Rechner tut seltsame Dinge

Paprika1509 · 28.03.2014, 22:19

Hallo Leute,
seit einigen Tagen fällt mir auf, dass mein Rechner seltsame Dinge tut.

Er will z.B. plötzlich immer wieder den Registrierschlüssel meines Vokabelprogramms und das Drucken an den Netzwerkdrucker im Haus klappt auch nicht mehr.

Jetzt ist mir aufgefallen, dass der WindowsUpdateDienst auch nciht mehr gestartet werden kann.

Kann mir von Euch bitte jemand helfen?

Gruß,
Patrik

Ach ja, ich habe Win7 64bit laufen

Systemscan mit FRST64
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Administrator (administrator) on PATRIKS-LAPTOP on 28-03-2014 22:03:42
Running from C:\Users\Administrator\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Validity Sensors, Inc.) C:\Windows\system32\vfsFPService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\NIS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\NF.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Tobias Süllhöfer Software) C:\Windows\system32\wtmcore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\system32\PrintIsolationHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Neuber Software) \\DISKSTATION\TimeAnalyzer\tbaction.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\NF.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\NIS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3023600 2013-02-25] (Synaptics Incorporated)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [TBAction] - \\DISKSTATION\TimeAnalyzer\tbaction.exe [131504 2013-01-30] (Neuber Software)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [809480 2008-06-16] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-10-05] (Acer Corp.)
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [815888 2014-02-18] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [TBAction] - \\DISKSTATION\TimeAnalyzer\tbaction.exe [131504 2013-01-30] (Neuber Software)
HKLM-x32\...\RunOnce: [*TampMon] - C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\tampmon.exe [61792 2014-02-10] (Symantec Corporation)
HKLM\...\Winlogon: [Shell] explorer.exe,wtmcore.exe
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-09-08] (Microsoft Corporation)
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\system: [DisableClock] 0
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoNetworkConnections] 0
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoCommonGroups] 0
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\MountPoints2: {1b8816fc-1552-11e3-93d7-806e6f6e6963} - E:\.\Autorun.exe
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\MountPoints2: {e9420234-155a-11e3-8921-806e6f6e6963} - E:\Start.exe
GroupPolicyUsers\S-1-5-21-1352531634-2534244058-2222343639-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9A2A4B2768A9CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=8817001E331D8665&affID=120522&tsp=4995
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=20&locale=de_DE&gct=kwd&qsrc=2869
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.1.7\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Norton Family BHO - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\coIEPlg.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.1.7\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\coIEPlg.dll (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9-x64 01 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 02 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 03 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 04 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 05 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 06 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 07 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 08 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 09 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 10 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 21 %windir%\system32\wlsppc.dll [442880] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\c1n8ui26.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\c1n8ui26.default\searchplugins\safesearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.8.0.14\coFFFw\
FF Extension: Norton Family - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.8.0.14\coFFFw\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF [2014-02-26]

==================== Services (Whitelisted) =================

R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [348160 2009-10-30] (AVerMedia)
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [397312 2009-12-07] ()
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-02-18] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-02-18] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [766736 2014-02-18] (BlueStack Systems, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\NIS.exe [276376 2014-02-12] (Symantec Corporation)
R2 NSM; C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\NF.exe [570944 2014-02-10] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 vfsFPService; C:\Windows\system32\vfsFPService.exe [721712 2009-06-03] (Validity Sensors, Inc.)
R2 vfsFPService; C:\Windows\SysWOW64\vfsFPService.exe [599344 2009-06-03] (Validity Sensors, Inc.)

==================== Drivers (Whitelisted) ====================

R3 AVerAF15; C:\Windows\System32\Drivers\AVerAF15.sys [311424 2009-05-22] (AVerMedia TECHNOLOGIES, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122128 2014-02-18] (BlueStack Systems)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501010.007\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 ccSet_NSM; C:\Windows\system32\drivers\NSMx64\0209050.01D\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R1 DritekPortIO; C:\Program Files (x86)\Launch Manager\DPortIO.sys [21264 2006-11-02] (Dritek System Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-26] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\IPSDefs\20140327.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140328.002\ENG64.SYS [126040 2014-02-26] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140328.002\EX64.SYS [2099288 2014-02-26] (Symantec Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1501010.007\SRTSP64.SYS [875736 2014-02-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501010.007\SRTSPX64.SYS [36952 2014-02-11] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501010.007\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501010.007\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-02-26] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501010.007\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501010.007\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}; C:\Windows\System32\Drivers\NSMx64\0209050.01D\SymRdrS.SYS [246488 2013-12-18] (Symantec Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl [146928 2009-10-05] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-28 22:03 - 2014-03-28 22:04 - 00017313 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-03-28 22:03 - 2014-03-28 22:03 - 02157056 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2014-03-28 22:03 - 2014-03-28 22:03 - 00000000 ____D () C:\FRST
2014-03-28 21:48 - 2014-03-28 21:48 - 00102495 _____ (Medion) C:\Users\Administrator\Downloads\Fix_Wup.exe
2014-03-28 20:46 - 2013-09-10 03:47 - 00078936 ____R (Symantec Corporation) C:\Windows\system32\Drivers\SymIMV.sys
2014-03-28 20:36 - 2014-03-28 20:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-28 20:36 - 2014-03-28 20:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-28 20:36 - 2014-03-28 20:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-28 20:36 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-28 20:36 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-28 20:36 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-28 20:35 - 2014-03-28 20:35 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-28 20:25 - 2014-03-28 20:25 - 00000000 ____D () C:\Users\Public\Documents\Hewlett-Packard
2014-03-28 20:25 - 2014-03-28 20:25 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-03-28 20:24 - 2014-03-28 20:24 - 00000000 _____ () C:\Windows\HPMProp.INI
2014-03-28 20:24 - 2013-12-04 00:14 - 00601376 _____ (HP) C:\Windows\SysWOW64\hpcdmc32.dll
2014-03-28 20:24 - 2013-12-04 00:14 - 00237344 _____ (Hewlett-Packard Company) C:\Windows\system32\hpmlm135.dll
2014-03-28 20:24 - 2013-12-04 00:13 - 00217376 _____ (Hewlett-Packard) C:\Windows\system32\hpmml160.dll
2014-03-28 20:24 - 2013-12-04 00:13 - 00189728 _____ (Hewlett-Packard) C:\Windows\system32\hpmpm081.dll
2014-03-28 20:24 - 2013-12-04 00:13 - 00162080 _____ (Hewlett-Packard) C:\Windows\system32\hpmtp160.dll
2014-03-28 20:24 - 2013-12-04 00:13 - 00074016 _____ (Hewlett-Packard) C:\Windows\system32\hpmpw081.dll
2014-03-28 20:24 - 2013-12-04 00:12 - 00199968 _____ (Hewlett-Packard) C:\Windows\system32\hpmja160.dll
2014-03-28 20:24 - 2013-12-04 00:11 - 00447264 _____ (Hewlett-Packard Corporation) C:\Windows\system32\hpcpn160.dll
2014-03-28 20:24 - 2013-12-04 00:11 - 00140064 _____ (Hewlett-Packard) C:\Windows\system32\hpcjpm.dll
2014-03-28 20:24 - 2013-12-04 00:07 - 00446240 _____ (Hewlett Packard Corporation) C:\Windows\SysWOW64\hpcc3160.dll
2014-03-28 20:24 - 2011-02-11 14:23 - 00193592 _____ (Hewlett-Packard) C:\Windows\system32\hppdcompio.dll
2014-03-28 20:24 - 2011-02-11 14:23 - 00167480 _____ (Hewlett-Packard) C:\Windows\SysWOW64\hppccompio.dll
2014-03-28 20:24 - 2009-02-25 16:32 - 00060440 _____ (Hewlett-Packard) C:\Windows\system32\FxCompChannel_x64.dll
2014-03-28 20:22 - 2014-03-28 20:23 - 18409760 _____ () C:\Users\Administrator\Downloads\upd-pcl6-x64-5.8.0.17508.exe
2014-03-28 20:00 - 2014-03-28 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 15:52 - 2014-03-28 15:52 - 00000136 _____ () C:\Users\Patrik\Desktop\Minesweeper - Verknüpfung.lnk
2014-03-28 15:52 - 2014-03-28 15:52 - 00000136 _____ () C:\Users\Patrik\Desktop\Hearts - Verknüpfung.lnk
2014-03-28 15:51 - 2014-03-28 15:51 - 00000622 _____ () C:\Users\Patrik\Desktop\Solitär - Verknüpfung.lnk
2014-03-28 15:51 - 2014-03-28 15:51 - 00000574 _____ () C:\Users\Patrik\Desktop\Chess Titans - Verknüpfung.lnk
2014-03-14 16:25 - 2014-03-14 16:30 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\.minecraft
2014-03-11 16:07 - 2014-03-11 16:07 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (5)
2014-03-11 16:07 - 2014-03-11 16:07 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (4)
2014-03-11 16:06 - 2014-03-22 10:04 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner
2014-03-11 16:06 - 2014-03-11 16:08 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (3)
2014-03-11 16:06 - 2014-03-11 16:08 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (2)
2014-03-11 16:05 - 2014-03-22 10:03 - 00000000 ___RD () C:\Users\Patrik\Desktop\Neuer Aktenkoffer
2014-03-07 15:37 - 2014-03-07 15:37 - 00000000 ____D () C:\Users\Patrik\Desktop\Alte Firefox-Daten
2014-03-02 20:55 - 2014-03-02 20:56 - 00002679 _____ () C:\Users\Administrator\Desktop\1.pel
2014-03-02 20:50 - 2014-03-02 20:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\OpenOffice
2014-03-02 20:36 - 2014-03-02 20:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Cornelsen
2014-03-02 20:31 - 2014-03-02 20:31 - 00000000 _____ () C:\wlspinst.log
2014-03-02 20:29 - 2014-03-08 15:15 - 00000000 ____D () C:\Program Files\WinTimer
2014-03-02 20:29 - 2011-11-29 08:48 - 00442880 _____ () C:\Windows\system32\wlsppc.dll
2014-03-02 20:29 - 2011-11-29 08:27 - 02024960 _____ (Tobias Süllhöfer Software) C:\Windows\system32\wtmconfig.exe
2014-03-02 20:29 - 2011-11-29 08:27 - 00073437 _____ () C:\Windows\system32\wtmconfig.chm
2014-03-02 20:29 - 2011-11-29 08:25 - 00087552 _____ (Tobias Süllhöfer Software) C:\Windows\system32\wtmtray.exe
2014-03-02 20:29 - 2011-11-29 08:24 - 00092672 _____ (Tobias Süllhöfer Software) C:\Windows\system32\wtmdeinstall.exe
2014-03-02 20:29 - 2011-11-29 08:23 - 00257536 _____ (Tobias Süllhöfer Software) C:\Windows\system32\wtmcore.exe
2014-03-02 11:51 - 2014-03-02 11:51 - 00001230 _____ () C:\Users\Patrik\Desktop\Calculator.lnk
2014-03-02 11:38 - 2014-03-02 11:38 - 00000000 ____D () C:\Users\Patrik\AppData\Local\Skype
2014-03-01 12:27 - 2014-03-01 12:27 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Corporation
2014-03-01 12:27 - 2014-03-01 12:27 - 00000000 ____D () C:\ProgramData\Microsoft Corporation
2014-03-01 12:21 - 2014-03-01 12:21 - 00000740 _____ () C:\Users\Administrator\CompAdmin_Datenbank.sdb
2014-03-01 12:14 - 2014-03-01 12:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Compatibility Toolkit
2014-03-01 12:13 - 2014-03-01 12:13 - 12812600 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\ApplicationCompatibilityToolkitSetup.exe
2014-03-01 12:01 - 2014-03-01 12:01 - 00001242 _____ () C:\Users\Patrik\Desktop\Paint.lnk
2014-03-01 11:14 - 2014-03-01 11:46 - 00000000 ____D () C:\ProgramData\Analyzer
2014-03-01 11:07 - 2014-03-01 11:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Skype
2014-03-01 11:06 - 2014-03-01 11:06 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-01 11:06 - 2014-03-01 11:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-26 20:17 - 2014-02-26 20:24 - 00000000 ____D () C:\Users\Administrator\Documents\Network Monitor 3
2014-02-26 20:14 - 2014-02-26 20:14 - 00000000 ____D () C:\Users\Patrik\Documents\Network Monitor 3
2014-02-26 20:13 - 2014-02-26 20:13 - 00000000 ____D () C:\Program Files\Microsoft Network Monitor 3
2014-02-26 20:05 - 2014-02-26 20:05 - 06837560 _____ (Microsoft Corporation) C:\Users\Patrik\Downloads\NM34_x64.exe
2014-02-26 19:23 - 2014-02-26 19:23 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-02-26 19:15 - 2014-03-02 20:31 - 00003410 _____ () C:\Windows\System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9
2014-02-26 18:59 - 2014-02-26 20:03 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-02-26 18:59 - 2014-02-26 20:02 - 00001307 _____ () C:\Users\Patrik\Desktop\Norton-Installationsdateien.lnk
2014-02-26 18:58 - 2014-02-26 18:58 - 01021936 _____ (Symantec Corporation) C:\Users\Patrik\Downloads\NISDownloader.exe
2014-02-26 18:19 - 2014-02-26 18:19 - 00675988 _____ () C:\Users\Patrik\Desktop\Minecraft.exe
2014-02-26 18:10 - 2014-02-26 18:00 - 02346186 _____ () C:\Users\Patrik\Desktop\TechnicLauncher.exe
2014-02-26 18:01 - 2014-02-26 18:07 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\.technic
2014-02-26 18:00 - 2014-02-26 18:00 - 02346186 _____ () C:\Users\Administrator\Downloads\TechnicLauncher.exe
2014-02-26 17:55 - 2014-02-26 17:55 - 00001824 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-02-26 17:55 - 2014-02-26 17:55 - 00001807 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-02-26 17:54 - 2014-02-26 17:54 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-02-26 17:54 - 2014-02-26 17:54 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-02-26 17:53 - 2014-02-26 17:53 - 10071168 _____ (BlueStack Systems Inc.) C:\Users\Administrator\Downloads\BlueStacks-SplitInstaller_native.exe
2014-02-26 17:53 - 2014-02-26 17:53 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\NVIDIA
2014-02-26 17:53 - 2014-02-26 17:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Bluestacks

==================== One Month Modified Files and Folders =======

2014-03-28 22:04 - 2014-03-28 22:03 - 00017313 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-03-28 22:03 - 2014-03-28 22:03 - 02157056 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2014-03-28 22:03 - 2014-03-28 22:03 - 00000000 ____D () C:\FRST
2014-03-28 22:01 - 2013-09-04 12:10 - 01320704 _____ () C:\Windows\WindowsUpdate.log
2014-03-28 21:52 - 2013-10-15 13:35 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Skype
2014-03-28 21:49 - 2014-01-14 17:27 - 00000680 __RSH () C:\Users\Administrator\ntuser.pol
2014-03-28 21:49 - 2013-09-04 12:39 - 00000000 ____D () C:\Users\Administrator
2014-03-28 21:48 - 2014-03-28 21:48 - 00102495 _____ (Medion) C:\Users\Administrator\Downloads\Fix_Wup.exe
2014-03-28 21:31 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-28 21:31 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-28 21:23 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-28 21:23 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-28 21:23 - 2009-07-14 05:51 - 00049465 _____ () C:\Windows\setupact.log
2014-03-28 21:05 - 2013-09-04 13:10 - 00172194 _____ () C:\Windows\PFRO.log
2014-03-28 20:54 - 2013-09-04 13:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-28 20:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Branding
2014-03-28 20:36 - 2014-03-28 20:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-28 20:36 - 2014-03-28 20:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-28 20:36 - 2014-03-28 20:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-28 20:35 - 2014-03-28 20:35 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-28 20:25 - 2014-03-28 20:25 - 00000000 ____D () C:\Users\Public\Documents\Hewlett-Packard
2014-03-28 20:25 - 2014-03-28 20:25 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-03-28 20:24 - 2014-03-28 20:24 - 00000000 _____ () C:\Windows\HPMProp.INI
2014-03-28 20:23 - 2014-03-28 20:22 - 18409760 _____ () C:\Users\Administrator\Downloads\upd-pcl6-x64-5.8.0.17508.exe
2014-03-28 20:00 - 2014-03-28 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 15:52 - 2014-03-28 15:52 - 00000136 _____ () C:\Users\Patrik\Desktop\Minesweeper - Verknüpfung.lnk
2014-03-28 15:52 - 2014-03-28 15:52 - 00000136 _____ () C:\Users\Patrik\Desktop\Hearts - Verknüpfung.lnk
2014-03-28 15:51 - 2014-03-28 15:51 - 00000622 _____ () C:\Users\Patrik\Desktop\Solitär - Verknüpfung.lnk
2014-03-28 15:51 - 2014-03-28 15:51 - 00000574 _____ () C:\Users\Patrik\Desktop\Chess Titans - Verknüpfung.lnk
2014-03-28 15:51 - 2013-10-15 13:53 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\Skype
2014-03-27 16:05 - 2013-09-04 14:40 - 00000000 ____D () C:\Users\Patrik\AppData\Local\LogMeIn Hamachi
2014-03-26 14:51 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-25 16:16 - 2013-09-04 14:11 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-03-24 16:41 - 2013-09-04 15:21 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\.minecraft
2014-03-22 10:04 - 2014-03-11 16:06 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner
2014-03-22 10:03 - 2014-03-11 16:05 - 00000000 ___RD () C:\Users\Patrik\Desktop\Neuer Aktenkoffer
2014-03-20 18:06 - 2013-10-15 13:05 - 00000000 ____D () C:\Users\Patrik\AppData\Local\CrashDumps
2014-03-19 17:42 - 2013-10-18 11:43 - 00000000 ____D () C:\Users\Patrik\Desktop\Skins
2014-03-14 16:30 - 2014-03-14 16:25 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\.minecraft
2014-03-14 15:25 - 2013-09-04 16:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-13 16:29 - 2013-09-04 16:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-13 16:29 - 2013-09-04 16:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 16:08 - 2014-03-11 16:06 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (3)
2014-03-11 16:08 - 2014-03-11 16:06 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (2)
2014-03-11 16:07 - 2014-03-11 16:07 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (5)
2014-03-11 16:07 - 2014-03-11 16:07 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (4)
2014-03-08 15:15 - 2014-03-02 20:29 - 00000000 ____D () C:\Program Files\WinTimer
2014-03-07 15:37 - 2014-03-07 15:37 - 00000000 ____D () C:\Users\Patrik\Desktop\Alte Firefox-Daten
2014-03-05 09:26 - 2014-03-28 20:36 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-28 20:36 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-28 20:36 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-03 12:16 - 2014-02-25 15:33 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\TeamViewer
2014-03-02 20:56 - 2014-03-02 20:55 - 00002679 _____ () C:\Users\Administrator\Desktop\1.pel
2014-03-02 20:50 - 2014-03-02 20:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\OpenOffice
2014-03-02 20:36 - 2014-03-02 20:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Cornelsen
2014-03-02 20:31 - 2014-03-02 20:31 - 00000000 _____ () C:\wlspinst.log
2014-03-02 20:31 - 2014-02-26 19:15 - 00003410 _____ () C:\Windows\System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9
2014-03-02 11:54 - 2014-02-09 14:31 - 00000000 ____D () C:\Users\Patrik\Desktop\Skreenshots
2014-03-02 11:51 - 2014-03-02 11:51 - 00001230 _____ () C:\Users\Patrik\Desktop\Calculator.lnk
2014-03-02 11:38 - 2014-03-02 11:38 - 00000000 ____D () C:\Users\Patrik\AppData\Local\Skype
2014-03-01 12:27 - 2014-03-01 12:27 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Corporation
2014-03-01 12:27 - 2014-03-01 12:27 - 00000000 ____D () C:\ProgramData\Microsoft Corporation
2014-03-01 12:21 - 2014-03-01 12:21 - 00000740 _____ () C:\Users\Administrator\CompAdmin_Datenbank.sdb
2014-03-01 12:14 - 2014-03-01 12:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Compatibility Toolkit
2014-03-01 12:13 - 2014-03-01 12:13 - 12812600 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\ApplicationCompatibilityToolkitSetup.exe
2014-03-01 12:01 - 2014-03-01 12:01 - 00001242 _____ () C:\Users\Patrik\Desktop\Paint.lnk
2014-03-01 11:46 - 2014-03-01 11:14 - 00000000 ____D () C:\ProgramData\Analyzer
2014-03-01 11:07 - 2014-03-01 11:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Skype
2014-03-01 11:07 - 2013-10-15 13:34 - 00000000 ____D () C:\ProgramData\Skype
2014-03-01 11:06 - 2014-03-01 11:06 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-01 11:06 - 2014-03-01 11:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-27 16:15 - 2013-12-14 14:21 - 00000000 ____D () C:\Users\Patrik\Desktop\Server--
2014-02-27 16:07 - 2014-01-14 17:27 - 00001330 __RSH () C:\Users\Patrik\ntuser.pol
2014-02-27 16:07 - 2013-09-04 12:35 - 00000000 ____D () C:\Users\Patrik
2014-02-26 20:24 - 2014-02-26 20:17 - 00000000 ____D () C:\Users\Administrator\Documents\Network Monitor 3
2014-02-26 20:14 - 2014-02-26 20:14 - 00000000 ____D () C:\Users\Patrik\Documents\Network Monitor 3
2014-02-26 20:13 - 2014-02-26 20:13 - 00000000 ____D () C:\Program Files\Microsoft Network Monitor 3
2014-02-26 20:05 - 2014-02-26 20:05 - 06837560 _____ (Microsoft Corporation) C:\Users\Patrik\Downloads\NM34_x64.exe
2014-02-26 20:03 - 2014-02-26 18:59 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-02-26 20:03 - 2013-09-04 14:03 - 00000000 ____D () C:\ProgramData\Norton
2014-02-26 20:02 - 2014-02-26 18:59 - 00001307 _____ () C:\Users\Patrik\Desktop\Norton-Installationsdateien.lnk
2014-02-26 19:23 - 2014-02-26 19:23 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-02-26 19:13 - 2013-09-04 14:12 - 00003232 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-02-26 19:08 - 2013-09-04 14:12 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-02-26 19:08 - 2013-09-04 14:12 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-02-26 19:08 - 2013-09-04 14:11 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-02-26 18:58 - 2014-02-26 18:58 - 01021936 _____ (Symantec Corporation) C:\Users\Patrik\Downloads\NISDownloader.exe
2014-02-26 18:58 - 2013-09-04 14:31 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-02-26 18:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-26 18:19 - 2014-02-26 18:19 - 00675988 _____ () C:\Users\Patrik\Desktop\Minecraft.exe
2014-02-26 18:17 - 2014-01-14 17:15 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-02-26 18:07 - 2014-02-26 18:01 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\.technic
2014-02-26 18:00 - 2014-02-26 18:10 - 02346186 _____ () C:\Users\Patrik\Desktop\TechnicLauncher.exe
2014-02-26 18:00 - 2014-02-26 18:00 - 02346186 _____ () C:\Users\Administrator\Downloads\TechnicLauncher.exe
2014-02-26 17:55 - 2014-02-26 17:55 - 00001824 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-02-26 17:55 - 2014-02-26 17:55 - 00001807 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-02-26 17:55 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-02-26 17:54 - 2014-02-26 17:54 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-02-26 17:54 - 2014-02-26 17:54 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-02-26 17:53 - 2014-02-26 17:53 - 10071168 _____ (BlueStack Systems Inc.) C:\Users\Administrator\Downloads\BlueStacks-SplitInstaller_native.exe
2014-02-26 17:53 - 2014-02-26 17:53 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\NVIDIA
2014-02-26 17:53 - 2014-02-26 17:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Bluestacks
2014-02-26 17:53 - 2013-09-04 12:43 - 00065184 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-26 17:49 - 2014-01-14 18:02 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\TeamViewer

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Administrator\AppData\Local\Temp\hamachi[1].exe
C:\Users\Administrator\AppData\Local\Temp\uninst1.exe
C:\Users\Administrator\AppData\Local\Temp\_is38BB.exe
C:\Users\Administrator\AppData\Local\Temp\_is5051.exe
C:\Users\Patrik\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.2-R1.0-b2879jnks.dll
C:\Users\Patrik\AppData\Local\Temp\jna114883685745129520.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna1171981781797598678.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna1209255075411401630.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna1406460608305017024.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna1754964713553170129.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna1786369830316775443.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna1799450561922908339.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna1858966496871480007.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna224273009972411466.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna2244571356553203550.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna233369873421628547.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna2410639943530203191.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna2470036853226153286.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna2580976900361334399.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna2679975733977796924.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna2751789591295715763.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna3092896893470508079.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna3148515868751628192.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna3621691421065832835.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna3652667280830667712.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna3816286913880648034.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna4544823264106586215.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna4663761231667001156.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna4816268342654006562.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna4916862768548123213.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna4985909099265085395.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna5379041077397511301.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna5429880454353204383.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna5447190931593573632.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna5477068355618401835.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna5806010439583663518.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna5905348858530535132.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna5927110002941320916.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna6173670650123214419.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna6274670532390610494.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna6554462728952546946.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna6875680510268834722.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna7687073715495911056.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna768789706692340728.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna8026998817664720112.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna8377958837177055182.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna8557452717958544260.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna8588495855117834481.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna8631584836972744411.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna8699216473563722175.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna8823025396137691071.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna8921268283624943607.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna894739210834010363.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna9026893948041788916.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna9141171519816712679.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna9202816540881808333.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna994989799751676367.hunspell-win-x86-32.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-26 18:44

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Administrator at 2014-03-28 22:04:31
Running from C:\Users\Administrator\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.7006 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.7006 - CyberLink Corp.) Hidden
Acer Crystal Eye Webcam 3.0.6.3 (HKLM-x32\...\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}) (Version: 3.0.6.3 - SuYin)
Adobe Flash Player 12 Plugin (HKLM-x32\...\{9D32CD07-EA5C-4A79-B976-C0C7F975EDE4}) (Version: 12.0.0.77 - Adobe Systems Incorporated)
AVerMedia A850 USB DMB-TH 1.0.64.28 (HKLM-x32\...\AVerMedia A850 USB DMB-TH) (Version: 1.0.64.28 - AVerMedia TECHNOLOGIES, Inc.)
AVerTV (HKLM-x32\...\InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}) (Version: 6.0.18 - AVerMedia Technologies, Inc.)
AVerTV (x32 Version: 6.0.18 - AVerMedia Technologies, Inc.) Hidden
BlueStacks Notification Center (HKLM-x32\...\{62763BAD-53A8-4C9F-B4CF-7CCABFEFD725}) (Version: 0.8.6.3059 - BlueStack Systems, Inc.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
ITECIR (HKLM-x32\...\{40580068-9B10-40B5-9548-536CE88AB23C}) (Version: 1.00.0000 - ITE)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Launch Manager (HKLM-x32\...\LManager) (Version:  - )
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Compatibility Toolkit 5.6 (HKLM-x32\...\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}) (Version: 5.6.7324.0 - Microsoft Corporation)
Microsoft Network Monitor 3.4 (HKLM\...\{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Network Monitor: NetworkMonitor Parsers 3.4 (HKLM\...\{963E5FEB-1367-46B9-851D-A957F1A3747F}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Norton Family (HKLM-x32\...\NSM) (Version: 2.9.5.29 - Symantec Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.1.1.7 - Symantec Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 334.89 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 334.89 (Version: 334.89 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
phase-6 2.3.4 (HKLM-x32\...\phase-6) (Version: 2.3.4 - phase-6)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.15.1 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27339 - TeamViewer)
Upgrade Kit (HKLM-x32\...\{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}) (Version: 1.00.3002 - Acer Inc.)
Validity Sensors software (HKLM\...\{F65B8208-5221-43D9-AA12-DDEA64EC4AF6}) (Version: 2.8.120 - Validity Sensors, Inc.)
WinTimer 3.0 (HKLM\...\WinTimer 3) (Version:  - )

==================== Restore Points  =========================

26-02-2014 16:46:41 Removed BlueStacks Notification Center
26-02-2014 19:13:16 Installed Microsoft Network Monitor 3.4
26-02-2014 19:14:14 Installed Microsoft Network Monitor: NetworkMonitor Parsers 3.4
01-03-2014 11:14:25 Installed Microsoft Application Compatibility Toolkit 5.6
28-03-2014 19:46:06 Removed LogMeIn Hamachi

==================== Hosts content: ==========================

2009-07-14 03:34 - 2014-02-24 20:36 - 00000824 ____R C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2B426802-DDC2-41F4-807D-ACAF9732743F} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {420C4F35-F72F-4652-A449-E9F6E00D103A} - System32\Tasks\Norton Family\Norton Error Processor => C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {4477716C-3277-41DC-B8BE-3243EA19443D} - System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9 => C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\tampmon.exe [2014-02-10] (Symantec Corporation)
Task: {46E5C194-7375-48A5-9B5D-CDAADF7B0FF7} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\WSCStub.exe [2014-02-12] (Symantec Corporation)
Task: {84FB94CE-3E60-4ECD-896E-A3D186F7C67E} - System32\Tasks\Omiga Plus RunAsStdUser => C:\Program Files (x86)\Omiga Plus\omigaplus.exe <==== ATTENTION
Task: {982D5B48-75F4-42AB-BECB-1185D8E186CE} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {A47BCF2E-A922-468E-BDC4-90DFCF0C50AC} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {B297DA38-E866-4D28-8E56-BD7FBCFDEDDA} - System32\Tasks\Norton Family\Norton Error Analyzer => C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {DC75545A-8362-45DB-95D5-2F243F5FB878} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-03-02 20:29 - 2011-11-29 08:48 - 00442880 _____ () C:\Windows\system32\wlsppc.dll
2014-02-23 11:56 - 2014-02-08 18:42 - 00117024 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-04 16:39 - 2009-12-07 06:13 - 00397312 _____ () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
2013-09-04 16:39 - 2009-08-01 02:06 - 00155648 _____ () C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
2013-09-04 16:39 - 2009-12-30 11:47 - 00053248 _____ () C:\Program Files (x86)\Common Files\AVerMedia\dll\MsgLog.DLL
2014-02-12 14:49 - 2012-05-29 19:21 - 00699280 ____R () C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\wincfi39.dll
2003-06-07 06:30 - 2003-06-07 06:30 - 00057344 _____ () C:\Program Files (x86)\Launch Manager\PowerUtl.dll
2014-03-28 20:00 - 2014-03-28 20:00 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/28/2014 09:44:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514, Zeitstempel: 0x4ce7ae7f
Name des fehlerhaften Moduls: upnp.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9e5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000001a249
ID des fehlerhaften Prozesses: 0x1310
Startzeit der fehlerhaften Anwendung: 0xwmpnetwk.exe0
Pfad der fehlerhaften Anwendung: wmpnetwk.exe1
Pfad des fehlerhaften Moduls: wmpnetwk.exe2
Berichtskennung: wmpnetwk.exe3

Error: (03/28/2014 09:23:25 PM) (Source: Schedule) (User: )
Description: Schedule error: 87Initialize call failed, bailing out

Error: (03/28/2014 09:05:39 PM) (Source: Schedule) (User: )
Description: Schedule error: 87Initialize call failed, bailing out

Error: (03/28/2014 08:55:22 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/28/2014 08:55:05 PM) (Source: Schedule) (User: )
Description: Schedule error: 87Initialize call failed, bailing out

Error: (03/28/2014 07:58:16 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/28/2014 07:57:51 PM) (Source: Schedule) (User: )
Description: Schedule error: 87Initialize call failed, bailing out

Error: (03/28/2014 02:02:36 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: NF.exe, Version: 12.11.0.16, Zeitstempel: 0x524cbb5e
Name des fehlerhaften Moduls: WDJobs.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x52f8ffb7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x73b0902b
ID des fehlerhaften Prozesses: 0x860
Startzeit der fehlerhaften Anwendung: 0xNF.exe0
Pfad der fehlerhaften Anwendung: NF.exe1
Pfad des fehlerhaften Moduls: NF.exe2
Berichtskennung: NF.exe3

Error: (03/27/2014 04:03:54 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/27/2014 04:03:32 PM) (Source: Schedule) (User: )
Description: Schedule error: 87Initialize call failed, bailing out


System errors:
=============
Error: (03/28/2014 10:00:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: 
%%-2147024809

Error: (03/28/2014 10:00:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: 
%%-2147024809

Error: (03/28/2014 09:59:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: 
%%-2147024809

Error: (03/28/2014 09:59:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: 
%%-2147024809

Error: (03/28/2014 09:59:03 PM) (Source: DCOM) (User: )
Description: {4991D34B-80A1-4291-83B6-3328366B9097}

Error: (03/28/2014 09:58:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147024809.

Error: (03/28/2014 09:58:33 PM) (Source: Microsoft-Windows-Bits-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Starten des BITS-Dienstes. Fehler: 2147942487.

Error: (03/28/2014 09:58:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: 
%%-2147024809

Error: (03/28/2014 09:58:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147024809.

Error: (03/28/2014 09:58:26 PM) (Source: Microsoft-Windows-Bits-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Starten des BITS-Dienstes. Fehler: 2147942487.


Microsoft Office Sessions:
=========================
Error: (03/28/2014 09:44:44 PM) (Source: Application Error)(User: )
Description: wmpnetwk.exe12.0.7601.175144ce7ae7fupnp.dll6.1.7601.175144ce7c9e5c0000005000000000001a249131001cf4ac3a95b6141C:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\upnp.dllcaa55902-b6b9-11e3-ab7e-0022fa1f9226

Error: (03/28/2014 09:23:25 PM) (Source: Schedule)(User: )
Description: Schedule error: 87Initialize call failed, bailing out

Error: (03/28/2014 09:05:39 PM) (Source: Schedule)(User: )
Description: Schedule error: 87Initialize call failed, bailing out

Error: (03/28/2014 08:55:22 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/28/2014 08:55:05 PM) (Source: Schedule)(User: )
Description: Schedule error: 87Initialize call failed, bailing out

Error: (03/28/2014 07:58:16 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/28/2014 07:57:51 PM) (Source: Schedule)(User: )
Description: Schedule error: 87Initialize call failed, bailing out

Error: (03/28/2014 02:02:36 PM) (Source: Application Error)(User: )
Description: NF.exe12.11.0.16524cbb5eWDJobs.dll_unloaded0.0.0.052f8ffb7c000000573b0902b86001cf49cdbb06cf35C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\NF.exeWDJobs.dll3b7a069b-b679-11e3-a764-0022fa1f9226

Error: (03/27/2014 04:03:54 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/27/2014 04:03:32 PM) (Source: Schedule)(User: )
Description: Schedule error: 87Initialize call failed, bailing out


==================== Memory info =========================== 

Percentage of memory in use: 53%
Total physical RAM: 4092.96 MB
Available physical RAM: 1887.68 MB
Total Pagefile: 8184.1 MB
Available Pagefile: 5817.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:144.04 GB) (Free:93.49 GB) NTFS
Drive d: (DATA) (Fixed) (Total:141.04 GB) (Free:110.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (eworkbook_2_a) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 4EBF5754)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Not Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=141 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Scan mit GMER

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-28 22:19:40
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FB4O 298,09GB
Running: 5izoz6n9.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\axtiakoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                              fffff80002dff000 45 bytes [00, 00, 16, 00, 4E, 74, 66, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                              fffff80002dff02f 29 bytes [00, 01, 00, 06, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe[1796] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35                      0000000072da11a8 2 bytes [DA, 72]
.text     C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe[1796] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21                0000000072da13a8 2 bytes [DA, 72]
.text     C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe[1796] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21                    0000000072da1422 2 bytes [DA, 72]
.text     C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe[1796] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19             0000000072da1498 2 bytes [DA, 72]
.text     C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe[1796] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195  0000000072cc1b41 2 bytes [CC, 72]
.text     C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe[1796] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362  0000000072cc1be8 2 bytes [CC, 72]
.text     C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe[1796] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418  0000000072cc1c20 2 bytes [CC, 72]
.text     C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe[1796] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596  0000000072cc1cd2 2 bytes [CC, 72]
.text     C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe[1796] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628  0000000072cc1cf2 2 bytes [CC, 72]
.text     C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                       0000000076431465 2 bytes [43, 76]
.text     C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                      00000000764314bb 2 bytes [43, 76]
.text     ...                                                                                                                                             * 2
.text     C:\Program Files (x86)\BlueStacks\HD-Service.exe[972] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                   0000000076431465 2 bytes [43, 76]
.text     C:\Program Files (x86)\BlueStacks\HD-Service.exe[972] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                  00000000764314bb 2 bytes [43, 76]
.text     ...                                                                                                                                             * 2
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   0000000076431465 2 bytes [43, 76]
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  00000000764314bb 2 bytes [43, 76]
.text     ...                                                                                                                                             * 2
.text     C:\Program Files (x86)\Secunia\PSI\sua.exe[4348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                        0000000076431465 2 bytes [43, 76]
.text     C:\Program Files (x86)\Secunia\PSI\sua.exe[4348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                       00000000764314bb 2 bytes [43, 76]
.text     ...                                                                                                                                             * 2
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                            0000000077a3fcb0 5 bytes JMP 00000001001f091c
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                          0000000077a3fe14 5 bytes JMP 00000001001f0048
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                   0000000077a3fea8 5 bytes JMP 00000001001f02ee
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                0000000077a40004 5 bytes JMP 00000001001f04b2
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                        0000000077a40038 5 bytes JMP 00000001001f09fe
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                0000000077a40068 5 bytes JMP 00000001001f0ae0
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                             0000000077a40084 5 bytes JMP 0000000100020050
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                0000000077a4079c 5 bytes JMP 00000001001f012a
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                    0000000077a4088c 5 bytes JMP 00000001001f0758
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                              0000000077a408a4 5 bytes JMP 00000001001f0676
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                  0000000077a40df4 5 bytes JMP 00000001001f03d0
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                            0000000077a41920 5 bytes JMP 00000001001f0594
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                        0000000077a41be4 5 bytes JMP 00000001001f083a
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                               0000000077a41d70 5 bytes JMP 00000001001f020c
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                              000000007648524f 7 bytes JMP 00000001001f0f52
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                  00000000764853d0 7 bytes JMP 0000000100280210
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                 0000000076485677 1 byte JMP 0000000100280048
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                 0000000076485679 5 bytes {JMP 0xffffffff89dfa9d1}
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                        000000007648589a 7 bytes JMP 00000001001f0ca6
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                        0000000076485a1d 7 bytes JMP 00000001002803d8
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                   0000000076485c9b 7 bytes JMP 000000010028012c
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                     0000000076485d87 7 bytes JMP 00000001002802f4
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                    0000000076487240 7 bytes JMP 00000001001f0e6e
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                   0000000075b41492 7 bytes JMP 00000001002804bc
---- Processes - GMER 2.1 ----

Library   \\DISKSTATION\TimeAnalyzer\tbaction.exe (*** suspicious ***) @ \\DISKSTATION\TimeAnalyzer\tbaction.exe [3500]                                   0000000000400000

---- EOF - GMER 2.1 ----

Rechner tut seltsame Dinge

Plagegeister aller Art und deren Bekämpfung: Rechner tut seltsame Dinge

Rechner tut seltsame Dinge

Ähnliche Themen: Rechner tut seltsame Dinge