|
Plagegeister aller Art und deren Bekämpfung: giw.mapopen.net WerbungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.06.2014, 13:26 | #1 |
giw.mapopen.net Werbung So ich habe mich grade hier registriert, da ich immer (bei fast jedem Klick im Internet) Popupwerbung mit giw.mapopen.net in der Adresszeile im Browser hab... ich hab mich jetzt schon ein bischen schlau gemacht und bis jetzt herausgefunden, das dieses Anscheinend ein Trojaner ist, bzw er sich zum Trojaner oder so entwickeln kann. Das Problem ist jetzt, das Norton Internet Security nichts finden kann. Auch habe ich im Internet keine "seriösen" seiten zum Thema gefunden, oder nur englische. Wie soll ich jetzt also weitermachen...? Ich hatte schon an den Norton Power Eraser gedacht aber ob es sich damit löst? Ich hoffe irgendjemand von euch kennt dieses Problem/Kann mir irgendwie helfen Danke schon mal im Vorraus green_lion |
04.06.2014, 14:26 | #2 |
/// the machine /// TB-Ausbilder | giw.mapopen.net Werbung hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
04.06.2014, 14:48 | #3 |
giw.mapopen.net Werbung Vielen Dank für die Schnelle Hilfe
__________________Hier die Additional.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014 Ran by **** at 2014-06-04 15:28:59 Running from C:\Users\Julian\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3012 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3017 - Acer Incorporated) Acer Remote (HKLM-x32\...\Acer Remote1.0) (Version: 1.0 - Acer Inc.) AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated) AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2021 - Acer Incorporated) Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH) Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - ) Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12.2.0 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.3.0.322 - Adobe Systems Incorporated) Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated) Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.2.1 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{838DA1F1-23F8-4C70-B190-AC51CB5A5ECD}) (Version: 3.1.45.72435 - Alcor Micro Corp.) Alcor Micro USB Card Reader Driver (x32 Version: 3.1.45.72435 - Alcor Micro Corp.) Hidden Autodesk 3ds Max 2014 (HKLM\...\Autodesk 3ds Max 2014) (Version: 16.2.475.0 - Autodesk) Autodesk 3ds Max 2014 (Version: 16.2.475.0 - Autodesk) Hidden Autodesk 3ds Max 2014 64-bit Populate Data (HKLM\...\{7491836B-659E-47DD-ABBF-F875AD48FD10}) (Version: 1.0.0.1 - Autodesk) Autodesk 3ds Max 2014 SP2 (HKLM\...\Autodesk 3ds Max 2014 HF1) (Version: 16.2.475.0 - Autodesk) Autodesk Backburner 2014 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 14.0.0.0 - Autodesk, Inc.) Autodesk Composite 2014 (HKLM\...\Autodesk Composite 2014) (Version: 9.0.0.0 - Autodesk) Autodesk Composite 2014 (Version: 9.0.0.0 - Autodesk) Hidden Autodesk DirectConnect 2014 64-bit (HKLM\...\Autodesk DirectConnect 2014 64-bit) (Version: 8.0.56.1 - Autodesk) Autodesk DirectConnect 2014 64-bit (Version: 8.0.56.1 - Autodesk) Hidden Autodesk Download Manager (HKLM-x32\...\{2F48C80C-3A76-495A-A4B5-C0CC946FEEBD}) (Version: 2.0.6.0 - Autodesk, Inc.) Autodesk Inventor Server Engine for 3ds Max 2014 64-bit (HKLM\...\{009751C6-22D7-4548-A313-AD48FA57076F}) (Version: 16.0 - Autodesk) Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.32.600 - Autodesk) Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.32.600 - Autodesk) Autodesk Material Library Medium Resolution Image Library 2014 (HKLM-x32\...\{A0633D4E-5AF2-4E3E-A70A-FE9C2BD8A958}) (Version: 4.0.32.600 - Autodesk) Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB) Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Brother MFL-Pro Suite MFC-J4410DW (HKLM-x32\...\{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.0.0 - Brother Industries, Ltd.) calibre 64bit (HKLM\...\{53078727-80C2-4F4F-9E36-093133F73F3B}) (Version: 1.36.0 - Kovid Goyal) Camtasia Studio 8 (HKLM-x32\...\{F5C9BE9A-04C3-4A72-8CD0-BB67C722D608}) (Version: 8.1.2.1344 - TechSmith Corporation) clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated) clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2012 - Acer Incorporated) Craften Terminal 3.5.5 (HKLM-x32\...\{4e7c3936-7c06-4ef0-928b-c5d92f372578}_is1) (Version: 3.5.5 - Craften.de) CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.) CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3318_45364 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd) Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.) eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM) Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Free YouTube Download version 3.2.29.303 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.29.303 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.) Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios) GIANTS Editor 5.5.1 64-bit (HKLM-x32\...\giants_editor_5.5.1_win64_is1) (Version: 5.5.1 - GIANTS Software GmbH) GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games) Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.3007 - Acer Incorporated) Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3005 - Acer Incorporated) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation) Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation) Intel(R) Network Connections 18.1.59.0 (HKLM\...\PROSetDX) (Version: 18.1.59.0 - Intel) Intel(R) Network Connections 18.1.59.0 (Version: 18.1.59.0 - Intel) Hidden Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Landwirtschafts Simulator 2013 (HKLM-x32\...\FarmingSimulator2013DE_is1) (Version: 1.0 - GIANTS Software) Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3008 - Acer Incorporated) Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.) Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.0.3000 - Maxthon International Limited) Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) Nero BackItUp (x32 Version: 12.5.5000 - Nero AG) Hidden Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG) Nero BackItUp Help (CHM) (x32 Version: 12.0.10000 - Nero AG) Hidden Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden Nero ControlCenter Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden Nero Core Components (x32 Version: 11.0.20200 - Nero AG) Hidden Nero Launcher (x32 Version: 12.2.7000 - Nero AG) Hidden Nero RescueAgent (x32 Version: 12.0.3001 - Nero AG) Hidden Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - ) Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.3.0.12 - Symantec Corporation) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r2 - Symantec Corporation) Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc) NVIDIA 3D Vision Controller-Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 311.06 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation) NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.) PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.) Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.) phase-6 2.3.3 (HKLM-x32\...\phase-6) (Version: 2.3.3 - phase-6) Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 4.5.7.2450 - Jan Fiala) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.228 - Qualcomm Atheros Communications) Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.57 - Qualcomm Atheros) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.) ROCCAT Power-Grid Version 0.459 (HKLM-x32\...\{953CF6E6-4EC8-4E55-A263-720CEBD591FE}_is1) (Version: 0.459 - ROCCAT GmbH) Scansoft PDF Professional (x32 Version: - ) Hidden Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 8.1.0.17 - WildTangent, Inc.) Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 8.1.0.17 - WildTangent, Inc.) Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH) TI-Nspire CAS Student Software (HKLM-x32\...\TI-Nspire CAS Student Software) (Version: 3.1.0.392 - Texas Instruments) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden VideoSaver (HKLM-x32\...\274E1504-21E3-A9F8-9A9D-B3D4B3336957) (Version: - VideoSaver-software) Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (x32 Version: 4.0.11.2 - WildTangent) Hidden Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Restore Points ========================= 14-05-2014 19:07:48 Windows Update 23-05-2014 18:46:26 Geplanter Prüfpunkt 26-05-2014 15:22:04 DirectX wurde installiert 30-05-2014 09:49:58 DirectX wurde installiert ==================== Hosts content: ========================== 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {05712D7E-84A7-4E83-B285-043E98C60449} - System32\Tasks\AdobeAAMUpdater-1.0-Meyer-Büro-Julian => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated) Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {331F10C2-F288-4D68-BFE7-CD875A775D8C} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2014-03-06] (Maxthon International ltd.) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {4E6C41D9-077C-405D-ABD7-B9D1F6FE4AFE} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation) Task: {541ED654-6EB0-4B9D-BE8C-5B9F6FF64E5E} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management Task: {549BF424-F9EC-4C39-B007-12F8BBB7222F} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {6E2C1F26-BFFF-41CB-8031-6C158DFBCB6E} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-01-18] (Acer Incorporated) Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {765A39E7-A838-405B-945A-E473E26B3BE0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-03] (Google Inc.) Task: {773194B9-DB17-4913-AB8D-7C51FAFD284A} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation) Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {789A3FED-440F-4AA5-B816-F6BADF12AD36} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv Task: {79B3C73C-005A-4C38-838B-9635889F4B40} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-02-22] () Task: {7D55C4ED-E393-4912-8F2C-940EB454F49F} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] () Task: {83B22B4C-1892-4AF3-BC57-7747A445F777} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2013-04-02] (Acer Incorporated) Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {979930BD-6948-4E26-B7D0-35FBA3460318} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {9B9DEB7A-5E63-48CE-AECB-8578418FAAA4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-05-14] (Microsoft Corporation) Task: {9D93B334-9661-4C64-92DD-B9BAF5410D20} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {B657D976-555D-4F34-BD5D-87D6CE42CDAB} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation Task: {C0C35C7E-3CD2-4FE8-96B5-6A1D21A0AA07} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation) Task: {CD02FF6B-FC87-4BC9-A2AE-8EF9AEC39EDB} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-20] (CyberLink) Task: {CE555882-AE75-487E-9801-59526EDC26EA} - System32\Tasks\VideoSaver_wd => C:\Program Files (x86)\VideoSaver\VideoSaverGWdkcw.exe [2014-04-23] () Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {D92E05C5-28A3-4E8A-8273-6C453E2EACB0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-03] (Google Inc.) Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {F85D2C0F-3AB5-4F88-9E40-13E0E7925DBD} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\WSCStub.exe [2014-05-11] (Symantec Corporation) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\VideoSaver_wd.job => C:\Program Files (x86)\VideoSaver\VideoSaverGWdkcw.exe ==================== Loaded Modules (whitelisted) ============= 2011-09-15 06:19 - 2011-09-15 06:19 - 00086016 _____ () C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe 2014-05-30 11:50 - 2014-05-30 11:50 - 00075136 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe 2014-05-30 11:51 - 2014-05-30 11:51 - 00189248 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe 2014-01-03 10:50 - 2005-04-22 06:36 - 00143360 ____R () C:\WINDOWS\system32\BrSNMP64.dll 2013-12-25 11:40 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-12-13 13:20 - 2013-12-13 13:20 - 03359600 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll 2014-04-23 20:40 - 2014-04-23 20:40 - 00077312 _____ () C:\Program Files (x86)\VideoSaver\VideoSaverGWdkcw.exe 2013-05-31 01:23 - 2013-05-31 01:23 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2013-05-31 01:19 - 2013-05-31 01:19 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll 2013-05-31 01:53 - 2013-05-31 01:53 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe 2013-11-14 19:30 - 2013-11-14 19:30 - 00023040 _____ () C:\Program Files\Logitech Gaming Software\LGSToast.dll 2014-05-11 10:28 - 2014-05-11 10:28 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\926020eb508f6968545d6a51fb661fad\Windows.UI.ni.dll 2014-04-29 17:32 - 2014-04-29 17:32 - 00521216 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Data\d07f690ce5d3a2de7c9089a6200d64db\Windows.Data.ni.dll 2014-05-11 10:28 - 2014-05-11 10:28 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\057b7043f4868b76c209d9c426b80743\Windows.Foundation.ni.dll 2012-07-24 12:06 - 2012-07-24 12:06 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe 2013-06-27 09:50 - 2013-02-20 22:58 - 00089672 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll 2013-06-27 09:24 - 2013-03-12 07:20 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2014-01-03 10:50 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2014-06-03 19:26 - 2014-06-03 19:26 - 00043008 _____ () c:\users\****\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpp8jmoj.dll 2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\****\AppData\Roaming\Dropbox\bin\libcef.dll 2011-08-15 20:12 - 2011-08-15 20:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll 2012-06-14 11:57 - 2012-06-14 11:57 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll 2011-08-15 20:12 - 2011-08-15 20:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll 2011-08-15 20:15 - 2011-08-15 20:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll 2011-08-17 16:41 - 2011-08-17 16:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll 2011-08-17 16:48 - 2011-08-17 16:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll 2011-08-17 16:48 - 2011-08-17 16:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll 2011-08-15 19:23 - 2011-08-15 19:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll 2012-06-14 11:56 - 2012-06-14 11:56 - 00481792 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll 2012-06-14 12:06 - 2012-06-14 12:06 - 00500064 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll 2012-06-14 11:55 - 2012-06-14 11:55 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll 2011-07-19 16:05 - 2011-07-19 16:05 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll 2011-08-15 20:17 - 2011-08-15 20:17 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll 2011-07-19 16:04 - 2011-07-19 16:04 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll 2014-05-14 16:08 - 2014-05-14 16:08 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\****\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/04/2014 03:25:39 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (06/03/2014 09:22:36 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (06/03/2014 09:21:05 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (06/02/2014 02:37:28 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel: 0x533e5a38 Name des fehlerhaften Moduls: client.dll, Version: 1.0.0.1, Zeitstempel: 0x533e5b4a Ausnahmecode: 0xc0000005 Fehleroffset: 0x0015a76a ID des fehlerhaften Prozesses: 0x10e4 Startzeit der fehlerhaften Anwendung: 0xhl2.exe0 Pfad der fehlerhaften Anwendung: hl2.exe1 Pfad des fehlerhaften Moduls: hl2.exe2 Berichtskennung: hl2.exe3 Vollständiger Name des fehlerhaften Pakets: hl2.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: hl2.exe5 Error: (06/02/2014 00:01:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel: 0x533e5a38 Name des fehlerhaften Moduls: client.dll, Version: 1.0.0.1, Zeitstempel: 0x533e5b4a Ausnahmecode: 0xc0000005 Fehleroffset: 0x0015a76a ID des fehlerhaften Prozesses: 0x19bc Startzeit der fehlerhaften Anwendung: 0xhl2.exe0 Pfad der fehlerhaften Anwendung: hl2.exe1 Pfad des fehlerhaften Moduls: hl2.exe2 Berichtskennung: hl2.exe3 Vollständiger Name des fehlerhaften Pakets: hl2.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: hl2.exe5 Error: (06/02/2014 04:40:15 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (06/01/2014 07:10:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (06/01/2014 07:10:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (06/01/2014 07:10:01 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (06/01/2014 11:54:49 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". System errors: ============= Error: (06/04/2014 03:26:44 AM) (Source: DCOM) (EventID: 10010) (User: ****-Büro) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (06/04/2014 03:26:03 AM) (Source: DCOM) (EventID: 10010) (User: ****-Büro) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (06/03/2014 09:20:44 PM) (Source: DCOM) (EventID: 10010) (User: ****-Büro) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (06/03/2014 08:56:52 PM) (Source: DCOM) (EventID: 10010) (User: ****-Büro) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (06/02/2014 04:56:34 PM) (Source: DCOM) (EventID: 10010) (User: ****-Büro) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (06/02/2014 03:45:51 PM) (Source: DCOM) (EventID: 10010) (User: ****-Büro) Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9} Error: (06/02/2014 03:45:51 PM) (Source: DCOM) (EventID: 10010) (User: ****-Büro) Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9} Error: (06/02/2014 00:02:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "GamesAppIntegrationService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (06/02/2014 07:59:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (06/02/2014 07:59:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 16293.24 MB Available physical RAM: 14009.96 MB Total Pagefile: 32677.24 MB Available Pagefile: 29692.73 MB Total Virtual: 131072 MB Available Virtual: 131071.79 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:922.85 GB) (Free:356.39 GB) NTFS Drive d: (DATA) (Fixed) (Total:923.19 GB) (Free:916.9 GB) NTFS Drive e: (MUSIC****) (Removable) (Total:7.45 GB) (Free:7.39 GB) FAT32 Drive h: (LS2013) (CDROM) (Total:1.36 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 1863 GB) (Disk ID: 31FAE5F9) Partition: GPT Partition Type. ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18) Partition 1: (Not Active) - (Size=7 GB) - (Type=0C) ==================== End Of Log ============================ Meinen Namen habe ich mit**** Unkennbar gemacht, den Comnputernamen (****-Büro) teilweise auch So hier die FRST.txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014 Ran by Julian (administrator) on MEYER-BÜRO on 04-06-2014 15:28:30 Running from C:\Users\Julian\Downloads Platform: Windows 8.1 (Update 1) (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe () C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Windows\SysWOW64\PnkBstrB.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe () C:\Program Files (x86)\VideoSaver\VideoSaverGWdkcw.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Dropbox, Inc.) C:\Users\Julian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-15] (Realtek Semiconductor) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2013-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1641368 2013-02-01] (Autodesk, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [133248 2013-05-31] ( (Atheros Communications)) HKU\S-1-5-21-3822500206-1761141436-4080005568-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-3822500206-1761141436-4080005568-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd) HKU\S-1-5-21-3822500206-1761141436-4080005568-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent HKU\S-1-5-21-3822500206-1761141436-4080005568-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Julian\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKU\S-1-5-21-3822500206-1761141436-4080005568-1001\...\MountPoints2: {b49cc01e-def8-11e2-be6a-806e6f6e6963} - "F:\PC/TINspireStudent_Setup.exe" HKU\S-1-5-21-3822500206-1761141436-4080005568-1001\...\MountPoints2: {ba2b81f8-73d2-11e3-be80-24fd52914648} - "H:\cdstart.exe" HKU\S-1-5-21-3822500206-1761141436-4080005568-1001\...\MountPoints2: {f9d10030-78ef-11e3-be86-24fd52914648} - "G:\HTC_Sync_Manager_PC.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Remote.lnk ShortcutTarget: Acer Remote.lnk -> C:\Program Files (x86)\Acer Remote\ArcServer.exe (Acer) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6) Startup: C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Julian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com SearchScopes: HKLM - DefaultScope {68E5EF68-B9A0-4FB3-832B-02FE42F92452} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM - {68E5EF68-B9A0-4FB3-832B-02FE42F92452} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {68E5EF68-B9A0-4FB3-832B-02FE42F92452} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM-x32 - {68E5EF68-B9A0-4FB3-832B-02FE42F92452} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM-x32 - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKCU - DefaultScope {68E5EF68-B9A0-4FB3-832B-02FE42F92452} URL = SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPA32E00B0-268C-4D9B-B039-3626AF7FAD7F&q={searchTerms}&SSPV= SearchScopes: HKCU - {68E5EF68-B9A0-4FB3-832B-02FE42F92452} URL = SearchScopes: HKCU - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=20&locale=de_DE&gct=kwd&qsrc=2869 BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus) BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) BHO-x32: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\iyowj2me.default FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems) FF user.js: detected! => C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\iyowj2me.default\user.js FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Battlefield Play4Free - C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\iyowj2me.default\Extensions\battlefieldplay4free@ea.com [2014-05-26] FF Extension: Adblock Plus - C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\iyowj2me.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-23] FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-03-05] FF Extension: VideoSaver - C:\Program Files (x86)\VideoSaver\161.xpi [2014-04-23] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-11-30] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [] FF HKCU\...\Firefox\Extensions: [{BF6F901F-399E-EA23-53E2-438C97252A18}] - C:\Program Files (x86)\VideoSaver\161.xpi FF Extension: No Name - C:\Program Files (x86)\VideoSaver\161.xpi [2014-04-23] ==================== Services (Whitelisted) ================= R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [310912 2013-05-31] (Windows (R) Win 7 DDK provider) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated) S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-03-12] (WildTangent) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation) R2 mi-raysat_3dsmax2014_64; C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [86016 2011-09-15] () R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376 2014-05-11] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation) R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.) R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2014-05-30] () R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [189248 2014-05-30] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider) R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-05-31] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1503000.00C\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-01-02] (Disc Soft Ltd) R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d63x64.sys [468240 2013-04-23] (Intel Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-24] (Symantec Corporation) S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [41504 2014-01-23] (LogMeIn Inc.) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140603.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation) R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-12-25] (Microsoft Corporation) R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140603.032\ENG64.SYS [126040 2014-04-10] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140603.032\EX64.SYS [2099288 2014-04-10] (Symantec Corporation) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-12-25] (Microsoft Corporation) R0 SMR410; C:\Windows\System32\drivers\SMR410.SYS [96856 2014-06-04] (Symantec Corporation) R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1503000.00C\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1503000.00C\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\NISx64\1503000.00C\SymELAM.sys [23568 2013-09-10] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-30] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1503000.00C\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1503000.00C\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) R3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) S3 USBTINSP; C:\Windows\System32\drivers\tinspusb.sys [142848 2010-03-29] (Texas Instruments) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation) R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-04 15:28 - 2014-06-04 15:28 - 00025044 _____ () C:\Users\Julian\Downloads\FRST.txt 2014-06-04 15:28 - 2014-06-04 15:28 - 00000000 ____D () C:\FRST 2014-06-04 15:27 - 2014-06-04 15:27 - 02068992 _____ (Farbar) C:\Users\Julian\Downloads\FRST64.exe 2014-06-04 14:05 - 2014-06-04 14:05 - 00096856 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SMR410.SYS 2014-06-04 14:05 - 2014-06-04 14:05 - 00000020 _____ () C:\WINDOWS\system32\Drivers\SMR410.dat 2014-06-04 07:19 - 2014-06-04 07:20 - 00961360 _____ (Chip Digital GmbH) C:\Users\Julian\Downloads\Malwarebytes Anti Malware - CHIP-Installer.exe 2014-06-02 16:40 - 2014-06-02 16:55 - 00022528 _____ () C:\Users\Julian\Downloads\Termine SkL Übersicht.xls 2014-06-01 20:24 - 2014-06-01 20:24 - 00000000 ____D () C:\Users\Julian\Downloads\Veenhuis_Shuttle 2014-06-01 20:20 - 2014-06-01 20:20 - 00000000 ____D () C:\Users\Julian\AppData\Local\ESN 2014-06-01 20:20 - 2014-06-01 20:20 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins 2014-06-01 20:19 - 2014-06-01 20:19 - 02247960 _____ () C:\Users\Julian\Downloads\battlelog-web-plugins_2.4.0_141(1).exe 2014-06-01 20:16 - 2014-06-01 20:16 - 02247960 _____ () C:\Users\Julian\Downloads\battlelog-web-plugins_2.4.0_141.exe 2014-06-01 19:11 - 2014-06-01 19:22 - 00000000 ____D () C:\Users\Jochen\Filme 2014-06-01 06:56 - 2014-06-01 06:56 - 00318888 _____ () C:\WINDOWS\Minidump\060114-23796-01.dmp 2014-05-31 11:59 - 2014-05-31 12:12 - 55681785 _____ () C:\Users\Julian\Downloads\UNZIP_ME_Fendt936_Fendt927.zip 2014-05-30 19:49 - 2014-05-30 19:49 - 00000202 _____ () C:\Users\Rainer\Desktop\Brother MFC-J4410DW Printer - Verknüpfung.lnk 2014-05-30 19:44 - 2014-05-30 19:44 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\PC-FAX TX 2014-05-30 19:42 - 2014-05-30 19:42 - 00000000 ___RD () C:\Users\Rainer\AppData\Roaming\Brother 2014-05-30 11:51 - 2014-05-30 11:51 - 00189248 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe 2014-05-30 11:51 - 2014-05-30 11:51 - 00189248 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0 2014-05-30 11:50 - 2014-05-30 11:50 - 00075136 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe 2014-05-29 20:11 - 2014-05-29 20:11 - 17266608 _____ (GIANTS Software GmbH) C:\Users\Julian\Downloads\MBTrac1800Intercooler.exe 2014-05-29 20:05 - 2014-05-29 20:05 - 00001412 _____ () C:\Users\Julian\AppData\Local\recently-used.xbel 2014-05-29 15:04 - 2014-05-29 15:11 - 00000000 ____D () C:\Users\Lorenz\AppData\Roaming\Origin 2014-05-29 15:04 - 2014-05-29 15:11 - 00000000 ____D () C:\Users\Lorenz\AppData\Local\Origin 2014-05-29 13:35 - 2014-05-29 13:35 - 00000000 ____D () C:\Users\Julian\Desktop\VeenhuisW400 2014-05-29 13:08 - 2014-05-29 13:08 - 02747025 _____ () C:\Users\Julian\Downloads\Veenhuis_Shuttle.zip 2014-05-27 15:56 - 2014-05-27 15:57 - 31112395 _____ () C:\Users\Julian\Downloads\UNPACK_ME.rar 2014-05-26 17:24 - 2014-05-26 17:24 - 00000000 ____D () C:\ProgramData\PopCap Games 2014-05-26 17:24 - 2014-05-26 17:24 - 00000000 ____D () C:\ProgramData\EA Core 2014-05-26 17:18 - 2014-05-30 08:43 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2014-05-26 17:17 - 2014-05-30 08:42 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\Origin 2014-05-26 17:17 - 2014-05-26 17:24 - 00000000 ____D () C:\Users\Julian\AppData\Local\Origin 2014-05-26 17:16 - 2014-06-02 14:37 - 00000000 ____D () C:\ProgramData\Origin 2014-05-26 17:16 - 2014-06-01 19:12 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-05-26 17:16 - 2014-05-26 17:24 - 00000000 ____D () C:\ProgramData\Electronic Arts 2014-05-26 17:16 - 2014-05-26 17:16 - 00000999 _____ () C:\Users\Public\Desktop\Origin.lnk 2014-05-26 17:15 - 2014-05-26 17:15 - 17009768 _____ (Electronic Arts, Inc.) C:\Users\Julian\Downloads\OriginThinSetup.exe 2014-05-26 13:35 - 2014-05-26 13:35 - 00084000 _____ () C:\Users\Rainer\AppData\Local\GDIPFONTCACHEV1.DAT 2014-05-24 20:37 - 2014-05-24 20:37 - 00000000 ____D () C:\Users\Julian\Desktop\Server 2014-05-24 15:16 - 2014-05-24 15:16 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security 2014-05-23 14:51 - 2014-05-23 14:52 - 00754801 _____ () C:\Users\Lorenz\Downloads\DIGDOGS.ZIP 2014-05-19 14:58 - 2014-05-19 15:03 - 00000000 ____D () C:\Users\Lorenz\AppData\Roaming\Craften Terminal 2014-05-19 14:54 - 2014-05-19 14:54 - 00002278 _____ () C:\Users\Lorenz\Desktop\Facebook.lnk 2014-05-19 14:54 - 2014-05-19 14:54 - 00002274 _____ () C:\Users\Lorenz\Desktop\Youtube.lnk 2014-05-19 14:54 - 2014-05-19 14:54 - 00001460 _____ () C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk 2014-05-19 14:54 - 2014-05-19 14:54 - 00000812 _____ () C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk 2014-05-19 14:54 - 2014-05-19 14:54 - 00000000 ____D () C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch 2014-05-19 14:54 - 2014-05-19 14:54 - 00000000 ____D () C:\Users\Lorenz\AppData\Local\Torch 2014-05-19 14:54 - 2014-05-19 14:54 - 00000000 ____D () C:\Users\Lorenz\AppData\Local\jZip 2014-05-19 14:54 - 2014-05-19 14:54 - 00000000 ____D () C:\ProgramData\TorchCrashHandler 2014-05-19 14:51 - 2014-05-19 14:51 - 00000000 ____D () C:\Users\Lorenz\AppData\Roaming\Mozilla 2014-05-19 14:51 - 2014-05-19 14:51 - 00000000 ____D () C:\ProgramData\Datamngr 2014-05-19 14:51 - 2014-05-19 14:51 - 00000000 ____D () C:\extensions 2014-05-16 17:25 - 2014-05-16 17:25 - 00000000 __SHD () C:\Users\Jochen\AppData\Local\EmieUserList 2014-05-16 17:25 - 2014-05-16 17:25 - 00000000 __SHD () C:\Users\Jochen\AppData\Local\EmieSiteList 2014-05-14 17:39 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-05-14 17:39 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-05-14 17:39 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-05-14 17:39 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-05-14 17:39 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2014-05-14 17:39 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2014-05-14 17:39 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2014-05-14 17:39 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2014-05-14 17:39 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2014-05-14 17:39 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2014-05-14 17:39 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2014-05-14 17:39 - 2014-04-11 05:36 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2014-05-14 17:39 - 2014-04-11 05:24 - 13288960 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2014-05-14 17:39 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2014-05-14 17:39 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-05-14 17:39 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2014-05-14 17:39 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-05-14 17:39 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2014-05-14 17:39 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2014-05-14 17:39 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2014-05-14 17:39 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2014-05-14 17:39 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2014-05-14 17:39 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2014-05-14 17:39 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2014-05-14 17:39 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2014-05-14 17:39 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2014-05-14 17:39 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2014-05-14 17:39 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2014-05-14 17:39 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2014-05-14 17:39 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2014-05-14 17:39 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2014-05-14 17:39 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2014-05-14 17:39 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2014-05-14 17:39 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2014-05-14 17:39 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe 2014-05-14 17:39 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe 2014-05-14 17:38 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll 2014-05-14 17:38 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll 2014-05-14 17:38 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll 2014-05-14 17:38 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll 2014-05-14 17:38 - 2014-03-27 11:12 - 21225584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2014-05-14 17:38 - 2014-03-27 09:48 - 18679728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2014-05-14 16:08 - 2014-05-14 16:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-14 15:47 - 2014-05-14 15:47 - 00774825 _____ () C:\Users\Julian\Downloads\steamcmd.zip 2014-05-09 20:18 - 2014-05-09 20:18 - 00322864 _____ () C:\WINDOWS\Minidump\050914-38734-01.dmp 2014-05-09 15:42 - 2014-05-09 15:42 - 00000000 ____D () C:\Users\Julian\AppData\Local\calibre-cache 2014-05-09 15:40 - 2014-05-09 16:12 - 00000000 ____D () C:\Users\Julian\Documents\Calibre-Bibliothek 2014-05-09 15:40 - 2014-05-09 15:56 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\calibre 2014-05-09 15:40 - 2014-05-09 15:40 - 00000946 _____ () C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk 2014-05-09 15:40 - 2014-05-09 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management 2014-05-09 15:40 - 2014-05-09 15:40 - 00000000 ____D () C:\Program Files\Calibre2 2014-05-09 15:38 - 2014-05-09 15:39 - 60981248 _____ () C:\Users\Julian\Downloads\calibre-64bit-1.36.0.msi 2014-05-08 16:47 - 2014-05-08 16:47 - 00000000 ____D () C:\Users\Julian\AppData\Local\TechSmith 2014-05-08 16:38 - 2014-05-23 20:20 - 00005632 _____ () C:\Users\Julian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-05-08 14:18 - 2014-05-08 14:22 - 00000000 ____D () C:\Users\Julian\Documents\TI-Nspire 2014-05-08 14:18 - 2014-05-08 14:18 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\TI-Nspire 2014-05-08 14:16 - 2014-05-29 21:12 - 00000000 ____D () C:\Users\Julian\Documents\Camtasia Studio 2014-05-08 14:16 - 2014-05-08 14:16 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\TechSmith 2014-05-08 14:15 - 2014-05-08 14:15 - 00000000 ____D () C:\Users\Julian\Documents\SafeNet Sentinel 2014-05-08 14:14 - 2014-05-08 14:14 - 00002189 _____ () C:\Users\Julian\AppData\Local\TempfixPerms.vbs 2014-05-08 14:14 - 2014-05-08 14:14 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\Texas Instruments 2014-05-08 14:14 - 2014-05-08 14:14 - 00000000 ____D () C:\ProgramData\TechSmith 2014-05-08 14:14 - 2014-05-08 14:14 - 00000000 ____D () C:\ProgramData\SafeNet Sentinel 2014-05-08 14:14 - 2014-05-08 14:14 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith 2014-05-08 14:14 - 2014-05-08 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith 2014-05-08 14:14 - 2014-05-08 14:14 - 00000000 ____D () C:\Program Files (x86)\TechSmith 2014-05-08 14:14 - 2014-05-08 14:14 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-05-08 14:13 - 2014-05-08 14:13 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl71.dll 2014-05-08 14:13 - 2014-05-08 14:13 - 00007371 _____ () C:\WINDOWS\SysWOW64\redist.txt 2014-05-08 14:13 - 2014-05-08 14:13 - 00002082 _____ () C:\Users\Public\Desktop\TI-Nspire CAS Student Software.lnk 2014-05-08 14:13 - 2014-05-08 14:13 - 00000000 ____D () C:\ProgramData\TI-Nspire CAS 2014-05-08 14:13 - 2014-05-08 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TI Tools 2014-05-08 14:12 - 2014-05-08 14:13 - 00000000 ____D () C:\Program Files (x86)\TI Education 2014-05-07 16:44 - 2014-05-07 16:44 - 00000906 _____ () C:\Users\Lorenz\AppData\Local\recently-used.xbel 2014-05-07 15:57 - 2014-05-19 14:56 - 00030720 ___SH () C:\Users\Lorenz\Desktop\Thumbs.db 2014-05-06 20:44 - 2014-05-06 20:47 - 251749736 _____ () C:\Users\Julian\Downloads\camtasiade_8.1.2.exe 2014-05-06 20:22 - 2014-05-06 20:22 - 00003586 _____ () C:\WINDOWS\System32\Tasks\Maxthon Update 2014-05-06 20:22 - 2014-05-06 20:22 - 00001105 _____ () C:\Users\Public\Desktop\Maxthon Cloud Browser.lnk 2014-05-06 20:22 - 2014-05-06 20:22 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\Maxthon3 2014-05-06 20:22 - 2014-05-06 20:22 - 00000000 ____D () C:\Program Files (x86)\Maxthon 2014-05-06 20:21 - 2014-05-06 20:21 - 01502976 _____ (Maxthon International ltd.) C:\Users\Julian\Downloads\mxsetup.exe 2014-05-06 15:07 - 2014-05-06 15:07 - 00001444 _____ () C:\Users\Julian\Desktop\filezilla.lnk 2014-05-05 19:23 - 2014-04-16 18:02 - 00000000 ____D () C:\Users\Julian\Downloads\wordpress 2014-05-05 19:08 - 2014-05-06 15:55 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\FileZilla 2014-05-05 19:08 - 2014-03-28 10:35 - 00000000 ____D () C:\Users\Julian\Downloads\FileZilla-3.8.0 ==================== One Month Modified Files and Folders ======= 2014-06-04 15:28 - 2014-06-04 15:28 - 00025044 _____ () C:\Users\Julian\Downloads\FRST.txt 2014-06-04 15:28 - 2014-06-04 15:28 - 00000000 ____D () C:\FRST 2014-06-04 15:28 - 2013-12-25 11:43 - 00000000 ____D () C:\Users\Julian\AppData\Local\Temp 2014-06-04 15:27 - 2014-06-04 15:27 - 02068992 _____ (Farbar) C:\Users\Julian\Downloads\FRST64.exe 2014-06-04 15:26 - 2013-12-25 11:16 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\Skype 2014-06-04 15:21 - 2013-12-25 12:14 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2CDB1D17-374E-47F5-A88E-A278A97AC4A6} 2014-06-04 15:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-06-04 14:53 - 2014-05-03 16:42 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-04 14:53 - 2014-05-03 16:42 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-04 14:11 - 2013-12-25 11:39 - 01326392 _____ () C:\WINDOWS\WindowsUpdate.log 2014-06-04 14:05 - 2014-06-04 14:05 - 00096856 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SMR410.SYS 2014-06-04 14:05 - 2014-06-04 14:05 - 00000020 _____ () C:\WINDOWS\system32\Drivers\SMR410.dat 2014-06-04 14:05 - 2014-02-02 19:33 - 00000000 ____D () C:\Users\Julian\AppData\Local\NPE 2014-06-04 14:05 - 2013-06-27 09:46 - 00000000 ____D () C:\ProgramData\Norton 2014-06-04 07:20 - 2014-06-04 07:19 - 00961360 _____ (Chip Digital GmbH) C:\Users\Julian\Downloads\Malwarebytes Anti Malware - CHIP-Installer.exe 2014-06-04 02:00 - 2013-12-25 18:05 - 00000000 ____D () C:\Users\Julian\AppData\Local\Adobe 2014-06-03 21:20 - 2013-11-30 17:28 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3822500206-1761141436-4080005568-1001 2014-06-03 21:00 - 2014-04-07 11:22 - 00007591 _____ () C:\Users\Julian\AppData\Local\Resmon.ResmonCfg 2014-06-03 20:41 - 2014-04-23 20:40 - 00000406 _____ () C:\WINDOWS\Tasks\VideoSaver_wd.job 2014-06-03 19:27 - 2014-04-07 11:10 - 00000000 ___RD () C:\Users\Julian\Dropbox 2014-06-03 19:27 - 2014-04-07 11:08 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\DropboxMaster 2014-06-03 19:27 - 2014-04-07 11:07 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\Dropbox 2014-06-03 19:25 - 2013-12-25 13:55 - 00000000 ____D () C:\Users\Lorenz\AppData\Local\Temp 2014-06-02 16:56 - 2013-12-26 14:28 - 00000000 ____D () C:\Users\Julian\AppData\Local\Deployment 2014-06-02 16:55 - 2014-06-02 16:40 - 00022528 _____ () C:\Users\Julian\Downloads\Termine SkL Übersicht.xls 2014-06-02 15:42 - 2014-01-14 15:06 - 00000000 ____D () C:\Users\Lorenz\AppData\Roaming\Skype 2014-06-02 14:40 - 2013-12-26 14:30 - 00000000 ____D () C:\Users\Lorenz\AppData\Roaming\.minecraft 2014-06-02 14:38 - 2014-01-06 17:33 - 00000000 ____D () C:\Users\Jochen\AppData\Local\Temp 2014-06-02 14:37 - 2014-05-26 17:16 - 00000000 ____D () C:\ProgramData\Origin 2014-06-02 14:37 - 2014-01-06 17:59 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\TS3Client 2014-06-02 14:37 - 2014-01-03 12:40 - 00000000 ____D () C:\Users\Julian\AppData\Local\CrashDumps 2014-06-02 13:49 - 2014-01-30 17:16 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-06-02 13:00 - 2013-11-30 17:20 - 00000000 ____D () C:\Users\Julian\Documents\Bluetooth Folder 2014-06-01 20:24 - 2014-06-01 20:24 - 00000000 ____D () C:\Users\Julian\Downloads\Veenhuis_Shuttle 2014-06-01 20:20 - 2014-06-01 20:20 - 00000000 ____D () C:\Users\Julian\AppData\Local\ESN 2014-06-01 20:20 - 2014-06-01 20:20 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins 2014-06-01 20:19 - 2014-06-01 20:19 - 02247960 _____ () C:\Users\Julian\Downloads\battlelog-web-plugins_2.4.0_141(1).exe 2014-06-01 20:16 - 2014-06-01 20:16 - 02247960 _____ () C:\Users\Julian\Downloads\battlelog-web-plugins_2.4.0_141.exe 2014-06-01 19:22 - 2014-06-01 19:11 - 00000000 ____D () C:\Users\Jochen\Filme 2014-06-01 19:12 - 2014-05-26 17:16 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-06-01 19:11 - 2014-01-06 17:33 - 00000000 ____D () C:\Users\Jochen 2014-06-01 19:10 - 2013-11-14 09:27 - 00005430 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-06-01 19:10 - 2013-11-14 09:11 - 02129064 _____ () C:\WINDOWS\system32\perfh007.dat 2014-06-01 19:10 - 2013-11-14 09:11 - 00581628 _____ () C:\WINDOWS\system32\perfc007.dat 2014-06-01 19:08 - 2013-08-22 16:46 - 00345517 _____ () C:\WINDOWS\setupact.log 2014-06-01 19:06 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-06-01 11:06 - 2013-12-25 11:40 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-06-01 11:06 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-06-01 07:25 - 2013-12-25 11:43 - 00000000 ____D () C:\Users\Rainer 2014-06-01 07:07 - 2013-12-26 14:34 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3822500206-1761141436-4080005568-1005 2014-06-01 07:02 - 2013-12-26 14:30 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{290EB6E1-06B2-459A-89F9-BD742F51684E} 2014-06-01 06:56 - 2014-06-01 06:56 - 00318888 _____ () C:\WINDOWS\Minidump\060114-23796-01.dmp 2014-06-01 06:56 - 2013-12-28 09:55 - 618187811 _____ () C:\WINDOWS\MEMORY.DMP 2014-06-01 06:56 - 2013-12-28 09:55 - 00000000 ____D () C:\WINDOWS\Minidump 2014-06-01 06:55 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-05-31 15:59 - 2013-12-27 19:01 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3822500206-1761141436-4080005568-1004 2014-05-31 15:59 - 2013-12-25 11:43 - 00000000 ____D () C:\Users\Rainer\AppData\Local\Temp 2014-05-31 15:59 - 2013-12-24 22:48 - 00000000 ____D () C:\Users\Rainer\Documents\Bluetooth Folder 2014-05-31 12:12 - 2014-05-31 11:59 - 55681785 _____ () C:\Users\Julian\Downloads\UNZIP_ME_Fendt936_Fendt927.zip 2014-05-30 19:49 - 2014-05-30 19:49 - 00000202 _____ () C:\Users\Rainer\Desktop\Brother MFC-J4410DW Printer - Verknüpfung.lnk 2014-05-30 19:44 - 2014-05-30 19:44 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\PC-FAX TX 2014-05-30 19:44 - 2014-01-03 10:51 - 00000232 _____ () C:\WINDOWS\Brpfx04a.ini 2014-05-30 19:42 - 2014-05-30 19:42 - 00000000 ___RD () C:\Users\Rainer\AppData\Roaming\Brother 2014-05-30 19:40 - 2013-12-27 19:05 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1F4AF68D-9D58-4E51-93BA-9D577EF1ECC6} 2014-05-30 14:19 - 2013-12-26 12:37 - 00084604 _____ () C:\WINDOWS\DirectX.log 2014-05-30 11:51 - 2014-05-30 11:51 - 00189248 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe 2014-05-30 11:51 - 2014-05-30 11:51 - 00189248 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0 2014-05-30 11:50 - 2014-05-30 11:50 - 00075136 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe 2014-05-30 10:27 - 2014-01-06 17:35 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{602F6161-675C-4907-9D63-CEC259D56727} 2014-05-30 10:08 - 2014-01-06 17:43 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3822500206-1761141436-4080005568-1009 2014-05-30 08:43 - 2014-05-26 17:18 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2014-05-30 08:42 - 2014-05-26 17:17 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\Origin 2014-05-29 21:12 - 2014-05-08 14:16 - 00000000 ____D () C:\Users\Julian\Documents\Camtasia Studio 2014-05-29 20:11 - 2014-05-29 20:11 - 17266608 _____ (GIANTS Software GmbH) C:\Users\Julian\Downloads\MBTrac1800Intercooler.exe 2014-05-29 20:05 - 2014-05-29 20:05 - 00001412 _____ () C:\Users\Julian\AppData\Local\recently-used.xbel 2014-05-29 20:05 - 2013-12-31 12:30 - 00000000 ____D () C:\Users\Julian\AppData\Local\gtk-2.0 2014-05-29 20:05 - 2013-12-31 12:25 - 00000000 ____D () C:\Users\Julian\.gimp-2.8 2014-05-29 20:02 - 2014-01-06 17:34 - 00000000 ____D () C:\Users\Jochen\Documents\Bluetooth Folder 2014-05-29 15:11 - 2014-05-29 15:04 - 00000000 ____D () C:\Users\Lorenz\AppData\Roaming\Origin 2014-05-29 15:11 - 2014-05-29 15:04 - 00000000 ____D () C:\Users\Lorenz\AppData\Local\Origin 2014-05-29 13:35 - 2014-05-29 13:35 - 00000000 ____D () C:\Users\Julian\Desktop\VeenhuisW400 2014-05-29 13:35 - 2013-11-30 17:54 - 00208384 ___SH () C:\Users\Julian\Desktop\Thumbs.db 2014-05-29 13:08 - 2014-05-29 13:08 - 02747025 _____ () C:\Users\Julian\Downloads\Veenhuis_Shuttle.zip 2014-05-28 14:28 - 2013-12-25 10:31 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\.minecraft 2014-05-28 13:44 - 2014-04-07 11:10 - 00001076 _____ () C:\Users\Julian\Desktop\Dropbox.lnk 2014-05-28 13:44 - 2014-04-07 11:08 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-05-28 13:44 - 2013-11-30 17:20 - 00000000 ___RD () C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-28 06:10 - 2013-12-25 11:43 - 00000000 ____D () C:\Users\Julian 2014-05-28 05:42 - 2013-11-14 00:18 - 00012354 _____ () C:\WINDOWS\PFRO.log 2014-05-28 05:42 - 2012-07-26 10:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP 2014-05-27 15:57 - 2014-05-27 15:56 - 31112395 _____ () C:\Users\Julian\Downloads\UNPACK_ME.rar 2014-05-26 17:24 - 2014-05-26 17:24 - 00000000 ____D () C:\ProgramData\PopCap Games 2014-05-26 17:24 - 2014-05-26 17:24 - 00000000 ____D () C:\ProgramData\EA Core 2014-05-26 17:24 - 2014-05-26 17:17 - 00000000 ____D () C:\Users\Julian\AppData\Local\Origin 2014-05-26 17:24 - 2014-05-26 17:16 - 00000000 ____D () C:\ProgramData\Electronic Arts 2014-05-26 17:16 - 2014-05-26 17:16 - 00000999 _____ () C:\Users\Public\Desktop\Origin.lnk 2014-05-26 17:15 - 2014-05-26 17:15 - 17009768 _____ (Electronic Arts, Inc.) C:\Users\Julian\Downloads\OriginThinSetup.exe 2014-05-26 14:25 - 2013-12-25 13:56 - 00000000 ____D () C:\Users\Lorenz\Documents\Bluetooth Folder 2014-05-26 13:35 - 2014-05-26 13:35 - 00084000 _____ () C:\Users\Rainer\AppData\Local\GDIPFONTCACHEV1.DAT 2014-05-26 13:35 - 2014-01-03 11:47 - 00000000 ___RD () C:\Users\Rainer\Documents\Rainer Meyer privat 2014-05-26 13:35 - 2013-12-28 15:51 - 00000000 ____D () C:\Users\Rainer\AppData\Local\Deployment 2014-05-26 13:33 - 2013-12-24 22:48 - 00000000 ___RD () C:\Users\Rainer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-26 13:33 - 2013-12-24 22:48 - 00000000 ___RD () C:\Users\Rainer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-25 12:35 - 2013-12-25 11:16 - 00000000 ____D () C:\ProgramData\Skype 2014-05-25 12:34 - 2014-03-16 14:00 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-05-24 20:37 - 2014-05-24 20:37 - 00000000 ____D () C:\Users\Julian\Desktop\Server 2014-05-24 15:16 - 2014-05-24 15:16 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security 2014-05-24 15:16 - 2013-11-30 18:00 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2014-05-24 15:16 - 2013-11-30 17:59 - 00002525 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk 2014-05-24 15:16 - 2013-11-30 17:41 - 00003234 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration 2014-05-24 15:16 - 2013-11-30 17:41 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NISx64 2014-05-23 20:20 - 2014-05-08 16:38 - 00005632 _____ () C:\Users\Julian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-05-23 19:38 - 2013-11-30 17:19 - 00000000 ____D () C:\Users\Julian\AppData\Local\VirtualStore 2014-05-23 19:34 - 2013-12-25 13:55 - 00000000 ____D () C:\Users\Lorenz 2014-05-23 14:52 - 2014-05-23 14:51 - 00754801 _____ () C:\Users\Lorenz\Downloads\DIGDOGS.ZIP 2014-05-19 15:52 - 2014-01-18 18:18 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-19 15:03 - 2014-05-19 14:58 - 00000000 ____D () C:\Users\Lorenz\AppData\Roaming\Craften Terminal 2014-05-19 14:56 - 2014-05-07 15:57 - 00030720 ___SH () C:\Users\Lorenz\Desktop\Thumbs.db 2014-05-19 14:54 - 2014-05-19 14:54 - 00002278 _____ () C:\Users\Lorenz\Desktop\Facebook.lnk 2014-05-19 14:54 - 2014-05-19 14:54 - 00002274 _____ () C:\Users\Lorenz\Desktop\Youtube.lnk 2014-05-19 14:54 - 2014-05-19 14:54 - 00001460 _____ () C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk 2014-05-19 14:54 - 2014-05-19 14:54 - 00000812 _____ () C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk 2014-05-19 14:54 - 2014-05-19 14:54 - 00000000 ____D () C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch 2014-05-19 14:54 - 2014-05-19 14:54 - 00000000 ____D () C:\Users\Lorenz\AppData\Local\Torch 2014-05-19 14:54 - 2014-05-19 14:54 - 00000000 ____D () C:\Users\Lorenz\AppData\Local\jZip 2014-05-19 14:54 - 2014-05-19 14:54 - 00000000 ____D () C:\ProgramData\TorchCrashHandler 2014-05-19 14:51 - 2014-05-19 14:51 - 00000000 ____D () C:\Users\Lorenz\AppData\Roaming\Mozilla 2014-05-19 14:51 - 2014-05-19 14:51 - 00000000 ____D () C:\ProgramData\Datamngr 2014-05-19 14:51 - 2014-05-19 14:51 - 00000000 ____D () C:\extensions 2014-05-19 14:51 - 2013-12-25 13:55 - 00000000 ____D () C:\Users\Lorenz\AppData\Local\VirtualStore 2014-05-18 15:28 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-05-18 14:28 - 2013-12-25 11:01 - 00090962 _____ () C:\WINDOWS\system32\lvcoinst.log 2014-05-16 21:07 - 2013-12-25 13:55 - 00000000 ___RD () C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-16 21:07 - 2013-12-25 13:55 - 00000000 ___RD () C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-16 18:48 - 2013-12-25 12:03 - 00000000 ___RD () C:\Users\Julian\SkyDrive 2014-05-16 18:48 - 2013-11-30 17:20 - 00000000 ___RD () C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-16 17:25 - 2014-05-16 17:25 - 00000000 __SHD () C:\Users\Jochen\AppData\Local\EmieUserList 2014-05-16 17:25 - 2014-05-16 17:25 - 00000000 __SHD () C:\Users\Jochen\AppData\Local\EmieSiteList 2014-05-16 17:25 - 2014-01-06 17:33 - 00000000 ___RD () C:\Users\Jochen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-16 17:25 - 2014-01-06 17:33 - 00000000 ___RD () C:\Users\Jochen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-16 17:24 - 2013-12-24 23:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-16 17:05 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2014-05-16 17:04 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-05-16 17:04 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-05-16 17:04 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-05-16 17:04 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore 2014-05-16 17:04 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates 2014-05-16 17:04 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-05-16 17:04 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-05-14 21:10 - 2013-12-24 21:29 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-05-14 21:10 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-05-14 21:09 - 2013-12-26 13:51 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-05-14 21:09 - 2013-12-24 21:29 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-05-14 16:08 - 2014-05-14 16:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-14 15:47 - 2014-05-14 15:47 - 00774825 _____ () C:\Users\Julian\Downloads\steamcmd.zip 2014-05-09 20:18 - 2014-05-09 20:18 - 00322864 _____ () C:\WINDOWS\Minidump\050914-38734-01.dmp 2014-05-09 20:18 - 2013-08-22 16:44 - 05083896 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-05-09 16:12 - 2014-05-09 15:40 - 00000000 ____D () C:\Users\Julian\Documents\Calibre-Bibliothek 2014-05-09 15:56 - 2014-05-09 15:40 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\calibre 2014-05-09 15:42 - 2014-05-09 15:42 - 00000000 ____D () C:\Users\Julian\AppData\Local\calibre-cache 2014-05-09 15:40 - 2014-05-09 15:40 - 00000946 _____ () C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk 2014-05-09 15:40 - 2014-05-09 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management 2014-05-09 15:40 - 2014-05-09 15:40 - 00000000 ____D () C:\Program Files\Calibre2 2014-05-09 15:39 - 2014-05-09 15:38 - 60981248 _____ () C:\Users\Julian\Downloads\calibre-64bit-1.36.0.msi 2014-05-09 14:48 - 2014-05-03 16:42 - 00004104 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-09 14:48 - 2014-05-03 16:42 - 00003868 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-08 16:47 - 2014-05-08 16:47 - 00000000 ____D () C:\Users\Julian\AppData\Local\TechSmith 2014-05-08 14:22 - 2014-05-08 14:18 - 00000000 ____D () C:\Users\Julian\Documents\TI-Nspire 2014-05-08 14:18 - 2014-05-08 14:18 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\TI-Nspire 2014-05-08 14:16 - 2014-05-08 14:16 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\TechSmith 2014-05-08 14:15 - 2014-05-08 14:15 - 00000000 ____D () C:\Users\Julian\Documents\SafeNet Sentinel 2014-05-08 14:14 - 2014-05-08 14:14 - 00002189 _____ () C:\Users\Julian\AppData\Local\TempfixPerms.vbs 2014-05-08 14:14 - 2014-05-08 14:14 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\Texas Instruments 2014-05-08 14:14 - 2014-05-08 14:14 - 00000000 ____D () C:\ProgramData\TechSmith 2014-05-08 14:14 - 2014-05-08 14:14 - 00000000 ____D () C:\ProgramData\SafeNet Sentinel 2014-05-08 14:14 - 2014-05-08 14:14 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith 2014-05-08 14:14 - 2014-05-08 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith 2014-05-08 14:14 - 2014-05-08 14:14 - 00000000 ____D () C:\Program Files (x86)\TechSmith 2014-05-08 14:14 - 2014-05-08 14:14 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-05-08 14:13 - 2014-05-08 14:13 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl71.dll 2014-05-08 14:13 - 2014-05-08 14:13 - 00007371 _____ () C:\WINDOWS\SysWOW64\redist.txt 2014-05-08 14:13 - 2014-05-08 14:13 - 00002082 _____ () C:\Users\Public\Desktop\TI-Nspire CAS Student Software.lnk 2014-05-08 14:13 - 2014-05-08 14:13 - 00000000 ____D () C:\ProgramData\TI-Nspire CAS 2014-05-08 14:13 - 2014-05-08 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TI Tools 2014-05-08 14:13 - 2014-05-08 14:12 - 00000000 ____D () C:\Program Files (x86)\TI Education 2014-05-07 16:44 - 2014-05-07 16:44 - 00000906 _____ () C:\Users\Lorenz\AppData\Local\recently-used.xbel 2014-05-07 16:44 - 2014-02-18 15:27 - 00000000 ____D () C:\Users\Lorenz\AppData\Local\gtk-2.0 2014-05-07 16:44 - 2014-02-18 15:23 - 00000000 ____D () C:\Users\Lorenz\.gimp-2.8 2014-05-06 20:47 - 2014-05-06 20:44 - 251749736 _____ () C:\Users\Julian\Downloads\camtasiade_8.1.2.exe 2014-05-06 20:22 - 2014-05-06 20:22 - 00003586 _____ () C:\WINDOWS\System32\Tasks\Maxthon Update 2014-05-06 20:22 - 2014-05-06 20:22 - 00001105 _____ () C:\Users\Public\Desktop\Maxthon Cloud Browser.lnk 2014-05-06 20:22 - 2014-05-06 20:22 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\Maxthon3 2014-05-06 20:22 - 2014-05-06 20:22 - 00000000 ____D () C:\Program Files (x86)\Maxthon 2014-05-06 20:21 - 2014-05-06 20:21 - 01502976 _____ (Maxthon International ltd.) C:\Users\Julian\Downloads\mxsetup.exe 2014-05-06 15:55 - 2014-05-05 19:08 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\FileZilla 2014-05-06 15:07 - 2014-05-06 15:07 - 00001444 _____ () C:\Users\Julian\Desktop\filezilla.lnk 2014-05-06 06:40 - 2014-05-14 17:39 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-05-06 05:25 - 2014-05-14 17:39 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-05-06 05:00 - 2014-05-14 17:39 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-14 17:39 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-05-05 17:29 - 2014-03-19 08:45 - 00000000 ____D () C:\Users\Lorenz\AppData\Local\CrashDumps Some content of TEMP: ==================== C:\Users\Julian\AppData\Local\Temp\Creative Cloud Helper.exe C:\Users\Julian\AppData\Local\Temp\DLMGuardian.exe C:\Users\Julian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpp8jmoj.dll C:\Users\Julian\AppData\Local\Temp\FNP_ACT_InstallerCA.dll C:\Users\Julian\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Julian\AppData\Local\Temp\nsg2A38.exe C:\Users\Julian\AppData\Local\Temp\ose00000.exe C:\Users\Julian\AppData\Local\Temp\TINspireCASStudentSoftware-3.6.0.550.exe C:\Users\Rainer\AppData\Local\Temp\_is346B.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-06-01 11:17 ==================== End Of Log ============================ --- --- --- |
05.06.2014, 11:57 | #4 |
/// the machine /// TB-Ausbilder | giw.mapopen.net Werbung Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
05.06.2014, 14:28 | #5 |
giw.mapopen.net Werbung So hier die Logs: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 05.06.2014 Suchlauf-Zeit: 14:45:12 Logdatei: Adw-cleaner.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.06.05.07 Rootkit Datenbank: v2014.06.02.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Julian Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 428198 Verstrichene Zeit: 6 Min, 22 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 3 PUP.Optional.SearchProtect.A, C:\Users\Julian\AppData\Local\Temp\nsg2A38.exe, In Quarantäne, [d9025a1a5c1fb77f14546bc0cc358779], Trojan.Agent.EMP, C:\Users\Lorenz\AppData\Local\Temp\mprAB2E.tmp, In Quarantäne, [fedd5c18afcc3ff74ea1ab6368995ea2], Trojan.Agent.EMP, C:\Users\Lorenz\AppData\Local\Temp\mprC463.tmp, In Quarantäne, [4f8cf77da8d3ad893eb19b73e120946c], Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.211 - Bericht erstellt am 05/06/2014 um 14:58:55 # Aktualisiert 26/05/2014 von Xplode # Betriebssystem : Windows 8.1 (64 bits) # Benutzername : Julian - MEYER-BÜRO # Gestartet von : C:\Users\Julian\Downloads\adwcleaner_3.211.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\DataMngr Ordner Gelöscht : C:\ProgramData\torchcrashhandler Ordner Gelöscht : C:\Program Files (x86)\VideoSaver Ordner Gelöscht : C:\Program Files (x86)\Video-Saver Ordner Gelöscht : C:\Users\Lorenz\AppData\Local\jZip Ordner Gelöscht : C:\Users\Lorenz\AppData\Local\torch Ordner Gelöscht : C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch Datei Gelöscht : C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk Datei Gelöscht : C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk Datei Gelöscht : C:\Users\Lorenz\Desktop\Facebook.lnk Datei Gelöscht : C:\Users\Lorenz\Desktop\Youtube.lnk Datei Gelöscht : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\iyowj2me.default\user.js Datei Gelöscht : C:\WINDOWS\Tasks\VideoSaver_wd.job Datei Gelöscht : C:\WINDOWS\System32\Tasks\VideoSaver_wd ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{BF6F901F-399E-EA23-53E2-438C97252A18}] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\274E1504-21E3-A9F8-9A9D-B3D4B3336957 ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17037 -\\ Mozilla Firefox v29.0.1 (de) [ Datei : C:\Users\Jochen\AppData\Roaming\Mozilla\Firefox\Profiles\aq3z3k6b.default\prefs.js ] [ Datei : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\iyowj2me.default\prefs.js ] ************************* AdwCleaner[R0].txt - [3929 octets] - [05/06/2014 14:57:31] AdwCleaner[S0].txt - [3405 octets] - [05/06/2014 14:58:55] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3465 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.3 (03.23.2014:1) OS: Windows 8.1 x64 Ran by Julian on 05.06.2014 at 15:20:25,41 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Failed to delete: [Folder] "C:\ProgramData\boost_interprocess" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 05.06.2014 at 15:21:44,08 Computer was rebooted End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014 Ran by Julian (administrator) on MEYER-BÜRO on 05-06-2014 15:29:28 Running from C:\Users\Julian\Downloads Platform: Windows 8.1 (Update 1) (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe () C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Windows\SysWOW64\PnkBstrB.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Dropbox, Inc.) C:\Users\Julian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-15] (Realtek Semiconductor) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2013-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1641368 2013-02-01] (Autodesk, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [133248 2013-05-31] ( (Atheros Communications)) HKU\S-1-5-21-3822500206-1761141436-4080005568-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-3822500206-1761141436-4080005568-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd) HKU\S-1-5-21-3822500206-1761141436-4080005568-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent HKU\S-1-5-21-3822500206-1761141436-4080005568-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Julian\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKU\S-1-5-21-3822500206-1761141436-4080005568-1001\...\MountPoints2: {b49cc01e-def8-11e2-be6a-806e6f6e6963} - "F:\PC/TINspireStudent_Setup.exe" HKU\S-1-5-21-3822500206-1761141436-4080005568-1001\...\MountPoints2: {ba2b81f8-73d2-11e3-be80-24fd52914648} - "H:\cdstart.exe" HKU\S-1-5-21-3822500206-1761141436-4080005568-1001\...\MountPoints2: {f9d10030-78ef-11e3-be86-24fd52914648} - "G:\HTC_Sync_Manager_PC.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Remote.lnk ShortcutTarget: Acer Remote.lnk -> C:\Program Files (x86)\Acer Remote\ArcServer.exe (Acer) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6) Startup: C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Julian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com SearchScopes: HKLM - DefaultScope {68E5EF68-B9A0-4FB3-832B-02FE42F92452} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM - {68E5EF68-B9A0-4FB3-832B-02FE42F92452} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM-x32 - {68E5EF68-B9A0-4FB3-832B-02FE42F92452} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKCU - {68E5EF68-B9A0-4FB3-832B-02FE42F92452} URL = BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus) BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\iyowj2me.default FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Battlefield Play4Free - C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\iyowj2me.default\Extensions\battlefieldplay4free@ea.com [2014-05-26] FF Extension: Adblock Plus - C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\iyowj2me.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-23] FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-03-05] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-11-30] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [] ==================== Services (Whitelisted) ================= R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [310912 2013-05-31] (Windows (R) Win 7 DDK provider) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-03-12] (WildTangent) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation) R2 mi-raysat_3dsmax2014_64; C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [86016 2011-09-15] () R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376 2014-05-11] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation) R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.) R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2014-05-30] () R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [189248 2014-05-30] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider) R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-05-31] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1503000.00C\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-01-02] (Disc Soft Ltd) R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d63x64.sys [468240 2013-04-23] (Intel Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-24] (Symantec Corporation) S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [41504 2014-01-23] (LogMeIn Inc.) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140604.002\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation) R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-12-25] (Microsoft Corporation) R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140604.039\ENG64.SYS [126040 2014-04-10] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140604.039\EX64.SYS [2099288 2014-04-10] (Symantec Corporation) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-12-25] (Microsoft Corporation) R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1503000.00C\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1503000.00C\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\NISx64\1503000.00C\SymELAM.sys [23568 2013-09-10] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-30] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1503000.00C\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1503000.00C\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) R3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) S3 USBTINSP; C:\Windows\System32\drivers\tinspusb.sys [142848 2010-03-29] (Texas Instruments) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation) R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-05 15:25 - 2014-06-05 15:25 - 00001491 _____ () C:\Users\Julian\Desktop\Adw-cleaner.txt 2014-06-05 15:21 - 2014-06-05 15:21 - 00000704 _____ () C:\Users\Julian\Desktop\JRT.txt 2014-06-05 15:09 - 2014-06-05 15:09 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-06-05 15:03 - 2014-06-05 15:03 - 01016261 _____ (Thisisu) C:\Users\Julian\Downloads\JRT.exe 2014-06-05 14:57 - 2014-06-05 14:59 - 00000000 ____D () C:\AdwCleaner 2014-06-05 14:56 - 2014-06-05 14:56 - 01327971 _____ () C:\Users\Julian\Downloads\adwcleaner_3.211.exe 2014-06-05 14:43 - 2014-06-05 15:24 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-06-05 14:43 - 2014-06-05 14:43 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-05 14:43 - 2014-06-05 14:43 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-05 14:43 - 2014-06-05 14:43 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-05 14:43 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-06-05 14:43 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-06-05 14:43 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-06-05 14:42 - 2014-06-05 14:43 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Julian\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-04 15:28 - 2014-06-05 15:29 - 00022399 _____ () C:\Users\Julian\Downloads\FRST.txt 2014-06-04 15:28 - 2014-06-05 15:29 - 00000000 ____D () C:\FRST 2014-06-04 15:28 - 2014-06-04 15:30 - 00042930 _____ () C:\Users\Julian\Downloads\Addition.txt 2014-06-04 15:27 - 2014-06-04 15:27 - 02068992 _____ (Farbar) C:\Users\Julian\Downloads\FRST64.exe 2014-06-04 07:19 - 2014-06-04 07:20 - 00961360 _____ (Chip Digital GmbH) C:\Users\Julian\Downloads\Malwarebytes Anti Malware - CHIP-Installer.exe 2014-06-02 16:40 - 2014-06-02 16:55 - 00022528 _____ () C:\Users\Julian\Downloads\Termine SkL Übersicht.xls 2014-06-01 20:24 - 2014-06-01 20:24 - 00000000 ____D () C:\Users\Julian\Downloads\Veenhuis_Shuttle 2014-06-01 20:20 - 2014-06-01 20:20 - 00000000 ____D () C:\Users\Julian\AppData\Local\ESN 2014-06-01 20:20 - 2014-06-01 20:20 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins 2014-06-01 20:19 - 2014-06-01 20:19 - 02247960 _____ () C:\Users\Julian\Downloads\battlelog-web-plugins_2.4.0_141(1).exe 2014-06-01 20:16 - 2014-06-01 20:16 - 02247960 _____ () C:\Users\Julian\Downloads\battlelog-web-plugins_2.4.0_141.exe 2014-06-01 19:11 - 2014-06-01 19:22 - 00000000 ____D () C:\Users\Jochen\Filme 2014-06-01 06:56 - 2014-06-01 06:56 - 00318888 _____ () C:\WINDOWS\Minidump\060114-23796-01.dmp 2014-05-31 11:59 - 2014-05-31 12:12 - 55681785 _____ () C:\Users\Julian\Downloads\UNZIP_ME_Fendt936_Fendt927.zip 2014-05-30 19:49 - 2014-05-30 19:49 - 00000202 _____ () C:\Users\Rainer\Desktop\Brother MFC-J4410DW Printer - Verknüpfung.lnk 2014-05-30 19:44 - 2014-05-30 19:44 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\PC-FAX TX 2014-05-30 19:42 - 2014-05-30 19:42 - 00000000 ___RD () C:\Users\Rainer\AppData\Roaming\Brother 2014-05-30 11:51 - 2014-05-30 11:51 - 00189248 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe 2014-05-30 11:51 - 2014-05-30 11:51 - 00189248 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0 2014-05-30 11:50 - 2014-05-30 11:50 - 00075136 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe 2014-05-29 20:11 - 2014-05-29 20:11 - 17266608 _____ (GIANTS Software GmbH) C:\Users\Julian\Downloads\MBTrac1800Intercooler.exe 2014-05-29 20:05 - 2014-05-29 20:05 - 00001412 _____ () C:\Users\Julian\AppData\Local\recently-used.xbel 2014-05-29 15:04 - 2014-05-29 15:11 - 00000000 ____D () C:\Users\Lorenz\AppData\Roaming\Origin 2014-05-29 15:04 - 2014-05-29 15:11 - 00000000 ____D () C:\Users\Lorenz\AppData\Local\Origin 2014-05-29 13:35 - 2014-05-29 13:35 - 00000000 ____D () C:\Users\Julian\Desktop\VeenhuisW400 2014-05-29 13:08 - 2014-05-29 13:08 - 02747025 _____ () C:\Users\Julian\Downloads\Veenhuis_Shuttle.zip 2014-05-27 15:56 - 2014-05-27 15:57 - 31112395 _____ () C:\Users\Julian\Downloads\UNPACK_ME.rar 2014-05-26 17:24 - 2014-05-26 17:24 - 00000000 ____D () C:\ProgramData\PopCap Games 2014-05-26 17:24 - 2014-05-26 17:24 - 00000000 ____D () C:\ProgramData\EA Core 2014-05-26 17:18 - 2014-05-30 08:43 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2014-05-26 17:17 - 2014-05-30 08:42 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\Origin 2014-05-26 17:17 - 2014-05-26 17:24 - 00000000 ____D () C:\Users\Julian\AppData\Local\Origin 2014-05-26 17:16 - 2014-06-02 14:37 - 00000000 ____D () C:\ProgramData\Origin 2014-05-26 17:16 - 2014-06-01 19:12 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-05-26 17:16 - 2014-05-26 17:24 - 00000000 ____D () C:\ProgramData\Electronic Arts 2014-05-26 17:16 - 2014-05-26 17:16 - 00000999 _____ () C:\Users\Public\Desktop\Origin.lnk 2014-05-26 17:15 - 2014-05-26 17:15 - 17009768 _____ (Electronic Arts, Inc.) C:\Users\Julian\Downloads\OriginThinSetup.exe 2014-05-26 13:35 - 2014-05-26 13:35 - 00084000 _____ () C:\Users\Rainer\AppData\Local\GDIPFONTCACHEV1.DAT 2014-05-24 20:37 - 2014-05-24 20:37 - 00000000 ____D () C:\Users\Julian\Desktop\Server 2014-05-24 15:16 - 2014-05-24 15:16 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security 2014-05-23 14:51 - 2014-05-23 14:52 - 00754801 _____ () C:\Users\Lorenz\Downloads\DIGDOGS.ZIP 2014-05-19 14:58 - 2014-05-19 15:03 - 00000000 ____D () C:\Users\Lorenz\AppData\Roaming\Craften Terminal 2014-05-19 14:51 - 2014-05-19 14:51 - 00000000 ____D () C:\Users\Lorenz\AppData\Roaming\Mozilla 2014-05-19 14:51 - 2014-05-19 14:51 - 00000000 ____D () C:\extensions 2014-05-16 17:25 - 2014-05-16 17:25 - 00000000 __SHD () C:\Users\Jochen\AppData\Local\EmieUserList 2014-05-16 17:25 - 2014-05-16 17:25 - 00000000 __SHD () C:\Users\Jochen\AppData\Local\EmieSiteList 2014-05-14 17:39 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-05-14 17:39 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-05-14 17:39 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-05-14 17:39 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-05-14 17:39 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2014-05-14 17:39 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2014-05-14 17:39 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2014-05-14 17:39 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2014-05-14 17:39 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2014-05-14 17:39 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2014-05-14 17:39 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2014-05-14 17:39 - 2014-04-11 05:36 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2014-05-14 17:39 - 2014-04-11 05:24 - 13288960 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2014-05-14 17:39 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2014-05-14 17:39 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-05-14 17:39 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2014-05-14 17:39 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-05-14 17:39 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2014-05-14 17:39 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2014-05-14 17:39 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2014-05-14 17:39 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2014-05-14 17:39 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2014-05-14 17:39 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2014-05-14 17:39 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2014-05-14 17:39 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2014-05-14 17:39 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2014-05-14 17:39 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2014-05-14 17:39 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2014-05-14 17:39 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2014-05-14 17:39 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2014-05-14 17:39 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2014-05-14 17:39 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2014-05-14 17:39 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2014-05-14 17:39 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2014-05-14 17:39 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe 2014-05-14 17:39 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe 2014-05-14 17:38 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll 2014-05-14 17:38 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll 2014-05-14 17:38 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll 2014-05-14 17:38 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll 2014-05-14 17:38 - 2014-03-27 11:12 - 21225584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2014-05-14 17:38 - 2014-03-27 09:48 - 18679728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2014-05-14 16:08 - 2014-05-14 16:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-14 15:47 - 2014-05-14 15:47 - 00774825 _____ () C:\Users\Julian\Downloads\steamcmd.zip 2014-05-09 20:18 - 2014-05-09 20:18 - 00322864 _____ () C:\WINDOWS\Minidump\050914-38734-01.dmp 2014-05-09 15:42 - 2014-05-09 15:42 - 00000000 ____D () C:\Users\Julian\AppData\Local\calibre-cache 2014-05-09 15:40 - 2014-05-09 16:12 - 00000000 ____D () C:\Users\Julian\Documents\Calibre-Bibliothek 2014-05-09 15:40 - 2014-05-09 15:56 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\calibre 2014-05-09 15:40 - 2014-05-09 15:40 - 00000946 _____ () C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk 2014-05-09 15:40 - 2014-05-09 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management 2014-05-09 15:40 - 2014-05-09 15:40 - 00000000 ____D () C:\Program Files\Calibre2 2014-05-09 15:38 - 2014-05-09 15:39 - 60981248 _____ () C:\Users\Julian\Downloads\calibre-64bit-1.36.0.msi 2014-05-08 16:47 - 2014-05-08 16:47 - 00000000 ____D () C:\Users\Julian\AppData\Local\TechSmith 2014-05-08 16:38 - 2014-05-23 20:20 - 00005632 _____ () C:\Users\Julian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-05-08 14:18 - 2014-06-04 16:42 - 00000000 ____D () C:\Users\Julian\Documents\TI-Nspire 2014-05-08 14:18 - 2014-05-08 14:18 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\TI-Nspire 2014-05-08 14:16 - 2014-05-29 21:12 - 00000000 ____D () C:\Users\Julian\Documents\Camtasia Studio 2014-05-08 14:16 - 2014-05-08 14:16 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\TechSmith 2014-05-08 14:15 - 2014-05-08 14:15 - 00000000 ____D () C:\Users\Julian\Documents\SafeNet Sentinel 2014-05-08 14:14 - 2014-05-08 14:14 - 00002189 _____ () C:\Users\Julian\AppData\Local\TempfixPerms.vbs 2014-05-08 14:14 - 2014-05-08 14:14 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\Texas Instruments 2014-05-08 14:14 - 2014-05-08 14:14 - 00000000 ____D () C:\ProgramData\TechSmith 2014-05-08 14:14 - 2014-05-08 14:14 - 00000000 ____D () C:\ProgramData\SafeNet Sentinel 2014-05-08 14:14 - 2014-05-08 14:14 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith 2014-05-08 14:14 - 2014-05-08 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith 2014-05-08 14:14 - 2014-05-08 14:14 - 00000000 ____D () C:\Program Files (x86)\TechSmith 2014-05-08 14:14 - 2014-05-08 14:14 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-05-08 14:13 - 2014-05-08 14:13 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl71.dll 2014-05-08 14:13 - 2014-05-08 14:13 - 00007371 _____ () C:\WINDOWS\SysWOW64\redist.txt 2014-05-08 14:13 - 2014-05-08 14:13 - 00002082 _____ () C:\Users\Public\Desktop\TI-Nspire CAS Student Software.lnk 2014-05-08 14:13 - 2014-05-08 14:13 - 00000000 ____D () C:\ProgramData\TI-Nspire CAS 2014-05-08 14:13 - 2014-05-08 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TI Tools 2014-05-08 14:12 - 2014-05-08 14:13 - 00000000 ____D () C:\Program Files (x86)\TI Education 2014-05-07 16:44 - 2014-05-07 16:44 - 00000906 _____ () C:\Users\Lorenz\AppData\Local\recently-used.xbel 2014-05-07 15:57 - 2014-05-19 14:56 - 00030720 ___SH () C:\Users\Lorenz\Desktop\Thumbs.db 2014-05-06 20:44 - 2014-05-06 20:47 - 251749736 _____ () C:\Users\Julian\Downloads\camtasiade_8.1.2.exe 2014-05-06 20:22 - 2014-05-06 20:22 - 00003586 _____ () C:\WINDOWS\System32\Tasks\Maxthon Update 2014-05-06 20:22 - 2014-05-06 20:22 - 00001105 _____ () C:\Users\Public\Desktop\Maxthon Cloud Browser.lnk 2014-05-06 20:22 - 2014-05-06 20:22 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\Maxthon3 2014-05-06 20:22 - 2014-05-06 20:22 - 00000000 ____D () C:\Program Files (x86)\Maxthon 2014-05-06 20:21 - 2014-05-06 20:21 - 01502976 _____ (Maxthon International ltd.) C:\Users\Julian\Downloads\mxsetup.exe 2014-05-06 15:07 - 2014-05-06 15:07 - 00001444 _____ () C:\Users\Julian\Desktop\filezilla.lnk ==================== One Month Modified Files and Folders ======= 2014-06-05 15:29 - 2014-06-04 15:28 - 00022399 _____ () C:\Users\Julian\Downloads\FRST.txt 2014-06-05 15:29 - 2014-06-04 15:28 - 00000000 ____D () C:\FRST 2014-06-05 15:29 - 2013-12-25 11:43 - 00000000 ____D () C:\Users\Julian\AppData\Local\Temp 2014-06-05 15:28 - 2013-12-25 12:14 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2CDB1D17-374E-47F5-A88E-A278A97AC4A6} 2014-06-05 15:25 - 2014-06-05 15:25 - 00001491 _____ () C:\Users\Julian\Desktop\Adw-cleaner.txt 2014-06-05 15:24 - 2014-06-05 14:43 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-06-05 15:23 - 2013-12-24 22:41 - 00000000 ____D () C:\Program Files (x86)\PSPad editor 2014-06-05 15:22 - 2013-11-14 09:27 - 00005430 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-06-05 15:22 - 2013-11-14 09:11 - 02216316 _____ () C:\WINDOWS\system32\perfh007.dat 2014-06-05 15:22 - 2013-11-14 09:11 - 00608736 _____ () C:\WINDOWS\system32\perfc007.dat 2014-06-05 15:21 - 2014-06-05 15:21 - 00000704 _____ () C:\Users\Julian\Desktop\JRT.txt 2014-06-05 15:20 - 2014-05-03 16:42 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-05 15:20 - 2014-04-07 11:10 - 00000000 ___RD () C:\Users\Julian\Dropbox 2014-06-05 15:20 - 2014-04-07 11:08 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\DropboxMaster 2014-06-05 15:20 - 2014-04-07 11:07 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\Dropbox 2014-06-05 15:17 - 2013-12-25 11:40 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-06-05 15:17 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-06-05 15:09 - 2014-06-05 15:09 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-06-05 15:03 - 2014-06-05 15:03 - 01016261 _____ (Thisisu) C:\Users\Julian\Downloads\JRT.exe 2014-06-05 14:59 - 2014-06-05 14:57 - 00000000 ____D () C:\AdwCleaner 2014-06-05 14:59 - 2013-11-14 00:18 - 00013710 _____ () C:\WINDOWS\PFRO.log 2014-06-05 14:56 - 2014-06-05 14:56 - 01327971 _____ () C:\Users\Julian\Downloads\adwcleaner_3.211.exe 2014-06-05 14:53 - 2014-05-03 16:42 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-05 14:52 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Cursors 2014-06-05 14:51 - 2013-12-25 13:55 - 00000000 ____D () C:\Users\Lorenz\AppData\Local\Temp 2014-06-05 14:43 - 2014-06-05 14:43 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-05 14:43 - 2014-06-05 14:43 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-05 14:43 - 2014-06-05 14:43 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-05 14:43 - 2014-06-05 14:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Julian\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-05 14:41 - 2013-11-30 17:20 - 00000000 ____D () C:\Users\Julian\Documents\Bluetooth Folder 2014-06-05 14:40 - 2013-12-25 11:16 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\Skype 2014-06-05 14:40 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-06-05 11:08 - 2013-12-25 11:39 - 01515124 _____ () C:\WINDOWS\WindowsUpdate.log 2014-06-05 08:38 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-06-05 06:42 - 2013-11-30 17:28 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3822500206-1761141436-4080005568-1001 2014-06-05 02:00 - 2013-12-25 18:05 - 00000000 ____D () C:\Users\Julian\AppData\Local\Adobe 2014-06-04 16:42 - 2014-05-08 14:18 - 00000000 ____D () C:\Users\Julian\Documents\TI-Nspire 2014-06-04 15:30 - 2014-06-04 15:28 - 00042930 _____ () C:\Users\Julian\Downloads\Addition.txt 2014-06-04 15:27 - 2014-06-04 15:27 - 02068992 _____ (Farbar) C:\Users\Julian\Downloads\FRST64.exe 2014-06-04 14:05 - 2014-02-02 19:33 - 00000000 ____D () C:\Users\Julian\AppData\Local\NPE 2014-06-04 14:05 - 2013-06-27 09:46 - 00000000 ____D () C:\ProgramData\Norton 2014-06-04 07:20 - 2014-06-04 07:19 - 00961360 _____ (Chip Digital GmbH) C:\Users\Julian\Downloads\Malwarebytes Anti Malware - CHIP-Installer.exe 2014-06-03 21:00 - 2014-04-07 11:22 - 00007591 _____ () C:\Users\Julian\AppData\Local\Resmon.ResmonCfg 2014-06-02 16:56 - 2013-12-26 14:28 - 00000000 ____D () C:\Users\Julian\AppData\Local\Deployment 2014-06-02 16:55 - 2014-06-02 16:40 - 00022528 _____ () C:\Users\Julian\Downloads\Termine SkL Übersicht.xls 2014-06-02 15:42 - 2014-01-14 15:06 - 00000000 ____D () C:\Users\Lorenz\AppData\Roaming\Skype 2014-06-02 14:40 - 2013-12-26 14:30 - 00000000 ____D () C:\Users\Lorenz\AppData\Roaming\.minecraft 2014-06-02 14:38 - 2014-01-06 17:33 - 00000000 ____D () C:\Users\Jochen\AppData\Local\Temp 2014-06-02 14:37 - 2014-05-26 17:16 - 00000000 ____D () C:\ProgramData\Origin 2014-06-02 14:37 - 2014-01-06 17:59 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\TS3Client 2014-06-02 14:37 - 2014-01-03 12:40 - 00000000 ____D () C:\Users\Julian\AppData\Local\CrashDumps 2014-06-02 13:49 - 2014-01-30 17:16 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-06-01 20:24 - 2014-06-01 20:24 - 00000000 ____D () C:\Users\Julian\Downloads\Veenhuis_Shuttle 2014-06-01 20:20 - 2014-06-01 20:20 - 00000000 ____D () C:\Users\Julian\AppData\Local\ESN 2014-06-01 20:20 - 2014-06-01 20:20 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins 2014-06-01 20:19 - 2014-06-01 20:19 - 02247960 _____ () C:\Users\Julian\Downloads\battlelog-web-plugins_2.4.0_141(1).exe 2014-06-01 20:16 - 2014-06-01 20:16 - 02247960 _____ () C:\Users\Julian\Downloads\battlelog-web-plugins_2.4.0_141.exe 2014-06-01 19:22 - 2014-06-01 19:11 - 00000000 ____D () C:\Users\Jochen\Filme 2014-06-01 19:12 - 2014-05-26 17:16 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-06-01 19:11 - 2014-01-06 17:33 - 00000000 ____D () C:\Users\Jochen 2014-06-01 19:08 - 2013-08-22 16:46 - 00345517 _____ () C:\WINDOWS\setupact.log 2014-06-01 07:25 - 2013-12-25 11:43 - 00000000 ____D () C:\Users\Rainer 2014-06-01 07:07 - 2013-12-26 14:34 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3822500206-1761141436-4080005568-1005 2014-06-01 07:02 - 2013-12-26 14:30 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{290EB6E1-06B2-459A-89F9-BD742F51684E} 2014-06-01 06:56 - 2014-06-01 06:56 - 00318888 _____ () C:\WINDOWS\Minidump\060114-23796-01.dmp 2014-06-01 06:56 - 2013-12-28 09:55 - 618187811 _____ () C:\WINDOWS\MEMORY.DMP 2014-06-01 06:56 - 2013-12-28 09:55 - 00000000 ____D () C:\WINDOWS\Minidump 2014-06-01 06:55 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-05-31 15:59 - 2013-12-27 19:01 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3822500206-1761141436-4080005568-1004 2014-05-31 15:59 - 2013-12-25 11:43 - 00000000 ____D () C:\Users\Rainer\AppData\Local\Temp 2014-05-31 15:59 - 2013-12-24 22:48 - 00000000 ____D () C:\Users\Rainer\Documents\Bluetooth Folder 2014-05-31 12:12 - 2014-05-31 11:59 - 55681785 _____ () C:\Users\Julian\Downloads\UNZIP_ME_Fendt936_Fendt927.zip 2014-05-30 19:49 - 2014-05-30 19:49 - 00000202 _____ () C:\Users\Rainer\Desktop\Brother MFC-J4410DW Printer - Verknüpfung.lnk 2014-05-30 19:44 - 2014-05-30 19:44 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\PC-FAX TX 2014-05-30 19:44 - 2014-01-03 10:51 - 00000232 _____ () C:\WINDOWS\Brpfx04a.ini 2014-05-30 19:42 - 2014-05-30 19:42 - 00000000 ___RD () C:\Users\Rainer\AppData\Roaming\Brother 2014-05-30 19:40 - 2013-12-27 19:05 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1F4AF68D-9D58-4E51-93BA-9D577EF1ECC6} 2014-05-30 14:19 - 2013-12-26 12:37 - 00084604 _____ () C:\WINDOWS\DirectX.log 2014-05-30 11:51 - 2014-05-30 11:51 - 00189248 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe 2014-05-30 11:51 - 2014-05-30 11:51 - 00189248 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0 2014-05-30 11:50 - 2014-05-30 11:50 - 00075136 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe 2014-05-30 10:27 - 2014-01-06 17:35 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{602F6161-675C-4907-9D63-CEC259D56727} 2014-05-30 10:08 - 2014-01-06 17:43 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3822500206-1761141436-4080005568-1009 2014-05-30 08:43 - 2014-05-26 17:18 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2014-05-30 08:42 - 2014-05-26 17:17 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\Origin 2014-05-29 21:12 - 2014-05-08 14:16 - 00000000 ____D () C:\Users\Julian\Documents\Camtasia Studio 2014-05-29 20:11 - 2014-05-29 20:11 - 17266608 _____ (GIANTS Software GmbH) C:\Users\Julian\Downloads\MBTrac1800Intercooler.exe 2014-05-29 20:05 - 2014-05-29 20:05 - 00001412 _____ () C:\Users\Julian\AppData\Local\recently-used.xbel 2014-05-29 20:05 - 2013-12-31 12:30 - 00000000 ____D () C:\Users\Julian\AppData\Local\gtk-2.0 2014-05-29 20:05 - 2013-12-31 12:25 - 00000000 ____D () C:\Users\Julian\.gimp-2.8 2014-05-29 20:02 - 2014-01-06 17:34 - 00000000 ____D () C:\Users\Jochen\Documents\Bluetooth Folder 2014-05-29 15:11 - 2014-05-29 15:04 - 00000000 ____D () C:\Users\Lorenz\AppData\Roaming\Origin 2014-05-29 15:11 - 2014-05-29 15:04 - 00000000 ____D () C:\Users\Lorenz\AppData\Local\Origin 2014-05-29 13:35 - 2014-05-29 13:35 - 00000000 ____D () C:\Users\Julian\Desktop\VeenhuisW400 2014-05-29 13:35 - 2013-11-30 17:54 - 00208384 ___SH () C:\Users\Julian\Desktop\Thumbs.db 2014-05-29 13:08 - 2014-05-29 13:08 - 02747025 _____ () C:\Users\Julian\Downloads\Veenhuis_Shuttle.zip 2014-05-28 14:28 - 2013-12-25 10:31 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\.minecraft 2014-05-28 13:44 - 2014-04-07 11:10 - 00001076 _____ () C:\Users\Julian\Desktop\Dropbox.lnk 2014-05-28 13:44 - 2014-04-07 11:08 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-05-28 13:44 - 2013-11-30 17:20 - 00000000 ___RD () C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-28 06:10 - 2013-12-25 11:43 - 00000000 ____D () C:\Users\Julian 2014-05-28 05:42 - 2012-07-26 10:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP 2014-05-27 15:57 - 2014-05-27 15:56 - 31112395 _____ () C:\Users\Julian\Downloads\UNPACK_ME.rar 2014-05-26 17:24 - 2014-05-26 17:24 - 00000000 ____D () C:\ProgramData\PopCap Games 2014-05-26 17:24 - 2014-05-26 17:24 - 00000000 ____D () C:\ProgramData\EA Core 2014-05-26 17:24 - 2014-05-26 17:17 - 00000000 ____D () C:\Users\Julian\AppData\Local\Origin 2014-05-26 17:24 - 2014-05-26 17:16 - 00000000 ____D () C:\ProgramData\Electronic Arts 2014-05-26 17:16 - 2014-05-26 17:16 - 00000999 _____ () C:\Users\Public\Desktop\Origin.lnk 2014-05-26 17:15 - 2014-05-26 17:15 - 17009768 _____ (Electronic Arts, Inc.) C:\Users\Julian\Downloads\OriginThinSetup.exe 2014-05-26 14:25 - 2013-12-25 13:56 - 00000000 ____D () C:\Users\Lorenz\Documents\Bluetooth Folder 2014-05-26 13:35 - 2014-05-26 13:35 - 00084000 _____ () C:\Users\Rainer\AppData\Local\GDIPFONTCACHEV1.DAT 2014-05-26 13:35 - 2014-01-03 11:47 - 00000000 ___RD () C:\Users\Rainer\Documents\Rainer Meyer privat 2014-05-26 13:35 - 2013-12-28 15:51 - 00000000 ____D () C:\Users\Rainer\AppData\Local\Deployment 2014-05-26 13:33 - 2013-12-24 22:48 - 00000000 ___RD () C:\Users\Rainer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-26 13:33 - 2013-12-24 22:48 - 00000000 ___RD () C:\Users\Rainer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-25 12:35 - 2013-12-25 11:16 - 00000000 ____D () C:\ProgramData\Skype 2014-05-25 12:34 - 2014-03-16 14:00 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-05-24 20:37 - 2014-05-24 20:37 - 00000000 ____D () C:\Users\Julian\Desktop\Server 2014-05-24 15:16 - 2014-05-24 15:16 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security 2014-05-24 15:16 - 2013-11-30 18:00 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2014-05-24 15:16 - 2013-11-30 17:59 - 00002525 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk 2014-05-24 15:16 - 2013-11-30 17:41 - 00003234 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration 2014-05-24 15:16 - 2013-11-30 17:41 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NISx64 2014-05-23 20:20 - 2014-05-08 16:38 - 00005632 _____ () C:\Users\Julian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-05-23 19:38 - 2013-11-30 17:19 - 00000000 ____D () C:\Users\Julian\AppData\Local\VirtualStore 2014-05-23 19:34 - 2013-12-25 13:55 - 00000000 ____D () C:\Users\Lorenz 2014-05-23 14:52 - 2014-05-23 14:51 - 00754801 _____ () C:\Users\Lorenz\Downloads\DIGDOGS.ZIP 2014-05-19 15:52 - 2014-01-18 18:18 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-19 15:03 - 2014-05-19 14:58 - 00000000 ____D () C:\Users\Lorenz\AppData\Roaming\Craften Terminal 2014-05-19 14:56 - 2014-05-07 15:57 - 00030720 ___SH () C:\Users\Lorenz\Desktop\Thumbs.db 2014-05-19 14:51 - 2014-05-19 14:51 - 00000000 ____D () C:\Users\Lorenz\AppData\Roaming\Mozilla 2014-05-19 14:51 - 2014-05-19 14:51 - 00000000 ____D () C:\extensions 2014-05-19 14:51 - 2013-12-25 13:55 - 00000000 ____D () C:\Users\Lorenz\AppData\Local\VirtualStore 2014-05-18 15:28 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-05-18 14:28 - 2013-12-25 11:01 - 00090962 _____ () C:\WINDOWS\system32\lvcoinst.log 2014-05-16 21:07 - 2013-12-25 13:55 - 00000000 ___RD () C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-16 21:07 - 2013-12-25 13:55 - 00000000 ___RD () C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-16 18:48 - 2013-12-25 12:03 - 00000000 ___RD () C:\Users\Julian\SkyDrive 2014-05-16 18:48 - 2013-11-30 17:20 - 00000000 ___RD () C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-16 17:25 - 2014-05-16 17:25 - 00000000 __SHD () C:\Users\Jochen\AppData\Local\EmieUserList 2014-05-16 17:25 - 2014-05-16 17:25 - 00000000 __SHD () C:\Users\Jochen\AppData\Local\EmieSiteList 2014-05-16 17:25 - 2014-01-06 17:33 - 00000000 ___RD () C:\Users\Jochen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-16 17:25 - 2014-01-06 17:33 - 00000000 ___RD () C:\Users\Jochen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-16 17:24 - 2013-12-24 23:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-16 17:05 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2014-05-16 17:04 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-05-16 17:04 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-05-16 17:04 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-05-16 17:04 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore 2014-05-16 17:04 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates 2014-05-16 17:04 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-05-16 17:04 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-05-14 21:10 - 2013-12-24 21:29 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-05-14 21:10 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-05-14 21:09 - 2013-12-26 13:51 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-05-14 21:09 - 2013-12-24 21:29 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-05-14 16:08 - 2014-05-14 16:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-14 15:47 - 2014-05-14 15:47 - 00774825 _____ () C:\Users\Julian\Downloads\steamcmd.zip 2014-05-12 07:26 - 2014-06-05 14:43 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-05-12 07:26 - 2014-06-05 14:43 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-06-05 14:43 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-05-09 20:18 - 2014-05-09 20:18 - 00322864 _____ () C:\WINDOWS\Minidump\050914-38734-01.dmp 2014-05-09 20:18 - 2013-08-22 16:44 - 05083896 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-05-09 16:12 - 2014-05-09 15:40 - 00000000 ____D () C:\Users\Julian\Documents\Calibre-Bibliothek 2014-05-09 15:56 - 2014-05-09 15:40 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\calibre 2014-05-09 15:42 - 2014-05-09 15:42 - 00000000 ____D () C:\Users\Julian\AppData\Local\calibre-cache 2014-05-09 15:40 - 2014-05-09 15:40 - 00000946 _____ () C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk 2014-05-09 15:40 - 2014-05-09 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management 2014-05-09 15:40 - 2014-05-09 15:40 - 00000000 ____D () C:\Program Files\Calibre2 2014-05-09 15:39 - 2014-05-09 15:38 - 60981248 _____ () C:\Users\Julian\Downloads\calibre-64bit-1.36.0.msi 2014-05-09 14:48 - 2014-05-03 16:42 - 00004104 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-09 14:48 - 2014-05-03 16:42 - 00003868 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-08 16:47 - 2014-05-08 16:47 - 00000000 ____D () C:\Users\Julian\AppData\Local\TechSmith 2014-05-08 14:18 - 2014-05-08 14:18 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\TI-Nspire 2014-05-08 14:16 - 2014-05-08 14:16 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\TechSmith 2014-05-08 14:15 - 2014-05-08 14:15 - 00000000 ____D () C:\Users\Julian\Documents\SafeNet Sentinel 2014-05-08 14:14 - 2014-05-08 14:14 - 00002189 _____ () C:\Users\Julian\AppData\Local\TempfixPerms.vbs 2014-05-08 14:14 - 2014-05-08 14:14 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\Texas Instruments 2014-05-08 14:14 - 2014-05-08 14:14 - 00000000 ____D () C:\ProgramData\TechSmith 2014-05-08 14:14 - 2014-05-08 14:14 - 00000000 ____D () C:\ProgramData\SafeNet Sentinel 2014-05-08 14:14 - 2014-05-08 14:14 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith 2014-05-08 14:14 - 2014-05-08 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith 2014-05-08 14:14 - 2014-05-08 14:14 - 00000000 ____D () C:\Program Files (x86)\TechSmith 2014-05-08 14:14 - 2014-05-08 14:14 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-05-08 14:13 - 2014-05-08 14:13 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl71.dll 2014-05-08 14:13 - 2014-05-08 14:13 - 00007371 _____ () C:\WINDOWS\SysWOW64\redist.txt 2014-05-08 14:13 - 2014-05-08 14:13 - 00002082 _____ () C:\Users\Public\Desktop\TI-Nspire CAS Student Software.lnk 2014-05-08 14:13 - 2014-05-08 14:13 - 00000000 ____D () C:\ProgramData\TI-Nspire CAS 2014-05-08 14:13 - 2014-05-08 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TI Tools 2014-05-08 14:13 - 2014-05-08 14:12 - 00000000 ____D () C:\Program Files (x86)\TI Education 2014-05-07 16:44 - 2014-05-07 16:44 - 00000906 _____ () C:\Users\Lorenz\AppData\Local\recently-used.xbel 2014-05-07 16:44 - 2014-02-18 15:27 - 00000000 ____D () C:\Users\Lorenz\AppData\Local\gtk-2.0 2014-05-07 16:44 - 2014-02-18 15:23 - 00000000 ____D () C:\Users\Lorenz\.gimp-2.8 2014-05-06 20:47 - 2014-05-06 20:44 - 251749736 _____ () C:\Users\Julian\Downloads\camtasiade_8.1.2.exe 2014-05-06 20:22 - 2014-05-06 20:22 - 00003586 _____ () C:\WINDOWS\System32\Tasks\Maxthon Update 2014-05-06 20:22 - 2014-05-06 20:22 - 00001105 _____ () C:\Users\Public\Desktop\Maxthon Cloud Browser.lnk 2014-05-06 20:22 - 2014-05-06 20:22 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\Maxthon3 2014-05-06 20:22 - 2014-05-06 20:22 - 00000000 ____D () C:\Program Files (x86)\Maxthon 2014-05-06 20:21 - 2014-05-06 20:21 - 01502976 _____ (Maxthon International ltd.) C:\Users\Julian\Downloads\mxsetup.exe 2014-05-06 15:55 - 2014-05-05 19:08 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\FileZilla 2014-05-06 15:07 - 2014-05-06 15:07 - 00001444 _____ () C:\Users\Julian\Desktop\filezilla.lnk 2014-05-06 06:40 - 2014-05-14 17:39 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-05-06 05:25 - 2014-05-14 17:39 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-05-06 05:00 - 2014-05-14 17:39 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-14 17:39 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll Some content of TEMP: ==================== C:\Users\Julian\AppData\Local\Temp\Creative Cloud Helper.exe C:\Users\Julian\AppData\Local\Temp\DLMGuardian.exe C:\Users\Julian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpk_1huk.dll C:\Users\Julian\AppData\Local\Temp\FNP_ACT_InstallerCA.dll C:\Users\Julian\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Julian\AppData\Local\Temp\ose00000.exe C:\Users\Julian\AppData\Local\Temp\Quarantine.exe C:\Users\Julian\AppData\Local\Temp\TINspireCASStudentSoftware-3.6.0.550.exe C:\Users\Rainer\AppData\Local\Temp\_is346B.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-06-05 05:59 ==================== End Of Log ============================ So das war jetzt alles Geändert von green_lion (05.06.2014 um 14:31 Uhr) Grund: Etwas vergessen:D |
06.06.2014, 11:42 | #6 |
/// the machine /// TB-Ausbilder | giw.mapopen.net WerbungESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> giw.mapopen.net Werbung |
07.06.2014, 18:24 | #7 |
giw.mapopen.net Werbung Habe ganz vergessen zu sagen das ich bin Dienstag Abend im Urlaub bin. Von daher kommen die logs erst am Mittwoch:/ Ich wünsche dir trotzdem noch ein schönes Wochenende |
08.06.2014, 09:50 | #8 |
/// the machine /// TB-Ausbilder | giw.mapopen.net Werbung alles klar
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
12.06.2014, 20:30 | #9 |
giw.mapopen.net WerbungCode:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7587 # api_version=3.0.2 # EOSSerial=6f1f565b3ef9e54f90c22487661087d3 # engine=18687 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-06-12 06:44:07 # local_time=2014-06-12 08:44:07 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='Norton Internet Security' # compatibility_mode=3597 16777213 100 100 29238 165195232 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 2345962 27479940 0 0 # scanned=492353 # found=38 # cleaned=0 # scan_time=14440 sh=CA55CFC46DD8D4D96C6F20E45115EFE0FD750469 ft=1 fh=6c776b5d520f53ea vn="Variante von Win32/AdWare.AddLyrics.AJ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoSaver\VideoSaverGWdkcw.exe.vir" sh=2F2922F327F3F8047A2F47ECA1AB4EE3423607A2 ft=1 fh=934df92b3c7f3940 vn="Variante von Win32/Toolbar.SearchSuite.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lorenz\AppData\Local\torch\Helper.dll.vir" sh=49C34AC521C1045BC031A1603A9EF62446886C0D ft=1 fh=c37e252d2d83b0ba vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{63DDC2FF-EEFC-819D-75BE-C56CB1725B35}\components\DatamngrHlpFF10.dll" sh=4384AC2E4100CC70EE9BC9C6A503AEBFFA796107 ft=1 fh=cb98c0645e82e1bd vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{63DDC2FF-EEFC-819D-75BE-C56CB1725B35}\components\DatamngrHlpFF11.dll" sh=6503525402D5E0F6DD924A5A4C9090D5A0514B16 ft=1 fh=bd2b3b84ab65f051 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{63DDC2FF-EEFC-819D-75BE-C56CB1725B35}\components\DatamngrHlpFF12.dll" sh=94F9F77FC214B299F25D440B0ED5EC9D20D6D8FD ft=1 fh=477c242b89ddbeea vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{63DDC2FF-EEFC-819D-75BE-C56CB1725B35}\components\DatamngrHlpFF13.dll" sh=F7DF87316ABEFDAD7892FDB852568B59E4B1B625 ft=1 fh=f416c00c616d5989 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{63DDC2FF-EEFC-819D-75BE-C56CB1725B35}\components\DatamngrHlpFF14.dll" sh=387A6FA03583A2251A08C4F495A5FD6E7CB906E5 ft=1 fh=4871cefff8c66cee vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{63DDC2FF-EEFC-819D-75BE-C56CB1725B35}\components\DatamngrHlpFF15.dll" sh=6DE70C93563634348B6B992BD503A05DAE07DF0F ft=1 fh=dec60df68c7d9dd9 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{63DDC2FF-EEFC-819D-75BE-C56CB1725B35}\components\DatamngrHlpFF16.dll" sh=300EBA3F24359687A61D73BB2DB53C44E5A2A0A3 ft=1 fh=f2fba972a73e0009 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{63DDC2FF-EEFC-819D-75BE-C56CB1725B35}\components\DatamngrHlpFF17.dll" sh=CABAC0673CDD293F82CE830D2E39DDBF8F4B4CC8 ft=1 fh=6a587d992d73d1bd vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{63DDC2FF-EEFC-819D-75BE-C56CB1725B35}\components\DatamngrHlpFF18.dll" sh=BF3DF1B25DDBE1F131821C578CD076C2BE54C1E4 ft=1 fh=77dcdc6e6503beeb vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{63DDC2FF-EEFC-819D-75BE-C56CB1725B35}\components\DatamngrHlpFF19.dll" sh=12BA8C9B617D4A36DCEF64CDC109C61C63AC2D93 ft=1 fh=e9b03f0ad1918a75 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{63DDC2FF-EEFC-819D-75BE-C56CB1725B35}\components\DatamngrHlpFF2.dll" sh=812A2C4E3C3EDFC5AEB401C5B200FF6FA83D3B86 ft=1 fh=6bf004dbab67c20c vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{63DDC2FF-EEFC-819D-75BE-C56CB1725B35}\components\DatamngrHlpFF20.dll" sh=0AD9C31BDD1152288E3858AD889A82A1C2BCAC57 ft=1 fh=09e9126aed1653a9 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{63DDC2FF-EEFC-819D-75BE-C56CB1725B35}\components\DatamngrHlpFF21.dll" sh=06C0C0DCC0F266B173AE579A04E77C74F789CD36 ft=1 fh=26d43e200908a62f vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{63DDC2FF-EEFC-819D-75BE-C56CB1725B35}\components\DatamngrHlpFF22.dll" sh=07CE27FF00D1796E0BBA53382B2DAAE988DAE801 ft=1 fh=305c695f938121d9 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{63DDC2FF-EEFC-819D-75BE-C56CB1725B35}\components\DatamngrHlpFF23.dll" sh=62C35AB8B323FBD922532E3002146273C290FF15 ft=1 fh=72471cf0b8e9bef7 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{63DDC2FF-EEFC-819D-75BE-C56CB1725B35}\components\DatamngrHlpFF24.dll" sh=328A3F6A6B2AD7C6CD066F032AC49E23386F7CCA ft=1 fh=a63030a82f80ec61 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{63DDC2FF-EEFC-819D-75BE-C56CB1725B35}\components\DatamngrHlpFF25.dll" sh=C0E2E2344FEBE065E34785B0A676E3A05A724982 ft=1 fh=0cf9b3418ee37402 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{63DDC2FF-EEFC-819D-75BE-C56CB1725B35}\components\DatamngrHlpFF26.dll" sh=5B32EB6D6BD0CB7967E9A4391EAC6F05DBDF26E6 ft=1 fh=7509a865c9a7142a vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{63DDC2FF-EEFC-819D-75BE-C56CB1725B35}\components\DatamngrHlpFF27.dll" sh=1659A7208AE11E9EBC3633C7F92B1D2554E2253F ft=1 fh=8af1566607e27335 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{63DDC2FF-EEFC-819D-75BE-C56CB1725B35}\components\DatamngrHlpFF28.dll" sh=F8F3261E698A0A2E27F9815A291A360B5CF95F30 ft=1 fh=8b1b795f7f2b86dc vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{63DDC2FF-EEFC-819D-75BE-C56CB1725B35}\components\DatamngrHlpFF29.dll" sh=5CA040C3455378D189C77B578ED4097E6FC753D8 ft=1 fh=000edebf3107e86b vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{63DDC2FF-EEFC-819D-75BE-C56CB1725B35}\components\DatamngrHlpFF4.dll" sh=1BD8EC9B93429C3C38B550B7569259329CE09839 ft=1 fh=aa4060122135c70c vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{63DDC2FF-EEFC-819D-75BE-C56CB1725B35}\components\DatamngrHlpFF5.dll" sh=027B559311862C13774F7299697CCE33EB0E9961 ft=1 fh=9407c44d3c121930 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{63DDC2FF-EEFC-819D-75BE-C56CB1725B35}\components\DatamngrHlpFF6.dll" sh=3AE1ADF1DFB14FE4E6951E17194FAF7DE06B5542 ft=1 fh=f42a55a8ffb019c7 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{63DDC2FF-EEFC-819D-75BE-C56CB1725B35}\components\DatamngrHlpFF7.dll" sh=F8D0450C66A6FFE52318DA3D6ABDA4D17BFB9875 ft=1 fh=06ba9f38227929d1 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{63DDC2FF-EEFC-819D-75BE-C56CB1725B35}\components\DatamngrHlpFF8.dll" sh=E82465CAC8BC8F9C2FB54D0DF13C39DA686E2766 ft=1 fh=a9bf686c4c165dec vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{63DDC2FF-EEFC-819D-75BE-C56CB1725B35}\components\DatamngrHlpFF9.dll" sh=731975200E997E46FB9B43E04436810684EC2FF2 ft=1 fh=252618f8a97c7dc7 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Julian\Downloads\Malwarebytes Anti Malware - CHIP-Installer.exe" sh=B68BF0E698A41B385F988BF936586CBEFAADF1B2 ft=1 fh=8f23a3e3ad9fbfbf vn="Variante von Win32/Toolbar.SearchSuite.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lorenz\AppData\Local\Microsoft\Windows\INetCache\IE\TMFCWSKT\jZipSetup-r342-w-bi.exe" sh=2F2922F327F3F8047A2F47ECA1AB4EE3423607A2 ft=1 fh=934df92b3c7f3940 vn="Variante von Win32/Toolbar.SearchSuite.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lorenz\AppData\Local\Temp\nsmEF8B.tmp\Helper.dll" sh=1A1FBE219B280494DAD078D673575D27DC8D1610 ft=1 fh=f5c8e958d12001c5 vn="Variante von Win32/Toolbar.SearchSuite.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lorenz\AppData\Local\Temp\nstE038.tmp\Helper.dll" sh=DFB17FD98C37594BDD308479068492297EDB28F7 ft=1 fh=fa1ccee1e1a4e00a vn="Win32/Soffer.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lorenz\AppData\Local\Temp\nstE038.tmp\soffer.dll" sh=2BAD29AF5BF67D28FE227BB1A131CD4489BDC921 ft=1 fh=e6225e5a29697b8b vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lorenz\AppData\Local\Temp\nsz6D86.tmp\Helper.dll" sh=048B69C63657E54010E6AA3DD2292551449C9D09 ft=1 fh=e6cad54760fcbc1b vn="Win32/AdWare.Bandoo.AD Anwendung" ac=I fn="C:\Users\Lorenz\AppData\Local\VirtualStore\Program Files (x86)\Music Toolbar\Datamngr\setmgrc1.cfg" sh=6D8FEC44B841B77134FB207DA53F4C2430F20F95 ft=1 fh=ff93020162e1a767 vn="Win64/Adware.Bandoo.A Anwendung" ac=I fn="C:\Users\Lorenz\AppData\Local\VirtualStore\Program Files (x86)\Music Toolbar\Datamngr\x64\setmgrc1.cfg" sh=3837DCC6FC0D2C7D2CD6765EE18175468E314815 ft=1 fh=404bf2cda126427a vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\Instalationsprogramme\Youtube to MP3\FreeYouTubeToMP3Converter31126.exe" Code:
ATTFilter Results of screen317's Security Check version 0.99.83 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 55 Adobe Flash Player 11.9.900.170 Flash Player out of Date! Adobe Reader XI Mozilla Firefox (29.0.1) Google Chrome 35.0.1916.153 ````````Process Check: objlist.exe by Laurent```````` Symantec Norton Online Backup NOBuAgent.exe Symantec Norton Online Backup NOBuClient.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02 Ran by Julian (administrator) on MEYER-BÜRO on 12-06-2014 21:28:13 Running from C:\Users\Julian\Downloads Platform: Windows 8.1 (Update 1) (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe () C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Windows\SysWOW64\PnkBstrB.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Dropbox, Inc.) C:\Users\Julian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-15] (Realtek Semiconductor) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2013-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1641368 2013-02-01] (Autodesk, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [133248 2013-05-31] ( (Atheros Communications)) HKU\S-1-5-21-3822500206-1761141436-4080005568-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-3822500206-1761141436-4080005568-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd) HKU\S-1-5-21-3822500206-1761141436-4080005568-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent HKU\S-1-5-21-3822500206-1761141436-4080005568-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Julian\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKU\S-1-5-21-3822500206-1761141436-4080005568-1001\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe [839560 2013-12-25] (Adobe Systems Incorporated) HKU\S-1-5-21-3822500206-1761141436-4080005568-1001\...\MountPoints2: {b49cc01e-def8-11e2-be6a-806e6f6e6963} - "F:\PC/TINspireStudent_Setup.exe" HKU\S-1-5-21-3822500206-1761141436-4080005568-1001\...\MountPoints2: {ba2b81f8-73d2-11e3-be80-24fd52914648} - "H:\cdstart.exe" HKU\S-1-5-21-3822500206-1761141436-4080005568-1001\...\MountPoints2: {f9d10030-78ef-11e3-be86-24fd52914648} - "G:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-3822500206-1761141436-4080005568-1004\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-3822500206-1761141436-4080005568-1004\...\MountPoints2: {ba2b81f8-73d2-11e3-be80-24fd52914648} - "H:\cdstart.exe" HKU\S-1-5-21-3822500206-1761141436-4080005568-1005\...\MountPoints2: {b49cc01e-def8-11e2-be6a-806e6f6e6963} - "F:\PC/TINspireStudent_Setup.exe" HKU\S-1-5-21-3822500206-1761141436-4080005568-1005\...\MountPoints2: {ba2b81f8-73d2-11e3-be80-24fd52914648} - "H:\cdstart.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Remote.lnk ShortcutTarget: Acer Remote.lnk -> C:\Program Files (x86)\Acer Remote\ArcServer.exe (Acer) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6) Startup: C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Julian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com SearchScopes: HKLM - DefaultScope {68E5EF68-B9A0-4FB3-832B-02FE42F92452} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM - {68E5EF68-B9A0-4FB3-832B-02FE42F92452} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKLM-x32 - {68E5EF68-B9A0-4FB3-832B-02FE42F92452} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKCU - {68E5EF68-B9A0-4FB3-832B-02FE42F92452} URL = BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus) BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\iyowj2me.default FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Battlefield Play4Free - C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\iyowj2me.default\Extensions\battlefieldplay4free@ea.com [2014-05-26] FF Extension: Adblock Plus - C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\iyowj2me.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-23] FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-03-05] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-11-30] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [] Chrome: ======= CHR Extension: (Google Docs) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-12] CHR Extension: (Google Drive) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-12] CHR Extension: (YouTube) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-12] CHR Extension: (Google-Suche) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-12] CHR Extension: (Norton Identity Protection) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-06-12] CHR Extension: (Google Wallet) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-12] CHR Extension: (Google Mail) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-12] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\Exts\Chrome.crx [2014-05-21] ==================== Services (Whitelisted) ================= R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [310912 2013-05-31] (Windows (R) Win 7 DDK provider) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed] R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated) S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-03-12] (WildTangent) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation) R2 mi-raysat_3dsmax2014_64; C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [86016 2011-09-15] () [File not signed] R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376 2014-05-11] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation) R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.) R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2014-05-30] () R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [189248 2014-05-30] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider) R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-05-31] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1503000.00C\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-01-02] (Disc Soft Ltd) R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d63x64.sys [468240 2013-04-23] (Intel Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation) U3 EraserUtilDrv11313; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11313.sys [142128 2014-06-11] (Symantec Corporation) S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [41504 2014-01-23] (LogMeIn Inc.) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140611.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation) R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-12-25] (Microsoft Corporation) R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140612.006\ENG64.SYS [126040 2014-04-10] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140612.006\EX64.SYS [2099288 2014-04-10] (Symantec Corporation) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-12-25] (Microsoft Corporation) R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1503000.00C\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1503000.00C\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\NISx64\1503000.00C\SymELAM.sys [23568 2013-09-10] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-30] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1503000.00C\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1503000.00C\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) R3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) S3 USBTINSP; C:\Windows\System32\drivers\tinspusb.sys [142848 2010-03-29] (Texas Instruments) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation) R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-12 21:28 - 2014-06-12 21:28 - 00000000 ____D () C:\Users\Julian\Downloads\FRST-OlderVersion 2014-06-12 16:41 - 2014-06-12 16:41 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-06-12 16:40 - 2014-06-12 16:40 - 00854367 _____ () C:\Users\Julian\Downloads\SecurityCheck.exe 2014-06-12 16:21 - 2014-06-12 16:21 - 00002275 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-06-12 16:21 - 2014-06-12 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-06-12 16:20 - 2014-06-12 16:21 - 00000000 ____D () C:\Users\Julian\AppData\Local\Google 2014-06-12 16:01 - 2014-06-12 16:01 - 02347384 _____ (ESET) C:\Users\Julian\Downloads\esetsmartinstaller_deu.exe 2014-06-05 15:25 - 2014-06-05 15:25 - 00001491 _____ () C:\Users\Julian\Desktop\Adw-cleaner.txt 2014-06-05 15:21 - 2014-06-05 15:21 - 00000704 _____ () C:\Users\Julian\Desktop\JRT.txt 2014-06-05 15:09 - 2014-06-05 15:09 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-06-05 15:03 - 2014-06-05 15:03 - 01016261 _____ (Thisisu) C:\Users\Julian\Downloads\JRT.exe 2014-06-05 14:57 - 2014-06-05 14:59 - 00000000 ____D () C:\AdwCleaner 2014-06-05 14:56 - 2014-06-05 14:56 - 01327971 _____ () C:\Users\Julian\Downloads\adwcleaner_3.211.exe 2014-06-05 14:43 - 2014-06-05 15:24 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-06-05 14:43 - 2014-06-05 14:43 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-05 14:43 - 2014-06-05 14:43 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-05 14:43 - 2014-06-05 14:43 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-05 14:43 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-06-05 14:43 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-06-05 14:43 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-06-05 14:42 - 2014-06-05 14:43 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Julian\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-04 15:28 - 2014-06-12 21:28 - 00025431 _____ () C:\Users\Julian\Downloads\FRST.txt 2014-06-04 15:28 - 2014-06-12 21:28 - 00000000 ____D () C:\FRST 2014-06-04 15:28 - 2014-06-04 15:30 - 00042930 _____ () C:\Users\Julian\Downloads\Addition.txt 2014-06-04 15:27 - 2014-06-12 21:28 - 02081792 _____ (Farbar) C:\Users\Julian\Downloads\FRST64.exe 2014-06-04 07:19 - 2014-06-04 07:20 - 00961360 _____ (Chip Digital GmbH) C:\Users\Julian\Downloads\Malwarebytes Anti Malware - CHIP-Installer.exe 2014-06-02 16:40 - 2014-06-02 16:55 - 00022528 _____ () C:\Users\Julian\Downloads\Termine SkL Übersicht.xls 2014-06-01 20:24 - 2014-06-01 20:24 - 00000000 ____D () C:\Users\Julian\Downloads\Veenhuis_Shuttle 2014-06-01 20:20 - 2014-06-01 20:20 - 00000000 ____D () C:\Users\Julian\AppData\Local\ESN 2014-06-01 20:20 - 2014-06-01 20:20 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins 2014-06-01 20:19 - 2014-06-01 20:19 - 02247960 _____ () C:\Users\Julian\Downloads\battlelog-web-plugins_2.4.0_141(1).exe 2014-06-01 20:16 - 2014-06-01 20:16 - 02247960 _____ () C:\Users\Julian\Downloads\battlelog-web-plugins_2.4.0_141.exe 2014-06-01 19:11 - 2014-06-01 19:22 - 00000000 ____D () C:\Users\Jochen\Filme 2014-06-01 06:56 - 2014-06-01 06:56 - 00318888 _____ () C:\WINDOWS\Minidump\060114-23796-01.dmp 2014-05-31 11:59 - 2014-05-31 12:12 - 55681785 _____ () C:\Users\Julian\Downloads\UNZIP_ME_Fendt936_Fendt927.zip 2014-05-30 19:49 - 2014-05-30 19:49 - 00000202 _____ () C:\Users\Rainer\Desktop\Brother MFC-J4410DW Printer - Verknüpfung.lnk 2014-05-30 19:44 - 2014-05-30 19:44 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\PC-FAX TX 2014-05-30 19:42 - 2014-05-30 19:42 - 00000000 ___RD () C:\Users\Rainer\AppData\Roaming\Brother 2014-05-30 11:51 - 2014-05-30 11:51 - 00189248 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe 2014-05-30 11:51 - 2014-05-30 11:51 - 00189248 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0 2014-05-30 11:50 - 2014-05-30 11:50 - 00075136 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe 2014-05-29 20:11 - 2014-05-29 20:11 - 17266608 _____ (GIANTS Software GmbH) C:\Users\Julian\Downloads\MBTrac1800Intercooler.exe 2014-05-29 20:05 - 2014-05-29 20:05 - 00001412 _____ () C:\Users\Julian\AppData\Local\recently-used.xbel 2014-05-29 15:04 - 2014-05-29 15:11 - 00000000 ____D () C:\Users\Lorenz\AppData\Roaming\Origin 2014-05-29 15:04 - 2014-05-29 15:11 - 00000000 ____D () C:\Users\Lorenz\AppData\Local\Origin 2014-05-29 13:35 - 2014-05-29 13:35 - 00000000 ____D () C:\Users\Julian\Desktop\VeenhuisW400 2014-05-29 13:08 - 2014-05-29 13:08 - 02747025 _____ () C:\Users\Julian\Downloads\Veenhuis_Shuttle.zip 2014-05-27 15:56 - 2014-05-27 15:57 - 31112395 _____ () C:\Users\Julian\Downloads\UNPACK_ME.rar 2014-05-26 17:24 - 2014-05-26 17:24 - 00000000 ____D () C:\ProgramData\PopCap Games 2014-05-26 17:24 - 2014-05-26 17:24 - 00000000 ____D () C:\ProgramData\EA Core 2014-05-26 17:18 - 2014-05-30 08:43 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2014-05-26 17:17 - 2014-05-30 08:42 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\Origin 2014-05-26 17:17 - 2014-05-26 17:24 - 00000000 ____D () C:\Users\Julian\AppData\Local\Origin 2014-05-26 17:16 - 2014-06-02 14:37 - 00000000 ____D () C:\ProgramData\Origin 2014-05-26 17:16 - 2014-06-01 19:12 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-05-26 17:16 - 2014-05-26 17:24 - 00000000 ____D () C:\ProgramData\Electronic Arts 2014-05-26 17:16 - 2014-05-26 17:16 - 00000999 _____ () C:\Users\Public\Desktop\Origin.lnk 2014-05-26 17:15 - 2014-05-26 17:15 - 17009768 _____ (Electronic Arts, Inc.) C:\Users\Julian\Downloads\OriginThinSetup.exe 2014-05-26 13:35 - 2014-05-26 13:35 - 00084000 _____ () C:\Users\Rainer\AppData\Local\GDIPFONTCACHEV1.DAT 2014-05-24 20:37 - 2014-05-24 20:37 - 00000000 ____D () C:\Users\Julian\Desktop\Server 2014-05-24 15:16 - 2014-05-24 15:16 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security 2014-05-23 14:51 - 2014-05-23 14:52 - 00754801 _____ () C:\Users\Lorenz\Downloads\DIGDOGS.ZIP 2014-05-19 14:58 - 2014-05-19 15:03 - 00000000 ____D () C:\Users\Lorenz\AppData\Roaming\Craften Terminal 2014-05-19 14:51 - 2014-05-19 14:51 - 00000000 ____D () C:\Users\Lorenz\AppData\Roaming\Mozilla 2014-05-19 14:51 - 2014-05-19 14:51 - 00000000 ____D () C:\extensions 2014-05-16 17:25 - 2014-05-16 17:25 - 00000000 __SHD () C:\Users\Jochen\AppData\Local\EmieUserList 2014-05-16 17:25 - 2014-05-16 17:25 - 00000000 __SHD () C:\Users\Jochen\AppData\Local\EmieSiteList 2014-05-14 17:39 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-05-14 17:39 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-05-14 17:39 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-05-14 17:39 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-05-14 17:39 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2014-05-14 17:39 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2014-05-14 17:39 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2014-05-14 17:39 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2014-05-14 17:39 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2014-05-14 17:39 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2014-05-14 17:39 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2014-05-14 17:39 - 2014-04-11 05:36 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2014-05-14 17:39 - 2014-04-11 05:24 - 13288960 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2014-05-14 17:39 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2014-05-14 17:39 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-05-14 17:39 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2014-05-14 17:39 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-05-14 17:39 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2014-05-14 17:39 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2014-05-14 17:39 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2014-05-14 17:39 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2014-05-14 17:39 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2014-05-14 17:39 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2014-05-14 17:39 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2014-05-14 17:39 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2014-05-14 17:39 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2014-05-14 17:39 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2014-05-14 17:39 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2014-05-14 17:39 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2014-05-14 17:39 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2014-05-14 17:39 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2014-05-14 17:39 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2014-05-14 17:39 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2014-05-14 17:39 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2014-05-14 17:39 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe 2014-05-14 17:39 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe 2014-05-14 17:38 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll 2014-05-14 17:38 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll 2014-05-14 17:38 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll 2014-05-14 17:38 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll 2014-05-14 17:38 - 2014-03-27 11:12 - 21225584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2014-05-14 17:38 - 2014-03-27 09:48 - 18679728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2014-05-14 16:08 - 2014-05-14 16:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-14 15:47 - 2014-05-14 15:47 - 00774825 _____ () C:\Users\Julian\Downloads\steamcmd.zip ==================== One Month Modified Files and Folders ======= 2014-06-12 21:28 - 2014-06-12 21:28 - 00000000 ____D () C:\Users\Julian\Downloads\FRST-OlderVersion 2014-06-12 21:28 - 2014-06-04 15:28 - 00025431 _____ () C:\Users\Julian\Downloads\FRST.txt 2014-06-12 21:28 - 2014-06-04 15:28 - 00000000 ____D () C:\FRST 2014-06-12 21:28 - 2014-06-04 15:27 - 02081792 _____ (Farbar) C:\Users\Julian\Downloads\FRST64.exe 2014-06-12 21:28 - 2013-12-25 11:43 - 00000000 ____D () C:\Users\Julian\AppData\Local\Temp 2014-06-12 21:25 - 2013-12-25 11:16 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\Skype 2014-06-12 20:53 - 2014-05-03 16:42 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-12 20:52 - 2014-01-03 10:50 - 00000000 ____D () C:\Program Files (x86)\Browny02 2014-06-12 20:47 - 2013-12-25 11:39 - 01529354 _____ () C:\WINDOWS\WindowsUpdate.log 2014-06-12 20:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-06-12 19:33 - 2013-11-30 17:20 - 00000000 ____D () C:\Users\Julian\Documents\Bluetooth Folder 2014-06-12 18:53 - 2013-11-30 17:28 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3822500206-1761141436-4080005568-1001 2014-06-12 17:46 - 2013-12-26 13:51 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-06-12 17:46 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-06-12 17:46 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-06-12 16:41 - 2014-06-12 16:41 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-06-12 16:40 - 2014-06-12 16:40 - 00854367 _____ () C:\Users\Julian\Downloads\SecurityCheck.exe 2014-06-12 16:40 - 2013-11-14 09:27 - 00005430 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-06-12 16:40 - 2013-11-14 09:11 - 02230858 _____ () C:\WINDOWS\system32\perfh007.dat 2014-06-12 16:40 - 2013-11-14 09:11 - 00613254 _____ () C:\WINDOWS\system32\perfc007.dat 2014-06-12 16:39 - 2013-08-22 16:46 - 00347902 _____ () C:\WINDOWS\setupact.log 2014-06-12 16:21 - 2014-06-12 16:21 - 00002275 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-06-12 16:21 - 2014-06-12 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-06-12 16:21 - 2014-06-12 16:20 - 00000000 ____D () C:\Users\Julian\AppData\Local\Google 2014-06-12 16:20 - 2014-05-03 16:42 - 00000000 ____D () C:\Program Files (x86)\Google 2014-06-12 16:01 - 2014-06-12 16:01 - 02347384 _____ (ESET) C:\Users\Julian\Downloads\esetsmartinstaller_deu.exe 2014-06-12 15:57 - 2014-05-03 16:42 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-12 15:57 - 2014-04-07 11:10 - 00000000 ___RD () C:\Users\Julian\Dropbox 2014-06-12 15:57 - 2014-04-07 11:08 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\DropboxMaster 2014-06-12 15:57 - 2014-04-07 11:07 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\Dropbox 2014-06-12 15:17 - 2014-01-06 17:33 - 00000000 ____D () C:\Users\Jochen\AppData\Local\Temp 2014-06-12 13:56 - 2014-01-06 17:43 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3822500206-1761141436-4080005568-1009 2014-06-12 12:37 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-06-12 10:42 - 2014-01-06 17:35 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{602F6161-675C-4907-9D63-CEC259D56727} 2014-06-11 17:06 - 2013-12-26 14:34 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3822500206-1761141436-4080005568-1005 2014-06-11 17:03 - 2013-12-25 13:55 - 00000000 ____D () C:\Users\Lorenz\AppData\Local\Temp 2014-06-11 16:53 - 2013-12-26 14:30 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{290EB6E1-06B2-459A-89F9-BD742F51684E} 2014-06-10 21:15 - 2013-12-25 18:05 - 00000000 ____D () C:\Users\Julian\AppData\Local\Adobe 2014-06-10 21:15 - 2013-12-25 12:14 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2CDB1D17-374E-47F5-A88E-A278A97AC4A6} 2014-06-05 15:25 - 2014-06-05 15:25 - 00001491 _____ () C:\Users\Julian\Desktop\Adw-cleaner.txt 2014-06-05 15:24 - 2014-06-05 14:43 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-06-05 15:23 - 2013-12-24 22:41 - 00000000 ____D () C:\Program Files (x86)\PSPad editor 2014-06-05 15:21 - 2014-06-05 15:21 - 00000704 _____ () C:\Users\Julian\Desktop\JRT.txt 2014-06-05 15:17 - 2013-12-25 11:40 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-06-05 15:17 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-06-05 15:09 - 2014-06-05 15:09 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-06-05 15:03 - 2014-06-05 15:03 - 01016261 _____ (Thisisu) C:\Users\Julian\Downloads\JRT.exe 2014-06-05 14:59 - 2014-06-05 14:57 - 00000000 ____D () C:\AdwCleaner 2014-06-05 14:59 - 2013-11-14 00:18 - 00013710 _____ () C:\WINDOWS\PFRO.log 2014-06-05 14:56 - 2014-06-05 14:56 - 01327971 _____ () C:\Users\Julian\Downloads\adwcleaner_3.211.exe 2014-06-05 14:52 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Cursors 2014-06-05 14:43 - 2014-06-05 14:43 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-05 14:43 - 2014-06-05 14:43 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-05 14:43 - 2014-06-05 14:43 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-05 14:43 - 2014-06-05 14:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Julian\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-04 16:42 - 2014-05-08 14:18 - 00000000 ____D () C:\Users\Julian\Documents\TI-Nspire 2014-06-04 15:30 - 2014-06-04 15:28 - 00042930 _____ () C:\Users\Julian\Downloads\Addition.txt 2014-06-04 14:05 - 2014-02-02 19:33 - 00000000 ____D () C:\Users\Julian\AppData\Local\NPE 2014-06-04 14:05 - 2013-06-27 09:46 - 00000000 ____D () C:\ProgramData\Norton 2014-06-04 07:20 - 2014-06-04 07:19 - 00961360 _____ (Chip Digital GmbH) C:\Users\Julian\Downloads\Malwarebytes Anti Malware - CHIP-Installer.exe 2014-06-03 21:00 - 2014-04-07 11:22 - 00007591 _____ () C:\Users\Julian\AppData\Local\Resmon.ResmonCfg 2014-06-02 16:56 - 2013-12-26 14:28 - 00000000 ____D () C:\Users\Julian\AppData\Local\Deployment 2014-06-02 16:55 - 2014-06-02 16:40 - 00022528 _____ () C:\Users\Julian\Downloads\Termine SkL Übersicht.xls 2014-06-02 15:42 - 2014-01-14 15:06 - 00000000 ____D () C:\Users\Lorenz\AppData\Roaming\Skype 2014-06-02 14:40 - 2013-12-26 14:30 - 00000000 ____D () C:\Users\Lorenz\AppData\Roaming\.minecraft 2014-06-02 14:37 - 2014-05-26 17:16 - 00000000 ____D () C:\ProgramData\Origin 2014-06-02 14:37 - 2014-01-06 17:59 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\TS3Client 2014-06-02 14:37 - 2014-01-03 12:40 - 00000000 ____D () C:\Users\Julian\AppData\Local\CrashDumps 2014-06-02 13:49 - 2014-01-30 17:16 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-06-01 20:24 - 2014-06-01 20:24 - 00000000 ____D () C:\Users\Julian\Downloads\Veenhuis_Shuttle 2014-06-01 20:20 - 2014-06-01 20:20 - 00000000 ____D () C:\Users\Julian\AppData\Local\ESN 2014-06-01 20:20 - 2014-06-01 20:20 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins 2014-06-01 20:19 - 2014-06-01 20:19 - 02247960 _____ () C:\Users\Julian\Downloads\battlelog-web-plugins_2.4.0_141(1).exe 2014-06-01 20:16 - 2014-06-01 20:16 - 02247960 _____ () C:\Users\Julian\Downloads\battlelog-web-plugins_2.4.0_141.exe 2014-06-01 19:22 - 2014-06-01 19:11 - 00000000 ____D () C:\Users\Jochen\Filme 2014-06-01 19:12 - 2014-05-26 17:16 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-06-01 19:11 - 2014-01-06 17:33 - 00000000 ____D () C:\Users\Jochen 2014-06-01 07:25 - 2013-12-25 11:43 - 00000000 ____D () C:\Users\Rainer 2014-06-01 06:56 - 2014-06-01 06:56 - 00318888 _____ () C:\WINDOWS\Minidump\060114-23796-01.dmp 2014-06-01 06:56 - 2013-12-28 09:55 - 618187811 _____ () C:\WINDOWS\MEMORY.DMP 2014-06-01 06:56 - 2013-12-28 09:55 - 00000000 ____D () C:\WINDOWS\Minidump 2014-05-31 15:59 - 2013-12-27 19:01 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3822500206-1761141436-4080005568-1004 2014-05-31 15:59 - 2013-12-25 11:43 - 00000000 ____D () C:\Users\Rainer\AppData\Local\Temp 2014-05-31 15:59 - 2013-12-24 22:48 - 00000000 ____D () C:\Users\Rainer\Documents\Bluetooth Folder 2014-05-31 12:12 - 2014-05-31 11:59 - 55681785 _____ () C:\Users\Julian\Downloads\UNZIP_ME_Fendt936_Fendt927.zip 2014-05-31 07:13 - 2013-08-22 17:38 - 00703992 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-05-31 07:13 - 2013-08-22 17:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-30 19:49 - 2014-05-30 19:49 - 00000202 _____ () C:\Users\Rainer\Desktop\Brother MFC-J4410DW Printer - Verknüpfung.lnk 2014-05-30 19:44 - 2014-05-30 19:44 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\PC-FAX TX 2014-05-30 19:44 - 2014-01-03 10:51 - 00000232 _____ () C:\WINDOWS\Brpfx04a.ini 2014-05-30 19:42 - 2014-05-30 19:42 - 00000000 ___RD () C:\Users\Rainer\AppData\Roaming\Brother 2014-05-30 19:40 - 2013-12-27 19:05 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1F4AF68D-9D58-4E51-93BA-9D577EF1ECC6} 2014-05-30 14:19 - 2013-12-26 12:37 - 00084604 _____ () C:\WINDOWS\DirectX.log 2014-05-30 11:51 - 2014-05-30 11:51 - 00189248 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe 2014-05-30 11:51 - 2014-05-30 11:51 - 00189248 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0 2014-05-30 11:50 - 2014-05-30 11:50 - 00075136 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe 2014-05-30 08:43 - 2014-05-26 17:18 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2014-05-30 08:42 - 2014-05-26 17:17 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\Origin 2014-05-29 21:12 - 2014-05-08 14:16 - 00000000 ____D () C:\Users\Julian\Documents\Camtasia Studio 2014-05-29 20:11 - 2014-05-29 20:11 - 17266608 _____ (GIANTS Software GmbH) C:\Users\Julian\Downloads\MBTrac1800Intercooler.exe 2014-05-29 20:05 - 2014-05-29 20:05 - 00001412 _____ () C:\Users\Julian\AppData\Local\recently-used.xbel 2014-05-29 20:05 - 2013-12-31 12:30 - 00000000 ____D () C:\Users\Julian\AppData\Local\gtk-2.0 2014-05-29 20:05 - 2013-12-31 12:25 - 00000000 ____D () C:\Users\Julian\.gimp-2.8 2014-05-29 20:02 - 2014-01-06 17:34 - 00000000 ____D () C:\Users\Jochen\Documents\Bluetooth Folder 2014-05-29 15:11 - 2014-05-29 15:04 - 00000000 ____D () C:\Users\Lorenz\AppData\Roaming\Origin 2014-05-29 15:11 - 2014-05-29 15:04 - 00000000 ____D () C:\Users\Lorenz\AppData\Local\Origin 2014-05-29 13:35 - 2014-05-29 13:35 - 00000000 ____D () C:\Users\Julian\Desktop\VeenhuisW400 2014-05-29 13:35 - 2013-11-30 17:54 - 00208384 ___SH () C:\Users\Julian\Desktop\Thumbs.db 2014-05-29 13:08 - 2014-05-29 13:08 - 02747025 _____ () C:\Users\Julian\Downloads\Veenhuis_Shuttle.zip 2014-05-28 14:28 - 2013-12-25 10:31 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\.minecraft 2014-05-28 13:44 - 2014-04-07 11:10 - 00001076 _____ () C:\Users\Julian\Desktop\Dropbox.lnk 2014-05-28 13:44 - 2014-04-07 11:08 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-05-28 13:44 - 2013-11-30 17:20 - 00000000 ___RD () C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-28 06:10 - 2013-12-25 11:43 - 00000000 ____D () C:\Users\Julian 2014-05-28 05:42 - 2012-07-26 10:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP 2014-05-27 15:57 - 2014-05-27 15:56 - 31112395 _____ () C:\Users\Julian\Downloads\UNPACK_ME.rar 2014-05-26 17:24 - 2014-05-26 17:24 - 00000000 ____D () C:\ProgramData\PopCap Games 2014-05-26 17:24 - 2014-05-26 17:24 - 00000000 ____D () C:\ProgramData\EA Core 2014-05-26 17:24 - 2014-05-26 17:17 - 00000000 ____D () C:\Users\Julian\AppData\Local\Origin 2014-05-26 17:24 - 2014-05-26 17:16 - 00000000 ____D () C:\ProgramData\Electronic Arts 2014-05-26 17:16 - 2014-05-26 17:16 - 00000999 _____ () C:\Users\Public\Desktop\Origin.lnk 2014-05-26 17:15 - 2014-05-26 17:15 - 17009768 _____ (Electronic Arts, Inc.) C:\Users\Julian\Downloads\OriginThinSetup.exe 2014-05-26 14:25 - 2013-12-25 13:56 - 00000000 ____D () C:\Users\Lorenz\Documents\Bluetooth Folder 2014-05-26 13:35 - 2014-05-26 13:35 - 00084000 _____ () C:\Users\Rainer\AppData\Local\GDIPFONTCACHEV1.DAT 2014-05-26 13:35 - 2014-01-03 11:47 - 00000000 ___RD () C:\Users\Rainer\Documents\Rainer Meyer privat 2014-05-26 13:35 - 2013-12-28 15:51 - 00000000 ____D () C:\Users\Rainer\AppData\Local\Deployment 2014-05-26 13:33 - 2013-12-24 22:48 - 00000000 ___RD () C:\Users\Rainer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-26 13:33 - 2013-12-24 22:48 - 00000000 ___RD () C:\Users\Rainer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-25 12:35 - 2013-12-25 11:16 - 00000000 ____D () C:\ProgramData\Skype 2014-05-25 12:34 - 2014-03-16 14:00 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-05-24 20:37 - 2014-05-24 20:37 - 00000000 ____D () C:\Users\Julian\Desktop\Server 2014-05-24 15:16 - 2014-05-24 15:16 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security 2014-05-24 15:16 - 2013-11-30 18:00 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2014-05-24 15:16 - 2013-11-30 17:59 - 00002525 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk 2014-05-24 15:16 - 2013-11-30 17:41 - 00003234 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration 2014-05-24 15:16 - 2013-11-30 17:41 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NISx64 2014-05-23 20:20 - 2014-05-08 16:38 - 00005632 _____ () C:\Users\Julian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-05-23 19:38 - 2013-11-30 17:19 - 00000000 ____D () C:\Users\Julian\AppData\Local\VirtualStore 2014-05-23 19:34 - 2013-12-25 13:55 - 00000000 ____D () C:\Users\Lorenz 2014-05-23 14:52 - 2014-05-23 14:51 - 00754801 _____ () C:\Users\Lorenz\Downloads\DIGDOGS.ZIP 2014-05-19 15:52 - 2014-01-18 18:18 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-19 15:03 - 2014-05-19 14:58 - 00000000 ____D () C:\Users\Lorenz\AppData\Roaming\Craften Terminal 2014-05-19 14:56 - 2014-05-07 15:57 - 00030720 ___SH () C:\Users\Lorenz\Desktop\Thumbs.db 2014-05-19 14:51 - 2014-05-19 14:51 - 00000000 ____D () C:\Users\Lorenz\AppData\Roaming\Mozilla 2014-05-19 14:51 - 2014-05-19 14:51 - 00000000 ____D () C:\extensions 2014-05-19 14:51 - 2013-12-25 13:55 - 00000000 ____D () C:\Users\Lorenz\AppData\Local\VirtualStore 2014-05-18 15:28 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-05-18 14:28 - 2013-12-25 11:01 - 00090962 _____ () C:\WINDOWS\system32\lvcoinst.log 2014-05-16 21:07 - 2013-12-25 13:55 - 00000000 ___RD () C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-16 21:07 - 2013-12-25 13:55 - 00000000 ___RD () C:\Users\Lorenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-16 18:48 - 2013-12-25 12:03 - 00000000 ___RD () C:\Users\Julian\SkyDrive 2014-05-16 18:48 - 2013-11-30 17:20 - 00000000 ___RD () C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-16 17:25 - 2014-05-16 17:25 - 00000000 __SHD () C:\Users\Jochen\AppData\Local\EmieUserList 2014-05-16 17:25 - 2014-05-16 17:25 - 00000000 __SHD () C:\Users\Jochen\AppData\Local\EmieSiteList 2014-05-16 17:25 - 2014-01-06 17:33 - 00000000 ___RD () C:\Users\Jochen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-16 17:25 - 2014-01-06 17:33 - 00000000 ___RD () C:\Users\Jochen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-16 17:24 - 2013-12-24 23:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-16 17:05 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2014-05-16 17:04 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-05-16 17:04 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-05-16 17:04 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-05-16 17:04 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore 2014-05-16 17:04 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates 2014-05-16 17:04 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-05-16 17:04 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-05-14 21:10 - 2013-12-24 21:29 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-05-14 21:09 - 2013-12-24 21:29 - 93223848 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-05-14 16:08 - 2014-05-14 16:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-14 15:47 - 2014-05-14 15:47 - 00774825 _____ () C:\Users\Julian\Downloads\steamcmd.zip Some content of TEMP: ==================== C:\Users\Julian\AppData\Local\Temp\Creative Cloud Helper.exe C:\Users\Julian\AppData\Local\Temp\DLMGuardian.exe C:\Users\Julian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9fbrlv.dll C:\Users\Julian\AppData\Local\Temp\FNP_ACT_InstallerCA.dll C:\Users\Julian\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Julian\AppData\Local\Temp\ose00000.exe C:\Users\Julian\AppData\Local\Temp\Quarantine.exe C:\Users\Julian\AppData\Local\Temp\TINspireCASStudentSoftware-3.6.0.550.exe C:\Users\Rainer\AppData\Local\Temp\_is346B.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-05 15:40 ==================== End Of Log ============================ --- --- --- So dies sollte alles sein(wenn auch später als erwartet:/) Huch mir fällt grad auf Flash Player nicht aktuell... Bei nächster Gelegenheit wirds nachgeholt... |
13.06.2014, 15:11 | #10 |
/// the machine /// TB-Ausbilder | giw.mapopen.net Werbung Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\extensions GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ProxyEnable: Internet Explorer proxy is enabled. Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
13.06.2014, 16:16 | #11 |
giw.mapopen.net WerbungCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-06-2014 02 Ran by Julian at 2014-06-13 17:12:28 Run:1 Running from C:\Users\Julian\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** ***************** ==== End of Fixlog ==== Fällt grad auf muss keine Logs mehr Posten Naja... wann kann man wieder mit freiwerdenden Bewerber-Stellen rechnen? Sollte sich jetzt erledigt haben Vielen dank nochmal für deine Hilfe Geändert von green_lion (13.06.2014 um 16:33 Uhr) |
14.06.2014, 15:12 | #12 |
/// the machine /// TB-Ausbilder | giw.mapopen.net Werbung Kann man so nicht sagen, immer mal wieder in den entsprechenden Thread schauen . Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
22.06.2014, 18:40 | #13 |
giw.mapopen.net Werbung So ich will auch noch einmal unseren Laptop scannen lassen Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-06-2014 01 Ran by Benutzer at 2014-06-22 19:32:41 Running from C:\Users\Benutzer\Desktop\Trojaner Board Anwendungen Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.12.36 - Adobe Systems Incorporated) Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.233 - Adobe Systems Incorporated) Adobe Reader 8.1.4 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A81300000003}) (Version: 8.1.4 - Adobe Systems Incorporated) Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems) Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC) Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.4.0 - Ask.com) <==== ATTENTION Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.2.23821 - Ask.com) <==== ATTENTION ASUS CopyProtect (HKLM\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0007 - ASUS) ASUS Data Security Manager (HKLM\...\{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}) (Version: 1.00.0006 - ASUS) ASUS LifeFrame3 (HKLM\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.10 - ASUS) ASUS Live Update (HKLM\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.6 - ASUS) ASUS Power4Gear eXtreme (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.0.18 - ASUS) ASUS SmartLogon (HKLM\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0005 - ASUS) ASUS Touch Pad Extra (HKLM\...\{DB891739-2EB3-45A8-9CBD-941C255CECD4}) (Version: - ) Asus_Camera_ScreenSaver (HKLM\...\Asus_Camera_ScreenSaver) (Version: 2.0.0008 - ASUS) Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros) ATI Catalyst Install Manager (HKLM\...\{5EB5EEA7-6432-5827-0080-899DA70A97BA}) (Version: 3.0.664.0 - ATI Technologies, Inc.) ATK Generic Function Service (HKLM\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK) ATK Hotkey (HKLM\...\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}) (Version: 1.00.0012 - ATK) ATK Media (HKLM\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0000 - ASUS) ATKOSD2 (HKLM\...\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}) (Version: 6.64.1.4 - ATK) Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) BUFFALO TurboUSB for FLASH/HDD (HKLM\...\UN070618) (Version: - ) Bus-Simulator 2009 (HKLM\...\Bus-Simulator 2009_is1) (Version: - astragon Software GmbH) Canon G.726 WMP-Decoder (HKLM\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - Canon Inc.) CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.5.0.3 - Canon Inc.) Canon Internet Library for ZoomBrowser EX (HKLM\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.1.6 - Canon Inc.) Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 2.6.0.4 - Canon Inc.) Canon RAW Image Task for ZoomBrowser EX (HKLM\...\RAW Image Task) (Version: 0.9.3.9 - Canon Inc.) Canon Utilities CameraWindow (HKLM\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.) Canon Utilities CameraWindow DC (HKLM\...\CameraWindowDC) (Version: 7.1.0.7 - Canon Inc.) Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.) Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 6.4.0.5 - Canon Inc.) Canon Utilities MyCamera DC (HKLM\...\MyCameraDC) (Version: 7.0.1.8 - Canon Inc.) Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.21.45 - Canon Inc.) Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.) Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.1.0.20 - Canon Inc.) Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.1.0.8 - Canon Inc.) Catalyst Control Center Core Implementation (Version: 2008.0309.2141.36947 - ATI) Hidden Catalyst Control Center Graphics Full Existing (Version: 2008.0309.2141.36947 - ATI) Hidden Catalyst Control Center Graphics Full New (Version: 2008.0309.2141.36947 - ATI) Hidden Catalyst Control Center Graphics Light (Version: 2008.0309.2141.36947 - ATI) Hidden Catalyst Control Center Graphics Previews Common (Version: 2008.0309.2141.36947 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (Version: 2008.0309.2141.36947 - ATI) Hidden Catalyst Control Center Localization Chinese Standard (Version: 2008.0309.2141.36947 - ATI) Hidden Catalyst Control Center Localization Chinese Traditional (Version: 2008.0309.2141.36947 - ATI) Hidden Catalyst Control Center Localization Czech (Version: 2008.0309.2141.36947 - ATI) Hidden Catalyst Control Center Localization Danish (Version: 2008.0309.2141.36947 - ATI) Hidden Catalyst Control Center Localization Dutch (Version: 2008.0309.2141.36947 - ATI) Hidden Catalyst Control Center Localization Finnish (Version: 2008.0309.2141.36947 - ATI) Hidden Catalyst Control Center Localization French (Version: 2008.0309.2141.36947 - ATI) Hidden Catalyst Control Center Localization German (Version: 2008.0309.2141.36947 - ATI) Hidden Catalyst Control Center Localization Greek (Version: 2008.0309.2141.36947 - ATI) Hidden Catalyst Control Center Localization Hungarian (Version: 2008.0309.2141.36947 - ATI) Hidden Catalyst Control Center Localization Italian (Version: 2008.0309.2141.36947 - ATI) Hidden Catalyst Control Center Localization Japanese (Version: 2008.0309.2141.36947 - ATI) Hidden Catalyst Control Center Localization Korean (Version: 2008.0309.2141.36947 - ATI) Hidden Catalyst Control Center Localization Norwegian (Version: 2008.0309.2141.36947 - ATI) Hidden Catalyst Control Center Localization Polish (Version: 2008.0309.2141.36947 - ATI) Hidden Catalyst Control Center Localization Portuguese (Version: 2008.0309.2141.36947 - ATI) Hidden Catalyst Control Center Localization Russian (Version: 2008.0309.2141.36947 - ATI) Hidden Catalyst Control Center Localization Spanish (Version: 2008.0309.2141.36947 - ATI) Hidden Catalyst Control Center Localization Swedish (Version: 2008.0309.2141.36947 - ATI) Hidden Catalyst Control Center Localization Thai (Version: 2008.0309.2141.36947 - ATI) Hidden Catalyst Control Center Localization Turkish (Version: 2008.0309.2141.36947 - ATI) Hidden CCC Help Chinese Standard (Version: 2008.0309.2140.36947 - ATI) Hidden CCC Help Chinese Traditional (Version: 2008.0309.2140.36947 - ATI) Hidden CCC Help Czech (Version: 2008.0309.2140.36947 - ATI) Hidden CCC Help Danish (Version: 2008.0309.2140.36947 - ATI) Hidden CCC Help Dutch (Version: 2008.0309.2140.36947 - ATI) Hidden CCC Help English (Version: 2008.0309.2140.36947 - ATI) Hidden CCC Help Finnish (Version: 2008.0309.2140.36947 - ATI) Hidden CCC Help French (Version: 2008.0309.2140.36947 - ATI) Hidden CCC Help German (Version: 2008.0309.2140.36947 - ATI) Hidden CCC Help Greek (Version: 2008.0309.2140.36947 - ATI) Hidden CCC Help Hungarian (Version: 2008.0309.2140.36947 - ATI) Hidden CCC Help Italian (Version: 2008.0309.2140.36947 - ATI) Hidden CCC Help Japanese (Version: 2008.0309.2140.36947 - ATI) Hidden CCC Help Korean (Version: 2008.0309.2140.36947 - ATI) Hidden CCC Help Norwegian (Version: 2008.0309.2140.36947 - ATI) Hidden CCC Help Polish (Version: 2008.0309.2140.36947 - ATI) Hidden CCC Help Portuguese (Version: 2008.0309.2140.36947 - ATI) Hidden CCC Help Russian (Version: 2008.0309.2140.36947 - ATI) Hidden CCC Help Spanish (Version: 2008.0309.2140.36947 - ATI) Hidden CCC Help Swedish (Version: 2008.0309.2140.36947 - ATI) Hidden CCC Help Thai (Version: 2008.0309.2140.36947 - ATI) Hidden CCC Help Turkish (Version: 2008.0309.2140.36947 - ATI) Hidden ccc-Branding (HKLM\...\{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}) (Version: 1.00.0000 - ATI) ccc-core-static (Version: 2008.0309.2141.36947 - ATI) Hidden ccc-utility (Version: 2008.0309.2141.36947 - ATI) Hidden Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.) CyberLink LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.0.2908 - CyberLink Corp.) CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.1924 - CyberLink Corp.) CyberLink Power2Go (Version: 6.0.1924 - CyberLink Corp.) Hidden DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd) DDBAC (HKLM\...\{F161B4FF-3976-4917-BD27-CA28C95A13AE}) (Version: 5.3.0 - DataDesign) Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM\...\Dev-C++) (Version: - ) Die*Sims™*3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts) DVDVideoSoftTB DE Toolbar (HKLM\...\DVDVideoSoftTB_DE Toolbar) (Version: 6.8.9.0 - DVDVideoSoftTB DE) ElsterFormular (HKLM\...\ElsterFormular 11.2.0.4074) (Version: 11.2.0.4074 - Landesfinanzdirektion Thüringen) Exif-Viewer 2.51 (HKLM\...\Exif-Viewer) (Version: 2.51 - Ralf Bibinger) Express Gate (HKLM\...\{27D51A76-371D-48B6-B06E-4137A15B7583}) (Version: 0.7.7.0 - devicevm) FlightGear 2.10.0.3 (HKLM\...\FlightGear_is1) (Version: - The FlightGear Team) Free YouTube to MP3 Converter version 3.12.16.1030 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.16.1030 - DVDVideoSoft Ltd.) Gehirnjogging 3 (HKLM\...\Gehirnjogging 3) (Version: 6.3 - SBT) Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.) Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden Green Line 1 Sprachtrainer (HKLM\...\{BC1ECCD7-EE86-4231-AF1B-6E52B49A4532}) (Version: 1.00.000 - Klett) GTA San Andreas (HKLM\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games) IMinent Toolbar (HKLM\...\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}) (Version: 3.26.0 - IMinent) <==== ATTENTION IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC) IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.35 - Irfan Skiljan) iTunes (HKLM\...\{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}) (Version: 11.0.4.4 - Apple Inc.) Java 2 Runtime Environment, SE v1.4.2_15 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142150}) (Version: 1.4.2_15 - Sun Microsystems, Inc.) Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle) Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) LADSPA_plugins-win-0.4.15 (HKLM\...\LADSPA_plugins-win_is1) (Version: - Audacity Team) LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - ) League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (Version: 3.0.1 - Riot Games ) Hidden LEGO MINDSTORMS NXT - (Deutsch) Sprachenpaket (HKLM\...\{611ED207-22E5-4543-B9D3-E73096759A4F}) (Version: 2.0.100.0 - The LEGO Group) LEGO MINDSTORMS NXT Driver (HKLM\...\{D30E4145-9120-4497-AD35-F78482C3CF88}) (Version: 1.17.770 - LEGO) LEGO MINDSTORMS NXT Migration Package (HKLM\...\{6C1D47CC-682C-4673-8CA8-DEE659628599}) (Version: 1.2.8.0 - LEGO) LEGO MINDSTORMS NXT Software v2.0 (HKLM\...\{CB263F8D-EF2D-4EB5-A368-A27056EE92D4}) (Version: 2.0.108.0 - LEGO) LightScribe System Software 1.14.17.1 (HKLM\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe) Logitech GamePanel Software 3.06.109 (HKLM\...\{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}) (Version: 3.06.109 - Logitech Inc.) LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.193 - LogMeIn, Inc.) LogMeIn Hamachi (Version: 2.2.0.193 - LogMeIn, Inc.) Hidden Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation) Hidden Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) MyDriveConnect 3.3.0.1502 (HKLM\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom) NB Probe (HKLM\...\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}) (Version: - ) Norton Internet Security (HKLM\...\NIS) (Version: 21.3.0.12 - Symantec Corporation) OpenAL (HKLM\...\OpenAL) (Version: - ) Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.) phase-6 2.3.2b (HKLM\...\phase-6) (Version: 2.3.2b - phase-6) Pivot Stickfigure Animator (HKLM\...\{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}) (Version: 2.2.5 - Peter Bone) QuickShare (HKLM\...\{B3742C7A-A0FF-42FE-968D-1D5EFDEBA63A}) (Version: 1.6.1.950 - Linkury Inc.) <==== ATTENTION QuickTime (HKLM\...\QuickTime) (Version: - ) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5543 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.) Rossmann Fotoservice 2.6 (HKLM\...\Rossmann Fotoservice_is1) (Version: - ) Rossmann Fotowelt Software 4.12.1 (HKLM\...\Rossmann Fotowelt Software) (Version: 4.12.1 - ORWO Net) Rossmann Online Print Wizard Installer 1.0 (HKLM\...\Rossmannr Online Print Wizard Installer_is1) (Version: - ) Skins (Version: 2008.0309.2141.36947 - ATI) Hidden Skiregion Simulator 2012 (HKLM\...\SkiRegionSimulator2012DE_is1) (Version: 1.0 - GIANTS Software) Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.) Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) Sprachtrainer Fonts (HKLM\...\{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}) (Version: 1.00.01 - Ernst Klett Verlag GmbH) Star Wars: The Old Republic (HKLM\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.) Sven XXX - XXL (HKLM\...\{BE5D79E8-0B8E-4E97-97E1-3CDEBAB2DEB1}) (Version: - ) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics) TI-Nspire CAS Student Software (HKLM\...\TI-Nspire CAS Student Software) (Version: 3.1.0.392 - Texas Instruments) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation) USB2.0 UVC 1.3M WebCam (HKLM\...\USB2.0 UVC 1.3M WebCam) (Version: - ) Virtual DJ Toolbar (HKLM\...\{56444A2D-5637-006A-76A7-A758B70C0A00}) (Version: 12.10.0.2910 - APN, LLC) VirtualDJ Home FREE (HKLM\...\{77C2D5D4-ADC5-49F9-B36E-5992FCF35EA3}) (Version: 7.4.1 - Atomix Productions) Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.) Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden WinFlash (HKLM\...\{DE10AB76-4756-4913-BE25-55D1C1051F9A}) (Version: - ) WinRAR 4.11 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH) Wireless Console 2 (HKLM\...\{83F73CB1-7705-49D1-9852-84D839CA2A45}) (Version: 2.0.10 - ATK) XAMPP (HKLM\...\xampp) (Version: 1.8.2-1 - BitNami) Zahlenbuch 2 (HKLM\...\Zahlenbuch 2) (Version: - ) Zahlenbuch 3 (HKLM\...\{ED587EAA-3462-4C77-9E24-BCA340EC8B03}_is1) (Version: - ) Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation) Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 17-04-2014 09:58:36 Geplanter Prüfpunkt 19-04-2014 12:24:08 Geplanter Prüfpunkt 26-04-2014 09:50:09 Geplanter Prüfpunkt 22-06-2014 10:04:18 Gerätetreiber-Paketinstallation: TomTom Netzwerkadapter 22-06-2014 11:24:23 Removed Babylon Chrome Toolbar ==================== Hosts content: ========================== 2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {040A10A5-0249-4C66-BE3C-3076F1048A90} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.3.0.12\WSCStub.exe [2014-05-11] (Symantec Corporation) Task: {0E7F0BB8-B369-468D-AC1C-7222F140AA6B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-11] (Google Inc.) Task: {15DE8411-F1BC-46C7-952A-9919FF953B79} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {21822DE4-81ED-4E4A-9EF3-4157D3629614} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files\ASUS\SmartLogon\sensorsrv.exe [2008-06-18] (ASUS) Task: {28FC0DED-36D4-4665-9384-8A126D2BE180} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe <==== ATTENTION Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {947B502F-8896-44F9-B9B3-1E3BB90636F6} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {A673284B-26B7-4D70-B030-3E6E4FE3A8F5} - System32\Tasks\BrowserProtect => Sc.exe start BrowserProtect <==== ATTENTION Task: {A96DF3F8-09CC-4D3C-8CB8-05FE8A1507D5} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {B4D23D6A-5F78-4914-A565-66C945DDF0A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-11] (Google Inc.) Task: {CCF966C5-36A6-4344-9562-8DA478984882} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation) Task: {D4E76511-B795-4B52-9104-5A784DBFE5A1} - System32\Tasks\ASUS Live Update => C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2007-11-30] () Task: {E20B1106-760A-47DC-B48D-C94F8154BFE8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24] (Adobe Systems Incorporated) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2008-09-28 21:31 - 2007-06-15 19:28 - 00147456 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll 2008-09-28 21:31 - 2007-06-02 02:08 - 00143360 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll 2008-02-04 22:29 - 2008-02-04 22:29 - 00688128 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll 2012-04-09 17:13 - 2012-02-17 20:55 - 00166912 _____ () C:\Program Files\WinRAR\rarext.dll 2008-09-28 21:31 - 2007-05-18 11:31 - 00073728 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe 2008-09-28 21:10 - 2007-02-06 03:13 - 00094208 _____ () C:\Program Files\ATK Hotkey\ASLDRSrv.exe 2008-09-28 21:31 - 2007-08-08 09:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe 2008-03-09 16:01 - 2008-03-09 16:01 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll 2008-09-28 21:33 - 2007-11-30 20:20 - 00051768 _____ () C:\Program Files\ASUS\ASUS Live Update\ALU.exe 2008-09-28 21:10 - 2004-05-28 03:13 - 00057344 _____ () C:\Program Files\ATK Hotkey\CMSSC.dll 2008-09-28 21:11 - 2007-01-18 04:26 - 07708672 _____ () C:\Program Files\ATKOSD2\ATKOSD2.exe 2008-09-28 21:17 - 2007-07-06 01:53 - 01040384 _____ () C:\Program Files\Wireless Console 2\wcourier.exe 2008-09-28 21:10 - 2006-12-19 02:26 - 02420736 _____ () C:\Program Files\ATK Hotkey\ATKOSD.exe 2013-01-28 14:08 - 2013-01-28 14:08 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2013-01-28 14:08 - 2013-01-28 14:08 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2012-12-07 18:27 - 2012-12-07 18:27 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe 2008-09-28 21:10 - 2007-04-17 22:39 - 00077824 _____ () C:\Program Files\ATK Hotkey\KBFiltr.exe 2008-09-28 21:35 - 2007-08-03 21:24 - 00125496 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe 2008-09-28 21:35 - 2007-09-14 19:00 - 00147456 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdiskex.dll 2008-09-28 21:35 - 2003-11-28 11:11 - 00135168 _____ () C:\Program Files\ASUS\NB Probe\SPM\spos.dll 2008-09-28 21:35 - 2005-08-30 00:24 - 00081920 _____ () C:\Program Files\ASUS\NB Probe\SPM\spnbacpi.dll 2008-09-28 21:35 - 2003-09-10 01:08 - 00049152 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdmi.dll 2008-09-28 21:35 - 2006-04-04 19:24 - 00036864 _____ () C:\Program Files\ASUS\NB Probe\SPM\ghadmi.dll 2008-09-28 21:35 - 2005-04-08 04:25 - 00077824 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmemory.dll 2008-07-19 04:52 - 2008-07-19 04:52 - 00649704 _____ () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll 2008-06-09 18:55 - 2008-06-09 18:55 - 00013096 _____ () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll 2008-09-28 21:38 - 2008-09-28 21:38 - 00033136 _____ () C:\Windows\ASScrPro.exe 2007-07-12 22:55 - 2007-07-12 22:55 - 01581056 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll 2007-08-14 22:59 - 2007-08-14 22:59 - 06365184 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll 2007-07-12 22:55 - 2007-07-12 22:55 - 00131072 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll 2013-05-12 12:59 - 2013-05-12 12:59 - 00032024 _____ () C:\Users\Benutzer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll 2013-05-12 12:59 - 2013-05-12 12:59 - 00044312 _____ () C:\Users\Benutzer\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll 2013-05-12 12:59 - 2013-05-12 12:59 - 00018712 _____ () C:\Users\Benutzer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll 2013-05-12 12:59 - 2013-05-12 12:59 - 00111896 _____ () C:\Users\Benutzer\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll 2013-05-12 12:59 - 2013-05-12 12:59 - 01703704 _____ () C:\Users\Benutzer\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll 2013-05-12 12:59 - 2013-05-12 12:59 - 00078104 _____ () C:\Users\Benutzer\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll 2013-05-12 12:59 - 2013-05-12 12:59 - 00012568 _____ () C:\Users\Benutzer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll 2013-05-12 12:59 - 2013-05-12 12:59 - 00662296 _____ () C:\Users\Benutzer\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll 2013-05-12 12:59 - 2013-05-12 12:59 - 00081176 _____ () C:\Users\Benutzer\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll 2013-05-12 12:59 - 2013-05-12 12:59 - 00013592 _____ () C:\Users\Benutzer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll 2013-05-12 12:59 - 2013-05-12 12:59 - 00016152 _____ () C:\Users\Benutzer\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll 2013-05-12 12:59 - 2013-05-12 12:59 - 00019736 _____ () C:\Users\Benutzer\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll 2013-05-12 12:59 - 2013-05-12 12:59 - 00021272 _____ () C:\Users\Benutzer\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll 2013-05-12 12:59 - 2013-05-12 12:59 - 00057112 _____ () C:\Users\Benutzer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll 2013-05-12 12:59 - 2013-05-12 12:59 - 00013592 _____ () C:\Users\Benutzer\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll 2013-05-31 21:08 - 2013-05-31 21:08 - 00911432 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll 2013-05-12 12:59 - 2013-05-12 12:59 - 00014104 _____ () C:\Users\Benutzer\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll 2013-05-12 12:59 - 2013-05-12 12:59 - 00051480 _____ () C:\Users\Benutzer\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll 2013-05-12 12:58 - 2013-05-12 12:58 - 00047384 _____ () C:\Users\Benutzer\AppData\Local\Smartbar\Application\MACTrackBarLib.dll 2013-05-12 12:57 - 2013-05-12 12:57 - 00025368 _____ () C:\Users\Benutzer\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll 2013-05-12 12:59 - 2013-05-12 12:59 - 00025368 _____ () C:\Users\Benutzer\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll 2013-12-14 17:40 - 2014-03-07 22:39 - 03168576 _____ () C:\Users\Benutzer\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe 2007-03-07 02:03 - 2007-03-07 02:03 - 00016384 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll 2014-03-17 12:59 - 2014-03-17 12:59 - 00026488 _____ () C:\Program Files\MyDrive Connect\DeviceDetection.dll 2014-03-17 12:58 - 2014-03-17 12:58 - 00082808 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterBase.dll 2014-03-17 12:58 - 2014-03-17 12:58 - 00357752 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterProxy.dll 2008-10-15 01:03 - 2008-10-15 01:03 - 03076096 _____ () c:\program files\adobe\reader 8.0\reader\rdlang32.deu 2007-05-11 02:54 - 2007-05-11 02:54 - 00036864 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Spelling.DEU 2007-05-11 02:53 - 2007-05-11 02:53 - 00974848 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\PPKLite.DEU 2007-05-11 02:50 - 2007-05-11 02:50 - 00077824 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Accessibility.DEU 2007-05-11 02:50 - 2007-05-11 02:50 - 00811008 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\AcroForm.DEU 2007-05-11 02:51 - 2007-05-11 02:51 - 01224704 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Annots.DEU 2007-05-11 02:51 - 2007-05-11 02:51 - 00192512 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Checkers.DEU 2007-05-11 02:51 - 2007-05-11 02:51 - 00221184 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\DigSig.DEU 2006-10-23 01:30 - 2006-10-23 01:30 - 00028672 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\eBook.DEU 2008-01-11 21:49 - 2008-01-11 21:49 - 00098304 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\EScript.DEU 2007-05-11 02:52 - 2007-05-11 02:52 - 00006656 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\EWH32.DEU 2006-10-23 01:31 - 2006-10-23 01:31 - 00013312 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\HLS.DEU 2007-05-11 02:52 - 2007-05-11 02:52 - 00086016 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\MakeAccessible.DEU 2007-05-11 02:52 - 2007-05-11 02:52 - 00159744 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Multimedia.DEU 2006-10-23 01:32 - 2006-10-23 01:32 - 00011264 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\PDDom.DEU 2007-05-11 02:53 - 2007-05-11 02:53 - 00013312 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\ReadOutLoud.DEU 2006-10-23 01:33 - 2006-10-23 01:33 - 00008192 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\reflow.DEU 2007-05-11 02:53 - 2007-05-11 02:53 - 00028672 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\SaveAsRTF.DEU 2007-05-11 02:54 - 2007-05-11 02:54 - 00053248 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Search.DEU 2006-10-23 01:33 - 2006-10-23 01:33 - 00012288 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Search5.DEU 2007-05-11 02:54 - 2007-05-11 02:54 - 00026112 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\SendMail.DEU 2006-10-23 01:34 - 2006-10-23 01:34 - 00005120 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Updater.DEU 2007-05-11 02:55 - 2007-05-11 02:55 - 00053248 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\weblink.DEU 2007-01-13 03:01 - 2007-01-13 03:01 - 00397312 ____R () C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll 2007-01-13 03:01 - 2007-01-13 03:01 - 00475136 ____R () C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= Name: Microsoft-6zu4-Adapter Description: Microsoft-6zu4-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Microsoft-ISATAP-Adapter Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: isatap.{495F68CD-5040-4115-9016-0DCA28777065} Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Tun-Miniportadapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunmp Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (06/22/2014 07:17:31 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\PROGRAM FILES\NORTON INTERNET SECURITY\NORTONDATA\21.0.0.100\DEFINITIONS\VIRUSDEFS\TMP1458.TMP\STREAM.DIS> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (06/22/2014 02:14:43 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\PROGRAM FILES\NORTON INTERNET SECURITY\NORTONDATA\21.0.0.100\DEFINITIONS\VIRUSDEFS\TMP2C97.TMP\STREAM.DIS> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (06/22/2014 00:53:55 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\PROGRAM FILES\NORTON INTERNET SECURITY\NORTONDATA\21.0.0.100\DEFINITIONS\VIRUSDEFS\TMP6EBC.TMP\STREAM.DIS> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (06/22/2014 11:48:24 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2014 01:38:24 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: cc8 Anfangszeit: 01cf8c7c013f7c2d Zeitpunkt der Beendigung: 26 Error: (06/20/2014 01:34:23 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/19/2014 10:30:53 AM) (Source: EventSystem) (EventID: 4621) (User: ) Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} Error: (06/19/2014 10:13:53 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\35.0.1916.153\LOCALES\EN-US.PAK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (06/19/2014 10:13:53 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\35.0.1916.153\LOCALES\EN-GB.PAK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (06/19/2014 10:13:53 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\35.0.1916.153\LOCALES\EL.PAK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) System errors: ============= Error: (06/22/2014 11:52:02 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT) Description: 0x80070032 Error: (06/22/2014 11:51:17 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: 30000IPBusEnum Error: (06/22/2014 11:50:20 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (06/22/2014 11:48:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: mysql%%3 Error: (06/22/2014 11:48:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Apache2.4%%3 Error: (06/22/2014 11:48:17 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Error: (06/20/2014 01:38:41 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT) Description: 0x80070032 Error: (06/20/2014 01:36:06 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (06/20/2014 01:34:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: mysql%%3 Error: (06/20/2014 01:34:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Apache2.4%%3 Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-06-22 19:32:11.214 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-06-22 19:32:10.513 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-06-22 19:32:09.715 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-06-22 19:32:08.985 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-06-22 19:31:46.675 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140606.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-06-22 19:31:45.516 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140606.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-06-22 19:31:44.378 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140606.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-06-22 19:31:43.642 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140606.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-06-18 17:34:28.133 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140606.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-06-18 17:34:27.460 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140606.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 53% Total physical RAM: 3070.54 MB Available physical RAM: 1431.73 MB Total Pagefile: 6343.34 MB Available Pagefile: 4763.23 MB Total Virtual: 2047.88 MB Available Virtual: 1885.28 MB ==================== Drives ================================ Drive c: (VistaOS) (Fixed) (Total:149.04 GB) (Free:60.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:139.28 GB) (Free:139.25 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: 97646C29) Partition 1: (Not Active) - (Size=10 GB) - (Type=1C) Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=139 GB) - (Type=OF Extended) ==================== End Of Log ============================ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-06-2014 01 Ran by Benutzer (administrator) on BENUTZER-PC on 22-06-2014 19:30:52 Running from C:\Users\Benutzer\Desktop\Trojaner Board Anwendungen Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe () C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files\ATK Hotkey\ASLDRSrv.exe () C:\Program Files\ATKGFNEX\GFNEXSrv.exe (ASUS) C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (Google Inc.) C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe () C:\Program Files\ASUS\ASUS Live Update\ALU.exe (ATK0100) C:\Program Files\ATK Hotkey\HControl.exe () C:\Program Files\ATKOSD2\ATKOSD2.exe () C:\Program Files\Wireless Console 2\wcourier.exe (ASUS) C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe (ATK) C:\Program Files\P4G\BatteryLife.exe () C:\Program Files\ATK Hotkey\ATKOSD.exe (Agere Systems) C:\Windows\System32\agrsmsvc.exe (APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.3.0.12\nis.exe () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.3.0.12\nis.exe () C:\Program Files\ATK Hotkey\KBFiltr.exe () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe (LogMeIn Inc.) C:\Users\Benutzer\PRIVAT\Julian Übungsaufgaben u.Schule\hamachi-2.exe (LogMeIn, Inc.) C:\Users\Benutzer\PRIVAT\Julian Übungsaufgaben u.Schule\LMIGuardianSvc.exe (LogMeIn Inc.) C:\Users\Benutzer\PRIVAT\Julian Übungsaufgaben u.Schule\hamachi-2-ui.exe (LogMeIn, Inc.) C:\Users\Benutzer\PRIVAT\Julian Übungsaufgaben u.Schule\LMIGuardianSvc.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe (CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ASUS) C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS) C:\Windows\System32\ASUSTPE.exe () C:\Windows\ASScrPro.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Smartbar) C:\Users\Benutzer\AppData\Local\Smartbar\Application\QuickShare.exe () C:\Users\Benutzer\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [104936 2008-07-19] (CyberLink) HKLM\...\Run: [P2Go_Menu] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-14] (CyberLink Corp.) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4853760 2008-01-07] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.) HKLM\...\Run: [ATKMEDIA] => C:\Program Files\ASUS\ATK Media\DMedia.exe [159744 2008-06-25] (ASUS) HKLM\...\Run: [ASUSTPE] => C:\Windows\system32\ASUSTPE.exe [106496 2007-10-12] (ASUS) HKLM\...\Run: [ASUS Camera ScreenSaver] => C:\Windows\AsScrProlog.exe [47672 2008-09-28] () HKLM\...\Run: [ASUS Screen Saver Protector] => C:\Windows\ASScrPro.exe [33136 2008-09-28] () HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.) HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [159456 2011-08-05] (Microsoft Corporation) HKLM\...\Run: [] => [X] HKLM\...\Run: [ApnUpdater] => "C:\Program Files\Ask.com\Updater\Updater.exe" HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [Launch LgDeviceAgent] => C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [358472 2010-08-03] (Logitech Inc.) HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [1809992 2010-08-03] (Logitech Inc.) HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [3649096 2010-08-03] (Logitech Inc.) HKLM\...\Run: [ApnTBMon] => "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Users\Benutzer\PRIVAT\Julian Übungsaufgaben u.Schule\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-1995907402-2643437171-1976029676-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company) HKU\S-1-5-21-1995907402-2643437171-1976029676-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-1995907402-2643437171-1976029676-1000\...\Run: [Browser Infrastructure Helper] => C:\Users\Benutzer\AppData\Local\Smartbar\Application\QuickShare.exe [20248 2013-05-12] (Smartbar) HKU\S-1-5-21-1995907402-2643437171-1976029676-1000\...\Run: [DAEMON Tools Lite] => "I:\Daemon Tools\DAEMON Tools Lite\DTLite.exe" -autorun HKU\S-1-5-21-1995907402-2643437171-1976029676-1000\...\Run: [Amazon Cloud Player] => C:\Users\Benutzer\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] () HKU\S-1-5-21-1995907402-2643437171-1976029676-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21446272 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-1995907402-2643437171-1976029676-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-1995907402-2643437171-1976029676-1000\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\MyDriveConnect.exe [473464 2014-03-17] (TomTom) HKU\S-1-5-21-1995907402-2643437171-1976029676-1000\...\MountPoints2: {28828199-9aca-11de-9762-002354106daf} - G:\Launcher.exe HKU\S-1-5-21-1995907402-2643437171-1976029676-1000\...\MountPoints2: {28c884d8-020a-11df-8200-002354106daf} - H:\LaunchU3.exe -a HKU\S-1-5-21-1995907402-2643437171-1976029676-1000\...\MountPoints2: {2b0d6691-65b5-11e3-b1da-002354106daf} - H:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1995907402-2643437171-1976029676-1000\...\MountPoints2: {55a440e8-ff87-11e2-97cc-002354106daf} - H:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1995907402-2643437171-1976029676-1000\...\MountPoints2: {e9bf7021-2fe1-11e3-8663-002354106daf} - J:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1995907402-2643437171-1976029676-1000\...\MountPoints2: {ed4bc99a-2348-11e3-a2c1-002354106daf} - F:\cdstart.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk ShortcutTarget: phase-6 Reminder.lnk -> C:\Users\Benutzer\PRIVAT\Julian Übungsaufgaben u.Schule\phase-6\reminder\reminder.exe (phase-6) ShellIconOverlayIdentifiers: ADSMOverlayIcon -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll () ShellIconOverlayIdentifiers: ADSMOverlayIcon1 -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com URLSearchHook: HKLM - DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File URLSearchHook: HKCU - DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) SearchScopes: HKCU - DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=20&locale=de_DE&gct=kwd&qsrc=2869 SearchScopes: HKCU - bProtectorDefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=20&locale=de_DE&gct=kwd&qsrc=2869 BHO: DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) BHO: Virtual DJ Toolbar - {56444A2D-5637-006A-76A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\VDJ-V7\Passport.dll" No File BHO: TBSB01620 Class - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files\IMinent Toolbar\tbcore3.dll No File BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation) BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No File Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File Toolbar: HKLM - IMinent Toolbar - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll No File Toolbar: HKLM - DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File Toolbar: HKLM - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM - Virtual DJ Toolbar - {56444A2D-5637-006A-76A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\VDJ-V7\Passport.dll" No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File Toolbar: HKCU - DVDVideoSoftTB DE Toolbar - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} https://www.olb.de/olb_fb3_1867b/plugin/AXFOAM.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_15-windows-i586.cab DPF: {C752FF21-A8EF-468E-B507-5BBAFB84359E} https://hbciweb.olb.de/financebrowser5/plugin/Signlet-Plugin.CAB DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_15-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-03] FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2014-06-22] FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF [2013-12-06] FF HKCU\...\Firefox\Extensions: [{58bd07eb-0ee0-4df0-8121-dc9b693373df}] - C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension FF Extension: BrowserProtect - C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012-12-17] Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR StartupUrls: "hxxp://www.google.de/" CHR NewTab: "chrome-extension://amfclgbdpgndipgoegfpkkgobahigbcl/redirect.html" CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\34.0.1847.137\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll () CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\34.0.1847.137\pdf.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Default Plug-in) - default_plugin No File CHR Extension: (QuickShare Widget) - C:\Users\Benutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl [2013-06-01] CHR Extension: (Skype Click to Call) - C:\Users\Benutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-08] CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\Benutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-12-15] CHR Extension: (Google Wallet) - C:\Users\Benutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-15] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09] CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\Exts\Chrome.crx [2014-05-25] CHR HKLM\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx [2012-12-17] CHR HKCU\...\Chrome\Extension: [amfclgbdpgndipgoegfpkkgobahigbcl] - C:\Users\Benutzer\AppData\Local\Smartbar/Application\1Extension.crx [2013-05-12] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-05-12] ========================== Services (Whitelisted) ================= R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [73728 2007-05-18] () [File not signed] R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-17] (APN LLC.) R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-06] () [File not signed] R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed] R2 Hamachi2Svc; C:\Users\Benutzer\PRIVAT\Julian Übungsaufgaben u.Schule\hamachi-2.exe [1682768 2014-05-13] (LogMeIn Inc.) R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed] R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376 2014-05-11] (Symantec Corporation) R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed] R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.) R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] () S2 Apache2.4; "I:\xampp\xampp\apache\bin\httpd.exe" -k runservice [X] S2 mysql; I:\xampp\xampp\mysql\bin\mysqld.exe --defaults-file=i:\xampp\xampp\mysql\bin\my.ini mysql ==================== Drivers (Whitelisted) ==================== R0 AsDsm; C:\Windows\system32\Drivers\AsDsm.sys [29752 2007-08-11] (Windows (R) Codename Longhorn DDK provider) R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] () S3 bfturboh; C:\Windows\System32\drivers\bfturboh.sys [17280 2008-07-22] (BUFFALO INC.) [File not signed] R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140606.001\BHDrvx86.sys [1101616 2014-05-10] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1503000.00C\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation) S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2008-01-21] (Microsoft Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-09-22] (DT Soft Ltd) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-11] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-06-11] (Symantec Corporation) R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] () R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140620.001\IDSvix86.sys [395992 2014-03-26] (Symantec Corporation) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15928 2008-06-03] ( ) R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-23] (Logitech Inc.) R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-23] (Logitech Inc.) R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15416 2008-05-29] (Windows (R) Codename Longhorn DDK provider) R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100) R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140621.001\NAVENG.SYS [93272 2013-12-06] (Symantec Corporation) R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140621.001\NAVEX15.SYS [1612376 2013-12-06] (Symantec Corporation) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1772544 2008-05-13] () R3 SRTSP; C:\Windows\System32\Drivers\NIS\1503000.00C\SRTSP.SYS [664280 2014-02-13] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NIS\1503000.00C\SRTSPX.SYS [32344 2013-07-31] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NIS\1503000.00C\SYMDS.SYS [367704 2013-08-01] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NIS\1503000.00C\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-12-06] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NIS\1503000.00C\Ironx86.SYS [206936 2013-07-31] (Symantec Corporation) R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1503000.00C\SYMTDIV.SYS [384728 2014-02-18] (Symantec Corporation) S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [122752 2010-03-29] (Texas Instruments) S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-21] (Microsoft Corporation) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-22 19:29 - 2014-06-22 19:31 - 00000000 ____D () C:\FRST 2014-06-22 12:05 - 2014-06-22 12:05 - 00000000 ____D () C:\Users\Benutzer\AppData\Local\TomTom 2014-06-22 12:05 - 2014-06-22 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom 2014-06-22 12:04 - 2014-06-22 12:04 - 00000000 ____D () C:\Windows\LastGood 2014-06-22 12:04 - 2014-06-22 12:04 - 00000000 ____D () C:\Program Files\TomTom International B.V 2014-06-22 12:04 - 2014-06-22 12:04 - 00000000 ____D () C:\Program Files\MyDrive Connect 2014-05-26 20:47 - 2014-05-26 20:47 - 00000000 ____D () C:\Program Files\Common Files\Skype ==================== One Month Modified Files and Folders ======= 2014-06-22 19:31 - 2014-06-22 19:29 - 00000000 ____D () C:\FRST 2014-06-22 19:22 - 2010-12-11 16:16 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-22 18:46 - 2012-04-24 16:10 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-22 17:46 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-22 17:46 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-22 12:07 - 2006-11-02 12:33 - 01445310 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-22 12:05 - 2014-06-22 12:05 - 00000000 ____D () C:\Users\Benutzer\AppData\Local\TomTom 2014-06-22 12:05 - 2014-06-22 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom 2014-06-22 12:04 - 2014-06-22 12:04 - 00000000 ____D () C:\Windows\LastGood 2014-06-22 12:04 - 2014-06-22 12:04 - 00000000 ____D () C:\Program Files\TomTom International B.V 2014-06-22 12:04 - 2014-06-22 12:04 - 00000000 ____D () C:\Program Files\MyDrive Connect 2014-06-22 12:04 - 2008-12-15 20:41 - 00000000 ____D () C:\Users\Benutzer 2014-06-22 12:00 - 2011-03-16 17:59 - 00000000 ____D () C:\Users\Benutzer\Desktop\Julian 2014-06-22 11:56 - 2008-09-28 19:40 - 01547081 _____ () C:\Windows\WindowsUpdate.log 2014-06-22 11:49 - 2012-04-10 16:39 - 00000000 ____D () C:\Users\Benutzer\AppData\Local\LogMeIn Hamachi 2014-06-22 11:46 - 2010-12-11 16:16 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-22 11:46 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-20 14:21 - 2006-11-02 15:01 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-06-18 20:16 - 2012-07-16 13:23 - 00000000 ____D () C:\Users\Benutzer\Documents\VirtualDJ 2014-06-18 16:49 - 2012-05-11 20:28 - 00000000 ____D () C:\Users\Benutzer\AppData\Roaming\Skype 2014-06-18 16:41 - 2012-12-18 15:49 - 00000000 ____D () C:\Users\Benutzer\AppData\Local\CrashDumps 2014-06-15 19:20 - 2008-01-21 04:47 - 01681756 _____ () C:\Windows\PFRO.log 2014-05-31 17:50 - 2008-12-25 14:00 - 00089088 _____ () C:\Users\Benutzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-05-30 20:19 - 2009-04-20 21:01 - 00000000 ____D () C:\Users\Benutzer\Fotos 2014-05-26 20:47 - 2014-05-26 20:47 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-05-26 20:47 - 2013-01-26 18:42 - 00000000 ___RD () C:\Program Files\Skype 2014-05-26 20:47 - 2012-05-11 20:27 - 00000000 ____D () C:\ProgramData\Skype 2014-05-26 20:42 - 2012-12-05 19:53 - 00000000 ____D () C:\Windows\system32\Drivers\NIS 2014-05-26 20:41 - 2013-12-06 14:58 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2014-05-25 13:01 - 2012-12-20 17:31 - 00000000 ____D () C:\Users\Benutzer\AppData\Roaming\.minecraft Files to move or delete: ==================== C:\ProgramData\0tbpw.pad Some content of TEMP: ==================== C:\Users\Benutzer\AppData\Local\Temp\i4jdel0.exe C:\Users\Benutzer\AppData\Local\Temp\i4jdel1.exe C:\Users\Benutzer\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.2-R1.0-b2879jnks.dll C:\Users\Benutzer\AppData\Local\Temp\lgps_lgps.exe C:\Users\Benutzer\AppData\Local\Temp\uninst1.exe C:\Users\Benutzer\AppData\Local\Temp\w8fbkszf.dll C:\Users\Benutzer\AppData\Local\Temp\{4CD36E83-80A2-4204-88C7-3EF4A9650E04}-32.0.1700.76_chrome_installer.exe C:\Users\Benutzer\AppData\Local\Temp\{6210E994-1BE6-413B-90C7-1DBC5C056D01}-32.0.1700.76_31.0.1650.63_chrome_updater.exe C:\Users\Benutzer\AppData\Local\Temp\{8663161A-6E2C-484B-9F10-E5CC905C4BD0}-35.0.1916.114_chrome_installer.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-22 11:56 ==================== End Of Log ============================ Wenn ich jetzt aufgepasst habe, schätze ich mal das ich die Programme, die ein --->Attention hinter dem Namen haben mit dem Revo Uninstaller bzw erstmal per Systemsteuerung deinstallieren soll- oder liege ich da falsch? Gruß green_lion
__________________ Mein Rechner -->http://www.sysprofile.de/id184112 |
23.06.2014, 15:31 | #14 | |
/// the machine /// TB-Ausbilder | giw.mapopen.net WerbungZitat:
Danach: Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |