Hi,
Mail ist weitergeleitet. Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2014
Ran by John at 2014-01-22 12:36:50
Running from C:\Users\John\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
µTorrent (x32 Version: 3.3.0.29038 - BitTorrent Inc.)
ActivePerl 5.16.2 Build 1602 (64-bit) (Version: 5.16.1602 - ActiveState)
Adobe AIR (x32 Version: 3.6.0.6090 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.6.0.6090 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (x32 Version: 3.0 - Adobe Systems, Inc.)
AFPL Ghostscript 8.54 (x32 Version: - )
AFPL Ghostscript Fonts (x32 Version: - )
Agent Ransack Version 1.7.3 (x32 Version: - )
Airline Tycoon - Deluxe (x32 Version: - Spellbound Entertainment AG)
Allway Sync 'n' Go version 12.14.11 (x32 Version: - Botkind Inc)
Amazon MP3-Downloader 1.0.18 (HKCU Version: 1.0.18 - Amazon Services LLC)
AMD APP SDK Runtime (Version: 2.5.793.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Birkenbihl Sprachen (x32 Version: 255 - Bizzons eMarketing GmbH) Hidden
Birkenbihl Sprachen (x32 Version: 3740 - Bizzons eMarketing GmbH)
BlueStacks App Player (x32 Version: 0.7.12.896 - BlueStack Systems, Inc.)
BlueStacks Notification Center (x32 Version: 0.7.12.896 - BlueStack Systems, Inc.)
CamStudio (x32 Version: - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0121.2309.41511 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0121.2309.41511 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0228.2147.39093 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0121.2309.41511 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0121.2309.41511 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0121.2309.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0121.2308.41511 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0121.2309.41511 - Advanced Micro Devices, Inc.) Hidden
CCleaner (Version: 4.01 - Piriform)
CDBurnerXP (x32 Version: 4.5.0.3717 - CDBurnerXP)
Cisco Systems VPN Client 5.0.07.0440 (Version: 5.0.7 - Cisco Systems, Inc.)
cv act sc/interface - Admin Edition (64-Bit) (Version: 5.1.0 - cv cryptovision GmbH)
DAEMON Tools Lite (x32 Version: 4.41.3.0173 - DT Soft Ltd)
DivX-Setup (x32 Version: 2.6.1.8 - DivX, LLC)
Drive Encryption for HP ProtectTools (Version: 5.0.6.0 - Hewlett-Packard) Hidden
Drive Encryption for HP ProtectTools (x32 Version: 5.0.6.0 - Hewlett-Packard)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
Energy Star Digital Logo (x32 Version: 1.0.1 - Hewlett-Packard)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.31.0 - MAGIX AG)
foobar2000 v1.1.7 (x32 Version: 1.1.7 - Peter Pawlowski)
Free Countdown Timer 2.3.0 (x32 Version: 2.3 - Comfort Software Group)
Free iPod Video Converter 1.34 (x32 Version: - Jodix Technologies Ltd.)
GIMP 2.8.10 (Version: 2.8.10 - The GIMP Team)
Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GPL Ghostscript (Version: 9.06 - Artifex Software Inc.)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (Version: 4.1.10.1 - Hewlett-Packard Company)
HP Business Card Reader (x32 Version: 0.6.3.0 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (x32 Version: 1.1.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (x32 Version: 2.0.1.1 - Hewlett-Packard Company)
HP Integrated Module with Bluetooth wireless technology (Version: 6.2.1.500 - Broadcom Corporation)
HP Power Assistant (Version: 2.0.6.0 - Hewlett-Packard Company)
HP Power Data (Version: 1.0.35.187 - Hewlett-Packard Company)
HP ProtectTools Security Manager (Version: 5.13.766 - Hewlett-Packard Company)
HP ProtectTools Security Manager (Version: 5.13.766 - Hewlett-Packard Company) Hidden
HP Quick Launch Buttons (x32 Version: 6.50.17.1 - Hewlett-Packard Company)
HP QuickLook (Version: 3.3.1.4 - Hewlett-Packard Company)
HP QuickWeb (x32 Version: 1.0.1.48 - DeviceVM, Inc.)
HP QuickWeb (x32 Version: 1.0.1.74 - DeviceVM, Inc.)
HP Setup (x32 Version: 1.2.3557.3169 - Hewlett-Packard)
HP SoftPaq Download Manager (x32 Version: 3.4.4.0 - Hewlett-Packard Company)
HP Software Framework (x32 Version: 4.5.12.1 - Hewlett-Packard Company)
HP Software Setup (x32 Version: 7.0.1.5 - Hewlett-Packard Company)
HP Support Assistant (x32 Version: 7.0.39.15 - Hewlett-Packard Company)
HP System Default Settings (x32 Version: 2.3.1.2 - Hewlett-Packard Company)
HP Wallpaper (x32 Version: 1.0.1.3 - Hewlett-Packard Company)
HP Web Camera (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Webcam (x32 Version: 1.0.26.3 - Roxio)
HP Webcam Driver (x32 Version: 5.8.50009.6 - Sonix)
HP Wireless Assistant (Version: 4.0.10.0 - Hewlett-Packard)
HWiNFO32 Version 4.08 (x32 Version: 4.08 - Martin Malík - REALiX)
HyperCam 2 (x32 Version: 2.27.00 - Hyperionics Technology LLC)
ICQ 5.1 (x32 Version: - )
ICQ Update Patch 1.9 (x32 Version: - murb.com)
IDT Audio (x32 Version: 1.0.6300.0 - IDT)
inSSIDer 2.0 (Version: 2.0.7 - MetaGeek)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections Drivers (Version: 16.3 - Intel)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.2.0.0284 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.00.01.1002 - Intel Corporation)
Intel® Matrix Storage Manager (Version: - Intel Corporation)
IrfanView (remove only) (x32 Version: 4.30 - Irfan Skiljan)
Java 7 Update 21 (64-bit) (Version: 7.0.210 - Oracle)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LSI HDA Modem (Version: 2.2.97 - LSI Corporation)
MAGIX Fotos auf DVD MX Deluxe Download-Version (x32 Version: 11.0.0.61 - MAGIX AG)
MAGIX Fotos auf DVD MX Deluxe Download-Version (x32 Version: 11.0.0.61 - MAGIX AG) Hidden
MAGIX Screenshare (x32 Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (MSI) (x32 Version: 7.0.2.6 - MAGIX AG)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Messer v0.992 (x32 Version: - )
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Age of Empires II (x32 Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (x32 Version: - )
Microsoft Office 2003 Web Components (x32 Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (x32 Version: 4.0.60831.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (x32 Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version: - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version: 8.0.50727.146 - Microsoft Corporation) Hidden
MiKTeX 2.9 (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 de) (x32 Version: 24.2.0 - Mozilla)
Mp3tag v2.49 (x32 Version: v2.49 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.18.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.18.0 - NEC Electronics Corporation) Hidden
Nur Deinstallierung der CopyTrans Suite möglich. (HKCU Version: 2.27 - WindSolutions)
PC Streams 1.6 (x32 Version: - )
PC Streams 2.0 (x32 Version: - )
PCStreams (x32 Version: 3.0.0 - Team PCStreams)
PDF24 Creator 5.2.0 (x32 Version: - PDF24.org)
PDFCreator (x32 Version: 1.6.2 - pdfforge)
PDF-XChange Viewer (Version: 2.5.197.0 - Tracker Software Products Ltd.)
Pre-Boot Security for HP ProtectTools (Version: 5.0.7.1 - Hewlett-Packard) Hidden
ProductView Express 9.1 (Version: 9.1.62.17 - PTC)
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Rainlendar2 (remove only) (x32 Version: - )
Renamer 1.1 (x32 Version: - Mediachance.com)
Revo Uninstaller Pro 3.0.7 (Version: 3.0.7 - VS Revo Group, Ltd.)
RICOH Media Driver (x32 Version: 2.13.00.05 - RICOH)
Roshaz 21st. November 2011 (x32 Version: - Roshaz Software Limited)
ScreenSteps 2.9 (x32 Version: 2.9 - Blue Mango Learning Systems)
SDK (x32 Version: 2.26.012 - Portrait Displays, Inc.) Hidden
Shockwave (x32 Version: - )
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
SolidWorks 2010 SP0 (x32 Version: 18.0.0.5035 - SolidWorks Corporation)
SolidWorks 2010 SP0 (x32 Version: 18.100.5035 - SolidWorks) Hidden
SolidWorks Explorer 2010 SP0 (x32 Version: 18.00.5035 - SolidWorks Corporation) Hidden
SopCast 3.4.8 (x32 Version: 3.4.8 - www.sopcast.com)
Spybot - Search & Destroy (x32 Version: 1.6.2 - Safer Networking Limited)
streamWriter (x32 Version: - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 15.0.24.0 - Synaptics Incorporated)
Teachmaster 4.3 (remove only) (x32 Version: - )
TeXstudio 2.6.2 (x32 Version: 2.6.2 - Benito van der Zander)
Theft Recovery (x32 Version: 5.1.0.21 - Hewlett-Packard)
Theft Recovery (x32 Version: 5.1.0.21 - Hewlett-Packard) Hidden
Total Commander (Remove or Repair) (x32 Version: 7.56a - Ghisler Software GmbH)
TreeSize Free V2.5 (x32 Version: 2.5 - JAM Software)
TrekStor i.Beat organix (x32 Version: - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Validity Fingerprint Driver (Version: 4.0.15.0 - Validity Sensors, Inc.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 1.1.11 (x32 Version: 1.1.11 - VideoLAN)
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 4.01 (64-Bit) (Version: 4.01.0 - win.rar GmbH)
==================== Restore Points =========================
24-12-2013 12:38:06 Windows Update
28-12-2013 03:21:05 Windows Update
31-12-2013 16:46:18 Windows Update
07-01-2014 06:44:30 Windows Update
10-01-2014 07:56:59 Windows Update
14-01-2014 07:47:29 Windows Update
16-01-2014 06:39:50 Windows Update
21-01-2014 07:52:44 Windows Update
22-01-2014 06:16:37 Installed Java 7 Update 51
==================== Hosts content: ==========================
2009-07-14 03:34 - 2013-08-29 08:35 - 00000027 ____N C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {05986C33-ACB0-42F3-AE2E-99717A2E9A17} - System32\Tasks\{832ACE73-B00A-4B4A-8B9F-003CF666D574} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.124/de/go/help.faq.installer?LastError=1603
Task: {1E01D329-BC8C-4EEB-B00B-0F4D45F4C3C1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe
Task: {22660901-EF24-4CC0-A34A-C2532B072100} - System32\Tasks\{DC818F32-3CB7-4FAA-87C6-0C1BB41E432F} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.124/de/go/help.faq.installer?LastError=1603
Task: {37E20F5C-7D56-42B3-8F7D-76836E374371} - System32\Tasks\AutoKMS => C:\windows\AutoKMS.exe
Task: {5B6522FE-46E0-4D6F-84A6-619438A9846D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {6ABDC795-506B-427F-BC45-1C33E919F2E0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {719356D9-7790-4CED-8742-14533E99DB34} - System32\Tasks\HPCeeScheduleForJohn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {751BBD2E-7B4E-43AC-98AC-D71D8E0BB20C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-18] (Adobe Systems Incorporated)
Task: {B536C886-749D-470F-87A9-A013B0C903BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-14] (Google Inc.)
Task: {BAFD4D0A-C11B-4A9B-8CB7-D098508CA292} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-14] (Google Inc.)
Task: {CC6F8164-AFDA-4838-8179-4BB600DCBF6C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AutoKMS.job => C:\windows\AutoKMS.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForJohn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2010-01-30 01:40 - 2010-01-30 01:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-09-04 18:35 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2012-01-21 22:07 - 2012-01-21 22:07 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-12-26 11:55 - 2011-12-26 11:55 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-12-26 11:55 - 2011-12-26 11:55 - 00024576 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll
2011-09-12 17:02 - 2011-09-12 17:02 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2012-11-15 08:28 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-03-04 11:49 - 2011-03-04 11:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2012-07-24 09:05 - 2012-07-24 09:05 - 00140800 _____ () C:\Program Files (x86)\Rainlendar2\lua52.dll
2012-07-24 09:05 - 2012-07-24 09:05 - 00198144 _____ () C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll
2012-07-24 09:05 - 2012-07-24 09:05 - 00012800 _____ () C:\Program Files (x86)\Rainlendar2\lfs.dll
2013-12-10 21:59 - 2013-12-10 21:59 - 03017840 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2013-12-10 21:59 - 2013-12-10 21:59 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2013-12-10 21:59 - 2013-12-10 21:59 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2012-11-22 08:13 - 2012-11-21 06:26 - 00008704 _____ () C:\Users\John\AppData\Roaming\Thunderbird\Profiles\n1otpkol.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll
2010-01-30 01:41 - 2010-01-30 01:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-12-20 23:53 - 2013-12-20 23:53 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Faulty Device Manager Devices =============
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/16/2014 00:00:44 AM) (Source: Microsoft-Windows-Defrag) (User: )
Description: The volume Daten (D:) was not defragmented because an error was encountered: An attempt was made to load a program with an incorrect format. (0x8007000B)
Error: (01/14/2014 03:57:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: Dropbox.exe, version: 2.4.11.0, time stamp: 0x527d91e4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x1e156323
Faulting process id: 0x18d8
Faulting application start time: 0xDropbox.exe0
Faulting application path: Dropbox.exe1
Faulting module path: Dropbox.exe2
Report Id: Dropbox.exe3
Error: (01/13/2014 08:04:13 AM) (Source: SDWinSec.exe) (User: )
Description: The service process could not connect to the service controller
Error: (01/07/2014 05:31:22 PM) (Source: Application Error) (User: )
Description: Faulting application name: EXCEL.EXE, version: 14.0.4756.1000, time stamp: 0x4b9c08e8
Faulting module name: EXCEL.EXE, version: 14.0.4756.1000, time stamp: 0x4b9c08e8
Exception code: 0xc0000005
Fault offset: 0x0002f7e6
Faulting process id: 0x20c0
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3
Error: (01/05/2014 09:18:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: age2_x1.Exe, version: 0.7.26.809, time stamp: 0x3b7433ec
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x11f07095
Faulting process id: 0x14e8
Faulting application start time: 0xage2_x1.Exe0
Faulting application path: age2_x1.Exe1
Faulting module path: age2_x1.Exe2
Report Id: age2_x1.Exe3
Error: (12/19/2013 11:57:01 AM) (Source: Validity USDK) (User: )
Description: Flash read failed: Address:0x00050E00 Result:0x00000013.
Error: (12/12/2013 06:10:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 25.0.1.5064, time stamp: 0x5282f204
Faulting module name: xul.dll, version: 25.0.1.5064, time stamp: 0x5282f10e
Exception code: 0xc0000005
Fault offset: 0x00118f87
Faulting process id: 0x152c
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3
Error: (12/09/2013 03:53:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: age2_x1.Exe, version: 0.7.26.809, time stamp: 0x3b7433ec
Faulting module name: age2_x1.Exe, version: 0.7.26.809, time stamp: 0x3b7433ec
Exception code: 0xc0000005
Fault offset: 0x000d1077
Faulting process id: 0x14f4
Faulting application start time: 0xage2_x1.Exe0
Faulting application path: age2_x1.Exe1
Faulting module path: age2_x1.Exe2
Report Id: age2_x1.Exe3
Error: (12/07/2013 05:04:27 PM) (Source: Application Error) (User: )
Description: Faulting application name: voobly.exe, version: 0.1.1.1262, time stamp: 0x5276d682
Faulting module name: QtCore4.dll, version: 4.5.2.0, time stamp: 0x4a7d1a3d
Exception code: 0xc0000005
Fault offset: 0x000c9f05
Faulting process id: 0x1818
Faulting application start time: 0xvoobly.exe0
Faulting application path: voobly.exe1
Faulting module path: voobly.exe2
Report Id: voobly.exe3
Error: (12/02/2013 07:36:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: age2_x1.Exe, version: 0.7.26.809, time stamp: 0x3b7433ec
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0ffd1638
Faulting process id: 0x141c
Faulting application start time: 0xage2_x1.Exe0
Faulting application path: age2_x1.Exe1
Faulting module path: age2_x1.Exe2
Report Id: age2_x1.Exe3
System errors:
=============
Error: (01/22/2014 00:19:33 PM) (Source: Service Control Manager) (User: )
Description: The rixdpcie service failed to start due to the following error:
%%1058
Error: (01/22/2014 00:19:33 PM) (Source: Service Control Manager) (User: )
Description: The risdpcie service failed to start due to the following error:
%%1058
Error: (01/22/2014 00:19:33 PM) (Source: Service Control Manager) (User: )
Description: The rimspci service failed to start due to the following error:
%%1058
Error: (01/22/2014 00:02:47 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (01/22/2014 00:02:47 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (01/22/2014 00:02:47 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (01/22/2014 00:02:47 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (01/22/2014 00:02:47 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (01/22/2014 00:02:47 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (01/22/2014 00:02:46 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Microsoft Office Sessions:
=========================
Error: (01/16/2014 00:00:44 AM) (Source: Microsoft-Windows-Defrag)(User: )
Description: Daten (D:)An attempt was made to load a program with an incorrect format. (0x8007000B)
Error: (01/14/2014 03:57:25 PM) (Source: Application Error)(User: )
Description: Dropbox.exe2.4.11.0527d91e4unknown0.0.0.000000000c00000051e15632318d801cf112bed7715efC:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exeunknown2d9b861e-7d2c-11e3-9e28-b499bae2433f
Error: (01/13/2014 08:04:13 AM) (Source: SDWinSec.exe)(User: )
Description: The service process could not connect to the service controller
Error: (01/07/2014 05:31:22 PM) (Source: Application Error)(User: )
Description: EXCEL.EXE14.0.4756.10004b9c08e8EXCEL.EXE14.0.4756.10004b9c08e8c00000050002f7e620c001cf0bc5d0ce71daC:\PROGRA~2\MICROS~1\Office14\EXCEL.EXEC:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE24402d1a-77b9-11e3-91b9-b499bae2433f
Error: (01/05/2014 09:18:25 PM) (Source: Application Error)(User: )
Description: age2_x1.Exe0.7.26.8093b7433ecunknown0.0.0.000000000c000000511f0709514e801cf0a4a70e663c0C:\Program Files (x86)\Microsoft Games\Age of Empires II\Age2_X1\age2_x1.Exeunknown875418e8-7646-11e3-b653-b499bae2433f
Error: (12/19/2013 11:57:01 AM) (Source: Validity USDK)(User: )
Description: Address:0x00050E00 Result:0x00000013
Error: (12/12/2013 06:10:04 PM) (Source: Application Error)(User: )
Description: firefox.exe25.0.1.50645282f204xul.dll25.0.1.50645282f10ec000000500118f87152c01cef70d49e47cb2C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll3d7e0052-6350-11e3-a3b7-b499bae2433f
Error: (12/09/2013 03:53:19 PM) (Source: Application Error)(User: )
Description: age2_x1.Exe0.7.26.8093b7433ecage2_x1.Exe0.7.26.8093b7433ecc0000005000d107714f401cef4ede8b87afeC:\Program Files (x86)\Microsoft Games\Age of Empires II\Age2_X1\age2_x1.ExeC:\Program Files (x86)\Microsoft Games\Age of Empires II\Age2_X1\age2_x1.Exea40e1d42-60e1-11e3-a01b-b499bae2433f
Error: (12/07/2013 05:04:27 PM) (Source: Application Error)(User: )
Description: voobly.exe0.1.1.12625276d682QtCore4.dll4.5.2.04a7d1a3dc0000005000c9f05181801cef33ec7362eb5C:\Program Files (x86)\Voobly\voobly.exeC:\Program Files (x86)\Voobly\QtCore4.dll3f26fb2a-5f59-11e3-b6a5-b499bae2433f
Error: (12/02/2013 07:36:24 PM) (Source: Application Error)(User: )
Description: age2_x1.Exe0.7.26.8093b7433ecunknown0.0.0.000000000c00000050ffd1638141c01ceef82b4a7046cC:\Program Files (x86)\Microsoft Games\Age of Empires II\Age2_X1\age2_x1.Exeunknowna4dcce15-5b80-11e3-8c22-b499bae2433f
CodeIntegrity Errors:
===================================
Date: 2013-08-29 09:35:21.657
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-08-29 09:35:21.533
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 39%
Total physical RAM: 8047.38 MB
Available physical RAM: 4884.15 MB
Total Pagefile: 16092.94 MB
Available Pagefile: 12031.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:95.25 GB) (Free:10.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Daten) (Fixed) (Total:185.55 GB) (Free:22.6 GB) NTFS
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.39 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: BAF111DB)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=300 MB) - (Type=42)
Partition 3: (Not Active) - (Size=95 GB) - (Type=42)
Partition 4: (Not Active) - (Size=203 GB) - (Type=42)
==================== End Of Log ============================
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-01-2014
Ran by John (administrator) on HP85 on 22-01-2014 12:35:42
Running from C:\Users\John\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
() C:\Users\John\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Sigmatel) C:\Windows\system\w98eject.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Ghisler Software GmbH) C:\Program Files (x86)\totalcmd\TOTALCMD.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-04-05] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2012-01-21] (Synaptics Incorporated)
HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2945080 2011-09-12] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [489472 2012-01-21] (IDT, Inc.)
HKLM\...\Run: [AutoKMS] - C:\windows\AutoKMS.exe
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Java\jre7\bin\jusched.exe"
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NUSB3MON] - c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-21] (NEC Electronics Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-14] (Hewlett-Packard)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [Rainlendar2] - C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2498048 2012-07-24] ()
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\John\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [4910912 2011-08-02] (DT Soft Ltd)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird.lnk
ShortcutTarget: thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\rd9h1q3r.default-1355241694188
FF DefaultSearchEngine: Ecosia
FF SelectedSearchEngine: Ecosia
FF Homepage: ecosia.org
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @ptc.com/ProductViewLite - C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll (PTC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\John\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF SearchPlugin: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\rd9h1q3r.default-1355241694188\searchplugins\ecosia.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FastestFox - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\rd9h1q3r.default-1355241694188\Extensions\smarterwiki@wikiatic.com.xpi [2012-12-12]
FF Extension: Adblock Plus - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\rd9h1q3r.default-1355241694188\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-20]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-12-20]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2013-12-20]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-05-02]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-05-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-05-13] (BlueStack Systems, Inc.)
S3 CoordinatorServiceHost; C:\Program Files (x86)\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [87336 2009-10-15] (Dassault Systèmes SolidWorks Corp.)
R3 DEBridge; C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2010-02-01] (McAfee, Inc.)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462160 2010-07-16] (DigitalPersona, Inc.)
R2 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P)
R2 HpFkCryptService; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2010-02-01] (McAfee, Inc.)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-05-13] (BlueStack Systems)
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-09-04] (DT Soft Ltd)
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [29672 2013-02-02] (REALiX(tm))
R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2010-02-01] (McAfee, Inc.)
R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2010-02-01] (McAfee, Inc.)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2010-02-01] ()
R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2010-02-01] (McAfee, Inc.)
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2010-02-01] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2010-02-01] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2010-02-01] (McAfee, Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-06-03] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U4 eabfiltr;
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-22 12:35 - 2014-01-22 12:36 - 00020173 _____ C:\Users\John\Downloads\FRST.txt
2014-01-22 12:35 - 2014-01-22 12:35 - 00000000 ____D C:\FRST
2014-01-22 12:34 - 2014-01-22 12:35 - 02077184 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2014-01-22 07:17 - 2014-01-22 07:17 - 00005175 _____ C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-22 07:17 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-22 07:17 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-01-22 07:17 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-01-22 07:17 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-01-20 17:05 - 2014-01-20 17:09 - 13113344 _____ C:\Users\John\Downloads\modA_lf_14.mpg
2014-01-20 17:05 - 2014-01-20 17:09 - 13094912 _____ C:\Users\John\Downloads\modA_lf_09.mpg
2014-01-20 17:01 - 2014-01-20 17:03 - 11735040 _____ C:\Users\John\Downloads\modA_lf_02.mpg
2014-01-20 16:59 - 2014-01-20 17:00 - 05572608 _____ C:\Users\John\Downloads\modA_lf_05.mpg
2014-01-20 16:56 - 2014-01-20 16:57 - 08024064 _____ C:\Users\John\Downloads\modA_lf_04.mpg
2014-01-20 16:51 - 2014-01-20 16:53 - 08222720 _____ C:\Users\John\Downloads\modA_lf_03.mpg
2014-01-20 09:47 - 2014-01-20 09:47 - 00079315 _____ C:\Users\John\Downloads\usbdeview.zip
2014-01-15 11:35 - 2014-01-15 15:34 - 734003200 _____ C:\Users\John\Downloads\The_T_of_B.part07.rar
2014-01-15 08:16 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-01-15 08:16 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-01-15 08:16 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-01-15 08:16 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-01-15 08:16 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-01-15 08:16 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-01-15 08:16 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-01-15 08:16 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-01-15 08:16 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-01-14 19:50 - 2014-01-22 07:09 - 00004693 _____ C:\windows\AutoKMS.log
2014-01-14 14:59 - 2014-01-14 14:59 - 00002058 _____ C:\Users\John\AppData\Local\recently-used.xbel
2014-01-14 11:10 - 2014-01-22 12:19 - 00000198 _____ C:\windows\Tasks\AutoKMS.job
2014-01-14 11:10 - 2014-01-14 11:10 - 00002430 _____ C:\windows\System32\Tasks\AutoKMS
2014-01-14 11:10 - 2014-01-14 11:10 - 00000135 _____ C:\windows\AutoKMS.ini
2014-01-13 18:50 - 2014-01-13 18:50 - 00222974 _____ C:\Users\John\Downloads\Konstrukteur(1)
2014-01-13 18:50 - 2014-01-13 18:50 - 00222974 _____ C:\Users\John\Downloads\Konstrukteur
2013-12-29 18:57 - 2014-01-13 19:46 - 734003200 _____ C:\Users\John\Downloads\The_T_of_B.part06.rar
2013-12-29 12:33 - 2013-12-29 16:32 - 734003200 _____ C:\Users\John\Downloads\The_T_of_B.part05.rar
2013-12-28 20:02 - 2013-11-21 20:53 - 1113320284 _____ C:\Users\John\Downloads\Schnitzel für alle.avi
==================== One Month Modified Files and Folders =======
2014-01-22 12:36 - 2014-01-22 12:35 - 00020173 _____ C:\Users\John\Downloads\FRST.txt
2014-01-22 12:35 - 2014-01-22 12:35 - 00000000 ____D C:\FRST
2014-01-22 12:35 - 2014-01-22 12:34 - 02077184 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2014-01-22 12:28 - 2009-07-14 05:45 - 00020944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-22 12:28 - 2009-07-14 05:45 - 00020944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-22 12:27 - 2012-03-14 09:36 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-22 12:24 - 2011-03-28 13:16 - 01212876 _____ C:\windows\WindowsUpdate.log
2014-01-22 12:21 - 2012-09-26 12:39 - 00000000 ____D C:\Users\John\.rainlendar2
2014-01-22 12:21 - 2012-03-14 09:36 - 00001102 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-22 12:19 - 2014-01-14 11:10 - 00000198 _____ C:\windows\Tasks\AutoKMS.job
2014-01-22 12:19 - 2013-05-24 05:36 - 00028702 _____ C:\windows\setupact.log
2014-01-22 12:19 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-22 12:02 - 2013-08-29 11:43 - 00004024 _____ C:\windows\PFRO.log
2014-01-22 07:17 - 2014-01-22 07:17 - 00005175 _____ C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-22 07:17 - 2013-12-10 12:16 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-22 07:09 - 2014-01-14 19:50 - 00004693 _____ C:\windows\AutoKMS.log
2014-01-22 00:17 - 2011-09-05 18:34 - 00000000 ____D C:\Users\John\AppData\Roaming\foobar2000
2014-01-22 00:04 - 2012-04-03 07:42 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-21 19:30 - 2012-07-13 18:53 - 00000000 ____D C:\Users\John\AppData\Roaming\SolidWorks
2014-01-21 09:47 - 2013-04-05 16:42 - 00003180 _____ C:\windows\System32\Tasks\HPCeeScheduleForJohn
2014-01-21 09:47 - 2013-04-05 16:42 - 00000328 _____ C:\windows\Tasks\HPCeeScheduleForJohn.job
2014-01-20 17:09 - 2014-01-20 17:05 - 13113344 _____ C:\Users\John\Downloads\modA_lf_14.mpg
2014-01-20 17:09 - 2014-01-20 17:05 - 13094912 _____ C:\Users\John\Downloads\modA_lf_09.mpg
2014-01-20 17:03 - 2014-01-20 17:01 - 11735040 _____ C:\Users\John\Downloads\modA_lf_02.mpg
2014-01-20 17:00 - 2014-01-20 16:59 - 05572608 _____ C:\Users\John\Downloads\modA_lf_05.mpg
2014-01-20 16:57 - 2014-01-20 16:56 - 08024064 _____ C:\Users\John\Downloads\modA_lf_04.mpg
2014-01-20 16:53 - 2014-01-20 16:51 - 08222720 _____ C:\Users\John\Downloads\modA_lf_03.mpg
2014-01-20 09:47 - 2014-01-20 09:47 - 00079315 _____ C:\Users\John\Downloads\usbdeview.zip
2014-01-18 08:48 - 2011-09-15 17:54 - 00000000 ____D C:\Users\John\AppData\Local\Adobe
2014-01-18 08:47 - 2012-04-03 07:42 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-18 08:47 - 2012-04-03 07:42 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-01-18 08:47 - 2011-09-03 13:50 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-16 09:09 - 2011-11-17 12:59 - 00000000 _____ C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-01-16 09:09 - 2011-09-20 10:38 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2014-01-16 08:01 - 2009-07-14 05:45 - 00604288 _____ C:\windows\system32\FNTCACHE.DAT
2014-01-16 07:44 - 2013-07-15 06:03 - 00000000 ____D C:\windows\system32\MRT
2014-01-16 07:40 - 2011-09-03 13:24 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-01-15 15:34 - 2014-01-15 11:35 - 734003200 _____ C:\Users\John\Downloads\The_T_of_B.part07.rar
2014-01-14 15:57 - 2011-09-06 17:52 - 00000000 ___RD C:\Users\John\Dropbox
2014-01-14 15:34 - 2013-10-16 11:18 - 00000000 ____D C:\Users\John\.gimp-2.8
2014-01-14 15:34 - 2011-09-06 17:50 - 00000000 ____D C:\Users\John\AppData\Roaming\Dropbox
2014-01-14 14:59 - 2014-01-14 14:59 - 00002058 _____ C:\Users\John\AppData\Local\recently-used.xbel
2014-01-14 14:50 - 2013-10-16 11:47 - 00000000 ____D C:\Users\John\AppData\Local\gtk-2.0
2014-01-14 11:10 - 2014-01-14 11:10 - 00002430 _____ C:\windows\System32\Tasks\AutoKMS
2014-01-14 11:10 - 2014-01-14 11:10 - 00000135 _____ C:\windows\AutoKMS.ini
2014-01-13 21:08 - 2011-09-06 16:05 - 00000000 ____D C:\Users\John\AppData\Roaming\Skype
2014-01-13 19:46 - 2013-12-29 18:57 - 734003200 _____ C:\Users\John\Downloads\The_T_of_B.part06.rar
2014-01-13 18:50 - 2014-01-13 18:50 - 00222974 _____ C:\Users\John\Downloads\Konstrukteur(1)
2014-01-13 18:50 - 2014-01-13 18:50 - 00222974 _____ C:\Users\John\Downloads\Konstrukteur
2014-01-11 22:18 - 2013-05-06 16:13 - 00000000 ____D C:\Program Files (x86)\Voobly
2014-01-10 19:11 - 2011-09-06 17:50 - 00001014 _____ C:\Users\John\Desktop\Dropbox.lnk
2014-01-10 19:11 - 2011-09-06 17:50 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-08 02:41 - 2009-07-14 06:08 - 00032620 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-12-29 16:32 - 2013-12-29 12:33 - 734003200 _____ C:\Users\John\Downloads\The_T_of_B.part05.rar
2013-12-28 19:29 - 2013-11-08 08:17 - 734003200 _____ C:\Users\John\Downloads\The_T_of_B.part04.rar
Files to move or delete:
====================
C:\Users\John\AppData\Roaming\GoodnightTimer.ini
Some content of TEMP:
====================
C:\Users\John\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-19 11:39
==================== End Of Log ============================
--- --- ---
Danke dir! |
FRST 32-Bit | FRST 64-Bit