|
Log-Analyse und Auswertung: Win 8.1 (64 Bit): lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
27.03.2014, 08:54 | #1 |
| Win 8.1 (64 Bit): lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen? Guten Morgen, wie bereits im Titel beschrieben habe ich hier ein 64 Bit-System auf dem HJT einen 32 Bit-Prozess als gefährlich einstuft und "fixen" anbietet. Soll ich den Eintrag löschen (sasser?) oder ist das nicht nötig? Sind darüber hinaus noch weitere bedenkliche Einträge im Logfile erkennbar? Danke für Eure Unterstützung John Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 08:39:58, on 27.03.2014 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.9600.16518) Boot mode: Normal Running processes: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Users\John\Downloads\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" O4 - HKLM\..\Run: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [VideoDownloadConverter_4z Browser Plugin Loader 64] C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon64.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" O4 - HKUS\S-1-5-21-875375503-3799985134-3711563178-1004\..\Run: [Epson Stylus S22] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGEE.EXE /FU "C:\windows\TEMP\E_S8287.tmp" /EF "HKCU" (User 'Hana') O4 - Startup: Tintenwarnungen überwachen - HP Deskjet 1010 series.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing) O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\windows\system32\hasplms.exe (file missing) O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Connected Remote Service (HPConnectedRemote) - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11293 bytes |
27.03.2014, 09:07 | #2 |
/// the machine /// TB-Ausbilder | Win 8.1 (64 Bit): lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen? Hi,
__________________HJT ist total veraltet und sollte nicht mehr benutzt werden. Probleme mit dem Rechner? Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
27.03.2014, 14:06 | #3 |
| Win 8.1 (64 Bit): lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen? Logs anbei....
__________________FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by John (administrator) on HANAHOMEOFFICE on 27-03-2014 13:47:12 Running from C:\Users\John\Downloads Windows 8.1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\WINDOWS\system32\dashost.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe (Intel(R) Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\ProgramData\HP Photo Creations\Communicator.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456 2013-09-12] (ESET) HKLM-x32\...\Run: [CLMLServer_For_P2G8] - c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] - c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.) HKLM-x32\...\Run: [VideoDownloadConverter_4z Browser Plugin Loader 64] - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon64.exe HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-12] (Hewlett-Packard) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\PE_J_DEFAULT\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem HKU\PE_J_DEFAULT\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\PE_J_HANA\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun HKU\PE_J_HANA\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" HKU\PE_J_HANA\...\Run: [Sony PC Companion] - "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background HKU\PE_J_HANA\...\Run: [Facebook Update] - "C:\Users\Hana\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver HKU\PE_J_HANA\...\Run: [Akamai NetSession Interface] - "C:\Users\Hana\AppData\Local\Akamai\netsession_win.exe" HKU\PE_J_HANA\...\MountPoints2: {05f32868-b0df-11dd-9bc3-806e6f6e6963} - F:\Autorun.exe HKU\PE_J_HANA\...\MountPoints2: {0997c6b9-6e32-11e0-84e7-eec77ae54d34} - L:\Startme.exe HKU\PE_J_HANA\...\MountPoints2: {44300007-7dcf-11de-91f5-00188b5d120f} - K:\AUTOSTARTER.EXE HKU\PE_J_HANA\...\MountPoints2: {4897b167-51f8-11df-b966-80b94b4f1412} - L:\GSLoader.exe HKU\PE_J_HANA\...\MountPoints2: {8c69eda6-1b4f-11e1-9c2d-806e6f6e6963} - E:\Autorun.exe HKU\PE_J_HANA\...\MountPoints2: {dcbd87da-235e-11de-accf-00188b5d120f} - N:\LaunchU3.exe -a HKU\PE_J_HANA\...\MountPoints2: {f878400e-dd1d-11df-9c20-f3b0036ccd5e} - N:\GSLoader.exe HKU\PE_J_JOHN\...\RunOnce: [Shockwave Updater] - C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Arcor 5.006; GTB6.5; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)" -"hxxp://www.nickjr.de/cache.php?path=/junior/game.html&aid=1973" HKU\PE_J_JOHN\...\MountPoints2: {00b07832-f6f5-11e0-8029-fe9433fb58d9} - L:\AutoRun.exe HKU\PE_J_JOHN\...\MountPoints2: {05f32868-b0df-11dd-9bc3-806e6f6e6963} - F:\zdata\cobi.exe HKU\PE_J_JOHN\...\MountPoints2: {0997c57e-6e32-11e0-84e7-eec77ae54d34} - L:\Startme.exe HKU\PE_J_JOHN\...\MountPoints2: {0997c6b9-6e32-11e0-84e7-eec77ae54d34} - L:\Startme.exe HKU\PE_J_JOHN\...\MountPoints2: {1c6a772d-10ca-11e0-8962-9d391e0781bc} - L:\DPFMate.exe HKU\PE_J_JOHN\...\MountPoints2: {5db19dcb-7fc8-11df-82c7-f2e79567669f} - L:\Startme.exe HKU\PE_J_JOHN\...\MountPoints2: {77598d87-d139-11de-9061-f5513fb3b1b2} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL L:\Play.exe HKU\PE_J_JOHN\...\MountPoints2: {9ccfb910-8134-11e0-957b-c60183717ba8} - L:\AutoRun.exe HKU\PE_J_JOHN\...\MountPoints2: {9ccfb937-8134-11e0-957b-9b6e48e72e07} - L:\AutoRun.exe HKU\PE_J_JOHN\...\MountPoints2: {abb80c48-99d5-11e0-890d-b702a651fbe4} - L:\KODAK_Software_Downloader.exe HKU\PE_J_JOHN\...\MountPoints2: {dcbd87da-235e-11de-accf-00188b5d120f} - M:\LaunchU3.exe -a HKU\PE_J_JOHN\...\MountPoints2: {f878400e-dd1d-11df-9c20-f3b0036ccd5e} - L:\GSLoader.exe HKU\PE_J_JUSTINE\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun HKU\PE_J_JUSTINE\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\PE_J_JUSTINE\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" HKU\PE_J_SPIELE\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun HKU\PE_J_SPIELE\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\PE_J_SPIELE\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" HKU\S-1-5-21-875375503-3799985134-3711563178-1001\...\MountPoints2: {813fe800-b08a-11e2-bea2-4c72b9419957} - "L:\LaunchU3.exe" -a HKU\S-1-5-21-875375503-3799985134-3711563178-1001\...\MountPoints2: {89193c5e-5e3d-11e3-bf2a-4c72b9419957} - "K:\GSLoader.exe" HKU\S-1-5-21-875375503-3799985134-3711563178-1004\...\Run: [Epson Stylus S22] - C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGEE.EXE /FU "C:\windows\TEMP\E_S8287.tmp" /EF "HKCU" Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 1010 series.lnk ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 1010 series.lnk -> C:\Program Files\HP\HP Deskjet 1010 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) GroupPolicyUsers\S-1-5-21-875375503-3799985134-3711563178-1005\User: Group Policy restriction detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-875375503-3799985134-3711563178-1004\User: Group Policy restriction detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-875375503-3799985134-3711563178-1001\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2A1259230628CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=md_14_13_ff&cd=2XzuyEtN2Y1L1QzuyE0CyBtB0BzyyEtCzyzyyDyBzytBzzyCtN0D0Tzu0SzztCyCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0F0AyByCtA0FtAtGtA0A0D0DtG0EyEyB0DtGyDtC0EyEtGtC0E0CtAyBtAtDtCtCtByD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyC0D0C0C0DtAyEtG0B0Bzz0DtGtAtAtC0AtGyEtAyDzytGyDzz0E0FtA0A0BtBtDzytCtD2Q&cr=2039160804&ir= SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=md_14_13_ff&cd=2XzuyEtN2Y1L1QzuyE0CyBtB0BzyyEtCzyzyyDyBzytBzzyCtN0D0Tzu0SzztCyCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0F0AyByCtA0FtAtGtA0A0D0DtG0EyEyB0DtGyDtC0EyEtGtC0E0CtAyBtAtDtCtCtByD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyC0D0C0C0DtAyEtG0B0Bzz0DtGtAtAtC0AtGyEtAyDzytGyDzz0E0FtA0A0BtBtDzytCtD2Q&cr=2039160804&ir= SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=md_14_13_ff&cd=2XzuyEtN2Y1L1QzuyE0CyBtB0BzyyEtCzyzyyDyBzytBzzyCtN0D0Tzu0SzztCyCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0F0AyByCtA0FtAtGtA0A0D0DtG0EyEyB0DtGyDtC0EyEtGtC0E0CtAyBtAtDtCtCtByD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyC0D0C0C0DtAyEtG0B0Bzz0DtGtAtAtC0AtGyEtAyDzytGyDzz0E0FtA0A0BtBtDzytCtD2Q&cr=2039160804&ir= SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=md_14_13_ff&cd=2XzuyEtN2Y1L1QzuyE0CyBtB0BzyyEtCzyzyyDyBzytBzzyCtN0D0Tzu0SzztCyCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0F0AyByCtA0FtAtGtA0A0D0DtG0EyEyB0DtGyDtC0EyEtGtC0E0CtAyBtAtDtCtCtByD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyC0D0C0C0DtAyEtG0B0Bzz0DtGtAtAtC0AtGyEtAyDzytGyDzz0E0FtA0A0BtBtDzytCtD2Q&cr=2039160804&ir= BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8lfxhffq.default-1390413753507 FF user.js: detected! => C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8lfxhffq.default-1390413753507\user.js FF SelectedSearchEngine: Mysearchdial FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll () FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @VideoDownloadConverter_ScriptHelper.com/Plugin - C:\Program Files (x86)\VideoDownloadConverter\npVDCPlugin.dll No File FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: DownloadHelper - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8lfxhffq.default-1390413753507\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25] FF Extension: DownThemAll! - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8lfxhffq.default-1390413753507\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-03-01] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-03-03] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-03-03] Chrome: ======= CHR HomePage: hxxp://google.de/ CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-09] CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-09] CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-09] CHR Extension: (Google-Suche) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-09] CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-09] CHR Extension: (Google Mail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-09] ==================== Services (Whitelisted) ================= R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET) S3 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-08-01] (Realtek Semiconductor) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-18] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows (R) Codename Longhorn DDK provider) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET) R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET) R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation) S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation) S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-27 13:47 - 2014-03-27 13:47 - 00021968 _____ () C:\Users\John\Downloads\FRST.txt 2014-03-27 13:45 - 2014-03-27 13:47 - 00000000 ____D () C:\FRST 2014-03-27 13:44 - 2014-03-27 13:44 - 02157056 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe 2014-03-27 09:11 - 2014-03-27 09:11 - 00011115 _____ () C:\Users\Justine\Downloads\hijackthis.log 2014-03-27 09:10 - 2014-03-27 09:11 - 00388608 _____ (Trend Micro Inc.) C:\Users\Justine\Downloads\HiJackThis204.exe 2014-03-27 08:39 - 2014-03-27 08:39 - 00011295 _____ () C:\Users\John\Downloads\hijackthis.log 2014-03-27 08:38 - 2014-03-27 08:38 - 00388608 _____ (Trend Micro Inc.) C:\Users\John\Downloads\HiJackThis204.exe 2014-03-26 23:40 - 2014-03-26 23:40 - 00000000 ____D () C:\Users\John\Documents\ProcAlyzer Dumps 2014-03-26 22:50 - 2013-08-22 14:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140326-225048.backup 2014-03-26 22:01 - 2014-03-26 23:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-03-26 22:01 - 2014-03-26 22:03 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-03-26 22:01 - 2014-03-26 22:01 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking 2014-03-26 22:01 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe 2014-03-26 21:59 - 2014-03-26 22:00 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\John\Downloads\spybot-2.2.25.exe 2014-03-26 21:02 - 2014-01-02 17:46 - 00859720 _____ (Mindspark) C:\Program Files (x86)\4zUninstall VideoDownloadConverter.dll 2014-03-26 21:02 - 2014-01-02 17:46 - 00189848 _____ () C:\Program Files (x86)\4zres.dll 2014-03-26 18:32 - 2014-03-26 18:32 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\OpenOffice 2014-03-26 18:27 - 2014-03-26 18:33 - 00000000 ____D () C:\Users\Justine\Downloads\Sphax PureBDcraft 512x MC17 2014-03-26 18:23 - 2014-03-26 18:26 - 115988950 _____ () C:\Users\Justine\Downloads\Sphax PureBDcraft 512x MC17.zip 2014-03-26 17:48 - 2014-03-26 20:49 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-03-26 17:48 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-03-26 17:48 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-03-26 17:48 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-03-26 17:47 - 2014-03-26 17:48 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-26 17:47 - 2014-03-26 17:47 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Justine\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-26 17:47 - 2014-03-26 17:47 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-26 17:40 - 2014-03-26 17:41 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\vlc 2014-03-26 16:12 - 2014-03-27 12:12 - 00000318 _____ () C:\WINDOWS\Tasks\MySearchDial.job 2014-03-26 16:12 - 2014-03-26 16:12 - 00002656 _____ () C:\WINDOWS\System32\Tasks\MySearchDial 2014-03-26 16:12 - 2014-03-26 16:12 - 00000045 _____ () C:\Users\John\AppData\Roaming\WB.CFG 2014-03-26 16:10 - 2014-03-26 16:10 - 00001009 _____ () C:\Users\John\Desktop\MiPony.lnk 2014-03-26 16:10 - 2014-03-26 16:10 - 00001009 _____ () C:\Users\Hana\Desktop\MiPony.lnk 2014-03-26 16:10 - 2014-03-26 16:10 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiPony 2014-03-26 16:10 - 2014-03-26 16:10 - 00000000 ____D () C:\Program Files (x86)\MiPony 2014-03-26 16:04 - 2014-03-26 16:04 - 00000000 ____D () C:\Users\Justine\AppData\Local\Google 2014-03-26 15:46 - 2014-03-26 16:00 - 43091448 _____ () C:\Users\Justine\Desktop\64px [mc1.7.4] HD MK WORKING 1.0.zip 2014-03-26 15:41 - 2014-03-26 15:41 - 01058296 _____ () C:\Users\Justine\Downloads\Honeyball-Texture-Pack-fr-Minecraft-lnstall.exe 2014-03-26 15:30 - 2014-03-26 15:40 - 00000000 ____D () C:\Users\Justine\Downloads\Neuer Ordner 2014-03-26 14:36 - 2014-03-26 14:36 - 00001081 _____ () C:\Users\Justine\Desktop\Minecraft - Verknüpfung.lnk 2014-03-25 22:03 - 2014-03-25 22:06 - 00000000 ____D () C:\Users\John\Downloads\cdex_151 2014-03-25 22:02 - 2014-03-25 22:02 - 01923290 _____ () C:\Users\John\Downloads\cdex_151.zip 2014-03-25 22:02 - 2014-03-25 22:02 - 01923290 _____ () C:\Users\John\Downloads\cdex_151(1).zip 2014-03-25 20:08 - 2014-03-25 20:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-25 19:06 - 2014-03-25 19:06 - 00675988 _____ () C:\Users\Justine\Downloads\Minecraft.exe 2014-03-23 22:11 - 2014-02-22 13:16 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2014-03-23 22:11 - 2014-02-22 12:24 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2014-03-23 12:37 - 2014-03-23 12:37 - 00000000 ____D () C:\Users\Justine\Documents\Manic Digger 2014-03-19 17:08 - 2014-03-19 17:11 - 00000000 ____D () C:\Users\Justine\Documents\Minecraft Skin 2014-03-18 12:08 - 2014-03-18 12:08 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\Apple Computer 2014-03-18 12:08 - 2014-03-18 12:08 - 00000000 ____D () C:\Users\Justine\AppData\Local\Apple Computer 2014-03-18 12:07 - 2014-03-18 12:07 - 00000000 ____D () C:\Users\Justine\Documents\DVDVideoSoft 2014-03-18 12:07 - 2014-03-18 12:07 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\DVDVideoSoft 2014-03-17 17:32 - 2014-03-17 17:32 - 00000000 ____D () C:\Users\Justine\Documents\Electronic Arts 2014-03-16 16:58 - 2014-03-16 16:58 - 00000000 ____D () C:\Users\Justine\AppData\Local\Macromedia 2014-03-16 16:49 - 2014-03-16 16:49 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP 2014-03-16 16:49 - 2014-03-16 16:49 - 00000000 ____D () C:\Users\Justine\AppData\Local\VideoDownloadConverter_4z 2014-03-16 16:48 - 2014-03-16 16:48 - 00001452 _____ () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-03-16 16:47 - 2014-03-16 16:47 - 00000660 __RSH () C:\Users\Justine\ntuser.pol 2014-03-16 16:47 - 2014-03-16 16:47 - 00000020 ___SH () C:\Users\Justine\ntuser.ini 2014-03-12 21:17 - 2013-12-20 11:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2014-03-12 21:17 - 2013-12-20 11:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2014-03-12 21:16 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-03-12 21:16 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-03-12 21:16 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-03-12 21:16 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-03-12 21:16 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-03-12 21:16 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-03-12 21:16 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-03-12 21:16 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-03-12 21:16 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-03-12 21:16 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-03-12 21:16 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-03-12 21:16 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-03-12 21:16 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-03-12 21:16 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-03-12 21:16 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-03-12 21:16 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-03-12 21:16 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-03-12 21:16 - 2014-02-11 04:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-03-12 21:16 - 2014-02-11 03:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll 2014-03-12 21:16 - 2014-02-11 03:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll 2014-03-12 21:16 - 2014-01-31 17:15 - 00311640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys 2014-03-12 21:16 - 2014-01-31 17:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2014-03-12 21:16 - 2014-01-31 17:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2014-03-12 21:16 - 2014-01-31 14:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2014-03-12 21:16 - 2014-01-31 10:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll 2014-03-12 21:16 - 2014-01-29 10:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2014-03-12 21:16 - 2014-01-29 09:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2014-03-12 21:16 - 2014-01-29 09:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2014-03-12 21:16 - 2014-01-29 09:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2014-03-12 21:16 - 2014-01-29 09:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-03-12 21:16 - 2014-01-29 08:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2014-03-12 21:16 - 2014-01-29 08:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2014-03-12 21:16 - 2014-01-29 08:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2014-03-12 21:16 - 2014-01-29 07:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll 2014-03-12 21:16 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll 2014-03-12 21:16 - 2014-01-27 20:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2014-03-12 21:16 - 2014-01-27 20:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll 2014-03-12 21:16 - 2014-01-27 20:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE 2014-03-12 21:16 - 2014-01-27 19:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll 2014-03-12 21:16 - 2014-01-27 19:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2014-03-12 21:16 - 2014-01-27 19:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll 2014-03-12 21:16 - 2014-01-27 19:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE 2014-03-12 21:16 - 2014-01-27 19:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll 2014-03-12 21:16 - 2014-01-27 18:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll 2014-03-12 21:16 - 2014-01-27 18:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll 2014-03-12 21:16 - 2014-01-27 18:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll 2014-03-12 21:16 - 2014-01-27 16:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2014-03-12 21:16 - 2014-01-27 16:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2014-03-12 21:16 - 2014-01-27 12:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2014-03-12 21:16 - 2014-01-18 00:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2014-03-12 21:16 - 2014-01-17 22:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2014-03-12 21:16 - 2013-12-21 15:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2014-03-12 21:16 - 2013-12-21 09:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll 2014-03-12 21:16 - 2013-10-31 01:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2014-03-12 21:16 - 2013-10-31 01:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2014-03-12 21:16 - 2013-10-31 01:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2014-03-05 22:44 - 2014-03-05 22:44 - 00001495 _____ () C:\Users\Public\Desktop\Zwischenland Die fliegende Insel.lnk 2014-03-05 22:44 - 2014-03-05 22:44 - 00001149 _____ () C:\Users\Public\Desktop\GAME CENTER.lnk 2014-03-05 22:44 - 2014-03-05 22:44 - 00000000 ____D () C:\Users\John\AppData\Roaming\Specialbit 2014-03-05 22:30 - 2014-03-05 22:34 - 279230976 _____ (INTENIUM GmbH) C:\Users\John\Downloads\ZwischenlandDieFliegendeInsel(1).exe 2014-03-04 21:50 - 2014-03-04 21:56 - 434313274 _____ () C:\Users\John\Downloads\Camera Uploads 25022014-04032014.zip 2014-03-04 16:05 - 2014-03-04 16:05 - 00013337 _____ () C:\Users\John\Downloads\ArbeitsamtAbschlagsänderung2014.odt 2014-03-04 07:19 - 2014-03-04 07:19 - 00002262 _____ () C:\Users\Public\Desktop\Die Sims™ 3 Inselparadies.lnk 2014-03-04 07:19 - 2014-03-04 07:19 - 00000993 _____ () C:\Users\Public\Desktop\Origin.lnk 2014-03-03 10:03 - 2014-03-03 10:03 - 00000000 ____D () C:\ProgramData\ESET 2014-03-03 10:03 - 2014-03-03 10:03 - 00000000 ____D () C:\Program Files\ESET 2014-03-03 10:03 - 2014-01-19 08:38 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2014-03-03 09:57 - 2014-03-03 09:57 - 01681800 _____ (ESET) C:\Users\John\Downloads\eset_nod32_antivirus_live_installer_.exe 2014-02-28 09:02 - 2014-02-28 17:24 - 00000000 ____D () C:\Users\John\AppData\Local\QuickPar 2014-02-27 10:09 - 2014-02-27 10:09 - 00028868 _____ () C:\Users\John\Downloads\S_20140227_10945_Neue_Nachrichten.zip ==================== One Month Modified Files and Folders ======= 2014-03-27 13:47 - 2014-03-27 13:47 - 00021968 _____ () C:\Users\John\Downloads\FRST.txt 2014-03-27 13:47 - 2014-03-27 13:45 - 00000000 ____D () C:\FRST 2014-03-27 13:44 - 2014-03-27 13:44 - 02157056 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe 2014-03-27 13:44 - 2014-02-11 21:39 - 00001148 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf27695900b1f9.job 2014-03-27 13:43 - 2014-01-28 23:14 - 00000352 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job 2014-03-27 12:52 - 2013-03-24 12:52 - 00003170 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForJohn 2014-03-27 12:52 - 2013-03-24 12:52 - 00000358 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForJohn.job 2014-03-27 12:29 - 2013-10-18 20:32 - 02097060 _____ () C:\WINDOWS\WindowsUpdate.log 2014-03-27 12:12 - 2014-03-26 16:12 - 00000318 _____ () C:\WINDOWS\Tasks\MySearchDial.job 2014-03-27 12:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-03-27 09:25 - 2013-03-23 21:34 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-875375503-3799985134-3711563178-1001 2014-03-27 09:11 - 2014-03-27 09:11 - 00011115 _____ () C:\Users\Justine\Downloads\hijackthis.log 2014-03-27 09:11 - 2014-03-27 09:10 - 00388608 _____ (Trend Micro Inc.) C:\Users\Justine\Downloads\HiJackThis204.exe 2014-03-27 09:11 - 2013-03-24 08:12 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-875375503-3799985134-3711563178-1005 2014-03-27 09:11 - 2013-03-24 08:06 - 00000000 ____D () C:\Users\Justine\AppData\Local\VirtualStore 2014-03-27 09:06 - 2013-10-09 18:40 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-03-27 09:06 - 2013-10-09 18:39 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-27 08:39 - 2014-03-27 08:39 - 00011295 _____ () C:\Users\John\Downloads\hijackthis.log 2014-03-27 08:38 - 2014-03-27 08:38 - 00388608 _____ (Trend Micro Inc.) C:\Users\John\Downloads\HiJackThis204.exe 2014-03-27 07:03 - 2013-03-24 14:15 - 00000000 ____D () C:\Users\John\Desktop\System 2014-03-26 23:40 - 2014-03-26 23:40 - 00000000 ____D () C:\Users\John\Documents\ProcAlyzer Dumps 2014-03-26 23:40 - 2014-03-26 22:01 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-03-26 22:03 - 2014-03-26 22:01 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-03-26 22:01 - 2014-03-26 22:01 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking 2014-03-26 22:00 - 2014-03-26 21:59 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\John\Downloads\spybot-2.2.25.exe 2014-03-26 21:02 - 2014-01-02 17:46 - 00000000 ____D () C:\Program Files (x86)\VideoDownloadConverter 2014-03-26 21:02 - 2013-09-30 05:14 - 01980998 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-03-26 21:02 - 2013-09-30 04:56 - 00841326 _____ () C:\WINDOWS\system32\perfh007.dat 2014-03-26 21:02 - 2013-09-30 04:56 - 00191558 _____ () C:\WINDOWS\system32\perfc007.dat 2014-03-26 20:57 - 2013-09-29 20:04 - 00022256 _____ () C:\WINDOWS\PFRO.log 2014-03-26 20:57 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-03-26 20:57 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2014-03-26 20:57 - 2012-10-19 20:27 - 00000000 ____D () C:\WINDOWS\en 2014-03-26 20:49 - 2014-03-26 17:48 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-03-26 20:14 - 2013-04-11 17:30 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\.minecraft 2014-03-26 18:33 - 2014-03-26 18:27 - 00000000 ____D () C:\Users\Justine\Downloads\Sphax PureBDcraft 512x MC17 2014-03-26 18:32 - 2014-03-26 18:32 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\OpenOffice 2014-03-26 18:26 - 2014-03-26 18:23 - 115988950 _____ () C:\Users\Justine\Downloads\Sphax PureBDcraft 512x MC17.zip 2014-03-26 18:00 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media 2014-03-26 18:00 - 2013-03-23 22:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-26 17:59 - 2013-08-11 22:53 - 00000000 ____D () C:\FFOutput 2014-03-26 17:48 - 2014-03-26 17:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-26 17:47 - 2014-03-26 17:47 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Justine\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-26 17:47 - 2014-03-26 17:47 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-26 17:41 - 2014-03-26 17:40 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\vlc 2014-03-26 16:55 - 2013-03-24 04:13 - 00000000 ____D () C:\Users\John\AppData\Roaming\vlc 2014-03-26 16:12 - 2014-03-26 16:12 - 00002656 _____ () C:\WINDOWS\System32\Tasks\MySearchDial 2014-03-26 16:12 - 2014-03-26 16:12 - 00000045 _____ () C:\Users\John\AppData\Roaming\WB.CFG 2014-03-26 16:10 - 2014-03-26 16:10 - 00001009 _____ () C:\Users\John\Desktop\MiPony.lnk 2014-03-26 16:10 - 2014-03-26 16:10 - 00001009 _____ () C:\Users\Hana\Desktop\MiPony.lnk 2014-03-26 16:10 - 2014-03-26 16:10 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiPony 2014-03-26 16:10 - 2014-03-26 16:10 - 00000000 ____D () C:\Program Files (x86)\MiPony 2014-03-26 16:04 - 2014-03-26 16:04 - 00000000 ____D () C:\Users\Justine\AppData\Local\Google 2014-03-26 16:00 - 2014-03-26 15:46 - 43091448 _____ () C:\Users\Justine\Desktop\64px [mc1.7.4] HD MK WORKING 1.0.zip 2014-03-26 15:41 - 2014-03-26 15:41 - 01058296 _____ () C:\Users\Justine\Downloads\Honeyball-Texture-Pack-fr-Minecraft-lnstall.exe 2014-03-26 15:40 - 2014-03-26 15:30 - 00000000 ____D () C:\Users\Justine\Downloads\Neuer Ordner 2014-03-26 14:36 - 2014-03-26 14:36 - 00001081 _____ () C:\Users\Justine\Desktop\Minecraft - Verknüpfung.lnk 2014-03-25 22:06 - 2014-03-25 22:03 - 00000000 ____D () C:\Users\John\Downloads\cdex_151 2014-03-25 22:02 - 2014-03-25 22:02 - 01923290 _____ () C:\Users\John\Downloads\cdex_151.zip 2014-03-25 22:02 - 2014-03-25 22:02 - 01923290 _____ () C:\Users\John\Downloads\cdex_151(1).zip 2014-03-25 21:49 - 2013-03-23 22:26 - 00000000 ____D () C:\Users\John\AppData\Roaming\UseNeXT 2014-03-25 21:39 - 2013-03-23 22:26 - 00000000 ___RD () C:\Users\John\Downloads\UseNeXT 2014-03-25 20:08 - 2014-03-25 20:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-25 19:06 - 2014-03-25 19:06 - 00675988 _____ () C:\Users\Justine\Downloads\Minecraft.exe 2014-03-24 21:13 - 2013-03-25 19:48 - 00000000 ____D () C:\Users\John\dwhelper 2014-03-24 15:11 - 2014-02-12 22:40 - 00026624 _____ () C:\Users\John\Documents\FFM-NBG 2013.xls 2014-03-24 09:19 - 2013-09-08 14:19 - 00000000 ____D () C:\FILME 0913 2014-03-23 12:37 - 2014-03-23 12:37 - 00000000 ____D () C:\Users\Justine\Documents\Manic Digger 2014-03-23 12:24 - 2013-03-24 12:52 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log 2014-03-23 12:24 - 2013-03-24 12:52 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-03-21 06:25 - 2013-08-14 17:54 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-03-21 06:23 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-03-21 06:23 - 2013-03-24 22:33 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-03-19 17:11 - 2014-03-19 17:08 - 00000000 ____D () C:\Users\Justine\Documents\Minecraft Skin 2014-03-18 12:08 - 2014-03-18 12:08 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\Apple Computer 2014-03-18 12:08 - 2014-03-18 12:08 - 00000000 ____D () C:\Users\Justine\AppData\Local\Apple Computer 2014-03-18 12:07 - 2014-03-18 12:07 - 00000000 ____D () C:\Users\Justine\Documents\DVDVideoSoft 2014-03-18 12:07 - 2014-03-18 12:07 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\DVDVideoSoft 2014-03-17 17:32 - 2014-03-17 17:32 - 00000000 ____D () C:\Users\Justine\Documents\Electronic Arts 2014-03-16 19:55 - 2014-01-28 17:47 - 00000000 ____D () C:\ProgramData\HP Photo Creations 2014-03-16 18:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-03-16 16:58 - 2014-03-16 16:58 - 00000000 ____D () C:\Users\Justine\AppData\Local\Macromedia 2014-03-16 16:57 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-03-16 16:50 - 2013-03-25 16:42 - 00000000 ____D () C:\Users\Justine\AppData\Local\Mozilla 2014-03-16 16:49 - 2014-03-16 16:49 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP 2014-03-16 16:49 - 2014-03-16 16:49 - 00000000 ____D () C:\Users\Justine\AppData\Local\VideoDownloadConverter_4z 2014-03-16 16:49 - 2013-03-24 08:06 - 00000000 ____D () C:\Users\Justine\AppData\Local\Packages 2014-03-16 16:48 - 2014-03-16 16:48 - 00001452 _____ () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-03-16 16:48 - 2013-03-24 08:06 - 00000000 ___RD () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-16 16:48 - 2013-03-24 08:06 - 00000000 ___RD () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-03-16 16:48 - 2013-03-23 21:28 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD 2014-03-16 16:47 - 2014-03-16 16:47 - 00000660 __RSH () C:\Users\Justine\ntuser.pol 2014-03-16 16:47 - 2014-03-16 16:47 - 00000020 ___SH () C:\Users\Justine\ntuser.ini 2014-03-16 16:47 - 2013-10-18 20:23 - 00000000 ____D () C:\Users\Justine 2014-03-16 16:46 - 2013-08-22 15:44 - 00366304 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-03-16 16:44 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-16 16:44 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-16 16:44 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-03-16 16:44 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-03-05 22:44 - 2014-03-05 22:44 - 00001495 _____ () C:\Users\Public\Desktop\Zwischenland Die fliegende Insel.lnk 2014-03-05 22:44 - 2014-03-05 22:44 - 00001149 _____ () C:\Users\Public\Desktop\GAME CENTER.lnk 2014-03-05 22:44 - 2014-03-05 22:44 - 00000000 ____D () C:\Users\John\AppData\Roaming\Specialbit 2014-03-05 22:43 - 2013-10-19 18:04 - 00000000 ____D () C:\Program Files (x86)\DEUTSCHLAND SPIELT 2014-03-05 22:34 - 2014-03-05 22:30 - 279230976 _____ (INTENIUM GmbH) C:\Users\John\Downloads\ZwischenlandDieFliegendeInsel(1).exe 2014-03-05 09:26 - 2014-03-26 17:48 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-03-05 09:26 - 2014-03-26 17:48 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-03-05 09:26 - 2014-03-26 17:48 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-03-04 23:53 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-03-04 23:53 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-04 21:56 - 2014-03-04 21:50 - 434313274 _____ () C:\Users\John\Downloads\Camera Uploads 25022014-04032014.zip 2014-03-04 16:05 - 2014-03-04 16:05 - 00013337 _____ () C:\Users\John\Downloads\ArbeitsamtAbschlagsänderung2014.odt 2014-03-04 07:19 - 2014-03-04 07:19 - 00002262 _____ () C:\Users\Public\Desktop\Die Sims™ 3 Inselparadies.lnk 2014-03-04 07:19 - 2014-03-04 07:19 - 00000993 _____ () C:\Users\Public\Desktop\Origin.lnk 2014-03-04 07:19 - 2013-03-30 12:03 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-03-04 07:16 - 2013-03-30 11:38 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts 2014-03-04 07:16 - 2012-10-19 20:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-03-03 10:03 - 2014-03-03 10:03 - 00000000 ____D () C:\ProgramData\ESET 2014-03-03 10:03 - 2014-03-03 10:03 - 00000000 ____D () C:\Program Files\ESET 2014-03-03 09:57 - 2014-03-03 09:57 - 01681800 _____ (ESET) C:\Users\John\Downloads\eset_nod32_antivirus_live_installer_.exe 2014-03-02 22:22 - 2013-08-22 15:46 - 00385696 _____ () C:\WINDOWS\setupact.log 2014-03-01 07:05 - 2014-03-12 21:16 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-03-01 05:58 - 2014-03-12 21:16 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-03-01 05:30 - 2014-03-12 21:16 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-03-01 05:17 - 2014-03-12 21:16 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-03-01 04:54 - 2014-03-12 21:16 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-03-01 04:47 - 2014-03-12 21:16 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-03-01 04:42 - 2014-03-12 21:16 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-03-01 04:18 - 2014-03-12 21:16 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-03-01 04:14 - 2014-03-12 21:16 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-03-01 04:10 - 2014-03-12 21:16 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-03-01 04:03 - 2014-03-12 21:16 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-03-01 03:57 - 2014-03-12 21:16 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-03-01 03:38 - 2014-03-12 21:16 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-03-01 03:32 - 2014-03-12 21:16 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-03-01 03:27 - 2014-03-12 21:16 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-03-01 03:25 - 2014-03-12 21:16 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-03-01 03:25 - 2014-03-12 21:16 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-02-28 17:24 - 2014-02-28 09:02 - 00000000 ____D () C:\Users\John\AppData\Local\QuickPar 2014-02-27 10:09 - 2014-02-27 10:09 - 00028868 _____ () C:\Users\John\Downloads\S_20140227_10945_Neue_Nachrichten.zip 2014-02-26 15:43 - 2013-03-25 20:05 - 00000000 ____D () C:\Users\John\AppData\Roaming\MyPhoneExplorer 2014-02-25 23:07 - 2013-10-18 20:23 - 00000000 ____D () C:\Users\John 2014-02-25 10:11 - 2013-07-13 06:09 - 00000000 ____D () C:\Users\John\AppData\Local\Adobe 2014-02-25 08:52 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2014-03-12 21:16] - [2014-01-31 17:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02 LastRegBack: 2014-03-26 23:23 ==================== End Of Log ============================ --- --- --- Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by John at 2014-03-27 13:47:42 Running from C:\Users\John\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} ==================== Installed Programs ====================== 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.) Animated Wallpaper - Beautiful Space 3D (HKLM\...\Beautiful Space 3D_is1) (Version: 1.13 - PUSH Entertainment) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Artist Colony (HKLM-x32\...\Artist Colony) (Version: 1.0.0.0 - INTENIUM GmbH) Bing Bar (HKLM-x32\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden calibre (HKLM-x32\...\{CE9EE84E-F7A9-4256-8785-0CB35014DD33}) (Version: 0.9.26 - Kovid Goyal) CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version: - dvd8n) Cheatbusters 1.0.0.0 (HKLM-x32\...\Cheatbusters 1.0.0.0) (Version: 1.0.0.0 - Shadow - Time to play) Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite) Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden CraftROBO DesignMaster (C:\CraftROBO DesignMaster) (HKLM-x32\...\{385B9A14-B5DD-487C-A0E3-25FB62DA8E9E}) (Version: 7 - CADlink) CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.) CyberLink LabelPrint (x32 Version: 2.5.1.5510 - CyberLink Corp.) Hidden CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.) CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.) CyberLink Power2Go 8 (x32 Version: 8.0.1.1902 - CyberLink Corp.) Hidden CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.4930 - CyberLink Corp.) CyberLink PowerDVD (x32 Version: 10.0.8.4930 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Delicious: Emily und der Duft des Erfolgs (HKLM-x32\...\Delicious: Emily und der Duft des Erfolgs) (Version: 1.0.0.0 - INTENIUM GmbH) Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 1.0.0.46 - INTENIUM GmbH) DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.55.4 - Electronic Arts) Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts) Die Sims™ 3 Inselparadies (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts) Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts) Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts) Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts) Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts) Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts) Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts) DJ_AIO_03_F4200_Software_Min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden Dropbox (HKCU\...\Dropbox) (Version: 2.4.6 - Dropbox, Inc.) Edna Bricht Aus - Sammler Edition (HKLM-x32\...\EdnaSE) (Version: 1.2 - Daedalic Entertainment) Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard) ESET NOD32 Antivirus (HKLM\...\{7EE0D9E8-299E-4E7A-8BDE-B1D295E30077}) (Version: 7.0.302.26 - ESET, spol s r. o.) F4200 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time) Free Video to MP3 Converter version 5.0.24.430 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.24.430 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.) GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden Harveys neue Augen Special Edition (HKLM-x32\...\Harveys neue Augen Special Edition) (Version: 1.3 - Daedalic Entertainment) Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd) HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard) HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Deskjet 1010 series - Grundlegende Software für das Gerät (HKLM\...\{7F30B5E6-174F-4039-BFA7-7189BE15EC6E}) (Version: 30.0.1093.41190 - Hewlett-Packard Co.) HP Deskjet 1010 series Hilfe (HKLM-x32\...\{307E9E87-616E-4DC5-B509-6AB3BD2BBF87}) (Version: 30.0.0 - Hewlett Packard) HP Deskjet F4200 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{8C925017-72A8-4C4A-AF21-84901E26638F}) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP) HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) Hidden HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Support Assistant (HKLM-x32\...\{FF27F674-821E-4BA2-985B-DDF539C2CD03}) (Version: 7.0.33.6 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard) HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard) HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden iTunes (HKLM\...\{A04DCB25-7040-4935-A30D-8E0A893ABF2D}) (Version: 11.1.2.32 - Apple Inc.) jAlbum (HKLM-x32\...\{E87F1FFB-A689-4AB4-B79C-4FC4AAF4A1FD}) (Version: 11.6.14 - Jalbum AB) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java(TM) 7 Update 2 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417002FF}) (Version: 7.0.20 - Oracle) Joe (HKLM-x32\...\{F8C986EA-13F8-4B39-91C3-A6B9A851CD34}) (Version: 4.01.0000 - Wirth IT Design) lingDIALOG (HKLM-x32\...\InstallShield_{071B843C-9A39-40B3-BB01-BBD6A8D2E1C5}) (Version: 3.0908 - WEVOSYS) lingDIALOG (x32 Version: 3.0908 - WEVOSYS) Hidden Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation) Manic Digger (HKLM-x32\...\{119E2FCB-5CDD-4C24-BCB2-56A824E2BF0A}_is1) (Version: - ) MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) MiPony 2.0.2 (HKLM-x32\...\MiPony) (Version: 2.0.2 - ) Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.2 - F.J. Wechselberger) Nero 12 (HKLM-x32\...\{B3E6F9B5-35CC-4010-8EDA-55ACCF468A82}) (Version: 12.5.02100 - Nero AG) Nero 12 Content Pack (HKLM-x32\...\{4E7AC009-5212-499F-942F-A5AA42AE359E}) (Version: 12.0.00400 - Nero AG) Nero Abstract Themes (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden Nero BackItUp (x32 Version: 12.5.7000 - Nero AG) Hidden Nero BackItUp Help (CHM) (x32 Version: 12.0.13000 - Nero AG) Hidden Nero Blu-ray Player (x32 Version: 12.0.20030 - Nero AG) Hidden Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.9000 - Nero AG) Hidden Nero Burning ROM (x32 Version: 12.5.6000 - Nero AG) Hidden Nero Burning ROM Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden Nero Cliparts (x32 Version: 12.0.11500 - Nero AG) Hidden Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden Nero ControlCenter Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden Nero Core Components (x32 Version: 11.0.21800 - Nero AG) Hidden Nero Disc Menus 1 (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Disc Menus 2 (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Disc Menus 3 (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Disc Menus Basic (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Express (x32 Version: 12.5.7000 - Nero AG) Hidden Nero Express Help (CHM) (x32 Version: 12.0.13000 - Nero AG) Hidden Nero Family and Events Themes (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Football (Soccer) Themes (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Holiday and Sports Themes (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Image Samples (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Kwik Media (x32 Version: 1.18.20100 - Nero AG) Hidden Nero Kwik Media Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Launcher (x32 Version: 12.2.7000 - Nero AG) Hidden Nero PiP Effects 1 (x32 Version: 12.0.11500 - Nero AG) Hidden Nero PiP Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Platinum Effects 12 (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Recode (x32 Version: 12.5.6000 - Nero AG) Hidden Nero Recode Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden Nero RescueAgent (x32 Version: 12.0.11000 - Nero AG) Hidden Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden Nero Retro Film Themes (x32 Version: 12.0.11700 - Nero AG) Hidden Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden Nero Video (x32 Version: 12.5.4000 - Nero AG) Hidden Nero Video Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden Nero Video Samples (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Video Transitions 1 (x32 Version: 12.0.11500 - Nero AG) Hidden neroxml (x32 Version: 1.0.0 - Nero AG) Hidden OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation) Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.) Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.) Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden SuperHTML Web Studio 8.5.6 (HKLM-x32\...\{31D72726-2A42-11E1-9D98-20824824019B}_is1) (Version: 8.5.6 - mirabyte GmbH & Co. KG) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.) Video Wallpaper (HKLM\...\Video Wallpaper_is1) (Version: 2.58 - PUSH Entertainment) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden Welcome App (Start-up experience) (x32 Version: 12.0.15000 - Nero AG) Hidden Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden WinZip 17.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D8}) (Version: 17.0.10381 - WinZip Computing, S.L. ) Zwischenland: Die fliegende Insel (HKLM-x32\...\Zwischenland: Die fliegende Insel) (Version: 1.0.0.0 - INTENIUM GmbH) ==================== Restore Points ========================= 12-03-2014 20:17:42 Windows Update 21-03-2014 05:22:47 Windows Update 23-03-2014 22:15:17 HPSF Restore Point ==================== Hosts content: ========================== 2013-08-22 14:25 - 2014-03-26 22:50 - 00450709 ____R C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {0B852AC9-CD4B-4630-9742-6470758EF475} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {0CE72F4D-EA7B-4BDF-8BBB-FF1F9A5D23C8} - System32\Tasks\GoogleUpdateTaskMachineUA1cec963a392db2a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.) Task: {1207424E-7342-4284-8BB8-D09647E5689C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {273AFC99-55F2-4E39-9ADE-018364193A7F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company) Task: {2BD0C28F-0151-43A7-A38B-DB491A072441} - System32\Tasks\HP AR Program Upload - 3d6661d696e94d978c031dcc210cac564c842311e7594d34bf2e2bdee6316c5b => C:\Program Files\HP\HP Deskjet 1010 series\bin\HPRewards.exe [2013-02-08] (TODO: <Company name>) Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {30A49235-5749-44A8-AEAE-7DC47690B8FF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {510FD04C-DC5D-429C-8CEF-DB6D988B6BF5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {595CABF8-8BD3-4271-9584-C46B977051F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.) Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {75A67260-8218-4B7A-B039-8949698527DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company) Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {780F9F2F-1055-4B4A-AF2B-87A853CC8959} - System32\Tasks\MySearchDial => C:\Users\John\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {8D6214AB-7FB8-4F7F-BEFC-6D8AF859B16C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company) Task: {9A6B05F9-F8A4-4C71-BF2A-722B90165EEB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company) Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {A09C9519-8BF8-4026-A0DA-C26AE98C2CC5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-03-21] (Microsoft Corporation) Task: {A3B2ABB9-6AAD-4148-BF74-B242E47D97B2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {C3AABE5F-BB08-4AB5-9278-9F9F77871818} - System32\Tasks\HPCeeScheduleForJohn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard) Task: {C3B6A201-FD56-47C6-8523-20D4C2BB0853} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.) Task: {CD07F67A-330F-4411-A24C-C365D19C9798} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2014-01-28] () Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D0AD6B10-F4C9-49EB-9463-5C8C5EB4F93D} - System32\Tasks\WebReg HP Deskjet F4200 series => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe [2011-04-29] (Hewlett-Packard Company) Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {DC750267-134B-4B00-9332-C2DE6A0AE5C0} - System32\Tasks\GoogleUpdateTaskMachineUA1cf27695900b1f9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.) Task: {E5FC2F99-8C70-4D6B-815D-3FFDF46E8A91} - System32\Tasks\GoogleUpdateTaskMachineUA1cef11530b5334a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.) Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf27695900b1f9.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForJohn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\WINDOWS\Tasks\MySearchDial.job => C:\Users\John\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\WINDOWS\Tasks\WebReg HP Deskjet F4200 series.job => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe ==================== Loaded Modules (whitelisted) ============= 2012-12-14 01:42 - 2012-12-14 01:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-01-28 23:14 - 2014-01-28 23:14 - 00185920 _____ () C:\ProgramData\HP Photo Creations\Communicator.exe 2013-01-28 12:08 - 2013-01-28 12:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-01-28 12:08 - 2013-01-28 12:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2012-10-19 20:17 - 2012-07-18 09:36 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2014-03-26 22:01 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2014-03-26 22:01 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-03-26 22:01 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2014-03-26 22:01 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-03-26 22:01 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2012-10-19 20:23 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2014-03-25 20:08 - 2014-03-25 20:08 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\John\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/26/2014 11:40:13 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: SDTools.exe, Version: 2.2.18.150, Zeitstempel: 0x51949fd7 Name des fehlerhaften Moduls: SDLists.dll_unloaded, Version: 2.1.18.4, Zeitstempel: 0x51949f17 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000151e2 ID des fehlerhaften Prozesses: 0x580 Startzeit der fehlerhaften Anwendung: 0xSDTools.exe0 Pfad der fehlerhaften Anwendung: SDTools.exe1 Pfad des fehlerhaften Moduls: SDTools.exe2 Berichtskennung: SDTools.exe3 Vollständiger Name des fehlerhaften Pakets: SDTools.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SDTools.exe5 Error: (03/26/2014 11:27:33 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1". Die abhängige Assemblierung "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (03/26/2014 11:25:53 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1". Die abhängige Assemblierung "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (03/26/2014 04:51:14 PM) (Source: Application Hang) (User: ) Description: Programm wwahost.exe, Version 6.3.9600.16431 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1de0 Startzeit: 01cf490b26665c22 Endzeit: 16 Anwendungspfad: C:\WINDOWS\system32\wwahost.exe Berichts-ID: 747ffba4-b4fe-11e3-bf36-4c72b9419957 Vollständiger Name des fehlerhaften Pakets: Microsoft.ZuneVideo_2.2.299.0_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.ZuneVideo Error: (03/26/2014 04:18:16 PM) (Source: Application Hang) (User: ) Description: Programm firefox.exe, Version 28.0.0.5186 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 313c Startzeit: 01cf4905bddd689e Endzeit: 41 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: d5b8877d-b4f9-11e3-bf36-4c72b9419957 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (03/25/2014 09:33:55 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1". Die abhängige Assemblierung "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (03/25/2014 03:50:08 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_12_0_0_70.exe, Version: 12.0.0.70, Zeitstempel: 0x53016278 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00b013f0 ID des fehlerhaften Prozesses: 0x3500 Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_12_0_0_70.exe0 Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_12_0_0_70.exe1 Pfad des fehlerhaften Moduls: FlashPlayerPlugin_12_0_0_70.exe2 Berichtskennung: FlashPlayerPlugin_12_0_0_70.exe3 Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_12_0_0_70.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_12_0_0_70.exe5 Error: (03/25/2014 01:42:53 PM) (Source: Application Hang) (User: ) Description: Programm PhotosApp.exe, Version 6.3.9600.16507 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c84 Startzeit: 01cf4827b080efd9 Endzeit: 4294967295 Anwendungspfad: C:\WINDOWS\FileManager\PhotosApp.exe Berichts-ID: f81ef1f0-b41a-11e3-bf36-4c72b9419957 Vollständiger Name des fehlerhaften Pakets: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.Windows.PhotoManager Error: (03/25/2014 01:42:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: HanaHomeOffice) Description: Bei der Aktivierung der App „FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (03/25/2014 01:42:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: HanaHomeOffice) Description: Die App „FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy+Microsoft.Windows.PhotoManager“ wurde nicht innerhalb der vorgesehenen Zeit gestartet. System errors: ============= Error: (03/27/2014 01:33:42 PM) (Source: bowser) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (03/27/2014 00:42:36 PM) (Source: bowser) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (03/27/2014 11:42:30 AM) (Source: bowser) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (03/27/2014 09:27:00 AM) (Source: DCOM) (User: HanaHomeOffice) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (03/27/2014 09:09:16 AM) (Source: bowser) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (03/27/2014 09:06:41 AM) (Source: DCOM) (User: HanaHomeOffice) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (03/27/2014 08:09:10 AM) (Source: bowser) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (03/27/2014 07:03:02 AM) (Source: bowser) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (03/26/2014 11:04:57 PM) (Source: bowser) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (03/26/2014 10:01:51 PM) (Source: bowser) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Microsoft Office Sessions: ========================= Error: (03/26/2014 11:40:13 PM) (Source: Application Error)(User: ) Description: SDTools.exe2.2.18.15051949fd7SDLists.dll_unloaded2.1.18.451949f17c0000005000151e258001cf49444e3a93e6C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTools.exeSDLists.dll97d65da6-b537-11e3-bf38-4c72b9419957 Error: (03/26/2014 11:27:33 PM) (Source: SideBySide)(User: ) Description: ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files (x86)\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest Error: (03/26/2014 11:25:53 PM) (Source: SideBySide)(User: ) Description: ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files (x86)\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest Error: (03/26/2014 04:51:14 PM) (Source: Application Hang)(User: ) Description: wwahost.exe6.3.9600.164311de001cf490b26665c2216C:\WINDOWS\system32\wwahost.exe747ffba4-b4fe-11e3-bf36-4c72b9419957Microsoft.ZuneVideo_2.2.299.0_x64__8wekyb3d8bbweMicrosoft.ZuneVideo Error: (03/26/2014 04:18:16 PM) (Source: Application Hang)(User: ) Description: firefox.exe28.0.0.5186313c01cf4905bddd689e41C:\Program Files (x86)\Mozilla Firefox\firefox.exed5b8877d-b4f9-11e3-bf36-4c72b9419957 Error: (03/25/2014 09:33:55 PM) (Source: SideBySide)(User: ) Description: ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files (x86)\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest Error: (03/25/2014 03:50:08 PM) (Source: Application Error)(User: ) Description: FlashPlayerPlugin_12_0_0_70.exe12.0.0.7053016278unknown0.0.0.000000000c000000500b013f0350001cf482a01e0b89dC:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exeunknownc20bd703-b42c-11e3-bf36-4c72b9419957 Error: (03/25/2014 01:42:53 PM) (Source: Application Hang)(User: ) Description: PhotosApp.exe6.3.9600.16507c8401cf4827b080efd94294967295C:\WINDOWS\FileManager\PhotosApp.exef81ef1f0-b41a-11e3-bf36-4c72b9419957FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewyMicrosoft.Windows.PhotoManager Error: (03/25/2014 01:42:49 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: HanaHomeOffice) Description: FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager-2144927142 Error: (03/25/2014 01:42:47 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: HanaHomeOffice) Description: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy+Microsoft.Windows.PhotoManager ==================== Memory info =========================== Percentage of memory in use: 23% Total physical RAM: 6010.68 MB Available physical RAM: 4593.15 MB Total Pagefile: 6970.68 MB Available Pagefile: 5034.97 MB Total Virtual: 131072 MB Available Virtual: 131071.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:711.06 GB) (Free:393.4 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Recovery Image) (Fixed) (Total:8.61 GB) (Free:0.99 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive g: (TOSHIBA EXT) (Fixed) (Total:623.07 GB) (Free:42.66 GB) NTFS Drive h: (Spiele_X) (Fixed) (Total:619.97 GB) (Free:22.81 GB) NTFS Drive i: (Bilder_Musik_X) (Fixed) (Total:619.97 GB) (Free:13.56 GB) NTFS Drive j: (Daten) (Fixed) (Total:675.78 GB) (Free:90.74 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 1397 GB) (Disk ID: 89A7F66A) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 1863 GB) (Disk ID: FCECE274) Partition: GPT Partition Type. ==================== End Of Log ============================ Code:
ATTFilter O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) Geändert von wegasoft (27.03.2014 um 14:09 Uhr) Grund: Ergänzung HJT-Log |
28.03.2014, 09:23 | #4 |
/// the machine /// TB-Ausbilder | Win 8.1 (64 Bit): lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen? Nochmal. HJT ist alt und zeigt nur Müll an. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicyUsers\S-1-5-21-875375503-3799985134-3711563178-1005\User: Group Policy restriction detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-875375503-3799985134-3711563178-1004\User: Group Policy restriction detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-875375503-3799985134-3711563178-1001\User: Group Policy restriction detected <======= ATTENTION Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Da ist Adware auf dem System: Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
01.04.2014, 20:09 | #5 |
| Win 8.1 (64 Bit): lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen? Danke für die Anleitung, sorry für die Wartezeit. Hier die Logs. John |
02.04.2014, 13:43 | #6 |
/// the machine /// TB-Ausbilder | Win 8.1 (64 Bit): lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen? Hi, Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke. So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Win 8.1 (64 Bit): lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen? |
03.04.2014, 01:58 | #7 |
| Win 8.1 (64 Bit): lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen? Hallo schrauber, die Logs anbei: FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by John (administrator) on HANAHOMEOFFICE on 03-04-2014 02:52:16 Running from C:\Users\John\Downloads Windows 8.1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\WINDOWS\system32\dashost.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe (Intel(R) Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe () C:\ProgramData\HP Photo Creations\Communicator.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456 2013-09-12] (ESET) HKLM-x32\...\Run: [CLMLServer_For_P2G8] - c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] - c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-25] (Hewlett-Packard) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-875375503-3799985134-3711563178-1001\...\MountPoints2: {813fe800-b08a-11e2-bea2-4c72b9419957} - "L:\LaunchU3.exe" -a HKU\S-1-5-21-875375503-3799985134-3711563178-1001\...\MountPoints2: {89193c5e-5e3d-11e3-bf2a-4c72b9419957} - "L:\GSLoader.exe" Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 1010 series.lnk ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 1010 series.lnk -> C:\Program Files\HP\HP Deskjet 1010 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2A1259230628CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll No File BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8lfxhffq.default-1390413753507 FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: DownloadHelper - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8lfxhffq.default-1390413753507\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25] FF Extension: DownThemAll! - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8lfxhffq.default-1390413753507\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-03-01] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-03-03] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-03-03] Chrome: ======= CHR HomePage: hxxp://google.de/ CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-09] CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-09] CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-09] CHR Extension: (Google-Suche) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-09] CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-09] CHR Extension: (Google Mail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-09] ==================== Services (Whitelisted) ================= R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET) S3 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-08-01] (Realtek Semiconductor) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-18] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows (R) Codename Longhorn DDK provider) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET) R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET) R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation) S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation) S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-03 02:48 - 2014-04-03 02:48 - 00000927 _____ () C:\Users\John\Downloads\checkup.txt 2014-04-03 01:54 - 2014-04-03 01:54 - 00001859 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-04-03 01:54 - 2014-04-03 01:54 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-04-03 01:51 - 2014-04-03 01:51 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-04-03 01:50 - 2014-04-03 01:51 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-04-03 01:50 - 2014-04-03 01:51 - 00000000 ____D () C:\Program Files\iTunes 2014-04-03 01:50 - 2014-04-03 01:51 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-04-03 01:50 - 2014-04-03 01:50 - 00000000 ____D () C:\Program Files\iPod 2014-04-02 21:19 - 2014-04-02 21:24 - 00000000 ____D () C:\GalaxyMini02042014 2014-04-02 20:37 - 2014-04-02 20:37 - 00987442 _____ () C:\Users\John\Downloads\SecurityCheck.exe 2014-04-01 21:01 - 2014-04-01 21:01 - 00000897 _____ () C:\Users\John\Documents\JRT.txt 2014-04-01 21:00 - 2014-04-01 21:00 - 00000897 _____ () C:\Users\John\Desktop\JRT.txt 2014-04-01 20:56 - 2014-04-01 20:56 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-04-01 20:55 - 2014-04-01 20:55 - 01038974 _____ (Thisisu) C:\Users\John\Downloads\JRT.exe 2014-04-01 20:52 - 2014-04-01 20:52 - 00000378 _____ () C:\Users\John\Documents\Fixlist.txt 2014-03-31 14:00 - 2014-03-31 14:00 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-03-31 13:59 - 2014-03-31 13:59 - 02347384 _____ (ESET) C:\Users\John\Downloads\esetsmartinstaller_enu.exe 2014-03-31 13:58 - 2014-03-31 13:58 - 00707006 _____ () C:\Users\John\Downloads\delfix.exe 2014-03-30 16:28 - 2014-03-30 16:28 - 00001163 _____ () C:\MBAM30032014.txt 2014-03-30 16:23 - 2014-03-30 16:23 - 00001206 _____ () C:\MBAM30032014.Xml 2014-03-29 12:07 - 2014-03-29 12:07 - 00007305 _____ () C:\MBAMProtokoll.Xml 2014-03-29 11:52 - 2014-03-29 11:52 - 00005267 _____ () C:\MBAMProtokoll.txt 2014-03-28 17:27 - 2014-03-28 17:27 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-28 17:25 - 2014-03-28 17:25 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-28 08:33 - 2014-03-28 08:41 - 00000000 ____D () C:\AdwCleaner 2014-03-28 08:33 - 2014-03-28 08:33 - 01950720 _____ () C:\Users\John\Downloads\adwcleaner.exe 2014-03-28 08:06 - 2014-04-03 02:11 - 00001148 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf4a4bed7a56f2.job 2014-03-28 08:06 - 2014-03-28 08:06 - 00004120 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1cf4a4bed7a56f2 2014-03-27 15:48 - 2014-03-27 15:48 - 00374842 _____ () C:\Users\Justine\Downloads\OptiFine_1.6.2.zip 2014-03-27 15:44 - 2014-03-27 15:44 - 00001331 _____ () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft - Verknüpfung.lnk 2014-03-27 14:47 - 2014-04-03 02:52 - 00014649 _____ () C:\Users\John\Downloads\FRST.txt 2014-03-27 14:47 - 2014-03-27 14:48 - 00041749 _____ () C:\Users\John\Downloads\Addition.txt 2014-03-27 14:45 - 2014-04-03 02:52 - 00000000 ____D () C:\FRST 2014-03-27 14:44 - 2014-03-27 14:44 - 02157056 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe 2014-03-27 10:11 - 2014-03-27 10:11 - 00011115 _____ () C:\Users\Justine\Downloads\hijackthis.log 2014-03-27 10:10 - 2014-03-27 10:11 - 00388608 _____ (Trend Micro Inc.) C:\Users\Justine\Downloads\HiJackThis204.exe 2014-03-27 09:39 - 2014-03-27 09:39 - 00011295 _____ () C:\Users\John\Downloads\hijackthis.log 2014-03-27 09:38 - 2014-03-27 09:38 - 00388608 _____ (Trend Micro Inc.) C:\Users\John\Downloads\HiJackThis204.exe 2014-03-27 00:40 - 2014-03-27 00:40 - 00000000 ____D () C:\Users\John\Documents\ProcAlyzer Dumps 2014-03-26 23:50 - 2013-08-22 15:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140326-225048.backup 2014-03-26 23:01 - 2014-03-27 00:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-03-26 23:01 - 2014-03-26 23:03 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-03-26 23:01 - 2014-03-26 23:01 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking 2014-03-26 23:01 - 2013-09-20 11:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe 2014-03-26 22:59 - 2014-03-26 23:00 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\John\Downloads\spybot-2.2.25.exe 2014-03-26 19:32 - 2014-03-26 19:32 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\OpenOffice 2014-03-26 19:27 - 2014-03-26 19:33 - 00000000 ____D () C:\Users\Justine\Downloads\Sphax PureBDcraft 512x MC17 2014-03-26 19:23 - 2014-03-26 19:26 - 115988950 _____ () C:\Users\Justine\Downloads\Sphax PureBDcraft 512x MC17.zip 2014-03-26 18:48 - 2014-03-30 16:27 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-03-26 18:48 - 2014-03-05 10:26 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-03-26 18:48 - 2014-03-05 10:26 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-03-26 18:48 - 2014-03-05 10:26 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-03-26 18:47 - 2014-03-28 17:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-26 18:47 - 2014-03-26 18:47 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Justine\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-26 18:47 - 2014-03-26 18:47 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-26 18:40 - 2014-03-26 18:41 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\vlc 2014-03-26 17:12 - 2014-03-26 17:12 - 00000045 _____ () C:\Users\John\AppData\Roaming\WB.CFG 2014-03-26 17:04 - 2014-03-26 17:04 - 00000000 ____D () C:\Users\Justine\AppData\Local\Google 2014-03-26 16:41 - 2014-03-26 16:41 - 01058296 _____ () C:\Users\Justine\Downloads\Honeyball-Texture-Pack-fr-Minecraft-lnstall.exe 2014-03-26 16:30 - 2014-03-26 16:40 - 00000000 ____D () C:\Users\Justine\Downloads\Neuer Ordner 2014-03-26 15:36 - 2014-03-27 15:44 - 00001103 _____ () C:\Users\Justine\Desktop\Minecraft - Verknüpfung.lnk 2014-03-25 23:03 - 2014-03-25 23:06 - 00000000 ____D () C:\Users\John\Downloads\cdex_151 2014-03-25 23:02 - 2014-03-25 23:02 - 01923290 _____ () C:\Users\John\Downloads\cdex_151.zip 2014-03-25 23:02 - 2014-03-25 23:02 - 01923290 _____ () C:\Users\John\Downloads\cdex_151(1).zip 2014-03-25 21:08 - 2014-03-25 21:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-25 20:06 - 2014-03-25 20:06 - 00675988 _____ () C:\Users\Justine\Downloads\Minecraft.exe 2014-03-23 23:11 - 2014-02-22 14:16 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2014-03-23 23:11 - 2014-02-22 13:24 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2014-03-23 13:37 - 2014-03-23 13:37 - 00000000 ____D () C:\Users\Justine\Documents\Manic Digger 2014-03-19 18:08 - 2014-03-19 18:11 - 00000000 ____D () C:\Users\Justine\Documents\Minecraft Skin 2014-03-18 13:08 - 2014-03-18 13:08 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\Apple Computer 2014-03-18 13:08 - 2014-03-18 13:08 - 00000000 ____D () C:\Users\Justine\AppData\Local\Apple Computer 2014-03-18 13:07 - 2014-03-18 13:07 - 00000000 ____D () C:\Users\Justine\Documents\DVDVideoSoft 2014-03-18 13:07 - 2014-03-18 13:07 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\DVDVideoSoft 2014-03-17 18:32 - 2014-03-17 18:32 - 00000000 ____D () C:\Users\Justine\Documents\Electronic Arts 2014-03-16 17:58 - 2014-03-16 17:58 - 00000000 ____D () C:\Users\Justine\AppData\Local\Macromedia 2014-03-16 17:49 - 2014-03-16 17:49 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP 2014-03-16 17:48 - 2014-03-16 17:48 - 00001452 _____ () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-03-16 17:47 - 2014-03-16 17:47 - 00000660 __RSH () C:\Users\Justine\ntuser.pol 2014-03-16 17:47 - 2014-03-16 17:47 - 00000020 ___SH () C:\Users\Justine\ntuser.ini 2014-03-12 22:17 - 2013-12-20 12:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2014-03-12 22:17 - 2013-12-20 12:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2014-03-12 22:16 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-03-12 22:16 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-03-12 22:16 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-03-12 22:16 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-03-12 22:16 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-03-12 22:16 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-03-12 22:16 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-03-12 22:16 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-03-12 22:16 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-03-12 22:16 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-03-12 22:16 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-03-12 22:16 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-03-12 22:16 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-03-12 22:16 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-03-12 22:16 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-03-12 22:16 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-03-12 22:16 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-03-12 22:16 - 2014-02-11 05:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-03-12 22:16 - 2014-02-11 04:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll 2014-03-12 22:16 - 2014-02-11 04:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll 2014-03-12 22:16 - 2014-01-31 18:15 - 00311640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys 2014-03-12 22:16 - 2014-01-31 18:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2014-03-12 22:16 - 2014-01-31 18:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2014-03-12 22:16 - 2014-01-31 15:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2014-03-12 22:16 - 2014-01-31 11:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll 2014-03-12 22:16 - 2014-01-29 11:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2014-03-12 22:16 - 2014-01-29 10:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2014-03-12 22:16 - 2014-01-29 10:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2014-03-12 22:16 - 2014-01-29 10:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2014-03-12 22:16 - 2014-01-29 10:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-03-12 22:16 - 2014-01-29 09:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2014-03-12 22:16 - 2014-01-29 09:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2014-03-12 22:16 - 2014-01-29 09:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2014-03-12 22:16 - 2014-01-29 08:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll 2014-03-12 22:16 - 2014-01-29 02:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll 2014-03-12 22:16 - 2014-01-27 21:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2014-03-12 22:16 - 2014-01-27 21:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll 2014-03-12 22:16 - 2014-01-27 21:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE 2014-03-12 22:16 - 2014-01-27 20:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll 2014-03-12 22:16 - 2014-01-27 20:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2014-03-12 22:16 - 2014-01-27 20:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll 2014-03-12 22:16 - 2014-01-27 20:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE 2014-03-12 22:16 - 2014-01-27 20:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll 2014-03-12 22:16 - 2014-01-27 19:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll 2014-03-12 22:16 - 2014-01-27 19:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll 2014-03-12 22:16 - 2014-01-27 19:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll 2014-03-12 22:16 - 2014-01-27 17:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2014-03-12 22:16 - 2014-01-27 17:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2014-03-12 22:16 - 2014-01-27 13:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2014-03-12 22:16 - 2014-01-18 01:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2014-03-12 22:16 - 2014-01-17 23:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2014-03-12 22:16 - 2013-12-21 16:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2014-03-12 22:16 - 2013-12-21 10:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll 2014-03-12 22:16 - 2013-10-31 02:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2014-03-12 22:16 - 2013-10-31 02:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2014-03-12 22:16 - 2013-10-31 02:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2014-03-05 23:44 - 2014-03-05 23:44 - 00001495 _____ () C:\Users\Public\Desktop\Zwischenland Die fliegende Insel.lnk 2014-03-05 23:44 - 2014-03-05 23:44 - 00001149 _____ () C:\Users\Public\Desktop\GAME CENTER.lnk 2014-03-05 23:44 - 2014-03-05 23:44 - 00000000 ____D () C:\Users\John\AppData\Roaming\Specialbit 2014-03-05 23:30 - 2014-03-05 23:34 - 279230976 _____ (INTENIUM GmbH) C:\Users\John\Downloads\ZwischenlandDieFliegendeInsel(1).exe 2014-03-04 22:50 - 2014-03-04 22:56 - 434313274 _____ () C:\Users\John\Downloads\Camera Uploads 25022014-04032014.zip 2014-03-04 17:05 - 2014-03-04 17:05 - 00013337 _____ () C:\Users\John\Downloads\ArbeitsamtAbschlagsänderung2014.odt 2014-03-04 08:19 - 2014-03-04 08:19 - 00002262 _____ () C:\Users\Public\Desktop\Die Sims™ 3 Inselparadies.lnk 2014-03-04 08:19 - 2014-03-04 08:19 - 00000993 _____ () C:\Users\Public\Desktop\Origin.lnk ==================== One Month Modified Files and Folders ======= 2014-04-03 02:52 - 2014-03-27 14:47 - 00014649 _____ () C:\Users\John\Downloads\FRST.txt 2014-04-03 02:52 - 2014-03-27 14:45 - 00000000 ____D () C:\FRST 2014-04-03 02:48 - 2014-04-03 02:48 - 00000927 _____ () C:\Users\John\Downloads\checkup.txt 2014-04-03 02:46 - 2013-03-23 23:26 - 00000000 ____D () C:\Users\John\AppData\Roaming\UseNeXT 2014-04-03 02:45 - 2013-03-23 23:26 - 00000000 ___RD () C:\Users\John\Downloads\UseNeXT 2014-04-03 02:43 - 2014-01-29 00:14 - 00000352 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job 2014-04-03 02:11 - 2014-03-28 08:06 - 00001148 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf4a4bed7a56f2.job 2014-04-03 02:11 - 2013-03-23 22:34 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-875375503-3799985134-3711563178-1001 2014-04-03 02:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-04-03 01:54 - 2014-04-03 01:54 - 00001859 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-04-03 01:54 - 2014-04-03 01:54 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-04-03 01:51 - 2014-04-03 01:51 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-04-03 01:51 - 2014-04-03 01:50 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-04-03 01:51 - 2014-04-03 01:50 - 00000000 ____D () C:\Program Files\iTunes 2014-04-03 01:51 - 2014-04-03 01:50 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-04-03 01:50 - 2014-04-03 01:50 - 00000000 ____D () C:\Program Files\iPod 2014-04-03 01:47 - 2012-10-19 21:23 - 00000000 ____D () C:\ProgramData\Apple 2014-04-03 01:45 - 2013-10-18 21:32 - 01401886 _____ () C:\WINDOWS\WindowsUpdate.log 2014-04-02 21:24 - 2014-04-02 21:19 - 00000000 ____D () C:\GalaxyMini02042014 2014-04-02 21:22 - 2013-03-25 21:05 - 00000000 ____D () C:\Users\John\AppData\Roaming\MyPhoneExplorer 2014-04-02 20:37 - 2014-04-02 20:37 - 00987442 _____ () C:\Users\John\Downloads\SecurityCheck.exe 2014-04-02 18:47 - 2013-09-30 06:14 - 01980998 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-04-02 18:47 - 2013-09-30 05:56 - 00841326 _____ () C:\WINDOWS\system32\perfh007.dat 2014-04-02 18:47 - 2013-09-30 05:56 - 00191558 _____ () C:\WINDOWS\system32\perfc007.dat 2014-04-02 18:46 - 2013-08-22 16:46 - 00387286 _____ () C:\WINDOWS\setupact.log 2014-04-02 17:46 - 2013-03-24 09:12 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-875375503-3799985134-3711563178-1005 2014-04-02 17:37 - 2013-10-09 19:40 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-02 17:37 - 2013-10-09 19:39 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-02 15:12 - 2013-03-24 05:13 - 00000000 ____D () C:\Users\John\AppData\Roaming\vlc 2014-04-01 23:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-04-01 21:44 - 2013-09-29 21:04 - 00034944 _____ () C:\WINDOWS\PFRO.log 2014-04-01 21:44 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-04-01 21:01 - 2014-04-01 21:01 - 00000897 _____ () C:\Users\John\Documents\JRT.txt 2014-04-01 21:00 - 2014-04-01 21:00 - 00000897 _____ () C:\Users\John\Desktop\JRT.txt 2014-04-01 20:56 - 2014-04-01 20:56 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-04-01 20:55 - 2014-04-01 20:55 - 01038974 _____ (Thisisu) C:\Users\John\Downloads\JRT.exe 2014-04-01 20:52 - 2014-04-01 20:52 - 00000378 _____ () C:\Users\John\Documents\Fixlist.txt 2014-04-01 13:09 - 2013-08-11 23:53 - 00000000 ____D () C:\FFOutput 2014-03-31 18:52 - 2013-03-24 13:52 - 00003170 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForJohn 2014-03-31 18:52 - 2013-03-24 13:52 - 00000358 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForJohn.job 2014-03-31 14:00 - 2014-03-31 14:00 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-03-31 13:59 - 2014-03-31 13:59 - 02347384 _____ (ESET) C:\Users\John\Downloads\esetsmartinstaller_enu.exe 2014-03-31 13:58 - 2014-03-31 13:58 - 00707006 _____ () C:\Users\John\Downloads\delfix.exe 2014-03-30 16:28 - 2014-03-30 16:28 - 00001163 _____ () C:\MBAM30032014.txt 2014-03-30 16:27 - 2014-03-26 18:48 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-03-30 16:23 - 2014-03-30 16:23 - 00001206 _____ () C:\MBAM30032014.Xml 2014-03-30 12:17 - 2013-03-24 13:52 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log 2014-03-30 12:17 - 2013-03-24 13:52 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-03-30 09:08 - 2013-03-25 20:48 - 00000000 ____D () C:\Users\John\dwhelper 2014-03-29 14:41 - 2013-04-11 18:30 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\.minecraft 2014-03-29 12:07 - 2014-03-29 12:07 - 00007305 _____ () C:\MBAMProtokoll.Xml 2014-03-29 11:52 - 2014-03-29 11:52 - 00005267 _____ () C:\MBAMProtokoll.txt 2014-03-28 17:27 - 2014-03-28 17:27 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-28 17:27 - 2014-03-26 18:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-28 17:25 - 2014-03-28 17:25 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-28 08:41 - 2014-03-28 08:33 - 00000000 ____D () C:\AdwCleaner 2014-03-28 08:33 - 2014-03-28 08:33 - 01950720 _____ () C:\Users\John\Downloads\adwcleaner.exe 2014-03-28 08:06 - 2014-03-28 08:06 - 00004120 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1cf4a4bed7a56f2 2014-03-28 08:06 - 2013-10-09 19:39 - 00003872 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-27 15:48 - 2014-03-27 15:48 - 00374842 _____ () C:\Users\Justine\Downloads\OptiFine_1.6.2.zip 2014-03-27 15:44 - 2014-03-27 15:44 - 00001331 _____ () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft - Verknüpfung.lnk 2014-03-27 15:44 - 2014-03-26 15:36 - 00001103 _____ () C:\Users\Justine\Desktop\Minecraft - Verknüpfung.lnk 2014-03-27 14:48 - 2014-03-27 14:47 - 00041749 _____ () C:\Users\John\Downloads\Addition.txt 2014-03-27 14:44 - 2014-03-27 14:44 - 02157056 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe 2014-03-27 10:11 - 2014-03-27 10:11 - 00011115 _____ () C:\Users\Justine\Downloads\hijackthis.log 2014-03-27 10:11 - 2014-03-27 10:10 - 00388608 _____ (Trend Micro Inc.) C:\Users\Justine\Downloads\HiJackThis204.exe 2014-03-27 10:11 - 2013-03-24 09:06 - 00000000 ____D () C:\Users\Justine\AppData\Local\VirtualStore 2014-03-27 09:39 - 2014-03-27 09:39 - 00011295 _____ () C:\Users\John\Downloads\hijackthis.log 2014-03-27 09:38 - 2014-03-27 09:38 - 00388608 _____ (Trend Micro Inc.) C:\Users\John\Downloads\HiJackThis204.exe 2014-03-27 08:03 - 2013-03-24 15:15 - 00000000 ____D () C:\Users\John\Desktop\System 2014-03-27 00:40 - 2014-03-27 00:40 - 00000000 ____D () C:\Users\John\Documents\ProcAlyzer Dumps 2014-03-27 00:40 - 2014-03-26 23:01 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-03-26 23:03 - 2014-03-26 23:01 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-03-26 23:01 - 2014-03-26 23:01 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking 2014-03-26 23:00 - 2014-03-26 22:59 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\John\Downloads\spybot-2.2.25.exe 2014-03-26 21:57 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2014-03-26 21:57 - 2012-10-19 21:27 - 00000000 ____D () C:\WINDOWS\en 2014-03-26 19:33 - 2014-03-26 19:27 - 00000000 ____D () C:\Users\Justine\Downloads\Sphax PureBDcraft 512x MC17 2014-03-26 19:32 - 2014-03-26 19:32 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\OpenOffice 2014-03-26 19:26 - 2014-03-26 19:23 - 115988950 _____ () C:\Users\Justine\Downloads\Sphax PureBDcraft 512x MC17.zip 2014-03-26 19:00 - 2013-08-22 17:36 - 00000000 __RSD () C:\WINDOWS\Media 2014-03-26 19:00 - 2013-03-23 23:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-26 18:47 - 2014-03-26 18:47 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Justine\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-26 18:47 - 2014-03-26 18:47 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-26 18:41 - 2014-03-26 18:40 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\vlc 2014-03-26 17:12 - 2014-03-26 17:12 - 00000045 _____ () C:\Users\John\AppData\Roaming\WB.CFG 2014-03-26 17:04 - 2014-03-26 17:04 - 00000000 ____D () C:\Users\Justine\AppData\Local\Google 2014-03-26 16:41 - 2014-03-26 16:41 - 01058296 _____ () C:\Users\Justine\Downloads\Honeyball-Texture-Pack-fr-Minecraft-lnstall.exe 2014-03-26 16:40 - 2014-03-26 16:30 - 00000000 ____D () C:\Users\Justine\Downloads\Neuer Ordner 2014-03-25 23:06 - 2014-03-25 23:03 - 00000000 ____D () C:\Users\John\Downloads\cdex_151 2014-03-25 23:02 - 2014-03-25 23:02 - 01923290 _____ () C:\Users\John\Downloads\cdex_151.zip 2014-03-25 23:02 - 2014-03-25 23:02 - 01923290 _____ () C:\Users\John\Downloads\cdex_151(1).zip 2014-03-25 21:08 - 2014-03-25 21:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-25 20:06 - 2014-03-25 20:06 - 00675988 _____ () C:\Users\Justine\Downloads\Minecraft.exe 2014-03-24 16:11 - 2014-02-12 23:40 - 00026624 _____ () C:\Users\John\Documents\FFM-NBG 2013.xls 2014-03-24 10:19 - 2013-09-08 15:19 - 00000000 ____D () C:\FILME 0913 2014-03-23 13:37 - 2014-03-23 13:37 - 00000000 ____D () C:\Users\Justine\Documents\Manic Digger 2014-03-21 07:25 - 2013-08-14 18:54 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-03-21 07:23 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-03-21 07:23 - 2013-03-24 23:33 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-03-19 18:11 - 2014-03-19 18:08 - 00000000 ____D () C:\Users\Justine\Documents\Minecraft Skin 2014-03-18 13:08 - 2014-03-18 13:08 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\Apple Computer 2014-03-18 13:08 - 2014-03-18 13:08 - 00000000 ____D () C:\Users\Justine\AppData\Local\Apple Computer 2014-03-18 13:07 - 2014-03-18 13:07 - 00000000 ____D () C:\Users\Justine\Documents\DVDVideoSoft 2014-03-18 13:07 - 2014-03-18 13:07 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\DVDVideoSoft 2014-03-17 18:32 - 2014-03-17 18:32 - 00000000 ____D () C:\Users\Justine\Documents\Electronic Arts 2014-03-16 20:55 - 2014-01-28 18:47 - 00000000 ____D () C:\ProgramData\HP Photo Creations 2014-03-16 19:51 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-03-16 17:58 - 2014-03-16 17:58 - 00000000 ____D () C:\Users\Justine\AppData\Local\Macromedia 2014-03-16 17:50 - 2013-03-25 17:42 - 00000000 ____D () C:\Users\Justine\AppData\Local\Mozilla 2014-03-16 17:49 - 2014-03-16 17:49 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP 2014-03-16 17:49 - 2013-03-24 09:06 - 00000000 ____D () C:\Users\Justine\AppData\Local\Packages 2014-03-16 17:48 - 2014-03-16 17:48 - 00001452 _____ () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-03-16 17:48 - 2013-03-24 09:06 - 00000000 ___RD () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-16 17:48 - 2013-03-24 09:06 - 00000000 ___RD () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-03-16 17:48 - 2013-03-23 22:28 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD 2014-03-16 17:47 - 2014-03-16 17:47 - 00000660 __RSH () C:\Users\Justine\ntuser.pol 2014-03-16 17:47 - 2014-03-16 17:47 - 00000020 ___SH () C:\Users\Justine\ntuser.ini 2014-03-16 17:47 - 2013-10-18 21:23 - 00000000 ____D () C:\Users\Justine 2014-03-16 17:46 - 2013-08-22 16:44 - 00366304 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-03-16 17:44 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-16 17:44 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-16 17:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-03-16 17:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-03-05 23:44 - 2014-03-05 23:44 - 00001495 _____ () C:\Users\Public\Desktop\Zwischenland Die fliegende Insel.lnk 2014-03-05 23:44 - 2014-03-05 23:44 - 00001149 _____ () C:\Users\Public\Desktop\GAME CENTER.lnk 2014-03-05 23:44 - 2014-03-05 23:44 - 00000000 ____D () C:\Users\John\AppData\Roaming\Specialbit 2014-03-05 23:43 - 2013-10-19 19:04 - 00000000 ____D () C:\Program Files (x86)\DEUTSCHLAND SPIELT 2014-03-05 23:34 - 2014-03-05 23:30 - 279230976 _____ (INTENIUM GmbH) C:\Users\John\Downloads\ZwischenlandDieFliegendeInsel(1).exe 2014-03-05 10:26 - 2014-03-26 18:48 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-03-05 10:26 - 2014-03-26 18:48 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-03-05 10:26 - 2014-03-26 18:48 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-03-05 00:53 - 2013-08-22 17:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-03-05 00:53 - 2013-08-22 17:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-04 22:56 - 2014-03-04 22:50 - 434313274 _____ () C:\Users\John\Downloads\Camera Uploads 25022014-04032014.zip 2014-03-04 17:05 - 2014-03-04 17:05 - 00013337 _____ () C:\Users\John\Downloads\ArbeitsamtAbschlagsänderung2014.odt 2014-03-04 08:19 - 2014-03-04 08:19 - 00002262 _____ () C:\Users\Public\Desktop\Die Sims™ 3 Inselparadies.lnk 2014-03-04 08:19 - 2014-03-04 08:19 - 00000993 _____ () C:\Users\Public\Desktop\Origin.lnk 2014-03-04 08:19 - 2013-03-30 13:03 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-03-04 08:16 - 2013-03-30 12:38 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts 2014-03-04 08:16 - 2012-10-19 21:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information Some content of TEMP: ==================== C:\Users\John\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2014-03-12 22:16] - [2014-01-31 18:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02 LastRegBack: 2014-04-01 22:51 ==================== End Of Log ============================ Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by John at 2014-04-03 02:52:39 Running from C:\Users\John\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} ==================== Installed Programs ====================== 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.) Animated Wallpaper - Beautiful Space 3D (HKLM\...\Beautiful Space 3D_is1) (Version: 1.13 - PUSH Entertainment) Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Artist Colony (HKLM-x32\...\Artist Colony) (Version: 1.0.0.0 - INTENIUM GmbH) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden calibre (HKLM-x32\...\{CE9EE84E-F7A9-4256-8785-0CB35014DD33}) (Version: 0.9.26 - Kovid Goyal) CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version: - dvd8n) Cheatbusters 1.0.0.0 (HKLM-x32\...\Cheatbusters 1.0.0.0) (Version: 1.0.0.0 - Shadow - Time to play) Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite) Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden CraftROBO DesignMaster (C:\CraftROBO DesignMaster) (HKLM-x32\...\{385B9A14-B5DD-487C-A0E3-25FB62DA8E9E}) (Version: 7 - CADlink) CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.) CyberLink LabelPrint (x32 Version: 2.5.1.5510 - CyberLink Corp.) Hidden CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.) CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.) CyberLink Power2Go 8 (x32 Version: 8.0.1.1902 - CyberLink Corp.) Hidden CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.4930 - CyberLink Corp.) CyberLink PowerDVD (x32 Version: 10.0.8.4930 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Delicious: Emily und der Duft des Erfolgs (HKLM-x32\...\Delicious: Emily und der Duft des Erfolgs) (Version: 1.0.0.0 - INTENIUM GmbH) Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 1.0.0.46 - INTENIUM GmbH) DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.55.4 - Electronic Arts) Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts) Die Sims™ 3 Inselparadies (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts) Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts) Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts) Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts) Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts) Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts) Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts) DJ_AIO_03_F4200_Software_Min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden Dropbox (HKCU\...\Dropbox) (Version: 2.4.6 - Dropbox, Inc.) Edna Bricht Aus - Sammler Edition (HKLM-x32\...\EdnaSE) (Version: 1.2 - Daedalic Entertainment) Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard) ESET NOD32 Antivirus (HKLM\...\{7EE0D9E8-299E-4E7A-8BDE-B1D295E30077}) (Version: 7.0.302.26 - ESET, spol s r. o.) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) F4200 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time) Free Video to MP3 Converter version 5.0.24.430 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.24.430 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.) GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden Harveys neue Augen Special Edition (HKLM-x32\...\Harveys neue Augen Special Edition) (Version: 1.3 - Daedalic Entertainment) Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd) HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard) HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Deskjet 1010 series - Grundlegende Software für das Gerät (HKLM\...\{7F30B5E6-174F-4039-BFA7-7189BE15EC6E}) (Version: 30.0.1093.41190 - Hewlett-Packard Co.) HP Deskjet 1010 series Hilfe (HKLM-x32\...\{307E9E87-616E-4DC5-B509-6AB3BD2BBF87}) (Version: 30.0.0 - Hewlett Packard) HP Deskjet F4200 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{8C925017-72A8-4C4A-AF21-84901E26638F}) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP) HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) Hidden HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Support Assistant (HKLM-x32\...\{FF27F674-821E-4BA2-985B-DDF539C2CD03}) (Version: 7.0.33.6 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard) HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard) HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.) jAlbum (HKLM-x32\...\{E87F1FFB-A689-4AB4-B79C-4FC4AAF4A1FD}) (Version: 11.6.14 - Jalbum AB) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Joe (HKLM-x32\...\{F8C986EA-13F8-4B39-91C3-A6B9A851CD34}) (Version: 4.01.0000 - Wirth IT Design) lingDIALOG (HKLM-x32\...\InstallShield_{071B843C-9A39-40B3-BB01-BBD6A8D2E1C5}) (Version: 3.0908 - WEVOSYS) lingDIALOG (x32 Version: 3.0908 - WEVOSYS) Hidden Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation) Manic Digger (HKLM-x32\...\{119E2FCB-5CDD-4C24-BCB2-56A824E2BF0A}_is1) (Version: - ) MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.2 - F.J. Wechselberger) Nero 12 (HKLM-x32\...\{B3E6F9B5-35CC-4010-8EDA-55ACCF468A82}) (Version: 12.5.02100 - Nero AG) Nero 12 Content Pack (HKLM-x32\...\{4E7AC009-5212-499F-942F-A5AA42AE359E}) (Version: 12.0.00400 - Nero AG) Nero Abstract Themes (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden Nero BackItUp (x32 Version: 12.5.7000 - Nero AG) Hidden Nero BackItUp Help (CHM) (x32 Version: 12.0.13000 - Nero AG) Hidden Nero Blu-ray Player (x32 Version: 12.0.20030 - Nero AG) Hidden Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.9000 - Nero AG) Hidden Nero Burning ROM (x32 Version: 12.5.6000 - Nero AG) Hidden Nero Burning ROM Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden Nero Cliparts (x32 Version: 12.0.11500 - Nero AG) Hidden Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden Nero ControlCenter Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden Nero Core Components (x32 Version: 11.0.21800 - Nero AG) Hidden Nero Disc Menus 1 (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Disc Menus 2 (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Disc Menus 3 (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Disc Menus Basic (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Express (x32 Version: 12.5.7000 - Nero AG) Hidden Nero Express Help (CHM) (x32 Version: 12.0.13000 - Nero AG) Hidden Nero Family and Events Themes (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Football (Soccer) Themes (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Holiday and Sports Themes (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Image Samples (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Kwik Media (x32 Version: 1.18.20100 - Nero AG) Hidden Nero Kwik Media Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Launcher (x32 Version: 12.2.7000 - Nero AG) Hidden Nero PiP Effects 1 (x32 Version: 12.0.11500 - Nero AG) Hidden Nero PiP Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Platinum Effects 12 (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Recode (x32 Version: 12.5.6000 - Nero AG) Hidden Nero Recode Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden Nero RescueAgent (x32 Version: 12.0.11000 - Nero AG) Hidden Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden Nero Retro Film Themes (x32 Version: 12.0.11700 - Nero AG) Hidden Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden Nero Video (x32 Version: 12.5.4000 - Nero AG) Hidden Nero Video Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden Nero Video Samples (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Video Transitions 1 (x32 Version: 12.0.11500 - Nero AG) Hidden neroxml (x32 Version: 1.0.0 - Nero AG) Hidden OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation) Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.) Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.) Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden SuperHTML Web Studio 8.5.6 (HKLM-x32\...\{31D72726-2A42-11E1-9D98-20824824019B}_is1) (Version: 8.5.6 - mirabyte GmbH & Co. KG) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.) Video Wallpaper (HKLM\...\Video Wallpaper_is1) (Version: 2.58 - PUSH Entertainment) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden Welcome App (Start-up experience) (x32 Version: 12.0.15000 - Nero AG) Hidden Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden WinZip 17.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D8}) (Version: 17.0.10381 - WinZip Computing, S.L. ) Zwischenland: Die fliegende Insel (HKLM-x32\...\Zwischenland: Die fliegende Insel) (Version: 1.0.0.0 - INTENIUM GmbH) ==================== Restore Points ========================= 12-03-2014 20:17:42 Windows Update 21-03-2014 05:22:47 Windows Update 23-03-2014 22:15:17 HPSF Restore Point 28-03-2014 06:25:38 Removed Java(TM) 7 Update 2 (64-bit) ==================== Hosts content: ========================== 2013-08-22 15:25 - 2014-03-26 23:50 - 00450709 ____R C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {0B852AC9-CD4B-4630-9742-6470758EF475} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {0CE72F4D-EA7B-4BDF-8BBB-FF1F9A5D23C8} - System32\Tasks\GoogleUpdateTaskMachineUA1cec963a392db2a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.) Task: {1207424E-7342-4284-8BB8-D09647E5689C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {273AFC99-55F2-4E39-9ADE-018364193A7F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company) Task: {2BD0C28F-0151-43A7-A38B-DB491A072441} - System32\Tasks\HP AR Program Upload - 3d6661d696e94d978c031dcc210cac564c842311e7594d34bf2e2bdee6316c5b => C:\Program Files\HP\HP Deskjet 1010 series\bin\HPRewards.exe [2013-02-08] (TODO: <Company name>) Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {30A49235-5749-44A8-AEAE-7DC47690B8FF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {510FD04C-DC5D-429C-8CEF-DB6D988B6BF5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {595CABF8-8BD3-4271-9584-C46B977051F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.) Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {75A67260-8218-4B7A-B039-8949698527DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company) Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {780F9F2F-1055-4B4A-AF2B-87A853CC8959} - \MySearchDial No Task File Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {8D6214AB-7FB8-4F7F-BEFC-6D8AF859B16C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company) Task: {9A6B05F9-F8A4-4C71-BF2A-722B90165EEB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company) Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {A3B2ABB9-6AAD-4148-BF74-B242E47D97B2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {C3AABE5F-BB08-4AB5-9278-9F9F77871818} - System32\Tasks\HPCeeScheduleForJohn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard) Task: {C3B6A201-FD56-47C6-8523-20D4C2BB0853} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.) Task: {C68DA8C0-635A-426A-9FC7-429590709962} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-03-21] (Microsoft Corporation) Task: {CD07F67A-330F-4411-A24C-C365D19C9798} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2014-01-29] () Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D0AD6B10-F4C9-49EB-9463-5C8C5EB4F93D} - System32\Tasks\WebReg HP Deskjet F4200 series => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe [2011-04-29] (Hewlett-Packard Company) Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {E5FC2F99-8C70-4D6B-815D-3FFDF46E8A91} - System32\Tasks\GoogleUpdateTaskMachineUA1cef11530b5334a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.) Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {FA1AACE9-DF80-4036-85F8-AAE93110F74A} - System32\Tasks\GoogleUpdateTaskMachineUA1cf4a4bed7a56f2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf4a4bed7a56f2.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForJohn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\WINDOWS\Tasks\WebReg HP Deskjet F4200 series.job => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe ==================== Loaded Modules (whitelisted) ============= 2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-01-29 00:14 - 2014-01-29 00:14 - 00185920 _____ () C:\ProgramData\HP Photo Creations\Communicator.exe 2014-03-26 23:01 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2014-03-26 23:01 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-03-26 23:01 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2014-03-26 23:01 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-03-26 23:01 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2012-10-19 21:17 - 2012-07-18 10:36 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2012-10-19 21:23 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\John\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/03/2014 02:46:22 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest. Error: (04/03/2014 00:08:11 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8078 Error: (04/03/2014 00:08:11 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8078 Error: (04/03/2014 00:08:11 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/02/2014 08:38:30 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest. Error: (04/02/2014 11:12:59 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6093 Error: (04/02/2014 11:12:59 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6093 Error: (04/02/2014 11:12:59 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/02/2014 08:11:44 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6844 Error: (04/02/2014 08:11:44 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6844 System errors: ============= Error: (04/03/2014 01:31:48 AM) (Source: bowser) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (04/03/2014 00:10:40 AM) (Source: bowser) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (04/02/2014 11:01:32 PM) (Source: bowser) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (04/02/2014 06:46:34 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WSearch erreicht. Error: (04/02/2014 06:46:17 PM) (Source: disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden. Error: (04/02/2014 06:46:04 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WSearch erreicht. Error: (04/02/2014 04:42:55 PM) (Source: bowser) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (04/02/2014 01:30:36 PM) (Source: bowser) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (04/02/2014 10:30:19 AM) (Source: bowser) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (04/02/2014 07:48:42 AM) (Source: DCOM) (User: HanaHomeOffice) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Microsoft Office Sessions: ========================= Error: (04/03/2014 02:46:22 AM) (Source: SideBySide)(User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\Users\John\Downloads\esetsmartinstaller_enu.exe Error: (04/03/2014 00:08:11 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8078 Error: (04/03/2014 00:08:11 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8078 Error: (04/03/2014 00:08:11 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/02/2014 08:38:30 PM) (Source: SideBySide)(User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (04/02/2014 11:12:59 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6093 Error: (04/02/2014 11:12:59 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6093 Error: (04/02/2014 11:12:59 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/02/2014 08:11:44 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6844 Error: (04/02/2014 08:11:44 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6844 CodeIntegrity Errors: =================================== Date: 2014-03-27 14:23:27.407 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-03-27 14:22:37.454 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-03-27 14:20:25.936 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-03-27 14:20:02.741 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 17% Total physical RAM: 6010.68 MB Available physical RAM: 4949.78 MB Total Pagefile: 6970.68 MB Available Pagefile: 5428.4 MB Total Virtual: 131072 MB Available Virtual: 131071.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:711.06 GB) (Free:363.31 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Recovery Image) (Fixed) (Total:8.61 GB) (Free:0.99 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive g: (TOSHIBA EXT) (Fixed) (Total:623.07 GB) (Free:42.66 GB) NTFS Drive h: (Spiele_X) (Fixed) (Total:619.97 GB) (Free:22.81 GB) NTFS Drive i: (Bilder_Musik_X) (Fixed) (Total:619.97 GB) (Free:15.23 GB) NTFS Drive j: (Daten) (Fixed) (Total:675.78 GB) (Free:92.43 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 1397 GB) (Disk ID: 89A7F66A) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 1863 GB) (Disk ID: FCECE274) Partition: GPT Partition Type. ==================== End Of Log ============================ Code:
ATTFilter Results of screen317's Security Check version 0.99.80 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` ESET NOD32 Antivirus 7.0 Windows Defender Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Spybot - Search & Destroy Java 7 Update 51 Adobe Flash Player 12.0.0.70 Adobe Reader XI Mozilla Firefox (28.0) Google Chrome 33.0.1750.146 Google Chrome 33.0.1750.154 ````````Process Check: objlist.exe by Laurent```````` ESET NOD32 Antivirus egui.exe ESET NOD32 Antivirus ekrn.exe Spybot Teatimer.exe is disabled! `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` |
03.04.2014, 12:14 | #8 |
/// the machine /// TB-Ausbilder | Win 8.1 (64 Bit): lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen? Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
03.04.2014, 15:56 | #9 |
| Win 8.1 (64 Bit): lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen? Hallo schrauber, recht herzlichen Dank für Deine Hilfe! John |
04.04.2014, 11:13 | #10 |
/// the machine /// TB-Ausbilder | Win 8.1 (64 Bit): lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen? Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Win 8.1 (64 Bit): lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen? |
acrobat update, adobe, antivirus, bho, bingbar, bonjour, browser, defender, explorer, google, helper, hijack, hijackthis, internet, internet explorer, logfile, lsass.exe, löschen, microsoft, mozilla, prozess, realtek, security, software, temp, windows, wmp |