\Documents\Camp 2012
2013-06-27 20:43 - 2011-03-25 23:26 - 00000000 ____D C:\Users\Wiens\AppData\Local\Microsoft Games
2013-06-27 15:30 - 2013-06-27 08:31 - 00000000 ____D C:\Users\Wiens\AppData\Roaming\Ahnenblatt
2013-06-27 12:04 - 2013-06-27 12:04 - 00043631 ____A C:\Users\Wiens\Downloads\Stammbaum Heinrich Wiens.ged
2013-06-27 11:56 - 2013-06-27 11:56 - 00080806 ____A C:\Users\Wiens\Downloads\1m5208_283612g258c70bkc229q1c.ged
2013-06-27 08:31 - 2013-06-27 08:31 - 00001889 ____A C:\Users\Wiens\Desktop\Ahnenblatt.lnk
2013-06-27 08:31 - 2013-06-27 08:31 - 00000000 ____D C:\Users\Wiens\Documents\Ahnenblatt
2013-06-27 08:31 - 2013-06-27 08:31 - 00000000 ____D C:\Program Files (x86)\Ahnenblatt
2013-06-27 08:23 - 2013-06-27 08:23 - 04707624 ____A (Dirk Boettcher ) C:\Users\Wiens\Downloads\absetup_2.74.exe
2013-06-27 08:22 - 2013-06-27 08:21 - 00000022 ____A C:\Users\Wiens\Downloads\Stammbaum.zip
2013-06-27 08:16 - 2013-06-26 17:59 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-06-26 17:59 - 2013-06-26 17:59 - 00000995 ____A C:\Users\Public\Desktop\PDFCreator.lnk
2013-06-26 17:36 - 2013-06-26 17:36 - 17502040 ____A (pdfforge GbR) C:\Users\Wiens\Downloads\PDFCreator-1_7_0_setup.exe
2013-06-26 17:35 - 2013-02-23 23:48 - 00000000 ____D C:\Users\Wiens\Documents\CSL Jugend
2013-06-26 17:17 - 2013-06-26 17:17 - 00264192 ____H C:\Users\Wiens\Downloads\~WRL0005.tmp
2013-06-24 19:46 - 2013-06-24 19:46 - 00000000 ____D C:\Users\Wiens\AppData\Local\{8CBB581C-DC10-422D-93F9-684E4BB05696}
2013-06-23 14:21 - 2013-05-08 21:19 - 00002505 ____A C:\Users\Public\Desktop\Norton Internet Security CBE.lnk
2013-06-23 14:21 - 2013-05-08 21:18 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
2013-06-21 15:11 - 2013-06-21 15:01 - 00000000 ____D C:\Users\Wiens\AppData\Local\Brand Thunder
2013-06-21 15:00 - 2013-06-21 15:00 - 00331112 ____A C:\Users\Wiens\Downloads\blackhawks_chrome_installer.exe
2013-06-21 11:00 - 2013-06-21 10:59 - 00000000 ____D C:\Users\Wiens\AppData\Local\{8A254666-6FE0-4103-A74F-835517AEB4B9}
2013-06-20 12:01 - 2013-06-19 20:02 - 00000000 ____D C:\Users\Wiens\AppData\Local\{E6F8212E-47D6-4199-966F-66C637356F49}
2013-06-19 12:15 - 2013-05-08 21:19 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2013-06-19 12:15 - 2013-05-08 21:19 - 00007631 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2013-06-17 21:49 - 2009-09-07 03:57 - 00000000 ____D C:\Windows\Panther
2013-06-16 14:51 - 2012-12-15 21:23 - 00000342 ____A C:\Windows\Tasks\HPCeeScheduleForWIENS-HP$.job
2013-06-13 16:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 07:09 - 2011-05-16 05:53 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 18:23 - 2013-06-12 16:45 - 00000000 ____D C:\Users\Wiens\Desktop\Luka Ebay
2013-06-12 09:03 - 2012-05-25 13:37 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 09:03 - 2011-09-01 00:03 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-09 18:38 - 2011-09-04 21:00 - 00001017 ____A C:\Users\Wiens\Desktop\Dropbox.lnk
2013-06-08 16:08 - 2013-06-17 09:37 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-17 09:37 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-17 09:37 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-17 09:37 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-17 09:37 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-17 09:37 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-17 09:37 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-17 09:37 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-17 09:37 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-17 09:37 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-17 09:37 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-17 09:37 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
Files to move or delete:
====================
C:\Users\Wiens\ccsetup305.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-03 19:45
==================== End Of Log ============================
Danke, Peter |
|
08.07.2013, 15:57
| #8 |
| /// TB-Ausbilder | GVU Trojaner, frst durchgeführt, txt datei Wir machen noch eine Kontrolle. Wie läuft der Rechner? Schritt 1 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 2 ESET Online Scanner
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
15.07.2013, 12:49
| #9 |
| /// TB-Ausbilder | GVU Trojaner, frst durchgeführt, txt datei Hi, ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe? Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos. Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.
__________________ cheers, Leo |
|
17.07.2013, 07:57
| #10 |
| /// TB-Ausbilder | GVU Trojaner, frst durchgeführt, txt datei Fehlende Rückmeldung Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten. Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
|
| Themen zu GVU Trojaner, frst durchgeführt, txt datei |
| adobe, adobe flash player, association, ccsetup, desktop, explorer, farbar, farbar recovery scan tool, flash player, frst.txt, frst64.exe durchgeführt, google, gvu - trojaner, helper, home, launch, log, microsoft, nvidia, pdf, registry, scan, security, services.exe, software, svchost.exe, symantec, system, temp, trojaner, usb, winlogon, winlogon.exe |
Hybrid-Darstellung
