Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win 8.1 (64 Bit): lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 27.03.2014, 08:54   #1
wegasoft
 
Win 8.1 (64 Bit):   lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen? - Standard

Win 8.1 (64 Bit): lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen?



Guten Morgen,

wie bereits im Titel beschrieben habe ich hier ein
64 Bit-System auf dem HJT einen 32 Bit-Prozess
als gefährlich einstuft und "fixen" anbietet.

Soll ich den Eintrag löschen (sasser?) oder ist
das nicht nötig?

Sind darüber hinaus noch weitere bedenkliche
Einträge im Logfile erkennbar?

Danke für Eure Unterstützung
John





Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:39:58, on 27.03.2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\John\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VideoDownloadConverter_4z Browser Plugin Loader 64] C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon64.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKUS\S-1-5-21-875375503-3799985134-3711563178-1004\..\Run: [Epson Stylus S22] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGEE.EXE /FU "C:\windows\TEMP\E_S8287.tmp" /EF "HKCU" (User 'Hana')
O4 - Startup: Tintenwarnungen überwachen - HP Deskjet 1010 series.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\windows\system32\hasplms.exe (file missing)
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Connected Remote Service (HPConnectedRemote) - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11293 bytes
         

Alt 27.03.2014, 09:07   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Win 8.1 (64 Bit):   lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen? - Standard

Win 8.1 (64 Bit): lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen?



Hi,

HJT ist total veraltet und sollte nicht mehr benutzt werden. Probleme mit dem Rechner?


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 27.03.2014, 14:06   #3
wegasoft
 
Win 8.1 (64 Bit):   lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen? - Standard

Win 8.1 (64 Bit): lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen?



Logs anbei....

FRST

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by John (administrator) on HANAHOMEOFFICE on 27-03-2014 13:47:12
Running from C:\Users\John\Downloads
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
(Intel(R) Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\ProgramData\HP Photo Creations\Communicator.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456 2013-09-12] (ESET)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM-x32\...\Run: [VideoDownloadConverter_4z Browser Plugin Loader 64] - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon64.exe
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-12] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\PE_J_DEFAULT\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
HKU\PE_J_DEFAULT\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\PE_J_HANA\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\PE_J_HANA\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\PE_J_HANA\...\Run: [Sony PC Companion] - "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
HKU\PE_J_HANA\...\Run: [Facebook Update] - "C:\Users\Hana\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\PE_J_HANA\...\Run: [Akamai NetSession Interface] - "C:\Users\Hana\AppData\Local\Akamai\netsession_win.exe"
HKU\PE_J_HANA\...\MountPoints2: {05f32868-b0df-11dd-9bc3-806e6f6e6963} - F:\Autorun.exe
HKU\PE_J_HANA\...\MountPoints2: {0997c6b9-6e32-11e0-84e7-eec77ae54d34} - L:\Startme.exe
HKU\PE_J_HANA\...\MountPoints2: {44300007-7dcf-11de-91f5-00188b5d120f} - K:\AUTOSTARTER.EXE
HKU\PE_J_HANA\...\MountPoints2: {4897b167-51f8-11df-b966-80b94b4f1412} - L:\GSLoader.exe
HKU\PE_J_HANA\...\MountPoints2: {8c69eda6-1b4f-11e1-9c2d-806e6f6e6963} - E:\Autorun.exe
HKU\PE_J_HANA\...\MountPoints2: {dcbd87da-235e-11de-accf-00188b5d120f} - N:\LaunchU3.exe -a
HKU\PE_J_HANA\...\MountPoints2: {f878400e-dd1d-11df-9c20-f3b0036ccd5e} - N:\GSLoader.exe
HKU\PE_J_JOHN\...\RunOnce: [Shockwave Updater] - C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Arcor 5.006; GTB6.5; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)" -"hxxp://www.nickjr.de/cache.php?path=/junior/game.html&aid=1973"
HKU\PE_J_JOHN\...\MountPoints2: {00b07832-f6f5-11e0-8029-fe9433fb58d9} - L:\AutoRun.exe
HKU\PE_J_JOHN\...\MountPoints2: {05f32868-b0df-11dd-9bc3-806e6f6e6963} - F:\zdata\cobi.exe
HKU\PE_J_JOHN\...\MountPoints2: {0997c57e-6e32-11e0-84e7-eec77ae54d34} - L:\Startme.exe
HKU\PE_J_JOHN\...\MountPoints2: {0997c6b9-6e32-11e0-84e7-eec77ae54d34} - L:\Startme.exe
HKU\PE_J_JOHN\...\MountPoints2: {1c6a772d-10ca-11e0-8962-9d391e0781bc} - L:\DPFMate.exe
HKU\PE_J_JOHN\...\MountPoints2: {5db19dcb-7fc8-11df-82c7-f2e79567669f} - L:\Startme.exe
HKU\PE_J_JOHN\...\MountPoints2: {77598d87-d139-11de-9061-f5513fb3b1b2} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL L:\Play.exe
HKU\PE_J_JOHN\...\MountPoints2: {9ccfb910-8134-11e0-957b-c60183717ba8} - L:\AutoRun.exe
HKU\PE_J_JOHN\...\MountPoints2: {9ccfb937-8134-11e0-957b-9b6e48e72e07} - L:\AutoRun.exe
HKU\PE_J_JOHN\...\MountPoints2: {abb80c48-99d5-11e0-890d-b702a651fbe4} - L:\KODAK_Software_Downloader.exe
HKU\PE_J_JOHN\...\MountPoints2: {dcbd87da-235e-11de-accf-00188b5d120f} - M:\LaunchU3.exe -a
HKU\PE_J_JOHN\...\MountPoints2: {f878400e-dd1d-11df-9c20-f3b0036ccd5e} - L:\GSLoader.exe
HKU\PE_J_JUSTINE\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\PE_J_JUSTINE\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\PE_J_JUSTINE\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\PE_J_SPIELE\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\PE_J_SPIELE\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\PE_J_SPIELE\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-875375503-3799985134-3711563178-1001\...\MountPoints2: {813fe800-b08a-11e2-bea2-4c72b9419957} - "L:\LaunchU3.exe" -a
HKU\S-1-5-21-875375503-3799985134-3711563178-1001\...\MountPoints2: {89193c5e-5e3d-11e3-bf2a-4c72b9419957} - "K:\GSLoader.exe" 
HKU\S-1-5-21-875375503-3799985134-3711563178-1004\...\Run: [Epson Stylus S22] - C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGEE.EXE /FU "C:\windows\TEMP\E_S8287.tmp" /EF "HKCU"
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 1010 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 1010 series.lnk -> C:\Program Files\HP\HP Deskjet 1010 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicyUsers\S-1-5-21-875375503-3799985134-3711563178-1005\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-875375503-3799985134-3711563178-1004\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-875375503-3799985134-3711563178-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2A1259230628CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=md_14_13_ff&cd=2XzuyEtN2Y1L1QzuyE0CyBtB0BzyyEtCzyzyyDyBzytBzzyCtN0D0Tzu0SzztCyCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0F0AyByCtA0FtAtGtA0A0D0DtG0EyEyB0DtGyDtC0EyEtGtC0E0CtAyBtAtDtCtCtByD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyC0D0C0C0DtAyEtG0B0Bzz0DtGtAtAtC0AtGyEtAyDzytGyDzz0E0FtA0A0BtBtDzytCtD2Q&cr=2039160804&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=md_14_13_ff&cd=2XzuyEtN2Y1L1QzuyE0CyBtB0BzyyEtCzyzyyDyBzytBzzyCtN0D0Tzu0SzztCyCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0F0AyByCtA0FtAtGtA0A0D0DtG0EyEyB0DtGyDtC0EyEtGtC0E0CtAyBtAtDtCtCtByD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyC0D0C0C0DtAyEtG0B0Bzz0DtGtAtAtC0AtGyEtAyDzytGyDzz0E0FtA0A0BtBtDzytCtD2Q&cr=2039160804&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=md_14_13_ff&cd=2XzuyEtN2Y1L1QzuyE0CyBtB0BzyyEtCzyzyyDyBzytBzzyCtN0D0Tzu0SzztCyCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0F0AyByCtA0FtAtGtA0A0D0DtG0EyEyB0DtGyDtC0EyEtGtC0E0CtAyBtAtDtCtCtByD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyC0D0C0C0DtAyEtG0B0Bzz0DtGtAtAtC0AtGyEtAyDzytGyDzz0E0FtA0A0BtBtDzytCtD2Q&cr=2039160804&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=md_14_13_ff&cd=2XzuyEtN2Y1L1QzuyE0CyBtB0BzyyEtCzyzyyDyBzytBzzyCtN0D0Tzu0SzztCyCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0F0AyByCtA0FtAtGtA0A0D0DtG0EyEyB0DtGyDtC0EyEtGtC0E0CtAyBtAtDtCtCtByD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyC0D0C0C0DtAyEtG0B0Bzz0DtGtAtAtC0AtGyEtAyDzytGyDzz0E0FtA0A0BtBtDzytCtD2Q&cr=2039160804&ir=
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8lfxhffq.default-1390413753507
FF user.js: detected! => C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8lfxhffq.default-1390413753507\user.js
FF SelectedSearchEngine: Mysearchdial
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @VideoDownloadConverter_ScriptHelper.com/Plugin - C:\Program Files (x86)\VideoDownloadConverter\npVDCPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8lfxhffq.default-1390413753507\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: DownThemAll! - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8lfxhffq.default-1390413753507\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-03-01]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-03-03]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-03-03]

Chrome: 
=======
CHR HomePage: hxxp://google.de/
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-09]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-09]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-09]
CHR Extension: (Google-Suche) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-09]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-09]
CHR Extension: (Google Mail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-09]

==================== Services (Whitelisted) =================

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET)
S3 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-08-01] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-18] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows (R) Codename Longhorn DDK provider)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-27 13:47 - 2014-03-27 13:47 - 00021968 _____ () C:\Users\John\Downloads\FRST.txt
2014-03-27 13:45 - 2014-03-27 13:47 - 00000000 ____D () C:\FRST
2014-03-27 13:44 - 2014-03-27 13:44 - 02157056 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2014-03-27 09:11 - 2014-03-27 09:11 - 00011115 _____ () C:\Users\Justine\Downloads\hijackthis.log
2014-03-27 09:10 - 2014-03-27 09:11 - 00388608 _____ (Trend Micro Inc.) C:\Users\Justine\Downloads\HiJackThis204.exe
2014-03-27 08:39 - 2014-03-27 08:39 - 00011295 _____ () C:\Users\John\Downloads\hijackthis.log
2014-03-27 08:38 - 2014-03-27 08:38 - 00388608 _____ (Trend Micro Inc.) C:\Users\John\Downloads\HiJackThis204.exe
2014-03-26 23:40 - 2014-03-26 23:40 - 00000000 ____D () C:\Users\John\Documents\ProcAlyzer Dumps
2014-03-26 22:50 - 2013-08-22 14:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140326-225048.backup
2014-03-26 22:01 - 2014-03-26 23:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-26 22:01 - 2014-03-26 22:03 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-26 22:01 - 2014-03-26 22:01 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-03-26 22:01 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-03-26 21:59 - 2014-03-26 22:00 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\John\Downloads\spybot-2.2.25.exe
2014-03-26 21:02 - 2014-01-02 17:46 - 00859720 _____ (Mindspark) C:\Program Files (x86)\4zUninstall VideoDownloadConverter.dll
2014-03-26 21:02 - 2014-01-02 17:46 - 00189848 _____ () C:\Program Files (x86)\4zres.dll
2014-03-26 18:32 - 2014-03-26 18:32 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\OpenOffice
2014-03-26 18:27 - 2014-03-26 18:33 - 00000000 ____D () C:\Users\Justine\Downloads\Sphax PureBDcraft 512x MC17
2014-03-26 18:23 - 2014-03-26 18:26 - 115988950 _____ () C:\Users\Justine\Downloads\Sphax PureBDcraft 512x MC17.zip
2014-03-26 17:48 - 2014-03-26 20:49 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-03-26 17:48 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-26 17:48 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-03-26 17:48 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-26 17:47 - 2014-03-26 17:48 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-26 17:47 - 2014-03-26 17:47 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Justine\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-26 17:47 - 2014-03-26 17:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-26 17:40 - 2014-03-26 17:41 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\vlc
2014-03-26 16:12 - 2014-03-27 12:12 - 00000318 _____ () C:\WINDOWS\Tasks\MySearchDial.job
2014-03-26 16:12 - 2014-03-26 16:12 - 00002656 _____ () C:\WINDOWS\System32\Tasks\MySearchDial
2014-03-26 16:12 - 2014-03-26 16:12 - 00000045 _____ () C:\Users\John\AppData\Roaming\WB.CFG
2014-03-26 16:10 - 2014-03-26 16:10 - 00001009 _____ () C:\Users\John\Desktop\MiPony.lnk
2014-03-26 16:10 - 2014-03-26 16:10 - 00001009 _____ () C:\Users\Hana\Desktop\MiPony.lnk
2014-03-26 16:10 - 2014-03-26 16:10 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiPony
2014-03-26 16:10 - 2014-03-26 16:10 - 00000000 ____D () C:\Program Files (x86)\MiPony
2014-03-26 16:04 - 2014-03-26 16:04 - 00000000 ____D () C:\Users\Justine\AppData\Local\Google
2014-03-26 15:46 - 2014-03-26 16:00 - 43091448 _____ () C:\Users\Justine\Desktop\64px [mc1.7.4] HD MK WORKING  1.0.zip
2014-03-26 15:41 - 2014-03-26 15:41 - 01058296 _____ () C:\Users\Justine\Downloads\Honeyball-Texture-Pack-fr-Minecraft-lnstall.exe
2014-03-26 15:30 - 2014-03-26 15:40 - 00000000 ____D () C:\Users\Justine\Downloads\Neuer Ordner
2014-03-26 14:36 - 2014-03-26 14:36 - 00001081 _____ () C:\Users\Justine\Desktop\Minecraft - Verknüpfung.lnk
2014-03-25 22:03 - 2014-03-25 22:06 - 00000000 ____D () C:\Users\John\Downloads\cdex_151
2014-03-25 22:02 - 2014-03-25 22:02 - 01923290 _____ () C:\Users\John\Downloads\cdex_151.zip
2014-03-25 22:02 - 2014-03-25 22:02 - 01923290 _____ () C:\Users\John\Downloads\cdex_151(1).zip
2014-03-25 20:08 - 2014-03-25 20:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-25 19:06 - 2014-03-25 19:06 - 00675988 _____ () C:\Users\Justine\Downloads\Minecraft.exe
2014-03-23 22:11 - 2014-02-22 13:16 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-03-23 22:11 - 2014-02-22 12:24 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-03-23 12:37 - 2014-03-23 12:37 - 00000000 ____D () C:\Users\Justine\Documents\Manic Digger
2014-03-19 17:08 - 2014-03-19 17:11 - 00000000 ____D () C:\Users\Justine\Documents\Minecraft Skin
2014-03-18 12:08 - 2014-03-18 12:08 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\Apple Computer
2014-03-18 12:08 - 2014-03-18 12:08 - 00000000 ____D () C:\Users\Justine\AppData\Local\Apple Computer
2014-03-18 12:07 - 2014-03-18 12:07 - 00000000 ____D () C:\Users\Justine\Documents\DVDVideoSoft
2014-03-18 12:07 - 2014-03-18 12:07 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\DVDVideoSoft
2014-03-17 17:32 - 2014-03-17 17:32 - 00000000 ____D () C:\Users\Justine\Documents\Electronic Arts
2014-03-16 16:58 - 2014-03-16 16:58 - 00000000 ____D () C:\Users\Justine\AppData\Local\Macromedia
2014-03-16 16:49 - 2014-03-16 16:49 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2014-03-16 16:49 - 2014-03-16 16:49 - 00000000 ____D () C:\Users\Justine\AppData\Local\VideoDownloadConverter_4z
2014-03-16 16:48 - 2014-03-16 16:48 - 00001452 _____ () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-16 16:47 - 2014-03-16 16:47 - 00000660 __RSH () C:\Users\Justine\ntuser.pol
2014-03-16 16:47 - 2014-03-16 16:47 - 00000020 ___SH () C:\Users\Justine\ntuser.ini
2014-03-12 21:17 - 2013-12-20 11:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-03-12 21:17 - 2013-12-20 11:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-03-12 21:16 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-12 21:16 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-12 21:16 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-12 21:16 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-12 21:16 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-12 21:16 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-12 21:16 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-12 21:16 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-12 21:16 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-12 21:16 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-12 21:16 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-12 21:16 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-12 21:16 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-12 21:16 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-12 21:16 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-12 21:16 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-12 21:16 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-03-12 21:16 - 2014-02-11 04:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-12 21:16 - 2014-02-11 03:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-03-12 21:16 - 2014-02-11 03:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-12 21:16 - 2014-01-31 17:15 - 00311640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-03-12 21:16 - 2014-01-31 17:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-03-12 21:16 - 2014-01-31 17:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-03-12 21:16 - 2014-01-31 14:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-03-12 21:16 - 2014-01-31 10:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-03-12 21:16 - 2014-01-29 10:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-03-12 21:16 - 2014-01-29 09:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2014-03-12 21:16 - 2014-01-29 09:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2014-03-12 21:16 - 2014-01-29 09:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-03-12 21:16 - 2014-01-29 09:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-03-12 21:16 - 2014-01-29 08:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-03-12 21:16 - 2014-01-29 08:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2014-03-12 21:16 - 2014-01-29 08:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2014-03-12 21:16 - 2014-01-29 07:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-03-12 21:16 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-03-12 21:16 - 2014-01-27 20:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2014-03-12 21:16 - 2014-01-27 20:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-03-12 21:16 - 2014-01-27 20:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2014-03-12 21:16 - 2014-01-27 19:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-03-12 21:16 - 2014-01-27 19:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2014-03-12 21:16 - 2014-01-27 19:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-03-12 21:16 - 2014-01-27 19:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2014-03-12 21:16 - 2014-01-27 19:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-03-12 21:16 - 2014-01-27 18:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-03-12 21:16 - 2014-01-27 18:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2014-03-12 21:16 - 2014-01-27 18:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2014-03-12 21:16 - 2014-01-27 16:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-03-12 21:16 - 2014-01-27 16:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-03-12 21:16 - 2014-01-27 12:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-03-12 21:16 - 2014-01-18 00:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-03-12 21:16 - 2014-01-17 22:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-03-12 21:16 - 2013-12-21 15:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2014-03-12 21:16 - 2013-12-21 09:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2014-03-12 21:16 - 2013-10-31 01:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-03-12 21:16 - 2013-10-31 01:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-03-12 21:16 - 2013-10-31 01:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-03-05 22:44 - 2014-03-05 22:44 - 00001495 _____ () C:\Users\Public\Desktop\Zwischenland Die fliegende Insel.lnk
2014-03-05 22:44 - 2014-03-05 22:44 - 00001149 _____ () C:\Users\Public\Desktop\GAME CENTER.lnk
2014-03-05 22:44 - 2014-03-05 22:44 - 00000000 ____D () C:\Users\John\AppData\Roaming\Specialbit
2014-03-05 22:30 - 2014-03-05 22:34 - 279230976 _____ (INTENIUM GmbH) C:\Users\John\Downloads\ZwischenlandDieFliegendeInsel(1).exe
2014-03-04 21:50 - 2014-03-04 21:56 - 434313274 _____ () C:\Users\John\Downloads\Camera Uploads 25022014-04032014.zip
2014-03-04 16:05 - 2014-03-04 16:05 - 00013337 _____ () C:\Users\John\Downloads\ArbeitsamtAbschlagsänderung2014.odt
2014-03-04 07:19 - 2014-03-04 07:19 - 00002262 _____ () C:\Users\Public\Desktop\Die Sims™ 3 Inselparadies.lnk
2014-03-04 07:19 - 2014-03-04 07:19 - 00000993 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-03-03 10:03 - 2014-03-03 10:03 - 00000000 ____D () C:\ProgramData\ESET
2014-03-03 10:03 - 2014-03-03 10:03 - 00000000 ____D () C:\Program Files\ESET
2014-03-03 10:03 - 2014-01-19 08:38 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-03-03 09:57 - 2014-03-03 09:57 - 01681800 _____ (ESET) C:\Users\John\Downloads\eset_nod32_antivirus_live_installer_.exe
2014-02-28 09:02 - 2014-02-28 17:24 - 00000000 ____D () C:\Users\John\AppData\Local\QuickPar
2014-02-27 10:09 - 2014-02-27 10:09 - 00028868 _____ () C:\Users\John\Downloads\S_20140227_10945_Neue_Nachrichten.zip

==================== One Month Modified Files and Folders =======

2014-03-27 13:47 - 2014-03-27 13:47 - 00021968 _____ () C:\Users\John\Downloads\FRST.txt
2014-03-27 13:47 - 2014-03-27 13:45 - 00000000 ____D () C:\FRST
2014-03-27 13:44 - 2014-03-27 13:44 - 02157056 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2014-03-27 13:44 - 2014-02-11 21:39 - 00001148 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf27695900b1f9.job
2014-03-27 13:43 - 2014-01-28 23:14 - 00000352 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2014-03-27 12:52 - 2013-03-24 12:52 - 00003170 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForJohn
2014-03-27 12:52 - 2013-03-24 12:52 - 00000358 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForJohn.job
2014-03-27 12:29 - 2013-10-18 20:32 - 02097060 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-27 12:12 - 2014-03-26 16:12 - 00000318 _____ () C:\WINDOWS\Tasks\MySearchDial.job
2014-03-27 12:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-03-27 09:25 - 2013-03-23 21:34 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-875375503-3799985134-3711563178-1001
2014-03-27 09:11 - 2014-03-27 09:11 - 00011115 _____ () C:\Users\Justine\Downloads\hijackthis.log
2014-03-27 09:11 - 2014-03-27 09:10 - 00388608 _____ (Trend Micro Inc.) C:\Users\Justine\Downloads\HiJackThis204.exe
2014-03-27 09:11 - 2013-03-24 08:12 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-875375503-3799985134-3711563178-1005
2014-03-27 09:11 - 2013-03-24 08:06 - 00000000 ____D () C:\Users\Justine\AppData\Local\VirtualStore
2014-03-27 09:06 - 2013-10-09 18:40 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-27 09:06 - 2013-10-09 18:39 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-27 08:39 - 2014-03-27 08:39 - 00011295 _____ () C:\Users\John\Downloads\hijackthis.log
2014-03-27 08:38 - 2014-03-27 08:38 - 00388608 _____ (Trend Micro Inc.) C:\Users\John\Downloads\HiJackThis204.exe
2014-03-27 07:03 - 2013-03-24 14:15 - 00000000 ____D () C:\Users\John\Desktop\System
2014-03-26 23:40 - 2014-03-26 23:40 - 00000000 ____D () C:\Users\John\Documents\ProcAlyzer Dumps
2014-03-26 23:40 - 2014-03-26 22:01 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-26 22:03 - 2014-03-26 22:01 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-26 22:01 - 2014-03-26 22:01 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-03-26 22:00 - 2014-03-26 21:59 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\John\Downloads\spybot-2.2.25.exe
2014-03-26 21:02 - 2014-01-02 17:46 - 00000000 ____D () C:\Program Files (x86)\VideoDownloadConverter
2014-03-26 21:02 - 2013-09-30 05:14 - 01980998 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-26 21:02 - 2013-09-30 04:56 - 00841326 _____ () C:\WINDOWS\system32\perfh007.dat
2014-03-26 21:02 - 2013-09-30 04:56 - 00191558 _____ () C:\WINDOWS\system32\perfc007.dat
2014-03-26 20:57 - 2013-09-29 20:04 - 00022256 _____ () C:\WINDOWS\PFRO.log
2014-03-26 20:57 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-26 20:57 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-03-26 20:57 - 2012-10-19 20:27 - 00000000 ____D () C:\WINDOWS\en
2014-03-26 20:49 - 2014-03-26 17:48 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-03-26 20:14 - 2013-04-11 17:30 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\.minecraft
2014-03-26 18:33 - 2014-03-26 18:27 - 00000000 ____D () C:\Users\Justine\Downloads\Sphax PureBDcraft 512x MC17
2014-03-26 18:32 - 2014-03-26 18:32 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\OpenOffice
2014-03-26 18:26 - 2014-03-26 18:23 - 115988950 _____ () C:\Users\Justine\Downloads\Sphax PureBDcraft 512x MC17.zip
2014-03-26 18:00 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-03-26 18:00 - 2013-03-23 22:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-26 17:59 - 2013-08-11 22:53 - 00000000 ____D () C:\FFOutput
2014-03-26 17:48 - 2014-03-26 17:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-26 17:47 - 2014-03-26 17:47 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Justine\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-26 17:47 - 2014-03-26 17:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-26 17:41 - 2014-03-26 17:40 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\vlc
2014-03-26 16:55 - 2013-03-24 04:13 - 00000000 ____D () C:\Users\John\AppData\Roaming\vlc
2014-03-26 16:12 - 2014-03-26 16:12 - 00002656 _____ () C:\WINDOWS\System32\Tasks\MySearchDial
2014-03-26 16:12 - 2014-03-26 16:12 - 00000045 _____ () C:\Users\John\AppData\Roaming\WB.CFG
2014-03-26 16:10 - 2014-03-26 16:10 - 00001009 _____ () C:\Users\John\Desktop\MiPony.lnk
2014-03-26 16:10 - 2014-03-26 16:10 - 00001009 _____ () C:\Users\Hana\Desktop\MiPony.lnk
2014-03-26 16:10 - 2014-03-26 16:10 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiPony
2014-03-26 16:10 - 2014-03-26 16:10 - 00000000 ____D () C:\Program Files (x86)\MiPony
2014-03-26 16:04 - 2014-03-26 16:04 - 00000000 ____D () C:\Users\Justine\AppData\Local\Google
2014-03-26 16:00 - 2014-03-26 15:46 - 43091448 _____ () C:\Users\Justine\Desktop\64px [mc1.7.4] HD MK WORKING  1.0.zip
2014-03-26 15:41 - 2014-03-26 15:41 - 01058296 _____ () C:\Users\Justine\Downloads\Honeyball-Texture-Pack-fr-Minecraft-lnstall.exe
2014-03-26 15:40 - 2014-03-26 15:30 - 00000000 ____D () C:\Users\Justine\Downloads\Neuer Ordner
2014-03-26 14:36 - 2014-03-26 14:36 - 00001081 _____ () C:\Users\Justine\Desktop\Minecraft - Verknüpfung.lnk
2014-03-25 22:06 - 2014-03-25 22:03 - 00000000 ____D () C:\Users\John\Downloads\cdex_151
2014-03-25 22:02 - 2014-03-25 22:02 - 01923290 _____ () C:\Users\John\Downloads\cdex_151.zip
2014-03-25 22:02 - 2014-03-25 22:02 - 01923290 _____ () C:\Users\John\Downloads\cdex_151(1).zip
2014-03-25 21:49 - 2013-03-23 22:26 - 00000000 ____D () C:\Users\John\AppData\Roaming\UseNeXT
2014-03-25 21:39 - 2013-03-23 22:26 - 00000000 ___RD () C:\Users\John\Downloads\UseNeXT
2014-03-25 20:08 - 2014-03-25 20:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-25 19:06 - 2014-03-25 19:06 - 00675988 _____ () C:\Users\Justine\Downloads\Minecraft.exe
2014-03-24 21:13 - 2013-03-25 19:48 - 00000000 ____D () C:\Users\John\dwhelper
2014-03-24 15:11 - 2014-02-12 22:40 - 00026624 _____ () C:\Users\John\Documents\FFM-NBG 2013.xls
2014-03-24 09:19 - 2013-09-08 14:19 - 00000000 ____D () C:\FILME 0913
2014-03-23 12:37 - 2014-03-23 12:37 - 00000000 ____D () C:\Users\Justine\Documents\Manic Digger
2014-03-23 12:24 - 2013-03-24 12:52 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-03-23 12:24 - 2013-03-24 12:52 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-03-21 06:25 - 2013-08-14 17:54 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-21 06:23 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-03-21 06:23 - 2013-03-24 22:33 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-19 17:11 - 2014-03-19 17:08 - 00000000 ____D () C:\Users\Justine\Documents\Minecraft Skin
2014-03-18 12:08 - 2014-03-18 12:08 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\Apple Computer
2014-03-18 12:08 - 2014-03-18 12:08 - 00000000 ____D () C:\Users\Justine\AppData\Local\Apple Computer
2014-03-18 12:07 - 2014-03-18 12:07 - 00000000 ____D () C:\Users\Justine\Documents\DVDVideoSoft
2014-03-18 12:07 - 2014-03-18 12:07 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\DVDVideoSoft
2014-03-17 17:32 - 2014-03-17 17:32 - 00000000 ____D () C:\Users\Justine\Documents\Electronic Arts
2014-03-16 19:55 - 2014-01-28 17:47 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-03-16 18:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-03-16 16:58 - 2014-03-16 16:58 - 00000000 ____D () C:\Users\Justine\AppData\Local\Macromedia
2014-03-16 16:57 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-03-16 16:50 - 2013-03-25 16:42 - 00000000 ____D () C:\Users\Justine\AppData\Local\Mozilla
2014-03-16 16:49 - 2014-03-16 16:49 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2014-03-16 16:49 - 2014-03-16 16:49 - 00000000 ____D () C:\Users\Justine\AppData\Local\VideoDownloadConverter_4z
2014-03-16 16:49 - 2013-03-24 08:06 - 00000000 ____D () C:\Users\Justine\AppData\Local\Packages
2014-03-16 16:48 - 2014-03-16 16:48 - 00001452 _____ () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-16 16:48 - 2013-03-24 08:06 - 00000000 ___RD () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-16 16:48 - 2013-03-24 08:06 - 00000000 ___RD () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-16 16:48 - 2013-03-23 21:28 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2014-03-16 16:47 - 2014-03-16 16:47 - 00000660 __RSH () C:\Users\Justine\ntuser.pol
2014-03-16 16:47 - 2014-03-16 16:47 - 00000020 ___SH () C:\Users\Justine\ntuser.ini
2014-03-16 16:47 - 2013-10-18 20:23 - 00000000 ____D () C:\Users\Justine
2014-03-16 16:46 - 2013-08-22 15:44 - 00366304 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-16 16:44 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-16 16:44 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-16 16:44 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-16 16:44 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-05 22:44 - 2014-03-05 22:44 - 00001495 _____ () C:\Users\Public\Desktop\Zwischenland Die fliegende Insel.lnk
2014-03-05 22:44 - 2014-03-05 22:44 - 00001149 _____ () C:\Users\Public\Desktop\GAME CENTER.lnk
2014-03-05 22:44 - 2014-03-05 22:44 - 00000000 ____D () C:\Users\John\AppData\Roaming\Specialbit
2014-03-05 22:43 - 2013-10-19 18:04 - 00000000 ____D () C:\Program Files (x86)\DEUTSCHLAND SPIELT
2014-03-05 22:34 - 2014-03-05 22:30 - 279230976 _____ (INTENIUM GmbH) C:\Users\John\Downloads\ZwischenlandDieFliegendeInsel(1).exe
2014-03-05 09:26 - 2014-03-26 17:48 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-26 17:48 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-26 17:48 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-04 23:53 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-04 23:53 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-04 21:56 - 2014-03-04 21:50 - 434313274 _____ () C:\Users\John\Downloads\Camera Uploads 25022014-04032014.zip
2014-03-04 16:05 - 2014-03-04 16:05 - 00013337 _____ () C:\Users\John\Downloads\ArbeitsamtAbschlagsänderung2014.odt
2014-03-04 07:19 - 2014-03-04 07:19 - 00002262 _____ () C:\Users\Public\Desktop\Die Sims™ 3 Inselparadies.lnk
2014-03-04 07:19 - 2014-03-04 07:19 - 00000993 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-03-04 07:19 - 2013-03-30 12:03 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-04 07:16 - 2013-03-30 11:38 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-03-04 07:16 - 2012-10-19 20:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-03 10:03 - 2014-03-03 10:03 - 00000000 ____D () C:\ProgramData\ESET
2014-03-03 10:03 - 2014-03-03 10:03 - 00000000 ____D () C:\Program Files\ESET
2014-03-03 09:57 - 2014-03-03 09:57 - 01681800 _____ (ESET) C:\Users\John\Downloads\eset_nod32_antivirus_live_installer_.exe
2014-03-02 22:22 - 2013-08-22 15:46 - 00385696 _____ () C:\WINDOWS\setupact.log
2014-03-01 07:05 - 2014-03-12 21:16 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-01 05:58 - 2014-03-12 21:16 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-01 05:30 - 2014-03-12 21:16 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-01 05:17 - 2014-03-12 21:16 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-01 04:54 - 2014-03-12 21:16 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-01 04:47 - 2014-03-12 21:16 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-01 04:42 - 2014-03-12 21:16 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-01 04:18 - 2014-03-12 21:16 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-01 04:14 - 2014-03-12 21:16 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-12 21:16 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-01 04:03 - 2014-03-12 21:16 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-01 03:57 - 2014-03-12 21:16 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-12 21:16 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-12 21:16 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-12 21:16 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-12 21:16 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-12 21:16 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-28 17:24 - 2014-02-28 09:02 - 00000000 ____D () C:\Users\John\AppData\Local\QuickPar
2014-02-27 10:09 - 2014-02-27 10:09 - 00028868 _____ () C:\Users\John\Downloads\S_20140227_10945_Neue_Nachrichten.zip
2014-02-26 15:43 - 2013-03-25 20:05 - 00000000 ____D () C:\Users\John\AppData\Roaming\MyPhoneExplorer
2014-02-25 23:07 - 2013-10-18 20:23 - 00000000 ____D () C:\Users\John
2014-02-25 10:11 - 2013-07-13 06:09 - 00000000 ____D () C:\Users\John\AppData\Local\Adobe
2014-02-25 08:52 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-12 21:16] - [2014-01-31 17:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02



LastRegBack: 2014-03-26 23:23

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by John at 2014-03-27 13:47:42
Running from C:\Users\John\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Animated Wallpaper - Beautiful Space 3D (HKLM\...\Beautiful Space 3D_is1) (Version: 1.13 - PUSH Entertainment)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Artist Colony (HKLM-x32\...\Artist Colony) (Version: 1.0.0.0 - INTENIUM GmbH)
Bing Bar (HKLM-x32\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
calibre (HKLM-x32\...\{CE9EE84E-F7A9-4256-8785-0CB35014DD33}) (Version: 0.9.26 - Kovid Goyal)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
Cheatbusters 1.0.0.0 (HKLM-x32\...\Cheatbusters 1.0.0.0) (Version: 1.0.0.0 - Shadow - Time to play)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CraftROBO DesignMaster (C:\CraftROBO DesignMaster) (HKLM-x32\...\{385B9A14-B5DD-487C-A0E3-25FB62DA8E9E}) (Version: 7 - CADlink)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1.5510 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.1.1902 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.4930 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.8.4930 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily und der Duft des Erfolgs (HKLM-x32\...\Delicious: Emily und der Duft des Erfolgs) (Version: 1.0.0.0 - INTENIUM GmbH)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 1.0.0.46 - INTENIUM GmbH)
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.55.4 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Inselparadies (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
DJ_AIO_03_F4200_Software_Min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.4.6 - Dropbox, Inc.)
Edna Bricht Aus - Sammler Edition (HKLM-x32\...\EdnaSE) (Version: 1.2 - Daedalic Entertainment)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
ESET NOD32 Antivirus (HKLM\...\{7EE0D9E8-299E-4E7A-8BDE-B1D295E30077}) (Version: 7.0.302.26 - ESET, spol s r. o.)
F4200 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time)
Free Video to MP3 Converter version 5.0.24.430 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.24.430 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Harveys neue Augen Special Edition (HKLM-x32\...\Harveys neue Augen Special Edition) (Version: 1.3 - Daedalic Entertainment)
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet 1010 series - Grundlegende Software für das Gerät (HKLM\...\{7F30B5E6-174F-4039-BFA7-7189BE15EC6E}) (Version: 30.0.1093.41190 - Hewlett-Packard Co.)
HP Deskjet 1010 series Hilfe (HKLM-x32\...\{307E9E87-616E-4DC5-B509-6AB3BD2BBF87}) (Version: 30.0.0 - Hewlett Packard)
HP Deskjet F4200 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{8C925017-72A8-4C4A-AF21-84901E26638F}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP)
HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{FF27F674-821E-4BA2-985B-DDF539C2CD03}) (Version: 7.0.33.6 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{A04DCB25-7040-4935-A30D-8E0A893ABF2D}) (Version: 11.1.2.32 - Apple Inc.)
jAlbum (HKLM-x32\...\{E87F1FFB-A689-4AB4-B79C-4FC4AAF4A1FD}) (Version: 11.6.14 - Jalbum AB)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 7 Update 2 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417002FF}) (Version: 7.0.20 - Oracle)
Joe (HKLM-x32\...\{F8C986EA-13F8-4B39-91C3-A6B9A851CD34}) (Version: 4.01.0000 - Wirth IT Design)
lingDIALOG (HKLM-x32\...\InstallShield_{071B843C-9A39-40B3-BB01-BBD6A8D2E1C5}) (Version: 3.0908 - WEVOSYS)
lingDIALOG (x32 Version: 3.0908 - WEVOSYS) Hidden
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Manic Digger (HKLM-x32\...\{119E2FCB-5CDD-4C24-BCB2-56A824E2BF0A}_is1) (Version:  - )
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MiPony 2.0.2 (HKLM-x32\...\MiPony) (Version: 2.0.2 - )
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.2 - F.J. Wechselberger)
Nero 12 (HKLM-x32\...\{B3E6F9B5-35CC-4010-8EDA-55ACCF468A82}) (Version: 12.5.02100 - Nero AG)
Nero 12 Content Pack (HKLM-x32\...\{4E7AC009-5212-499F-942F-A5AA42AE359E}) (Version: 12.0.00400 - Nero AG)
Nero Abstract Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero BackItUp (x32 Version: 12.5.7000 - Nero AG) Hidden
Nero BackItUp Help (CHM) (x32 Version: 12.0.13000 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20030 - Nero AG) Hidden
Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.9000 - Nero AG) Hidden
Nero Burning ROM (x32 Version: 12.5.6000 - Nero AG) Hidden
Nero Burning ROM Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Cliparts (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.21800 - Nero AG) Hidden
Nero Disc Menus 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus 2 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus 3 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Express (x32 Version: 12.5.7000 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 12.0.13000 - Nero AG) Hidden
Nero Family and Events Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Football (Soccer) Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Holiday and Sports Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Image Samples (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Kwik Media (x32 Version: 1.18.20100 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.2.7000 - Nero AG) Hidden
Nero PiP Effects 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero PiP Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Platinum Effects 12 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Recode (x32 Version: 12.5.6000 - Nero AG) Hidden
Nero Recode Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.11000 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Retro Film Themes (x32 Version: 12.0.11700 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Nero Video (x32 Version: 12.5.4000 - Nero AG) Hidden
Nero Video Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero Video Samples (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Video Transitions 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
SuperHTML Web Studio 8.5.6 (HKLM-x32\...\{31D72726-2A42-11E1-9D98-20824824019B}_is1) (Version: 8.5.6 - mirabyte GmbH & Co. KG)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
Video Wallpaper (HKLM\...\Video Wallpaper_is1) (Version: 2.58 - PUSH Entertainment)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Welcome App (Start-up experience) (x32 Version: 12.0.15000 - Nero AG) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinZip 17.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D8}) (Version: 17.0.10381 - WinZip Computing, S.L. )
Zwischenland: Die fliegende Insel (HKLM-x32\...\Zwischenland: Die fliegende Insel) (Version: 1.0.0.0 - INTENIUM GmbH)

==================== Restore Points  =========================

12-03-2014 20:17:42 Windows Update
21-03-2014 05:22:47 Windows Update
23-03-2014 22:15:17 HPSF Restore Point

==================== Hosts content: ==========================

2013-08-22 14:25 - 2014-03-26 22:50 - 00450709 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0B852AC9-CD4B-4630-9742-6470758EF475} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {0CE72F4D-EA7B-4BDF-8BBB-FF1F9A5D23C8} - System32\Tasks\GoogleUpdateTaskMachineUA1cec963a392db2a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: {1207424E-7342-4284-8BB8-D09647E5689C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {273AFC99-55F2-4E39-9ADE-018364193A7F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {2BD0C28F-0151-43A7-A38B-DB491A072441} - System32\Tasks\HP AR Program Upload - 3d6661d696e94d978c031dcc210cac564c842311e7594d34bf2e2bdee6316c5b => C:\Program Files\HP\HP Deskjet 1010 series\bin\HPRewards.exe [2013-02-08] (TODO: <Company name>)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {30A49235-5749-44A8-AEAE-7DC47690B8FF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {510FD04C-DC5D-429C-8CEF-DB6D988B6BF5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {595CABF8-8BD3-4271-9584-C46B977051F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {75A67260-8218-4B7A-B039-8949698527DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {780F9F2F-1055-4B4A-AF2B-87A853CC8959} - System32\Tasks\MySearchDial => C:\Users\John\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8D6214AB-7FB8-4F7F-BEFC-6D8AF859B16C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {9A6B05F9-F8A4-4C71-BF2A-722B90165EEB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A09C9519-8BF8-4026-A0DA-C26AE98C2CC5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-03-21] (Microsoft Corporation)
Task: {A3B2ABB9-6AAD-4148-BF74-B242E47D97B2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {C3AABE5F-BB08-4AB5-9278-9F9F77871818} - System32\Tasks\HPCeeScheduleForJohn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {C3B6A201-FD56-47C6-8523-20D4C2BB0853} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: {CD07F67A-330F-4411-A24C-C365D19C9798} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2014-01-28] ()
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D0AD6B10-F4C9-49EB-9463-5C8C5EB4F93D} - System32\Tasks\WebReg HP Deskjet F4200 series => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe [2011-04-29] (Hewlett-Packard Company)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DC750267-134B-4B00-9332-C2DE6A0AE5C0} - System32\Tasks\GoogleUpdateTaskMachineUA1cf27695900b1f9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: {E5FC2F99-8C70-4D6B-815D-3FFDF46E8A91} - System32\Tasks\GoogleUpdateTaskMachineUA1cef11530b5334a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf27695900b1f9.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForJohn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\MySearchDial.job => C:\Users\John\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\WebReg HP Deskjet F4200 series.job => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe

==================== Loaded Modules (whitelisted) =============

2012-12-14 01:42 - 2012-12-14 01:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-28 23:14 - 2014-01-28 23:14 - 00185920 _____ () C:\ProgramData\HP Photo Creations\Communicator.exe
2013-01-28 12:08 - 2013-01-28 12:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 12:08 - 2013-01-28 12:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-19 20:17 - 2012-07-18 09:36 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-03-26 22:01 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-26 22:01 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-03-26 22:01 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-03-26 22:01 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-26 22:01 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-10-19 20:23 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-03-25 20:08 - 2014-03-25 20:08 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\John\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/26/2014 11:40:13 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SDTools.exe, Version: 2.2.18.150, Zeitstempel: 0x51949fd7
Name des fehlerhaften Moduls: SDLists.dll_unloaded, Version: 2.1.18.4, Zeitstempel: 0x51949f17
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000151e2
ID des fehlerhaften Prozesses: 0x580
Startzeit der fehlerhaften Anwendung: 0xSDTools.exe0
Pfad der fehlerhaften Anwendung: SDTools.exe1
Pfad des fehlerhaften Moduls: SDTools.exe2
Berichtskennung: SDTools.exe3
Vollständiger Name des fehlerhaften Pakets: SDTools.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SDTools.exe5

Error: (03/26/2014 11:27:33 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Die abhängige Assemblierung "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/26/2014 11:25:53 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Die abhängige Assemblierung "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/26/2014 04:51:14 PM) (Source: Application Hang) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.16431 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1de0

Startzeit: 01cf490b26665c22

Endzeit: 16

Anwendungspfad: C:\WINDOWS\system32\wwahost.exe

Berichts-ID: 747ffba4-b4fe-11e3-bf36-4c72b9419957

Vollständiger Name des fehlerhaften Pakets: Microsoft.ZuneVideo_2.2.299.0_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.ZuneVideo

Error: (03/26/2014 04:18:16 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 28.0.0.5186 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 313c

Startzeit: 01cf4905bddd689e

Endzeit: 41

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: d5b8877d-b4f9-11e3-bf36-4c72b9419957

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (03/25/2014 09:33:55 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Die abhängige Assemblierung "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/25/2014 03:50:08 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_12_0_0_70.exe, Version: 12.0.0.70, Zeitstempel: 0x53016278
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00b013f0
ID des fehlerhaften Prozesses: 0x3500
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_12_0_0_70.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_12_0_0_70.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_12_0_0_70.exe2
Berichtskennung: FlashPlayerPlugin_12_0_0_70.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_12_0_0_70.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_12_0_0_70.exe5

Error: (03/25/2014 01:42:53 PM) (Source: Application Hang) (User: )
Description: Programm PhotosApp.exe, Version 6.3.9600.16507 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: c84

Startzeit: 01cf4827b080efd9

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\FileManager\PhotosApp.exe

Berichts-ID: f81ef1f0-b41a-11e3-bf36-4c72b9419957

Vollständiger Name des fehlerhaften Pakets: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.Windows.PhotoManager

Error: (03/25/2014 01:42:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: HanaHomeOffice)
Description: Bei der Aktivierung der App „FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (03/25/2014 01:42:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: HanaHomeOffice)
Description: Die App „FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy+Microsoft.Windows.PhotoManager“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.


System errors:
=============
Error: (03/27/2014 01:33:42 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/27/2014 00:42:36 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/27/2014 11:42:30 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/27/2014 09:27:00 AM) (Source: DCOM) (User: HanaHomeOffice)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (03/27/2014 09:09:16 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/27/2014 09:06:41 AM) (Source: DCOM) (User: HanaHomeOffice)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (03/27/2014 08:09:10 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/27/2014 07:03:02 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/26/2014 11:04:57 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/26/2014 10:01:51 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.


Microsoft Office Sessions:
=========================
Error: (03/26/2014 11:40:13 PM) (Source: Application Error)(User: )
Description: SDTools.exe2.2.18.15051949fd7SDLists.dll_unloaded2.1.18.451949f17c0000005000151e258001cf49444e3a93e6C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTools.exeSDLists.dll97d65da6-b537-11e3-bf38-4c72b9419957

Error: (03/26/2014 11:27:33 PM) (Source: SideBySide)(User: )
Description: ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files (x86)\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest

Error: (03/26/2014 11:25:53 PM) (Source: SideBySide)(User: )
Description: ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files (x86)\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest

Error: (03/26/2014 04:51:14 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.3.9600.164311de001cf490b26665c2216C:\WINDOWS\system32\wwahost.exe747ffba4-b4fe-11e3-bf36-4c72b9419957Microsoft.ZuneVideo_2.2.299.0_x64__8wekyb3d8bbweMicrosoft.ZuneVideo

Error: (03/26/2014 04:18:16 PM) (Source: Application Hang)(User: )
Description: firefox.exe28.0.0.5186313c01cf4905bddd689e41C:\Program Files (x86)\Mozilla Firefox\firefox.exed5b8877d-b4f9-11e3-bf36-4c72b9419957

Error: (03/25/2014 09:33:55 PM) (Source: SideBySide)(User: )
Description: ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files (x86)\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest

Error: (03/25/2014 03:50:08 PM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_12_0_0_70.exe12.0.0.7053016278unknown0.0.0.000000000c000000500b013f0350001cf482a01e0b89dC:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exeunknownc20bd703-b42c-11e3-bf36-4c72b9419957

Error: (03/25/2014 01:42:53 PM) (Source: Application Hang)(User: )
Description: PhotosApp.exe6.3.9600.16507c8401cf4827b080efd94294967295C:\WINDOWS\FileManager\PhotosApp.exef81ef1f0-b41a-11e3-bf36-4c72b9419957FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewyMicrosoft.Windows.PhotoManager

Error: (03/25/2014 01:42:49 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: HanaHomeOffice)
Description: FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager-2144927142

Error: (03/25/2014 01:42:47 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: HanaHomeOffice)
Description: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy+Microsoft.Windows.PhotoManager


==================== Memory info =========================== 

Percentage of memory in use: 23%
Total physical RAM: 6010.68 MB
Available physical RAM: 4593.15 MB
Total Pagefile: 6970.68 MB
Available Pagefile: 5034.97 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:711.06 GB) (Free:393.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:8.61 GB) (Free:0.99 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (TOSHIBA EXT) (Fixed) (Total:623.07 GB) (Free:42.66 GB) NTFS
Drive h: (Spiele_X) (Fixed) (Total:619.97 GB) (Free:22.81 GB) NTFS
Drive i: (Bilder_Musik_X) (Fixed) (Total:619.97 GB) (Free:13.56 GB) NTFS
Drive j: (Daten) (Fixed) (Total:675.78 GB) (Free:90.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1397 GB) (Disk ID: 89A7F66A)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: FCECE274)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Was bedeuten im Zusammenhang mit HJT die vielen "Files missed"-Einträge?
Code:
ATTFilter
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
         
Danke!
__________________

Geändert von wegasoft (27.03.2014 um 14:09 Uhr) Grund: Ergänzung HJT-Log

Alt 28.03.2014, 09:23   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Win 8.1 (64 Bit):   lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen? - Standard

Win 8.1 (64 Bit): lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen?



Nochmal. HJT ist alt und zeigt nur Müll an.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
GroupPolicyUsers\S-1-5-21-875375503-3799985134-3711563178-1005\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-875375503-3799985134-3711563178-1004\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-875375503-3799985134-3711563178-1001\User: Group Policy restriction detected <======= ATTENTION
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Da ist Adware auf dem System:


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.04.2014, 21:09   #5
wegasoft
 
Win 8.1 (64 Bit):   lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen? - Standard

Win 8.1 (64 Bit): lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen?



Danke für die Anleitung, sorry für die Wartezeit.
Hier die Logs.

John

Angehängte Dateien
Dateityp: txt FRST.txt (42,9 KB, 129x aufgerufen)

Alt 02.04.2014, 14:43   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Win 8.1 (64 Bit):   lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen? - Standard

Win 8.1 (64 Bit): lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen?



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.






ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> Win 8.1 (64 Bit): lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen?

Alt 03.04.2014, 02:58   #7
wegasoft
 
Win 8.1 (64 Bit):   lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen? - Standard

Win 8.1 (64 Bit): lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen?



Hallo schrauber,

die Logs anbei:

FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by John (administrator) on HANAHOMEOFFICE on 03-04-2014 02:52:16
Running from C:\Users\John\Downloads
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
(Intel(R) Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\ProgramData\HP Photo Creations\Communicator.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456 2013-09-12] (ESET)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-25] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-875375503-3799985134-3711563178-1001\...\MountPoints2: {813fe800-b08a-11e2-bea2-4c72b9419957} - "L:\LaunchU3.exe" -a
HKU\S-1-5-21-875375503-3799985134-3711563178-1001\...\MountPoints2: {89193c5e-5e3d-11e3-bf2a-4c72b9419957} - "L:\GSLoader.exe" 
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 1010 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 1010 series.lnk -> C:\Program Files\HP\HP Deskjet 1010 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2A1259230628CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8lfxhffq.default-1390413753507
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8lfxhffq.default-1390413753507\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: DownThemAll! - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8lfxhffq.default-1390413753507\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-03-01]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-03-03]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-03-03]

Chrome: 
=======
CHR HomePage: hxxp://google.de/
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-09]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-09]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-09]
CHR Extension: (Google-Suche) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-09]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-09]
CHR Extension: (Google Mail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-09]

==================== Services (Whitelisted) =================

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET)
S3 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-08-01] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-18] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows (R) Codename Longhorn DDK provider)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-03 02:48 - 2014-04-03 02:48 - 00000927 _____ () C:\Users\John\Downloads\checkup.txt
2014-04-03 01:54 - 2014-04-03 01:54 - 00001859 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-04-03 01:54 - 2014-04-03 01:54 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-04-03 01:51 - 2014-04-03 01:51 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-04-03 01:50 - 2014-04-03 01:51 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-03 01:50 - 2014-04-03 01:51 - 00000000 ____D () C:\Program Files\iTunes
2014-04-03 01:50 - 2014-04-03 01:51 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-04-03 01:50 - 2014-04-03 01:50 - 00000000 ____D () C:\Program Files\iPod
2014-04-02 21:19 - 2014-04-02 21:24 - 00000000 ____D () C:\GalaxyMini02042014
2014-04-02 20:37 - 2014-04-02 20:37 - 00987442 _____ () C:\Users\John\Downloads\SecurityCheck.exe
2014-04-01 21:01 - 2014-04-01 21:01 - 00000897 _____ () C:\Users\John\Documents\JRT.txt
2014-04-01 21:00 - 2014-04-01 21:00 - 00000897 _____ () C:\Users\John\Desktop\JRT.txt
2014-04-01 20:56 - 2014-04-01 20:56 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-01 20:55 - 2014-04-01 20:55 - 01038974 _____ (Thisisu) C:\Users\John\Downloads\JRT.exe
2014-04-01 20:52 - 2014-04-01 20:52 - 00000378 _____ () C:\Users\John\Documents\Fixlist.txt
2014-03-31 14:00 - 2014-03-31 14:00 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-31 13:59 - 2014-03-31 13:59 - 02347384 _____ (ESET) C:\Users\John\Downloads\esetsmartinstaller_enu.exe
2014-03-31 13:58 - 2014-03-31 13:58 - 00707006 _____ () C:\Users\John\Downloads\delfix.exe
2014-03-30 16:28 - 2014-03-30 16:28 - 00001163 _____ () C:\MBAM30032014.txt
2014-03-30 16:23 - 2014-03-30 16:23 - 00001206 _____ () C:\MBAM30032014.Xml
2014-03-29 12:07 - 2014-03-29 12:07 - 00007305 _____ () C:\MBAMProtokoll.Xml
2014-03-29 11:52 - 2014-03-29 11:52 - 00005267 _____ () C:\MBAMProtokoll.txt
2014-03-28 17:27 - 2014-03-28 17:27 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-28 17:25 - 2014-03-28 17:25 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-28 08:33 - 2014-03-28 08:41 - 00000000 ____D () C:\AdwCleaner
2014-03-28 08:33 - 2014-03-28 08:33 - 01950720 _____ () C:\Users\John\Downloads\adwcleaner.exe
2014-03-28 08:06 - 2014-04-03 02:11 - 00001148 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf4a4bed7a56f2.job
2014-03-28 08:06 - 2014-03-28 08:06 - 00004120 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1cf4a4bed7a56f2
2014-03-27 15:48 - 2014-03-27 15:48 - 00374842 _____ () C:\Users\Justine\Downloads\OptiFine_1.6.2.zip
2014-03-27 15:44 - 2014-03-27 15:44 - 00001331 _____ () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft - Verknüpfung.lnk
2014-03-27 14:47 - 2014-04-03 02:52 - 00014649 _____ () C:\Users\John\Downloads\FRST.txt
2014-03-27 14:47 - 2014-03-27 14:48 - 00041749 _____ () C:\Users\John\Downloads\Addition.txt
2014-03-27 14:45 - 2014-04-03 02:52 - 00000000 ____D () C:\FRST
2014-03-27 14:44 - 2014-03-27 14:44 - 02157056 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2014-03-27 10:11 - 2014-03-27 10:11 - 00011115 _____ () C:\Users\Justine\Downloads\hijackthis.log
2014-03-27 10:10 - 2014-03-27 10:11 - 00388608 _____ (Trend Micro Inc.) C:\Users\Justine\Downloads\HiJackThis204.exe
2014-03-27 09:39 - 2014-03-27 09:39 - 00011295 _____ () C:\Users\John\Downloads\hijackthis.log
2014-03-27 09:38 - 2014-03-27 09:38 - 00388608 _____ (Trend Micro Inc.) C:\Users\John\Downloads\HiJackThis204.exe
2014-03-27 00:40 - 2014-03-27 00:40 - 00000000 ____D () C:\Users\John\Documents\ProcAlyzer Dumps
2014-03-26 23:50 - 2013-08-22 15:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140326-225048.backup
2014-03-26 23:01 - 2014-03-27 00:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-26 23:01 - 2014-03-26 23:03 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-26 23:01 - 2014-03-26 23:01 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-03-26 23:01 - 2013-09-20 11:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-03-26 22:59 - 2014-03-26 23:00 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\John\Downloads\spybot-2.2.25.exe
2014-03-26 19:32 - 2014-03-26 19:32 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\OpenOffice
2014-03-26 19:27 - 2014-03-26 19:33 - 00000000 ____D () C:\Users\Justine\Downloads\Sphax PureBDcraft 512x MC17
2014-03-26 19:23 - 2014-03-26 19:26 - 115988950 _____ () C:\Users\Justine\Downloads\Sphax PureBDcraft 512x MC17.zip
2014-03-26 18:48 - 2014-03-30 16:27 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-03-26 18:48 - 2014-03-05 10:26 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-26 18:48 - 2014-03-05 10:26 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-03-26 18:48 - 2014-03-05 10:26 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-26 18:47 - 2014-03-28 17:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-26 18:47 - 2014-03-26 18:47 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Justine\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-26 18:47 - 2014-03-26 18:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-26 18:40 - 2014-03-26 18:41 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\vlc
2014-03-26 17:12 - 2014-03-26 17:12 - 00000045 _____ () C:\Users\John\AppData\Roaming\WB.CFG
2014-03-26 17:04 - 2014-03-26 17:04 - 00000000 ____D () C:\Users\Justine\AppData\Local\Google
2014-03-26 16:41 - 2014-03-26 16:41 - 01058296 _____ () C:\Users\Justine\Downloads\Honeyball-Texture-Pack-fr-Minecraft-lnstall.exe
2014-03-26 16:30 - 2014-03-26 16:40 - 00000000 ____D () C:\Users\Justine\Downloads\Neuer Ordner
2014-03-26 15:36 - 2014-03-27 15:44 - 00001103 _____ () C:\Users\Justine\Desktop\Minecraft - Verknüpfung.lnk
2014-03-25 23:03 - 2014-03-25 23:06 - 00000000 ____D () C:\Users\John\Downloads\cdex_151
2014-03-25 23:02 - 2014-03-25 23:02 - 01923290 _____ () C:\Users\John\Downloads\cdex_151.zip
2014-03-25 23:02 - 2014-03-25 23:02 - 01923290 _____ () C:\Users\John\Downloads\cdex_151(1).zip
2014-03-25 21:08 - 2014-03-25 21:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-25 20:06 - 2014-03-25 20:06 - 00675988 _____ () C:\Users\Justine\Downloads\Minecraft.exe
2014-03-23 23:11 - 2014-02-22 14:16 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-03-23 23:11 - 2014-02-22 13:24 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-03-23 13:37 - 2014-03-23 13:37 - 00000000 ____D () C:\Users\Justine\Documents\Manic Digger
2014-03-19 18:08 - 2014-03-19 18:11 - 00000000 ____D () C:\Users\Justine\Documents\Minecraft Skin
2014-03-18 13:08 - 2014-03-18 13:08 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\Apple Computer
2014-03-18 13:08 - 2014-03-18 13:08 - 00000000 ____D () C:\Users\Justine\AppData\Local\Apple Computer
2014-03-18 13:07 - 2014-03-18 13:07 - 00000000 ____D () C:\Users\Justine\Documents\DVDVideoSoft
2014-03-18 13:07 - 2014-03-18 13:07 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\DVDVideoSoft
2014-03-17 18:32 - 2014-03-17 18:32 - 00000000 ____D () C:\Users\Justine\Documents\Electronic Arts
2014-03-16 17:58 - 2014-03-16 17:58 - 00000000 ____D () C:\Users\Justine\AppData\Local\Macromedia
2014-03-16 17:49 - 2014-03-16 17:49 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2014-03-16 17:48 - 2014-03-16 17:48 - 00001452 _____ () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-16 17:47 - 2014-03-16 17:47 - 00000660 __RSH () C:\Users\Justine\ntuser.pol
2014-03-16 17:47 - 2014-03-16 17:47 - 00000020 ___SH () C:\Users\Justine\ntuser.ini
2014-03-12 22:17 - 2013-12-20 12:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-03-12 22:17 - 2013-12-20 12:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-03-12 22:16 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-12 22:16 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-12 22:16 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-12 22:16 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-12 22:16 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-12 22:16 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-12 22:16 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-12 22:16 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-12 22:16 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-12 22:16 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-12 22:16 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-12 22:16 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-12 22:16 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-12 22:16 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-12 22:16 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-12 22:16 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-12 22:16 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-03-12 22:16 - 2014-02-11 05:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-12 22:16 - 2014-02-11 04:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-03-12 22:16 - 2014-02-11 04:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-12 22:16 - 2014-01-31 18:15 - 00311640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-03-12 22:16 - 2014-01-31 18:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-03-12 22:16 - 2014-01-31 18:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-03-12 22:16 - 2014-01-31 15:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-03-12 22:16 - 2014-01-31 11:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-03-12 22:16 - 2014-01-29 11:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-03-12 22:16 - 2014-01-29 10:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2014-03-12 22:16 - 2014-01-29 10:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2014-03-12 22:16 - 2014-01-29 10:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-03-12 22:16 - 2014-01-29 10:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-03-12 22:16 - 2014-01-29 09:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-03-12 22:16 - 2014-01-29 09:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2014-03-12 22:16 - 2014-01-29 09:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2014-03-12 22:16 - 2014-01-29 08:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-03-12 22:16 - 2014-01-29 02:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-03-12 22:16 - 2014-01-27 21:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2014-03-12 22:16 - 2014-01-27 21:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-03-12 22:16 - 2014-01-27 21:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2014-03-12 22:16 - 2014-01-27 20:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-03-12 22:16 - 2014-01-27 20:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2014-03-12 22:16 - 2014-01-27 20:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-03-12 22:16 - 2014-01-27 20:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2014-03-12 22:16 - 2014-01-27 20:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-03-12 22:16 - 2014-01-27 19:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-03-12 22:16 - 2014-01-27 19:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2014-03-12 22:16 - 2014-01-27 19:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2014-03-12 22:16 - 2014-01-27 17:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-03-12 22:16 - 2014-01-27 17:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-03-12 22:16 - 2014-01-27 13:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-03-12 22:16 - 2014-01-18 01:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-03-12 22:16 - 2014-01-17 23:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-03-12 22:16 - 2013-12-21 16:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2014-03-12 22:16 - 2013-12-21 10:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2014-03-12 22:16 - 2013-10-31 02:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-03-12 22:16 - 2013-10-31 02:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-03-12 22:16 - 2013-10-31 02:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-03-05 23:44 - 2014-03-05 23:44 - 00001495 _____ () C:\Users\Public\Desktop\Zwischenland Die fliegende Insel.lnk
2014-03-05 23:44 - 2014-03-05 23:44 - 00001149 _____ () C:\Users\Public\Desktop\GAME CENTER.lnk
2014-03-05 23:44 - 2014-03-05 23:44 - 00000000 ____D () C:\Users\John\AppData\Roaming\Specialbit
2014-03-05 23:30 - 2014-03-05 23:34 - 279230976 _____ (INTENIUM GmbH) C:\Users\John\Downloads\ZwischenlandDieFliegendeInsel(1).exe
2014-03-04 22:50 - 2014-03-04 22:56 - 434313274 _____ () C:\Users\John\Downloads\Camera Uploads 25022014-04032014.zip
2014-03-04 17:05 - 2014-03-04 17:05 - 00013337 _____ () C:\Users\John\Downloads\ArbeitsamtAbschlagsänderung2014.odt
2014-03-04 08:19 - 2014-03-04 08:19 - 00002262 _____ () C:\Users\Public\Desktop\Die Sims™ 3 Inselparadies.lnk
2014-03-04 08:19 - 2014-03-04 08:19 - 00000993 _____ () C:\Users\Public\Desktop\Origin.lnk

==================== One Month Modified Files and Folders =======

2014-04-03 02:52 - 2014-03-27 14:47 - 00014649 _____ () C:\Users\John\Downloads\FRST.txt
2014-04-03 02:52 - 2014-03-27 14:45 - 00000000 ____D () C:\FRST
2014-04-03 02:48 - 2014-04-03 02:48 - 00000927 _____ () C:\Users\John\Downloads\checkup.txt
2014-04-03 02:46 - 2013-03-23 23:26 - 00000000 ____D () C:\Users\John\AppData\Roaming\UseNeXT
2014-04-03 02:45 - 2013-03-23 23:26 - 00000000 ___RD () C:\Users\John\Downloads\UseNeXT
2014-04-03 02:43 - 2014-01-29 00:14 - 00000352 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2014-04-03 02:11 - 2014-03-28 08:06 - 00001148 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf4a4bed7a56f2.job
2014-04-03 02:11 - 2013-03-23 22:34 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-875375503-3799985134-3711563178-1001
2014-04-03 02:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-04-03 01:54 - 2014-04-03 01:54 - 00001859 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-04-03 01:54 - 2014-04-03 01:54 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-04-03 01:51 - 2014-04-03 01:51 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-04-03 01:51 - 2014-04-03 01:50 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-03 01:51 - 2014-04-03 01:50 - 00000000 ____D () C:\Program Files\iTunes
2014-04-03 01:51 - 2014-04-03 01:50 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-04-03 01:50 - 2014-04-03 01:50 - 00000000 ____D () C:\Program Files\iPod
2014-04-03 01:47 - 2012-10-19 21:23 - 00000000 ____D () C:\ProgramData\Apple
2014-04-03 01:45 - 2013-10-18 21:32 - 01401886 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-02 21:24 - 2014-04-02 21:19 - 00000000 ____D () C:\GalaxyMini02042014
2014-04-02 21:22 - 2013-03-25 21:05 - 00000000 ____D () C:\Users\John\AppData\Roaming\MyPhoneExplorer
2014-04-02 20:37 - 2014-04-02 20:37 - 00987442 _____ () C:\Users\John\Downloads\SecurityCheck.exe
2014-04-02 18:47 - 2013-09-30 06:14 - 01980998 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-02 18:47 - 2013-09-30 05:56 - 00841326 _____ () C:\WINDOWS\system32\perfh007.dat
2014-04-02 18:47 - 2013-09-30 05:56 - 00191558 _____ () C:\WINDOWS\system32\perfc007.dat
2014-04-02 18:46 - 2013-08-22 16:46 - 00387286 _____ () C:\WINDOWS\setupact.log
2014-04-02 17:46 - 2013-03-24 09:12 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-875375503-3799985134-3711563178-1005
2014-04-02 17:37 - 2013-10-09 19:40 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-02 17:37 - 2013-10-09 19:39 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-02 15:12 - 2013-03-24 05:13 - 00000000 ____D () C:\Users\John\AppData\Roaming\vlc
2014-04-01 23:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-04-01 21:44 - 2013-09-29 21:04 - 00034944 _____ () C:\WINDOWS\PFRO.log
2014-04-01 21:44 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-01 21:01 - 2014-04-01 21:01 - 00000897 _____ () C:\Users\John\Documents\JRT.txt
2014-04-01 21:00 - 2014-04-01 21:00 - 00000897 _____ () C:\Users\John\Desktop\JRT.txt
2014-04-01 20:56 - 2014-04-01 20:56 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-01 20:55 - 2014-04-01 20:55 - 01038974 _____ (Thisisu) C:\Users\John\Downloads\JRT.exe
2014-04-01 20:52 - 2014-04-01 20:52 - 00000378 _____ () C:\Users\John\Documents\Fixlist.txt
2014-04-01 13:09 - 2013-08-11 23:53 - 00000000 ____D () C:\FFOutput
2014-03-31 18:52 - 2013-03-24 13:52 - 00003170 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForJohn
2014-03-31 18:52 - 2013-03-24 13:52 - 00000358 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForJohn.job
2014-03-31 14:00 - 2014-03-31 14:00 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-31 13:59 - 2014-03-31 13:59 - 02347384 _____ (ESET) C:\Users\John\Downloads\esetsmartinstaller_enu.exe
2014-03-31 13:58 - 2014-03-31 13:58 - 00707006 _____ () C:\Users\John\Downloads\delfix.exe
2014-03-30 16:28 - 2014-03-30 16:28 - 00001163 _____ () C:\MBAM30032014.txt
2014-03-30 16:27 - 2014-03-26 18:48 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-03-30 16:23 - 2014-03-30 16:23 - 00001206 _____ () C:\MBAM30032014.Xml
2014-03-30 12:17 - 2013-03-24 13:52 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-03-30 12:17 - 2013-03-24 13:52 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-03-30 09:08 - 2013-03-25 20:48 - 00000000 ____D () C:\Users\John\dwhelper
2014-03-29 14:41 - 2013-04-11 18:30 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\.minecraft
2014-03-29 12:07 - 2014-03-29 12:07 - 00007305 _____ () C:\MBAMProtokoll.Xml
2014-03-29 11:52 - 2014-03-29 11:52 - 00005267 _____ () C:\MBAMProtokoll.txt
2014-03-28 17:27 - 2014-03-28 17:27 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-28 17:27 - 2014-03-26 18:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-28 17:25 - 2014-03-28 17:25 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-28 08:41 - 2014-03-28 08:33 - 00000000 ____D () C:\AdwCleaner
2014-03-28 08:33 - 2014-03-28 08:33 - 01950720 _____ () C:\Users\John\Downloads\adwcleaner.exe
2014-03-28 08:06 - 2014-03-28 08:06 - 00004120 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1cf4a4bed7a56f2
2014-03-28 08:06 - 2013-10-09 19:39 - 00003872 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-27 15:48 - 2014-03-27 15:48 - 00374842 _____ () C:\Users\Justine\Downloads\OptiFine_1.6.2.zip
2014-03-27 15:44 - 2014-03-27 15:44 - 00001331 _____ () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft - Verknüpfung.lnk
2014-03-27 15:44 - 2014-03-26 15:36 - 00001103 _____ () C:\Users\Justine\Desktop\Minecraft - Verknüpfung.lnk
2014-03-27 14:48 - 2014-03-27 14:47 - 00041749 _____ () C:\Users\John\Downloads\Addition.txt
2014-03-27 14:44 - 2014-03-27 14:44 - 02157056 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2014-03-27 10:11 - 2014-03-27 10:11 - 00011115 _____ () C:\Users\Justine\Downloads\hijackthis.log
2014-03-27 10:11 - 2014-03-27 10:10 - 00388608 _____ (Trend Micro Inc.) C:\Users\Justine\Downloads\HiJackThis204.exe
2014-03-27 10:11 - 2013-03-24 09:06 - 00000000 ____D () C:\Users\Justine\AppData\Local\VirtualStore
2014-03-27 09:39 - 2014-03-27 09:39 - 00011295 _____ () C:\Users\John\Downloads\hijackthis.log
2014-03-27 09:38 - 2014-03-27 09:38 - 00388608 _____ (Trend Micro Inc.) C:\Users\John\Downloads\HiJackThis204.exe
2014-03-27 08:03 - 2013-03-24 15:15 - 00000000 ____D () C:\Users\John\Desktop\System
2014-03-27 00:40 - 2014-03-27 00:40 - 00000000 ____D () C:\Users\John\Documents\ProcAlyzer Dumps
2014-03-27 00:40 - 2014-03-26 23:01 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-26 23:03 - 2014-03-26 23:01 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-26 23:01 - 2014-03-26 23:01 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-03-26 23:00 - 2014-03-26 22:59 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\John\Downloads\spybot-2.2.25.exe
2014-03-26 21:57 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-03-26 21:57 - 2012-10-19 21:27 - 00000000 ____D () C:\WINDOWS\en
2014-03-26 19:33 - 2014-03-26 19:27 - 00000000 ____D () C:\Users\Justine\Downloads\Sphax PureBDcraft 512x MC17
2014-03-26 19:32 - 2014-03-26 19:32 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\OpenOffice
2014-03-26 19:26 - 2014-03-26 19:23 - 115988950 _____ () C:\Users\Justine\Downloads\Sphax PureBDcraft 512x MC17.zip
2014-03-26 19:00 - 2013-08-22 17:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-03-26 19:00 - 2013-03-23 23:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-26 18:47 - 2014-03-26 18:47 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Justine\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-26 18:47 - 2014-03-26 18:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-26 18:41 - 2014-03-26 18:40 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\vlc
2014-03-26 17:12 - 2014-03-26 17:12 - 00000045 _____ () C:\Users\John\AppData\Roaming\WB.CFG
2014-03-26 17:04 - 2014-03-26 17:04 - 00000000 ____D () C:\Users\Justine\AppData\Local\Google
2014-03-26 16:41 - 2014-03-26 16:41 - 01058296 _____ () C:\Users\Justine\Downloads\Honeyball-Texture-Pack-fr-Minecraft-lnstall.exe
2014-03-26 16:40 - 2014-03-26 16:30 - 00000000 ____D () C:\Users\Justine\Downloads\Neuer Ordner
2014-03-25 23:06 - 2014-03-25 23:03 - 00000000 ____D () C:\Users\John\Downloads\cdex_151
2014-03-25 23:02 - 2014-03-25 23:02 - 01923290 _____ () C:\Users\John\Downloads\cdex_151.zip
2014-03-25 23:02 - 2014-03-25 23:02 - 01923290 _____ () C:\Users\John\Downloads\cdex_151(1).zip
2014-03-25 21:08 - 2014-03-25 21:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-25 20:06 - 2014-03-25 20:06 - 00675988 _____ () C:\Users\Justine\Downloads\Minecraft.exe
2014-03-24 16:11 - 2014-02-12 23:40 - 00026624 _____ () C:\Users\John\Documents\FFM-NBG 2013.xls
2014-03-24 10:19 - 2013-09-08 15:19 - 00000000 ____D () C:\FILME 0913
2014-03-23 13:37 - 2014-03-23 13:37 - 00000000 ____D () C:\Users\Justine\Documents\Manic Digger
2014-03-21 07:25 - 2013-08-14 18:54 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-21 07:23 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-03-21 07:23 - 2013-03-24 23:33 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-19 18:11 - 2014-03-19 18:08 - 00000000 ____D () C:\Users\Justine\Documents\Minecraft Skin
2014-03-18 13:08 - 2014-03-18 13:08 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\Apple Computer
2014-03-18 13:08 - 2014-03-18 13:08 - 00000000 ____D () C:\Users\Justine\AppData\Local\Apple Computer
2014-03-18 13:07 - 2014-03-18 13:07 - 00000000 ____D () C:\Users\Justine\Documents\DVDVideoSoft
2014-03-18 13:07 - 2014-03-18 13:07 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\DVDVideoSoft
2014-03-17 18:32 - 2014-03-17 18:32 - 00000000 ____D () C:\Users\Justine\Documents\Electronic Arts
2014-03-16 20:55 - 2014-01-28 18:47 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-03-16 19:51 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-03-16 17:58 - 2014-03-16 17:58 - 00000000 ____D () C:\Users\Justine\AppData\Local\Macromedia
2014-03-16 17:50 - 2013-03-25 17:42 - 00000000 ____D () C:\Users\Justine\AppData\Local\Mozilla
2014-03-16 17:49 - 2014-03-16 17:49 - 00000000 ____D () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2014-03-16 17:49 - 2013-03-24 09:06 - 00000000 ____D () C:\Users\Justine\AppData\Local\Packages
2014-03-16 17:48 - 2014-03-16 17:48 - 00001452 _____ () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-16 17:48 - 2013-03-24 09:06 - 00000000 ___RD () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-16 17:48 - 2013-03-24 09:06 - 00000000 ___RD () C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-16 17:48 - 2013-03-23 22:28 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2014-03-16 17:47 - 2014-03-16 17:47 - 00000660 __RSH () C:\Users\Justine\ntuser.pol
2014-03-16 17:47 - 2014-03-16 17:47 - 00000020 ___SH () C:\Users\Justine\ntuser.ini
2014-03-16 17:47 - 2013-10-18 21:23 - 00000000 ____D () C:\Users\Justine
2014-03-16 17:46 - 2013-08-22 16:44 - 00366304 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-16 17:44 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-16 17:44 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-16 17:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-16 17:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-05 23:44 - 2014-03-05 23:44 - 00001495 _____ () C:\Users\Public\Desktop\Zwischenland Die fliegende Insel.lnk
2014-03-05 23:44 - 2014-03-05 23:44 - 00001149 _____ () C:\Users\Public\Desktop\GAME CENTER.lnk
2014-03-05 23:44 - 2014-03-05 23:44 - 00000000 ____D () C:\Users\John\AppData\Roaming\Specialbit
2014-03-05 23:43 - 2013-10-19 19:04 - 00000000 ____D () C:\Program Files (x86)\DEUTSCHLAND SPIELT
2014-03-05 23:34 - 2014-03-05 23:30 - 279230976 _____ (INTENIUM GmbH) C:\Users\John\Downloads\ZwischenlandDieFliegendeInsel(1).exe
2014-03-05 10:26 - 2014-03-26 18:48 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-05 10:26 - 2014-03-26 18:48 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-03-05 10:26 - 2014-03-26 18:48 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-05 00:53 - 2013-08-22 17:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-05 00:53 - 2013-08-22 17:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-04 22:56 - 2014-03-04 22:50 - 434313274 _____ () C:\Users\John\Downloads\Camera Uploads 25022014-04032014.zip
2014-03-04 17:05 - 2014-03-04 17:05 - 00013337 _____ () C:\Users\John\Downloads\ArbeitsamtAbschlagsänderung2014.odt
2014-03-04 08:19 - 2014-03-04 08:19 - 00002262 _____ () C:\Users\Public\Desktop\Die Sims™ 3 Inselparadies.lnk
2014-03-04 08:19 - 2014-03-04 08:19 - 00000993 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-03-04 08:19 - 2013-03-30 13:03 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-04 08:16 - 2013-03-30 12:38 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-03-04 08:16 - 2012-10-19 21:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

Some content of TEMP:
====================
C:\Users\John\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-12 22:16] - [2014-01-31 18:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02



LastRegBack: 2014-04-01 22:51

==================== End Of Log ============================
         
--- --- ---


Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by John at 2014-04-03 02:52:39
Running from C:\Users\John\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Animated Wallpaper - Beautiful Space 3D (HKLM\...\Beautiful Space 3D_is1) (Version: 1.13 - PUSH Entertainment)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Artist Colony (HKLM-x32\...\Artist Colony) (Version: 1.0.0.0 - INTENIUM GmbH)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
calibre (HKLM-x32\...\{CE9EE84E-F7A9-4256-8785-0CB35014DD33}) (Version: 0.9.26 - Kovid Goyal)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
Cheatbusters 1.0.0.0 (HKLM-x32\...\Cheatbusters 1.0.0.0) (Version: 1.0.0.0 - Shadow - Time to play)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CraftROBO DesignMaster (C:\CraftROBO DesignMaster) (HKLM-x32\...\{385B9A14-B5DD-487C-A0E3-25FB62DA8E9E}) (Version: 7 - CADlink)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1.5510 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.1.1902 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.4930 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.8.4930 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily und der Duft des Erfolgs (HKLM-x32\...\Delicious: Emily und der Duft des Erfolgs) (Version: 1.0.0.0 - INTENIUM GmbH)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 1.0.0.46 - INTENIUM GmbH)
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.55.4 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Inselparadies (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
DJ_AIO_03_F4200_Software_Min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.4.6 - Dropbox, Inc.)
Edna Bricht Aus - Sammler Edition (HKLM-x32\...\EdnaSE) (Version: 1.2 - Daedalic Entertainment)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
ESET NOD32 Antivirus (HKLM\...\{7EE0D9E8-299E-4E7A-8BDE-B1D295E30077}) (Version: 7.0.302.26 - ESET, spol s r. o.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
F4200 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time)
Free Video to MP3 Converter version 5.0.24.430 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.24.430 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Harveys neue Augen Special Edition (HKLM-x32\...\Harveys neue Augen Special Edition) (Version: 1.3 - Daedalic Entertainment)
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet 1010 series - Grundlegende Software für das Gerät (HKLM\...\{7F30B5E6-174F-4039-BFA7-7189BE15EC6E}) (Version: 30.0.1093.41190 - Hewlett-Packard Co.)
HP Deskjet 1010 series Hilfe (HKLM-x32\...\{307E9E87-616E-4DC5-B509-6AB3BD2BBF87}) (Version: 30.0.0 - Hewlett Packard)
HP Deskjet F4200 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{8C925017-72A8-4C4A-AF21-84901E26638F}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP)
HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{FF27F674-821E-4BA2-985B-DDF539C2CD03}) (Version: 7.0.33.6 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
jAlbum (HKLM-x32\...\{E87F1FFB-A689-4AB4-B79C-4FC4AAF4A1FD}) (Version: 11.6.14 - Jalbum AB)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Joe (HKLM-x32\...\{F8C986EA-13F8-4B39-91C3-A6B9A851CD34}) (Version: 4.01.0000 - Wirth IT Design)
lingDIALOG (HKLM-x32\...\InstallShield_{071B843C-9A39-40B3-BB01-BBD6A8D2E1C5}) (Version: 3.0908 - WEVOSYS)
lingDIALOG (x32 Version: 3.0908 - WEVOSYS) Hidden
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Manic Digger (HKLM-x32\...\{119E2FCB-5CDD-4C24-BCB2-56A824E2BF0A}_is1) (Version:  - )
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.2 - F.J. Wechselberger)
Nero 12 (HKLM-x32\...\{B3E6F9B5-35CC-4010-8EDA-55ACCF468A82}) (Version: 12.5.02100 - Nero AG)
Nero 12 Content Pack (HKLM-x32\...\{4E7AC009-5212-499F-942F-A5AA42AE359E}) (Version: 12.0.00400 - Nero AG)
Nero Abstract Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero BackItUp (x32 Version: 12.5.7000 - Nero AG) Hidden
Nero BackItUp Help (CHM) (x32 Version: 12.0.13000 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20030 - Nero AG) Hidden
Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.9000 - Nero AG) Hidden
Nero Burning ROM (x32 Version: 12.5.6000 - Nero AG) Hidden
Nero Burning ROM Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Cliparts (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.21800 - Nero AG) Hidden
Nero Disc Menus 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus 2 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus 3 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Express (x32 Version: 12.5.7000 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 12.0.13000 - Nero AG) Hidden
Nero Family and Events Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Football (Soccer) Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Holiday and Sports Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Image Samples (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Kwik Media (x32 Version: 1.18.20100 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.2.7000 - Nero AG) Hidden
Nero PiP Effects 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero PiP Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Platinum Effects 12 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Recode (x32 Version: 12.5.6000 - Nero AG) Hidden
Nero Recode Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.11000 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Retro Film Themes (x32 Version: 12.0.11700 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Nero Video (x32 Version: 12.5.4000 - Nero AG) Hidden
Nero Video Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero Video Samples (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Video Transitions 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
SuperHTML Web Studio 8.5.6 (HKLM-x32\...\{31D72726-2A42-11E1-9D98-20824824019B}_is1) (Version: 8.5.6 - mirabyte GmbH & Co. KG)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
Video Wallpaper (HKLM\...\Video Wallpaper_is1) (Version: 2.58 - PUSH Entertainment)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Welcome App (Start-up experience) (x32 Version: 12.0.15000 - Nero AG) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinZip 17.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D8}) (Version: 17.0.10381 - WinZip Computing, S.L. )
Zwischenland: Die fliegende Insel (HKLM-x32\...\Zwischenland: Die fliegende Insel) (Version: 1.0.0.0 - INTENIUM GmbH)

==================== Restore Points  =========================

12-03-2014 20:17:42 Windows Update
21-03-2014 05:22:47 Windows Update
23-03-2014 22:15:17 HPSF Restore Point
28-03-2014 06:25:38 Removed Java(TM) 7 Update 2 (64-bit)

==================== Hosts content: ==========================

2013-08-22 15:25 - 2014-03-26 23:50 - 00450709 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0B852AC9-CD4B-4630-9742-6470758EF475} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {0CE72F4D-EA7B-4BDF-8BBB-FF1F9A5D23C8} - System32\Tasks\GoogleUpdateTaskMachineUA1cec963a392db2a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: {1207424E-7342-4284-8BB8-D09647E5689C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {273AFC99-55F2-4E39-9ADE-018364193A7F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {2BD0C28F-0151-43A7-A38B-DB491A072441} - System32\Tasks\HP AR Program Upload - 3d6661d696e94d978c031dcc210cac564c842311e7594d34bf2e2bdee6316c5b => C:\Program Files\HP\HP Deskjet 1010 series\bin\HPRewards.exe [2013-02-08] (TODO: <Company name>)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {30A49235-5749-44A8-AEAE-7DC47690B8FF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {510FD04C-DC5D-429C-8CEF-DB6D988B6BF5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {595CABF8-8BD3-4271-9584-C46B977051F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {75A67260-8218-4B7A-B039-8949698527DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {780F9F2F-1055-4B4A-AF2B-87A853CC8959} - \MySearchDial No Task File
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8D6214AB-7FB8-4F7F-BEFC-6D8AF859B16C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {9A6B05F9-F8A4-4C71-BF2A-722B90165EEB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A3B2ABB9-6AAD-4148-BF74-B242E47D97B2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {C3AABE5F-BB08-4AB5-9278-9F9F77871818} - System32\Tasks\HPCeeScheduleForJohn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {C3B6A201-FD56-47C6-8523-20D4C2BB0853} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: {C68DA8C0-635A-426A-9FC7-429590709962} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-03-21] (Microsoft Corporation)
Task: {CD07F67A-330F-4411-A24C-C365D19C9798} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2014-01-29] ()
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D0AD6B10-F4C9-49EB-9463-5C8C5EB4F93D} - System32\Tasks\WebReg HP Deskjet F4200 series => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe [2011-04-29] (Hewlett-Packard Company)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E5FC2F99-8C70-4D6B-815D-3FFDF46E8A91} - System32\Tasks\GoogleUpdateTaskMachineUA1cef11530b5334a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {FA1AACE9-DF80-4036-85F8-AAE93110F74A} - System32\Tasks\GoogleUpdateTaskMachineUA1cf4a4bed7a56f2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf4a4bed7a56f2.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForJohn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\WebReg HP Deskjet F4200 series.job => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe

==================== Loaded Modules (whitelisted) =============

2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-29 00:14 - 2014-01-29 00:14 - 00185920 _____ () C:\ProgramData\HP Photo Creations\Communicator.exe
2014-03-26 23:01 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-26 23:01 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-03-26 23:01 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-03-26 23:01 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-26 23:01 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-10-19 21:17 - 2012-07-18 10:36 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-10-19 21:23 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\John\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/03/2014 02:46:22 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.

Error: (04/03/2014 00:08:11 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8078

Error: (04/03/2014 00:08:11 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8078

Error: (04/03/2014 00:08:11 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/02/2014 08:38:30 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.

Error: (04/02/2014 11:12:59 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6093

Error: (04/02/2014 11:12:59 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6093

Error: (04/02/2014 11:12:59 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/02/2014 08:11:44 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6844

Error: (04/02/2014 08:11:44 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6844


System errors:
=============
Error: (04/03/2014 01:31:48 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (04/03/2014 00:10:40 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (04/02/2014 11:01:32 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (04/02/2014 06:46:34 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WSearch erreicht.

Error: (04/02/2014 06:46:17 PM) (Source: disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error: (04/02/2014 06:46:04 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WSearch erreicht.

Error: (04/02/2014 04:42:55 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (04/02/2014 01:30:36 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (04/02/2014 10:30:19 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C37A7408-4F7C-4016-8D16-89B85FC3A69C}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (04/02/2014 07:48:42 AM) (Source: DCOM) (User: HanaHomeOffice)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


Microsoft Office Sessions:
=========================
Error: (04/03/2014 02:46:22 AM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\Users\John\Downloads\esetsmartinstaller_enu.exe

Error: (04/03/2014 00:08:11 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8078

Error: (04/03/2014 00:08:11 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8078

Error: (04/03/2014 00:08:11 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/02/2014 08:38:30 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (04/02/2014 11:12:59 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6093

Error: (04/02/2014 11:12:59 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6093

Error: (04/02/2014 11:12:59 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/02/2014 08:11:44 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6844

Error: (04/02/2014 08:11:44 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6844


CodeIntegrity Errors:
===================================
  Date: 2014-03-27 14:23:27.407
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-27 14:22:37.454
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-27 14:20:25.936
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-03-27 14:20:02.741
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Percentage of memory in use: 17%
Total physical RAM: 6010.68 MB
Available physical RAM: 4949.78 MB
Total Pagefile: 6970.68 MB
Available Pagefile: 5428.4 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:711.06 GB) (Free:363.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:8.61 GB) (Free:0.99 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (TOSHIBA EXT) (Fixed) (Total:623.07 GB) (Free:42.66 GB) NTFS
Drive h: (Spiele_X) (Fixed) (Total:619.97 GB) (Free:22.81 GB) NTFS
Drive i: (Bilder_Musik_X) (Fixed) (Total:619.97 GB) (Free:15.23 GB) NTFS
Drive j: (Daten) (Fixed) (Total:675.78 GB) (Free:92.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1397 GB) (Disk ID: 89A7F66A)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: FCECE274)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
und checkup:
Code:
ATTFilter
Results of screen317's Security Check version 0.99.80  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
ESET NOD32 Antivirus 7.0   
Windows Defender           
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Spybot - Search & Destroy 
 Java 7 Update 51  
 Adobe Flash Player 	12.0.0.70  
 Adobe Reader XI  
 Mozilla Firefox (28.0) 
 Google Chrome 33.0.1750.146  
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
 Spybot Teatimer.exe is disabled! 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         

Alt 03.04.2014, 13:14   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Win 8.1 (64 Bit):   lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen? - Standard

Win 8.1 (64 Bit): lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen?



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.04.2014, 16:56   #9
wegasoft
 
Win 8.1 (64 Bit):   lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen? - Standard

Win 8.1 (64 Bit): lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen?



Hallo schrauber,

recht herzlichen Dank für Deine Hilfe!
John

Alt 04.04.2014, 12:13   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Win 8.1 (64 Bit):   lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen? - Standard

Win 8.1 (64 Bit): lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen?



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Win 8.1 (64 Bit): lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen?
acrobat update, adobe, antivirus, bho, bingbar, bonjour, browser, defender, explorer, google, helper, hijack, hijackthis, internet, internet explorer, logfile, lsass.exe, löschen, microsoft, mozilla, prozess, realtek, security, software, temp, windows, wmp



Ähnliche Themen: Win 8.1 (64 Bit): lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen?


  1. Tastatur wird nicht erkannt
    Alles rund um Windows - 17.07.2015 (1)
  2. Java wird nicht erkannt
    Alles rund um Windows - 09.02.2015 (11)
  3. svchost prozess wird von avast geblockt Win-XP
    Log-Analyse und Auswertung - 31.12.2013 (10)
  4. Prozess: Ocuva.exe ~ Gefährlich?
    Plagegeister aller Art und deren Bekämpfung - 07.07.2013 (4)
  5. Bildschirm wird weiß, Festplatte wird mit Reatogo-X-Pe nicht erkannt
    Plagegeister aller Art und deren Bekämpfung - 07.05.2013 (1)
  6. O13 - gopher Prefix: missing Art Sofort fixen! Grundsätzlich fixen!
    Log-Analyse und Auswertung - 03.07.2012 (1)
  7. Neuer PC - GTX 680 wird nicht erkannt..
    Netzwerk und Hardware - 28.05.2012 (11)
  8. 1&1 Router wird nicht erkannt
    Netzwerk und Hardware - 20.02.2012 (4)
  9. OTL.exe wird bei mir als Trojaner erkannt!
    Plagegeister aller Art und deren Bekämpfung - 19.08.2011 (1)
  10. Nachricht wenn Prozess geschlossen wird und resultierende Probleme
    Plagegeister aller Art und deren Bekämpfung - 08.04.2011 (6)
  11. CD wird nicht erkannt
    Alles rund um Windows - 22.02.2010 (0)
  12. USB-Stick wird nicht erkannt!!
    Netzwerk und Hardware - 19.05.2009 (1)
  13. audiogerät wird nicht erkannt
    Alles rund um Windows - 05.04.2009 (5)
  14. Sasser wird nicht erkannt
    Plagegeister aller Art und deren Bekämpfung - 09.04.2006 (1)
  15. Mein Trojaner wird erkannt !!!!!
    Mülltonne - 22.03.2006 (2)
  16. Prozes Lsass wird beendet
    Plagegeister aller Art und deren Bekämpfung - 21.01.2005 (2)
  17. Festpladde wird net erkannt
    Netzwerk und Hardware - 08.03.2003 (4)

Zum Thema Win 8.1 (64 Bit): lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen? - Guten Morgen, wie bereits im Titel beschrieben habe ich hier ein 64 Bit-System auf dem HJT einen 32 Bit-Prozess als gefährlich einstuft und "fixen" anbietet. Soll ich den Eintrag löschen - Win 8.1 (64 Bit): lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen?...
Archiv
Du betrachtest: Win 8.1 (64 Bit): lsass (32 Bit) Prozess wird als gefährlich erkannt. Fixen? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.