| wegasoft | 27.03.2014 14:06 |
Logs anbei....
FRST
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by John (administrator) on HANAHOMEOFFICE on 27-03-2014 13:47:12
Running from C:\Users\John\Downloads
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
(Intel(R) Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\ProgramData\HP Photo Creations\Communicator.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456 2013-09-12] (ESET)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM-x32\...\Run: [VideoDownloadConverter_4z Browser Plugin Loader 64] - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon64.exe
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-12] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\PE_J_DEFAULT\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
HKU\PE_J_DEFAULT\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\PE_J_HANA\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\PE_J_HANA\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\PE_J_HANA\...\Run: [Sony PC Companion] - "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
HKU\PE_J_HANA\...\Run: [Facebook Update] - "C:\Users\Hana\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\PE_J_HANA\...\Run: [Akamai NetSession Interface] - "C:\Users\Hana\AppData\Local\Akamai\netsession_win.exe"
HKU\PE_J_HANA\...\MountPoints2: {05f32868-b0df-11dd-9bc3-806e6f6e6963} - F:\Autorun.exe
HKU\PE_J_HANA\...\MountPoints2: {0997c6b9-6e32-11e0-84e7-eec77ae54d34} - L:\Startme.exe
HKU\PE_J_HANA\...\MountPoints2: {44300007-7dcf-11de-91f5-00188b5d120f} - K:\AUTOSTARTER.EXE
HKU\PE_J_HANA\...\MountPoints2: {4897b167-51f8-11df-b966-80b94b4f1412} - L:\GSLoader.exe
HKU\PE_J_HANA\...\MountPoints2: {8c69eda6-1b4f-11e1-9c2d-806e6f6e6963} - E:\Autorun.exe
HKU\PE_J_HANA\...\MountPoints2: {dcbd87da-235e-11de-accf-00188b5d120f} - N:\LaunchU3.exe -a
HKU\PE_J_HANA\...\MountPoints2: {f878400e-dd1d-11df-9c20-f3b0036ccd5e} - N:\GSLoader.exe
HKU\PE_J_JOHN\...\RunOnce: [Shockwave Updater] - C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Arcor 5.006; GTB6.5; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)" -"hxxp://www.nickjr.de/cache.php?path=/junior/game.html&aid=1973"
HKU\PE_J_JOHN\...\MountPoints2: {00b07832-f6f5-11e0-8029-fe9433fb58d9} - L:\AutoRun.exe
HKU\PE_J_JOHN\...\MountPoints2: {05f32868-b0df-11dd-9bc3-806e6f6e6963} - F:\zdata\cobi.exe
HKU\PE_J_JOHN\...\MountPoints2: {0997c57e-6e32-11e0-84e7-eec77ae54d34} - L:\Startme.exe
HKU\PE_J_JOHN\...\MountPoints2: {0997c6b9-6e32-11e0-84e7-eec77ae54d34} - L:\Startme.exe
HKU\PE_J_JOHN\...\MountPoints2: {1c6a772d-10ca-11e0-8962-9d391e0781bc} - L:\DPFMate.exe
HKU\PE_J_JOHN\...\MountPoints2: {5db19dcb-7fc8-11df-82c7-f2e79567669f} - L:\Startme.exe
HKU\PE_J_JOHN\...\MountPoints2: {77598d87-d139-11de-9061-f5513fb3b1b2} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL L:\Play.exe
HKU\PE_J_JOHN\...\MountPoints2: {9ccfb910-8134-11e0-957b-c60183717ba8} - L:\AutoRun.exe
HKU\PE_J_JOHN\...\MountPoints2: {9ccfb937-8134-11e0-957b-9b6e48e72e07} - L:\AutoRun.exe
HKU\PE_J_JOHN\...\MountPoints2: {abb80c48-99d5-11e0-890d-b702a651fbe4} - L:\KODAK_Software_Downloader.exe
HKU\PE_J_JOHN\...\MountPoints2: {dcbd87da-235e-11de-accf-00188b5d120f} - M:\LaunchU3.exe -a
HKU\PE_J_JOHN\...\MountPoints2: {f878400e-dd1d-11df-9c20-f3b0036ccd5e} - L:\GSLoader.exe
HKU\PE_J_JUSTINE\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\PE_J_JUSTINE\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\PE_J_JUSTINE\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\PE_J_SPIELE\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\PE_J_SPIELE\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\PE_J_SPIELE\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-875375503-3799985134-3711563178-1001\...\MountPoints2: {813fe800-b08a-11e2-bea2-4c72b9419957} - "L:\LaunchU3.exe" -a
HKU\S-1-5-21-875375503-3799985134-3711563178-1001\...\MountPoints2: {89193c5e-5e3d-11e3-bf2a-4c72b9419957} - "K:\GSLoader.exe"
HKU\S-1-5-21-875375503-3799985134-3711563178-1004\...\Run: [Epson Stylus S22] - C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGEE.EXE /FU "C:\windows\TEMP\E_S8287.tmp" /EF "HKCU"
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 1010 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 1010 series.lnk -> C:\Program Files\HP\HP Deskjet 1010 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicyUsers\S-1-5-21-875375503-3799985134-3711563178-1005\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-875375503-3799985134-3711563178-1004\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-875375503-3799985134-3711563178-1001\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2A1259230628CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=md_14_13_ff&cd=2XzuyEtN2Y1L1QzuyE0CyBtB0BzyyEtCzyzyyDyBzytBzzyCtN0D0Tzu0SzztCyCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0F0AyByCtA0FtAtGtA0A0D0DtG0EyEyB0DtGyDtC0EyEtGtC0E0CtAyBtAtDtCtCtByD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyC0D0C0C0DtAyEtG0B0Bzz0DtGtAtAtC0AtGyEtAyDzytGyDzz0E0FtA0A0BtBtDzytCtD2Q&cr=2039160804&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=md_14_13_ff&cd=2XzuyEtN2Y1L1QzuyE0CyBtB0BzyyEtCzyzyyDyBzytBzzyCtN0D0Tzu0SzztCyCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0F0AyByCtA0FtAtGtA0A0D0DtG0EyEyB0DtGyDtC0EyEtGtC0E0CtAyBtAtDtCtCtByD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyC0D0C0C0DtAyEtG0B0Bzz0DtGtAtAtC0AtGyEtAyDzytGyDzz0E0FtA0A0BtBtDzytCtD2Q&cr=2039160804&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=md_14_13_ff&cd=2XzuyEtN2Y1L1QzuyE0CyBtB0BzyyEtCzyzyyDyBzytBzzyCtN0D0Tzu0SzztCyCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0F0AyByCtA0FtAtGtA0A0D0DtG0EyEyB0DtGyDtC0EyEtGtC0E0CtAyBtAtDtCtCtByD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyC0D0C0C0DtAyEtG0B0Bzz0DtGtAtAtC0AtGyEtAyDzytGyDzz0E0FtA0A0BtBtDzytCtD2Q&cr=2039160804&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=md_14_13_ff&cd=2XzuyEtN2Y1L1QzuyE0CyBtB0BzyyEtCzyzyyDyBzytBzzyCtN0D0Tzu0SzztCyCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0F0AyByCtA0FtAtGtA0A0D0DtG0EyEyB0DtGyDtC0EyEtGtC0E0CtAyBtAtDtCtCtByD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyC0D0C0C0DtAyEtG0B0Bzz0DtGtAtAtC0AtGyEtAyDzytGyDzz0E0FtA0A0BtBtDzytCtD2Q&cr=2039160804&ir=
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8lfxhffq.default-1390413753507
FF user.js: detected! => C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8lfxhffq.default-1390413753507\user.js
FF SelectedSearchEngine: Mysearchdial
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @VideoDownloadConverter_ScriptHelper.com/Plugin - C:\Program Files (x86)\VideoDownloadConverter\npVDCPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8lfxhffq.default-1390413753507\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: DownThemAll! - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8lfxhffq.default-1390413753507\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-03-01]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-03-03]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-03-03]
Chrome:
=======
CHR HomePage: hxxp://google.de/
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-09]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-09]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-09]
CHR Extension: (Google-Suche) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-09]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-09]
CHR Extension: (Google Mail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-09]
==================== Services (Whitelisted) =================
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET)
S3 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-08-01] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-18] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows (R) Codename Longhorn DDK provider)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-27 13:47 - 2014-03-27 13:47 - 00021968 _____ () C:\Users\John\Downloads\FRST.txt
2014-03-27 13:45 - 2014-03-27 13:47 - 00000000 ____D () C:\FRST
2014-03-27 13:44 - 2014-03-27 13:44 - 02157056 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2014-03-27 09:11 - 2014-03-27 09:11 - 00011115 _____ () C:\Users\Justine\Downloads\hijackthis.log
2014-03-27 09:10 - 2014-03-27 09:11 - 00388608 _____ (Trend Micro Inc.) C:\Users\Justine\Downloads\HiJackThis204.exe
2014-03-27 08:39 - 2014-03-27 08:39 - 00011295 _____ () C:\Users\John\Downloads\hijackthis.log
2014-03-27 08:38 - 2014-03-27 08:38 - 00388608 _____ (Trend Micro Inc.) C:\Users\John\Downloads\HiJackThis204.exe
2014-03-26 23:40 - 2014-03-26 23:40 - 00000000 ____D () C:\Users\John\Documents\ProcAlyzer Dumps
2014-03-26 22:50 - 2013-08-22 14:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140326-225048.backup
2014-03-26 22:01 - 2014-03-26 23:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-26 22:01 - 2014-03-26 22:03 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-26 22:01 - 2014-03-26 22:01 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-03-26 22:01 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-03-26 21:59 - 2014-03-26 22:00 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\John\Downloads\spybot-2.2.25.exe
2014-03-26 21:02 - 2014-01-02 17:46 - 00859720 _____ (Mindspark) C:\Program Files (x86)\4zUninstall VideoDownloadConverter.dll
2014-03-26 21:02 - 2014-01-02 17:46 - 00189848 _____ () C:\Program Files (x86)\4zres.dll
2014-03-26 18:32 - 2014-03-26 18:32 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\OpenOffice
2014-03-26 18:27 - 2014-03-26 18:33 - 00000000 ____D () C:\Users\Justine\Downloads\Sphax PureBDcraft 512x MC17
2014-03-26 18:23 - 2014-03-26 18:26 - 115988950 _____ () C:\Users\Justine\Downloads\Sphax PureBDcraft 512x MC17.zip
2014-03-26 17:48 - 2014-03-26 20:49 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-03-26 17:48 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-26 17:48 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-03-26 17:48 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-26 17:47 - 2014-03-26 17:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-26 17:47 - 2014-03-26 17:47 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Justine\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-26 17:47 - 2014-03-26 17:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-26 17:40 - 2014-03-26 17:41 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\vlc
2014-03-26 16:12 - 2014-03-27 12:12 - 00000318 _____ () C:\WINDOWS\Tasks\MySearchDial.job
2014-03-26 16:12 - 2014-03-26 16:12 - 00002656 _____ () C:\WINDOWS\System32\Tasks\MySearchDial
2014-03-26 16:12 - 2014-03-26 16:12 - 00000045 _____ () C:\Users\John\AppData\Roaming\WB.CFG
2014-03-26 16:10 - 2014-03-26 16:10 - 00001009 _____ () C:\Users\John\Desktop\MiPony.lnk
2014-03-26 16:10 - 2014-03-26 16:10 - 00001009 _____ () C:\Users\Hana\Desktop\MiPony.lnk
2014-03-26 16:10 - 2014-03-26 16:10 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiPony
2014-03-26 16:10 - 2014-03-26 16:10 - 00000000 ____D () C:\Program Files (x86)\MiPony
2014-03-26 16:04 - 2014-03-26 16:04 - 00000000 ____D () C:\Users\Justine\AppData\Local\Google
2014-03-26 15:46 - 2014-03-26 16:00 - 43091448 _____ () C:\Users\Justine\Desktop\64px [mc1.7.4] HD MK WORKING 1.0.zip
2014-03-26 15:41 - 2014-03-26 15:41 - 01058296 _____ () C:\Users\Justine\Downloads\Honeyball-Texture-Pack-fr-Minecraft-lnstall.exe
2014-03-26 15:30 - 2014-03-26 15:40 - 00000000 ____D () C:\Users\Justine\Downloads\Neuer Ordner
2014-03-26 14:36 - 2014-03-26 14:36 - 00001081 _____ () C:\Users\Justine\Desktop\Minecraft - Verknüpfung.lnk
2014-03-25 22:03 - 2014-03-25 22:06 - 00000000 ____D () C:\Users\John\Downloads\cdex_151
2014-03-25 22:02 - 2014-03-25 22:02 - 01923290 _____ () C:\Users\John\Downloads\cdex_151.zip
2014-03-25 22:02 - 2014-03-25 22:02 - 01923290 _____ () C:\Users\John\Downloads\cdex_151(1).zip
2014-03-25 20:08 - 2014-03-25 20:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-25 19:06 - 2014-03-25 19:06 - 00675988 _____ () C:\Users\Justine\Downloads\Minecraft.exe
2014-03-23 22:11 - 2014-02-22 13:16 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-03-23 22:11 - 2014-02-22 12:24 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-03-23 12:37 - 2014-03-23 12:37 - 00000000 ____D () C:\Users\Justine\Documents\Manic Digger
2014-03-19 17:08 - 2014-03-19 17:11 - 00000000 ____D () C:\Users\Justine\Documents\Minecraft Skin
2014-03-18 12:08 - 2014-03-18 12:08 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\Apple Computer
2014-03-18 12:08 - 2014-03-18 12:08 - 00000000 ____D () C:\Users\Justine\AppData\Local\Apple Computer
2014-03-18 12:07 - 2014-03-18 12:07 - 00000000 ____D () C:\Users\Justine\Documents\DVDVideoSoft
2014-03-18 12:07 - 2014-03-18 12:07 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\DVDVideoSoft
2014-03-17 17:32 - 2014-03-17 17:32 - 00000000 ____D () C:\Users\Justine\Documents\Electronic Arts
2014-03-16 16:58 - 2014-03-16 16:58 - 00000000 ____D () C:\Users\Justine\AppData\Local\Macromedia
2014-03-16 16:49 - 2014-03-16 16:49 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2014-03-16 16:49 - 2014-03-16 16:49 - 00000000 ____D () C:\Users\Justine\AppData\Local\VideoDownloadConverter_4z
2014-03-16 16:48 - 2014-03-16 16:48 - 00001452 _____ () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-16 16:47 - 2014-03-16 16:47 - 00000660 __RSH () C:\Users\Justine\ntuser.pol
2014-03-16 16:47 - 2014-03-16 16:47 - 00000020 ___SH () C:\Users\Justine\ntuser.ini
2014-03-12 21:17 - 2013-12-20 11:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-03-12 21:17 - 2013-12-20 11:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-03-12 21:16 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-12 21:16 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-12 21:16 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-12 21:16 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-12 21:16 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-12 21:16 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-12 21:16 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-12 21:16 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-12 21:16 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-12 21:16 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-12 21:16 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-12 21:16 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-12 21:16 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-12 21:16 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-12 21:16 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-12 21:16 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-12 21:16 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-03-12 21:16 - 2014-02-11 04:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-12 21:16 - 2014-02-11 03:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-03-12 21:16 - 2014-02-11 03:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-12 21:16 - 2014-01-31 17:15 - 00311640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-03-12 21:16 - 2014-01-31 17:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-03-12 21:16 - 2014-01-31 17:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-03-12 21:16 - 2014-01-31 14:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-03-12 21:16 - 2014-01-31 10:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-03-12 21:16 - 2014-01-29 10:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-03-12 21:16 - 2014-01-29 09:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2014-03-12 21:16 - 2014-01-29 09:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2014-03-12 21:16 - 2014-01-29 09:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-03-12 21:16 - 2014-01-29 09:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-03-12 21:16 - 2014-01-29 08:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-03-12 21:16 - 2014-01-29 08:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2014-03-12 21:16 - 2014-01-29 08:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2014-03-12 21:16 - 2014-01-29 07:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-03-12 21:16 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-03-12 21:16 - 2014-01-27 20:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2014-03-12 21:16 - 2014-01-27 20:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-03-12 21:16 - 2014-01-27 20:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2014-03-12 21:16 - 2014-01-27 19:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-03-12 21:16 - 2014-01-27 19:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2014-03-12 21:16 - 2014-01-27 19:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-03-12 21:16 - 2014-01-27 19:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2014-03-12 21:16 - 2014-01-27 19:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-03-12 21:16 - 2014-01-27 18:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-03-12 21:16 - 2014-01-27 18:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2014-03-12 21:16 - 2014-01-27 18:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2014-03-12 21:16 - 2014-01-27 16:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-03-12 21:16 - 2014-01-27 16:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-03-12 21:16 - 2014-01-27 12:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-03-12 21:16 - 2014-01-18 00:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-03-12 21:16 - 2014-01-17 22:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-03-12 21:16 - 2013-12-21 15:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2014-03-12 21:16 - 2013-12-21 09:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2014-03-12 21:16 - 2013-10-31 01:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-03-12 21:16 - 2013-10-31 01:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-03-12 21:16 - 2013-10-31 01:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-03-05 22:44 - 2014-03-05 22:44 - 00001495 _____ () C:\Users\Public\Desktop\Zwischenland Die fliegende Insel.lnk
2014-03-05 22:44 - 2014-03-05 22:44 - 00001149 _____ () C:\Users\Public\Desktop\GAME CENTER.lnk
2014-03-05 22:44 - 2014-03-05 22:44 - 00000000 ____D () C:\Users\John\AppData\Roaming\Specialbit
2014-03-05 22:30 - 2014-03-05 22:34 - 279230976 _____ (INTENIUM GmbH) C:\Users\John\Downloads\ZwischenlandDieFliegendeInsel(1).exe
2014-03-04 21:50 - 2014-03-04 21:56 - 434313274 _____ () C:\Users\John\Downloads\Camera Uploads 25022014-04032014.zip
2014-03-04 16:05 - 2014-03-04 16:05 - 00013337 _____ () C:\Users\John\Downloads\ArbeitsamtAbschlagsänderung2014.odt
2014-03-04 07:19 - 2014-03-04 07:19 - 00002262 _____ () C:\Users\Public\Desktop\Die Sims™ 3 Inselparadies.lnk
2014-03-04 07:19 - 2014-03-04 07:19 - 00000993 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-03-03 10:03 - 2014-03-03 10:03 - 00000000 ____D () C:\ProgramData\ESET
2014-03-03 10:03 - 2014-03-03 10:03 - 00000000 ____D () C:\Program Files\ESET
2014-03-03 10:03 - 2014-01-19 08:38 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-03-03 09:57 - 2014-03-03 09:57 - 01681800 _____ (ESET) C:\Users\John\Downloads\eset_nod32_antivirus_live_installer_.exe
2014-02-28 09:02 - 2014-02-28 17:24 - 00000000 ____D () C:\Users\John\AppData\Local\QuickPar
2014-02-27 10:09 - 2014-02-27 10:09 - 00028868 _____ () C:\Users\John\Downloads\S_20140227_10945_Neue_Nachrichten.zip
==================== One Month Modified Files and Folders =======
2014-03-27 13:47 - 2014-03-27 13:47 - 00021968 _____ () C:\Users\John\Downloads\FRST.txt
2014-03-27 13:47 - 2014-03-27 13:45 - 00000000 ____D () C:\FRST
2014-03-27 13:44 - 2014-03-27 13:44 - 02157056 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2014-03-27 13:44 - 2014-02-11 21:39 - 00001148 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf27695900b1f9.job
2014-03-27 13:43 - 2014-01-28 23:14 - 00000352 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2014-03-27 12:52 - 2013-03-24 12:52 - 00003170 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForJohn
2014-03-27 12:52 - 2013-03-24 12:52 - 00000358 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForJohn.job
2014-03-27 12:29 - 2013-10-18 20:32 - 02097060 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-27 12:12 - 2014-03-26 16:12 - 00000318 _____ () C:\WINDOWS\Tasks\MySearchDial.job
2014-03-27 12:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-03-27 09:25 - 2013-03-23 21:34 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-875375503-3799985134-3711563178-1001
2014-03-27 09:11 - 2014-03-27 09:11 - 00011115 _____ () C:\Users\Justine\Downloads\hijackthis.log
2014-03-27 09:11 - 2014-03-27 09:10 - 00388608 _____ (Trend Micro Inc.) C:\Users\Justine\Downloads\HiJackThis204.exe
2014-03-27 09:11 - 2013-03-24 08:12 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-875375503-3799985134-3711563178-1005
2014-03-27 09:11 - 2013-03-24 08:06 - 00000000 ____D () C:\Users\Justine\AppData\Local\VirtualStore
2014-03-27 09:06 - 2013-10-09 18:40 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-27 09:06 - 2013-10-09 18:39 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-27 08:39 - 2014-03-27 08:39 - 00011295 _____ () C:\Users\John\Downloads\hijackthis.log
2014-03-27 08:38 - 2014-03-27 08:38 - 00388608 _____ (Trend Micro Inc.) C:\Users\John\Downloads\HiJackThis204.exe
2014-03-27 07:03 - 2013-03-24 14:15 - 00000000 ____D () C:\Users\John\Desktop\System
2014-03-26 23:40 - 2014-03-26 23:40 - 00000000 ____D () C:\Users\John\Documents\ProcAlyzer Dumps
2014-03-26 23:40 - 2014-03-26 22:01 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-26 22:03 - 2014-03-26 22:01 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-26 22:01 - 2014-03-26 22:01 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-03-26 22:00 - 2014-03-26 21:59 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\John\Downloads\spybot-2.2.25.exe
2014-03-26 21:02 - 2014-01-02 17:46 - 00000000 ____D () C:\Program Files (x86)\VideoDownloadConverter
2014-03-26 21:02 - 2013-09-30 05:14 - 01980998 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-26 21:02 - 2013-09-30 04:56 - 00841326 _____ () C:\WINDOWS\system32\perfh007.dat
2014-03-26 21:02 - 2013-09-30 04:56 - 00191558 _____ () C:\WINDOWS\system32\perfc007.dat
2014-03-26 20:57 - 2013-09-29 20:04 - 00022256 _____ () C:\WINDOWS\PFRO.log
2014-03-26 20:57 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-26 20:57 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-03-26 20:57 - 2012-10-19 20:27 - 00000000 ____D () C:\WINDOWS\en
2014-03-26 20:49 - 2014-03-26 17:48 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-03-26 20:14 - 2013-04-11 17:30 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\.minecraft
2014-03-26 18:33 - 2014-03-26 18:27 - 00000000 ____D () C:\Users\Justine\Downloads\Sphax PureBDcraft 512x MC17
2014-03-26 18:32 - 2014-03-26 18:32 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\OpenOffice
2014-03-26 18:26 - 2014-03-26 18:23 - 115988950 _____ () C:\Users\Justine\Downloads\Sphax PureBDcraft 512x MC17.zip
2014-03-26 18:00 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-03-26 18:00 - 2013-03-23 22:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-26 17:59 - 2013-08-11 22:53 - 00000000 ____D () C:\FFOutput
2014-03-26 17:48 - 2014-03-26 17:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-26 17:47 - 2014-03-26 17:47 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Justine\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-26 17:47 - 2014-03-26 17:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-26 17:41 - 2014-03-26 17:40 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\vlc
2014-03-26 16:55 - 2013-03-24 04:13 - 00000000 ____D () C:\Users\John\AppData\Roaming\vlc
2014-03-26 16:12 - 2014-03-26 16:12 - 00002656 _____ () C:\WINDOWS\System32\Tasks\MySearchDial
2014-03-26 16:12 - 2014-03-26 16:12 - 00000045 _____ () C:\Users\John\AppData\Roaming\WB.CFG
2014-03-26 16:10 - 2014-03-26 16:10 - 00001009 _____ () C:\Users\John\Desktop\MiPony.lnk
2014-03-26 16:10 - 2014-03-26 16:10 - 00001009 _____ () C:\Users\Hana\Desktop\MiPony.lnk
2014-03-26 16:10 - 2014-03-26 16:10 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiPony
2014-03-26 16:10 - 2014-03-26 16:10 - 00000000 ____D () C:\Program Files (x86)\MiPony
2014-03-26 16:04 - 2014-03-26 16:04 - 00000000 ____D () C:\Users\Justine\AppData\Local\Google
2014-03-26 16:00 - 2014-03-26 15:46 - 43091448 _____ () C:\Users\Justine\Desktop\64px [mc1.7.4] HD MK WORKING 1.0.zip
2014-03-26 15:41 - 2014-03-26 15:41 - 01058296 _____ () C:\Users\Justine\Downloads\Honeyball-Texture-Pack-fr-Minecraft-lnstall.exe
2014-03-26 15:40 - 2014-03-26 15:30 - 00000000 ____D () C:\Users\Justine\Downloads\Neuer Ordner
2014-03-26 14:36 - 2014-03-26 14:36 - 00001081 _____ () C:\Users\Justine\Desktop\Minecraft - Verknüpfung.lnk
2014-03-25 22:06 - 2014-03-25 22:03 - 00000000 ____D () C:\Users\John\Downloads\cdex_151
2014-03-25 22:02 - 2014-03-25 22:02 - 01923290 _____ () C:\Users\John\Downloads\cdex_151.zip
2014-03-25 22:02 - 2014-03-25 22:02 - 01923290 _____ () C:\Users\John\Downloads\cdex_151(1).zip
2014-03-25 21:49 - 2013-03-23 22:26 - 00000000 ____D () C:\Users\John\AppData\Roaming\UseNeXT
2014-03-25 21:39 - 2013-03-23 22:26 - 00000000 ___RD () C:\Users\John\Downloads\UseNeXT
2014-03-25 20:08 - 2014-03-25 20:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-25 19:06 - 2014-03-25 19:06 - 00675988 _____ () C:\Users\Justine\Downloads\Minecraft.exe
2014-03-24 21:13 - 2013-03-25 19:48 - 00000000 ____D () C:\Users\John\dwhelper
2014-03-24 15:11 - 2014-02-12 22:40 - 00026624 _____ () C:\Users\John\Documents\FFM-NBG 2013.xls
2014-03-24 09:19 - 2013-09-08 14:19 - 00000000 ____D () C:\FILME 0913
2014-03-23 12:37 - 2014-03-23 12:37 - 00000000 ____D () C:\Users\Justine\Documents\Manic Digger
2014-03-23 12:24 - 2013-03-24 12:52 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-03-23 12:24 - 2013-03-24 12:52 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-03-21 06:25 - 2013-08-14 17:54 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-21 06:23 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-03-21 06:23 - 2013-03-24 22:33 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-19 17:11 - 2014-03-19 17:08 - 00000000 ____D () C:\Users\Justine\Documents\Minecraft Skin
2014-03-18 12:08 - 2014-03-18 12:08 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\Apple Computer
2014-03-18 12:08 - 2014-03-18 12:08 - 00000000 ____D () C:\Users\Justine\AppData\Local\Apple Computer
2014-03-18 12:07 - 2014-03-18 12:07 - 00000000 ____D () C:\Users\Justine\Documents\DVDVideoSoft
2014-03-18 12:07 - 2014-03-18 12:07 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\DVDVideoSoft
2014-03-17 17:32 - 2014-03-17 17:32 - 00000000 ____D () C:\Users\Justine\Documents\Electronic Arts
2014-03-16 19:55 - 2014-01-28 17:47 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-03-16 18:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-03-16 16:58 - 2014-03-16 16:58 - 00000000 ____D () C:\Users\Justine\AppData\Local\Macromedia
2014-03-16 16:57 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-03-16 16:50 - 2013-03-25 16:42 - 00000000 ____D () C:\Users\Justine\AppData\Local\Mozilla
2014-03-16 16:49 - 2014-03-16 16:49 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2014-03-16 16:49 - 2014-03-16 16:49 - 00000000 ____D () C:\Users\Justine\AppData\Local\VideoDownloadConverter_4z
2014-03-16 16:49 - 2013-03-24 08:06 - 00000000 ____D () C:\Users\Justine\AppData\Local\Packages
2014-03-16 16:48 - 2014-03-16 16:48 - 00001452 _____ () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-16 16:48 - 2013-03-24 08:06 - 00000000 ___RD () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-16 16:48 - 2013-03-24 08:06 - 00000000 ___RD () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-16 16:48 - 2013-03-23 21:28 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2014-03-16 16:47 - 2014-03-16 16:47 - 00000660 __RSH () C:\Users\Justine\ntuser.pol
2014-03-16 16:47 - 2014-03-16 16:47 - 00000020 ___SH () C:\Users\Justine\ntuser.ini
2014-03-16 16:47 - 2013-10-18 20:23 - 00000000 ____D () C:\Users\Justine
2014-03-16 16:46 - 2013-08-22 15:44 - 00366304 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-16 16:44 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-16 16:44 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-16 16:44 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-16 16:44 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-05 22:44 - 2014-03-05 22:44 - 00001495 _____ () C:\Users\Public\Desktop\Zwischenland Die fliegende Insel.lnk
2014-03-05 22:44 - 2014-03-05 22:44 - 00001149 _____ () C:\Users\Public\Desktop\GAME CENTER.lnk
2014-03-05 22:44 - 2014-03-05 22:44 - 00000000 ____D () C:\Users\John\AppData\Roaming\Specialbit
2014-03-05 22:43 - 2013-10-19 18:04 - 00000000 ____D () C:\Program Files (x86)\DEUTSCHLAND SPIELT
2014-03-05 22:34 - 2014-03-05 22:30 - 279230976 _____ (INTENIUM GmbH) C:\Users\John\Downloads\ZwischenlandDieFliegendeInsel(1).exe
2014-03-05 09:26 - 2014-03-26 17:48 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-26 17:48 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-26 17:48 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-04 23:53 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-04 23:53 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-04 21:56 - 2014-03-04 21:50 - 434313274 _____ () C:\Users\John\Downloads\Camera Uploads 25022014-04032014.zip
2014-03-04 16:05 - 2014-03-04 16:05 - 00013337 _____ () C:\Users\John\Downloads\ArbeitsamtAbschlagsänderung2014.odt
2014-03-04 07:19 - 2014-03-04 07:19 - 00002262 _____ () C:\Users\Public\Desktop\Die Sims™ 3 Inselparadies.lnk
2014-03-04 07:19 - 2014-03-04 07:19 - 00000993 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-03-04 07:19 - 2013-03-30 12:03 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-04 07:16 - 2013-03-30 11:38 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-03-04 07:16 - 2012-10-19 20:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-03 10:03 - 2014-03-03 10:03 - 00000000 ____D () C:\ProgramData\ESET
2014-03-03 10:03 - 2014-03-03 10:03 - 00000000 ____D () C:\Program Files\ESET
2014-03-03 09:57 - 2014-03-03 09:57 - 01681800 _____ (ESET) C:\Users\John\Downloads\eset_nod32_antivirus_live_installer_.exe
2014-03-02 22:22 - 2013-08-22 15:46 - 00385696 _____ () C:\WINDOWS\setupact.log
2014-03-01 07:05 - 2014-03-12 21:16 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-01 05:58 - 2014-03-12 21:16 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-01 05:30 - 2014-03-12 21:16 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-01 05:17 - 2014-03-12 21:16 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-01 04:54 - 2014-03-12 21:16 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-01 04:47 - 2014-03-12 21:16 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-01 04:42 - 2014-03-12 21:16 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-01 04:18 - 2014-03-12 21:16 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-01 04:14 - 2014-03-12 21:16 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-12 21:16 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-01 04:03 - 2014-03-12 21:16 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-01 03:57 - 2014-03-12 21:16 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-12 21:16 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-12 21:16 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-12 21:16 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-12 21:16 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-12 21:16 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-28 17:24 - 2014-02-28 09:02 - 00000000 ____D () C:\Users\John\AppData\Local\QuickPar
2014-02-27 10:09 - 2014-02-27 10:09 - 00028868 _____ () C:\Users\John\Downloads\S_20140227_10945_Neue_Nachrichten.zip
2014-02-26 15:43 - 2013-03-25 20:05 - 00000000 ____D () C:\Users\John\AppData\Roaming\MyPhoneExplorer
2014-02-25 23:07 - 2013-10-18 20:23 - 00000000 ____D () C:\Users\John
2014-02-25 10:11 - 2013-07-13 06:09 - 00000000 ____D () C:\Users\John\AppData\Local\Adobe
2014-02-25 08:52 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-12 21:16] - [2014-01-31 17:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02
LastRegBack: 2014-03-26 23:23
==================== End Of Log ============================
--- --- ---
--- --- ---
Addition: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by John at 2014-03-27 13:47:42
Running from C:\Users\John\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Animated Wallpaper - Beautiful Space 3D (HKLM\...\Beautiful Space 3D_is1) (Version: 1.13 - PUSH Entertainment)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Artist Colony (HKLM-x32\...\Artist Colony) (Version: 1.0.0.0 - INTENIUM GmbH)
Bing Bar (HKLM-x32\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
calibre (HKLM-x32\...\{CE9EE84E-F7A9-4256-8785-0CB35014DD33}) (Version: 0.9.26 - Kovid Goyal)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version: - dvd8n)
Cheatbusters 1.0.0.0 (HKLM-x32\...\Cheatbusters 1.0.0.0) (Version: 1.0.0.0 - Shadow - Time to play)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CraftROBO DesignMaster (C:\CraftROBO DesignMaster) (HKLM-x32\...\{385B9A14-B5DD-487C-A0E3-25FB62DA8E9E}) (Version: 7 - CADlink)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1.5510 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.1.1902 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.4930 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.8.4930 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily und der Duft des Erfolgs (HKLM-x32\...\Delicious: Emily und der Duft des Erfolgs) (Version: 1.0.0.0 - INTENIUM GmbH)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 1.0.0.46 - INTENIUM GmbH)
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.55.4 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Inselparadies (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
DJ_AIO_03_F4200_Software_Min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.4.6 - Dropbox, Inc.)
Edna Bricht Aus - Sammler Edition (HKLM-x32\...\EdnaSE) (Version: 1.2 - Daedalic Entertainment)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
ESET NOD32 Antivirus (HKLM\...\{7EE0D9E8-299E-4E7A-8BDE-B1D295E30077}) (Version: 7.0.302.26 - ESET, spol s r. o.)
F4200 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time)
Free Video to MP3 Converter version 5.0.24.430 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.24.430 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Harveys neue Augen Special Edition (HKLM-x32\...\Harveys neue Augen Special Edition) (Version: 1.3 - Daedalic Entertainment)
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet 1010 series - Grundlegende Software für das Gerät (HKLM\...\{7F30B5E6-174F-4039-BFA7-7189BE15EC6E}) (Version: 30.0.1093.41190 - Hewlett-Packard Co.)
HP Deskjet 1010 series Hilfe (HKLM-x32\...\{307E9E87-616E-4DC5-B509-6AB3BD2BBF87}) (Version: 30.0.0 - Hewlett Packard)
HP Deskjet F4200 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{8C925017-72A8-4C4A-AF21-84901E26638F}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP)
HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{FF27F674-821E-4BA2-985B-DDF539C2CD03}) (Version: 7.0.33.6 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{A04DCB25-7040-4935-A30D-8E0A893ABF2D}) (Version: 11.1.2.32 - Apple Inc.)
jAlbum (HKLM-x32\...\{E87F1FFB-A689-4AB4-B79C-4FC4AAF4A1FD}) (Version: 11.6.14 - Jalbum AB)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 7 Update 2 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417002FF}) (Version: 7.0.20 - Oracle)
Joe (HKLM-x32\...\{F8C986EA-13F8-4B39-91C3-A6B9A851CD34}) (Version: 4.01.0000 - Wirth IT Design)
lingDIALOG (HKLM-x32\...\InstallShield_{071B843C-9A39-40B3-BB01-BBD6A8D2E1C5}) (Version: 3.0908 - WEVOSYS)
lingDIALOG (x32 Version: 3.0908 - WEVOSYS) Hidden
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Manic Digger (HKLM-x32\...\{119E2FCB-5CDD-4C24-BCB2-56A824E2BF0A}_is1) (Version: - )
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MiPony 2.0.2 (HKLM-x32\...\MiPony) (Version: 2.0.2 - )
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.2 - F.J. Wechselberger)
Nero 12 (HKLM-x32\...\{B3E6F9B5-35CC-4010-8EDA-55ACCF468A82}) (Version: 12.5.02100 - Nero AG)
Nero 12 Content Pack (HKLM-x32\...\{4E7AC009-5212-499F-942F-A5AA42AE359E}) (Version: 12.0.00400 - Nero AG)
Nero Abstract Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero BackItUp (x32 Version: 12.5.7000 - Nero AG) Hidden
Nero BackItUp Help (CHM) (x32 Version: 12.0.13000 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20030 - Nero AG) Hidden
Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.9000 - Nero AG) Hidden
Nero Burning ROM (x32 Version: 12.5.6000 - Nero AG) Hidden
Nero Burning ROM Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Cliparts (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.21800 - Nero AG) Hidden
Nero Disc Menus 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus 2 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus 3 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Express (x32 Version: 12.5.7000 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 12.0.13000 - Nero AG) Hidden
Nero Family and Events Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Football (Soccer) Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Holiday and Sports Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Image Samples (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Kwik Media (x32 Version: 1.18.20100 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.2.7000 - Nero AG) Hidden
Nero PiP Effects 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero PiP Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Platinum Effects 12 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Recode (x32 Version: 12.5.6000 - Nero AG) Hidden
Nero Recode Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.11000 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Retro Film Themes (x32 Version: 12.0.11700 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Nero Video (x32 Version: 12.5.4000 - Nero AG) Hidden
Nero Video Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero Video Samples (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Video Transitions 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
SuperHTML Web Studio 8.5.6 (HKLM-x32\...\{31D72726-2A42-11E1-9D98-20824824019B}_is1) (Version: 8.5.6 - mirabyte GmbH & Co. KG)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.)
Video Wallpaper (HKLM\...\Video Wallpaper_is1) (Version: 2.58 - PUSH Entertainment)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Welcome App (Start-up experience) (x32 Version: 12.0.15000 - Nero AG) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinZip 17.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D8}) (Version: 17.0.10381 - WinZip Computing, S.L. )
Zwischenland: Die fliegende Insel (HKLM-x32\...\Zwischenland: Die fliegende Insel) (Version: 1.0.0.0 - INTENIUM GmbH)
==================== Restore Points =========================
12-03-2014 20:17:42 Windows Update
21-03-2014 05:22:47 Windows Update
23-03-2014 22:15:17 HPSF Restore Point
==================== Hosts content: ==========================
2013-08-22 14:25 - 2014-03-26 22:50 - 00450709 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0B852AC9-CD4B-4630-9742-6470758EF475} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {0CE72F4D-EA7B-4BDF-8BBB-FF1F9A5D23C8} - System32\Tasks\GoogleUpdateTaskMachineUA1cec963a392db2a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: {1207424E-7342-4284-8BB8-D09647E5689C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {273AFC99-55F2-4E39-9ADE-018364193A7F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {2BD0C28F-0151-43A7-A38B-DB491A072441} - System32\Tasks\HP AR Program Upload - 3d6661d696e94d978c031dcc210cac564c842311e7594d34bf2e2bdee6316c5b => C:\Program Files\HP\HP Deskjet 1010 series\bin\HPRewards.exe [2013-02-08] (TODO: <Company name>)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {30A49235-5749-44A8-AEAE-7DC47690B8FF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {510FD04C-DC5D-429C-8CEF-DB6D988B6BF5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {595CABF8-8BD3-4271-9584-C46B977051F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {75A67260-8218-4B7A-B039-8949698527DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {780F9F2F-1055-4B4A-AF2B-87A853CC8959} - System32\Tasks\MySearchDial => C:\Users\John\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8D6214AB-7FB8-4F7F-BEFC-6D8AF859B16C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {9A6B05F9-F8A4-4C71-BF2A-722B90165EEB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A09C9519-8BF8-4026-A0DA-C26AE98C2CC5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-03-21] (Microsoft Corporation)
Task: {A3B2ABB9-6AAD-4148-BF74-B242E47D97B2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {C3AABE5F-BB08-4AB5-9278-9F9F77871818} - System32\Tasks\HPCeeScheduleForJohn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {C3B6A201-FD56-47C6-8523-20D4C2BB0853} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: {CD07F67A-330F-4411-A24C-C365D19C9798} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2014-01-28] ()
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D0AD6B10-F4C9-49EB-9463-5C8C5EB4F93D} - System32\Tasks\WebReg HP Deskjet F4200 series => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe [2011-04-29] (Hewlett-Packard Company)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DC750267-134B-4B00-9332-C2DE6A0AE5C0} - System32\Tasks\GoogleUpdateTaskMachineUA1cf27695900b1f9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: {E5FC2F99-8C70-4D6B-815D-3FFDF46E8A91} - System32\Tasks\GoogleUpdateTaskMachineUA1cef11530b5334a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf27695900b1f9.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForJohn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\MySearchDial.job => C:\Users\John\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\WebReg HP Deskjet F4200 series.job => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe
==================== Loaded Modules (whitelisted) =============
2012-12-14 01:42 - 2012-12-14 01:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-28 23:14 - 2014-01-28 23:14 - 00185920 _____ () C:\ProgramData\HP Photo Creations\Communicator.exe
2013-01-28 12:08 - 2013-01-28 12:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 12:08 - 2013-01-28 12:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-19 20:17 - 2012-07-18 09:36 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-03-26 22:01 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-26 22:01 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-03-26 22:01 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-03-26 22:01 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-26 22:01 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-10-19 20:23 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-03-25 20:08 - 2014-03-25 20:08 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\John\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/26/2014 11:40:13 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SDTools.exe, Version: 2.2.18.150, Zeitstempel: 0x51949fd7
Name des fehlerhaften Moduls: SDLists.dll_unloaded, Version: 2.1.18.4, Zeitstempel: 0x51949f17
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000151e2
ID des fehlerhaften Prozesses: 0x580
Startzeit der fehlerhaften Anwendung: 0xSDTools.exe0
Pfad der fehlerhaften Anwendung: SDTools.exe1
Pfad des fehlerhaften Moduls: SDTools.exe2
Berichtskennung: SDTools.exe3
Vollständiger Name des fehlerhaften Pakets: SDTools.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SDTools.exe5
Error: (03/26/2014 11:27:33 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Die abhängige Assemblierung "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/26/2014 11:25:53 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Die abhängige Assemblierung "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/26/2014 04:51:14 PM) (Source: Application Hang) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.16431 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1de0
Startzeit: 01cf490b26665c22
Endzeit: 16
Anwendungspfad: C:\WINDOWS\system32\wwahost.exe
Berichts-ID: 747ffba4-b4fe-11e3-bf36-4c72b9419957
Vollständiger Name des fehlerhaften Pakets: Microsoft.ZuneVideo_2.2.299.0_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.ZuneVideo
Error: (03/26/2014 04:18:16 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 28.0.0.5186 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 313c
Startzeit: 01cf4905bddd689e
Endzeit: 41
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: d5b8877d-b4f9-11e3-bf36-4c72b9419957
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/25/2014 09:33:55 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Die abhängige Assemblierung "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/25/2014 03:50:08 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_12_0_0_70.exe, Version: 12.0.0.70, Zeitstempel: 0x53016278
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00b013f0
ID des fehlerhaften Prozesses: 0x3500
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_12_0_0_70.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_12_0_0_70.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_12_0_0_70.exe2
Berichtskennung: FlashPlayerPlugin_12_0_0_70.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_12_0_0_70.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_12_0_0_70.exe5
Error: (03/25/2014 01:42:53 PM) (Source: Application Hang) (User: )
Description: Programm PhotosApp.exe, Version 6.3.9600.16507 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: c84
Startzeit: 01cf4827b080efd9
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\FileManager\PhotosApp.exe
Berichts-ID: f81ef1f0-b41a-11e3-bf36-4c72b9419957
Vollständiger Name des fehlerhaften Pakets: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.Windows.PhotoManager
Error: (03/25/2014 01:42:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: HanaHomeOffice)
Description: Bei der Aktivierung der App „FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (03/25/2014 01:42:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: HanaHomeOffice)
Description: Die App „FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy+Microsoft.Windows.PhotoManager“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.
System errors:
=============
Error: (03/27/2014 01:33:42 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (03/27/2014 00:42:36 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (03/27/2014 11:42:30 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (03/27/2014 09:27:00 AM) (Source: DCOM) (User: HanaHomeOffice)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (03/27/2014 09:09:16 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (03/27/2014 09:06:41 AM) (Source: DCOM) (User: HanaHomeOffice)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (03/27/2014 08:09:10 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (03/27/2014 07:03:02 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (03/26/2014 11:04:57 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (03/26/2014 10:01:51 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Microsoft Office Sessions:
=========================
Error: (03/26/2014 11:40:13 PM) (Source: Application Error)(User: )
Description: SDTools.exe2.2.18.15051949fd7SDLists.dll_unloaded2.1.18.451949f17c0000005000151e258001cf49444e3a93e6C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTools.exeSDLists.dll97d65da6-b537-11e3-bf38-4c72b9419957
Error: (03/26/2014 11:27:33 PM) (Source: SideBySide)(User: )
Description: ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files (x86)\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest
Error: (03/26/2014 11:25:53 PM) (Source: SideBySide)(User: )
Description: ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files (x86)\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest
Error: (03/26/2014 04:51:14 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.3.9600.164311de001cf490b26665c2216C:\WINDOWS\system32\wwahost.exe747ffba4-b4fe-11e3-bf36-4c72b9419957Microsoft.ZuneVideo_2.2.299.0_x64__8wekyb3d8bbweMicrosoft.ZuneVideo
Error: (03/26/2014 04:18:16 PM) (Source: Application Hang)(User: )
Description: firefox.exe28.0.0.5186313c01cf4905bddd689e41C:\Program Files (x86)\Mozilla Firefox\firefox.exed5b8877d-b4f9-11e3-bf36-4c72b9419957
Error: (03/25/2014 09:33:55 PM) (Source: SideBySide)(User: )
Description: ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files (x86)\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest
Error: (03/25/2014 03:50:08 PM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_12_0_0_70.exe12.0.0.7053016278unknown0.0.0.000000000c000000500b013f0350001cf482a01e0b89dC:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exeunknownc20bd703-b42c-11e3-bf36-4c72b9419957
Error: (03/25/2014 01:42:53 PM) (Source: Application Hang)(User: )
Description: PhotosApp.exe6.3.9600.16507c8401cf4827b080efd94294967295C:\WINDOWS\FileManager\PhotosApp.exef81ef1f0-b41a-11e3-bf36-4c72b9419957FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewyMicrosoft.Windows.PhotoManager
Error: (03/25/2014 01:42:49 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: HanaHomeOffice)
Description: FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager-2144927142
Error: (03/25/2014 01:42:47 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: HanaHomeOffice)
Description: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy+Microsoft.Windows.PhotoManager
==================== Memory info ===========================
Percentage of memory in use: 23%
Total physical RAM: 6010.68 MB
Available physical RAM: 4593.15 MB
Total Pagefile: 6970.68 MB
Available Pagefile: 5034.97 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:711.06 GB) (Free:393.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:8.61 GB) (Free:0.99 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (TOSHIBA EXT) (Fixed) (Total:623.07 GB) (Free:42.66 GB) NTFS
Drive h: (Spiele_X) (Fixed) (Total:619.97 GB) (Free:22.81 GB) NTFS
Drive i: (Bilder_Musik_X) (Fixed) (Total:619.97 GB) (Free:13.56 GB) NTFS
Drive j: (Daten) (Fixed) (Total:675.78 GB) (Free:90.74 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1397 GB) (Disk ID: 89A7F66A)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: FCECE274)
Partition: GPT Partition Type.
==================== End Of Log ============================
Was bedeuten im Zusammenhang mit HJT die vielen "Files missed"-Einträge? Code:
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
Danke! |
FRST 32-Bit | FRST 64-Bit
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
So funktioniert es:
SecurityCheck und:
