Es wurde ein FestplattenFehler gefunden

sonny696 · 27.11.2014, 16:44

hallo,
Ich war heute mehrere stunden an meinem Macbook pro (unter Windows) am arbeiten und hatte mehrere Tabs geöffnet (soundcloud,flugseiten,...).
Dann war ich etwas essen und als ich zurückkam las ich folgende Fehlermeldung

Es wurde von mir gefordert ein Anweisungen Dokument zu speichern was mir aber nicht gelang da externe festplatte kaputt zu sein scheint und auch auf meinem Pad konnte ich das Dokument nicht lagern.
Ich habe dann versucht ohne das Dokument zu speichern fortzufahren , eine Sicherung konnte jedoch nicht erstellt werden.es gab immer wieder Fehlermeldung.
Herunter und wieder hochfahren klappt , das system scheint sonst nicht beeinträchtig,
ich habe Kaspersky 1x untersuchen lassen,keine Befunde.
Ausser einer Flugbestätgung (pdf) habe ich nichts heruntergeladen.
Wenn ich abbreche kommt ca alle 10minuten erneut die Fehlermeldung
Virus oder wirklich ein Problem mit der Platte?
whats my line?
Vielen Dank

schrauber · 27.11.2014, 18:49

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

sonny696 · 27.11.2014, 19:13

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by Sonny (administrator) on SONNY-PC on 27-11-2014 22:58:13
Running from C:\Users\Sonny\Desktop
Loaded Profiles: Sonny & UpdatusUser & postgres (Available profiles: Sonny & UpdatusUser & postgres & LogMeInRemoteUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Windows\System32\AppleOSSMgr.exe
(Apple Inc.) C:\Windows\System32\AppleTimeSrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(Microsoft Corporation) C:\Windows\System32\DFDWiz.exe
(Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Users\Sonny\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dell) C:\Users\Sonny\AppData\Local\Apps\2.0\DKK74V8N.W12\K5GVQJP1.ZOZ\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Waterfox Ltd) C:\Program Files\Waterfox\waterfox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apple_KbdMgr] => C:\Program Files\Boot Camp\Bootcamp.exe [746816 2014-02-06] (Apple Inc.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-12-11] (LogMeIn, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-01] (Intel Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-2286107830-123670605-936515880-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2286107830-123670605-936515880-1000\...\Run: [SkyDrive] => C:\Users\Sonny\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-26] (Microsoft Corporation)
HKU\S-1-5-21-2286107830-123670605-936515880-1000\...\Run: [GoTrusted] => C:\Program Files (x86)\GoTrusted.com\GoTrusted Secure Tunnel v2.3.7.5\GoTrusted Secure Tunnel.exe [216224 2014-07-21] (GoTrusted.com)
HKU\S-1-5-21-2286107830-123670605-936515880-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-2286107830-123670605-936515880-1000\...\Run: [DellSystemDetect] => C:\Users\Sonny\AppData\Local\Apps\2.0\DKK74V8N.W12\K5GVQJP1.ZOZ\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe [264488 2014-11-10] (Dell)
HKU\S-1-5-21-2286107830-123670605-936515880-1000\...\MountPoints2: {6759b240-637b-11e4-9f89-ba6b178e6f2b} - E:\SISetup.exe
HKU\S-1-5-21-2286107830-123670605-936515880-1000\...\MountPoints2: {8ec812da-6a3c-11e4-9cf0-9bfa9ddc622a} - E:\AutoRun.exe
Startup: C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sonny\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Vito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sonny\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonny\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonny\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonny\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonny\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonny\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonny\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonny\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2286107830-123670605-936515880-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-2286107830-123670605-936515880-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {30289222-1788-427B-8E9B-98F8AB1A67A9} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM -> {30289222-1788-427B-8E9B-98F8AB1A67A9} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2286107830-123670605-936515880-1000 -> 7FA97DCF88FE42789FA1A83937DB82A3 URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2286107830-123670605-936515880-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2286107830-123670605-936515880-1000 -> {AD73211A-3FF7-40F4-B9D7-83A01515B0B7} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=1a9ce509-05b9-42cc-9cee-cfb6c4485d00&apn_sauid=60D6BE16-C589-4EC2-BFD8-45E35815191C
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 172.16.101.254

FireFox:
========
FF ProfilePath: C:\Users\Sonny\AppData\Roaming\Mozilla\Firefox\Profiles\bxn4copm.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sonny\AppData\Roaming\Mozilla\Firefox\Profiles\bxn4copm.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Sonny\AppData\Roaming\Mozilla\Firefox\Profiles\bxn4copm.default\searchplugins\google-maps.xml
FF Extension: DownloadHelper - C:\Users\Sonny\AppData\Roaming\Mozilla\Firefox\Profiles\bxn4copm.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-09]
FF Extension: Evernote Web Clipper - C:\Users\Sonny\AppData\Roaming\Mozilla\Firefox\Profiles\bxn4copm.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-03-17]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Sonny\AppData\Roaming\Mozilla\Firefox\Profiles\bxn4copm.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-07-18]
FF Extension: Quick Translator - C:\Users\Sonny\AppData\Roaming\Mozilla\Firefox\Profiles\bxn4copm.default\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2014-03-17]
FF Extension: Adblock Plus - C:\Users\Sonny\AppData\Roaming\Mozilla\Firefox\Profiles\bxn4copm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-17]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-03-17]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-03-17]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-03-17]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\anti_banner@kaspersky.com [2014-03-17]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\online_banking@kaspersky.com [2014-03-17]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\ab.crx [2013-10-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [226112 2014-02-06] ()
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376168 2014-10-31] (LogMeIn, Inc.)
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2014-10-31] (LogMeIn, Inc.)
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-12-11] (LogMeIn, Inc.)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] ()
S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [37176 2014-04-14] (The OpenVPN Project)
R2 postgresql-x64-9.0; C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N "postgresql-x64-9.0" -D "C:/Program Files/PostgreSQL/9.0/data" -w [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AppleCamera; C:\Windows\System32\DRIVERS\AppleCamera.sys [1793664 2013-12-04] (Apple Inc.)
R3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [12288 2013-09-06] (Apple Inc.)
R3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [39424 2013-09-06] (Apple Inc.)
S3 AppleODD; C:\Windows\System32\DRIVERS\AppleODD.sys [8704 2012-12-23] (Apple Inc.)
S3 AppleSDR; C:\Windows\System32\DRIVERS\AppleSDR.sys [12800 2013-09-04] (Apple Inc.)
R3 CirrusLFD; C:\Windows\System32\DRIVERS\CSLFD.sys [56720 2013-10-17] (Cirrus Logic Inc.)
R3 CirrusUFD; C:\Windows\System32\DRIVERS\CSUFD.sys [11928 2013-10-17] (Cirrus Logic Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-03-17] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-03-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-03-17] (Kaspersky Lab ZAO)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-12-11] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2014-01-31] (Intel Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-27 22:58 - 2014-11-27 22:58 - 00022020 _____ () C:\Users\Sonny\Desktop\FRST.txt
2014-11-27 22:57 - 2014-11-27 22:58 - 00000000 ____D () C:\FRST
2014-11-27 22:57 - 2014-11-27 22:57 - 02117632 _____ (Farbar) C:\Users\Sonny\Desktop\FRST64.exe
2014-11-27 20:35 - 2014-11-27 20:42 - 73930975 _____ () C:\Users\Sonny\Desktop\AdvancedPLO.zip
2014-11-25 18:57 - 2014-11-25 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-11-25 18:04 - 2014-11-25 18:04 - 00017432 _____ () C:\Users\Sonny\Desktop\PHIL Abrechnungen marko 1.ods
2014-11-23 23:51 - 2014-11-23 23:51 - 00024620 _____ () C:\Users\Sonny\Desktop\141123_Omaha__Wahrscheinlichkeiten.xlsx
2014-11-22 21:23 - 2014-11-22 21:23 - 00008344 _____ () C:\Users\Sonny\Desktop\thailand pro contra.xlsx
2014-11-22 14:09 - 2014-11-11 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-22 14:09 - 2014-11-11 10:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-22 14:09 - 2014-11-11 09:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-22 14:09 - 2014-11-11 09:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-21 12:54 - 2014-11-21 13:28 - 796523383 _____ () C:\Users\Sonny\Desktop\Secrets Of Social Conditioning & Becoming Who You Really Are!(720p_H.264-AAC).mp4
2014-11-19 15:25 - 2014-11-23 21:53 - 00009755 _____ () C:\Users\Sonny\Desktop\Thailand abrechnung.xlsx
2014-11-18 00:33 - 2014-11-18 00:39 - 00000071 _____ () C:\Users\Sonny\Documents\oddsOracleMacros.csv
2014-11-16 16:49 - 2014-11-23 18:18 - 00001956 _____ () C:\Users\Public\Desktop\Stars Modded.lnk
2014-11-16 16:10 - 2014-11-16 16:10 - 00000000 ____D () C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tiltbuster - PokerStars Table Mods
2014-11-16 16:02 - 2014-11-16 16:10 - 00000000 ____D () C:\Program Files (x86)\PokerStars
2014-11-16 16:01 - 2014-11-16 16:02 - 09948826 _____ (Bar Nuthin 
2014-11-15 00:02 - 2014-11-15 00:02 - 00027251 _____ () C:\Users\Sonny\Desktop\PLO ANDI Oracle.xlsx
2014-11-14 00:16 - 2014-11-14 00:18 - 00027758 _____ () C:\Users\Sonny\Desktop\141113_Oil_Invest_Matrix_Marko.xlsx
2014-11-13 15:32 - 2014-11-13 15:32 - 00017104 _____ () C:\Users\Sonny\Desktop\141113_HRO_Vertrag.odt
2014-11-12 19:26 - 2014-11-12 19:26 - 00001724 _____ () C:\Users\Public\Desktop\AIS 3G Pocket Wifi.lnk
2014-11-12 19:26 - 2014-11-12 19:26 - 00001160 _____ () C:\Users\Public\Desktop\Online Service.lnk
2014-11-12 19:26 - 2014-11-12 19:26 - 00000000 ____D () C:\ProgramData\MobileBrServ
2014-11-12 19:26 - 2014-11-12 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIS 3G Pocket Wifi
2014-11-12 09:55 - 2014-11-12 09:56 - 00000000 ____D () C:\Users\Sonny\AppData\Roaming\TableNinja.v2
2014-11-12 09:55 - 2014-11-12 09:55 - 00003025 _____ () C:\Users\Sonny\Desktop\TableNinja v2.lnk
2014-11-12 09:55 - 2014-11-12 09:55 - 00002985 _____ () C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TableNinja v2.lnk
2014-11-12 09:55 - 2014-11-12 09:55 - 00000000 ____D () C:\Program Files (x86)\PASG
2014-11-12 09:52 - 2014-11-12 09:52 - 04307456 _____ () C:\Users\Sonny\Downloads\TN2Update2.3.173.msi
2014-11-12 07:00 - 2014-10-28 03:32 - 17870336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 07:00 - 2014-10-28 03:13 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 07:00 - 2014-10-28 03:12 - 10921472 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 07:00 - 2014-10-28 03:07 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 07:00 - 2014-10-28 03:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 07:00 - 2014-10-28 03:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 07:00 - 2014-10-28 03:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-12 07:00 - 2014-10-28 03:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 07:00 - 2014-10-28 03:04 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 07:00 - 2014-10-28 03:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 07:00 - 2014-10-28 03:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 07:00 - 2014-10-28 03:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 07:00 - 2014-10-28 03:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 07:00 - 2014-10-28 03:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 07:00 - 2014-10-28 03:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 07:00 - 2014-10-28 03:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 07:00 - 2014-10-28 03:03 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 07:00 - 2014-10-28 03:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 07:00 - 2014-10-28 03:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-12 07:00 - 2014-10-28 03:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-12 07:00 - 2014-10-28 03:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-12 07:00 - 2014-10-28 02:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 07:00 - 2014-10-28 02:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 07:00 - 2014-10-28 02:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 07:00 - 2014-10-28 01:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 07:00 - 2014-10-28 01:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 07:00 - 2014-10-28 01:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 07:00 - 2014-10-28 01:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-12 07:00 - 2014-10-28 01:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 07:00 - 2014-10-28 01:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 07:00 - 2014-10-28 01:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-12 07:00 - 2014-10-28 01:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 07:00 - 2014-10-28 01:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 07:00 - 2014-10-28 01:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 07:00 - 2014-10-28 01:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 07:00 - 2014-10-28 01:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 07:00 - 2014-10-28 01:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 07:00 - 2014-10-28 01:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 07:00 - 2014-10-28 01:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-12 07:00 - 2014-10-28 01:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-12 07:00 - 2014-10-28 01:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-12 07:00 - 2014-10-28 01:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 07:00 - 2014-10-14 09:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 07:00 - 2014-10-14 09:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 07:00 - 2014-10-14 09:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 07:00 - 2014-10-14 09:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 07:00 - 2014-10-14 09:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 07:00 - 2014-10-14 08:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 07:00 - 2014-10-14 08:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 07:00 - 2014-10-14 08:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 07:00 - 2014-10-14 08:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 07:00 - 2014-08-21 13:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 07:00 - 2014-08-21 13:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 07:00 - 2014-08-21 13:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 07:00 - 2014-08-21 13:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 07:00 - 2014-08-12 09:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 07:00 - 2014-08-12 08:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 06:55 - 2014-10-25 08:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 06:55 - 2014-10-25 08:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 06:55 - 2014-10-18 09:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 06:55 - 2014-10-18 08:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 06:55 - 2014-10-10 07:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 06:55 - 2014-10-03 09:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 06:55 - 2014-10-03 09:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 06:55 - 2014-10-03 09:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 06:55 - 2014-10-03 09:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 06:55 - 2014-10-03 09:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 06:55 - 2014-10-03 08:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 06:55 - 2014-10-03 08:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 06:55 - 2014-10-03 08:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 06:55 - 2014-09-19 16:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 06:55 - 2014-09-19 16:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 06:55 - 2014-09-19 16:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 06:55 - 2014-09-19 16:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 06:55 - 2014-09-19 16:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 06:55 - 2014-09-19 16:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 06:55 - 2014-09-19 16:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 06:55 - 2014-09-19 16:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 06:55 - 2014-09-19 16:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 06:55 - 2014-09-19 16:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 06:55 - 2014-09-19 16:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 06:55 - 2014-09-19 16:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-10 04:20 - 2014-11-10 04:20 - 00000000 ____D () C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-11-10 04:12 - 2014-11-10 05:19 - 00000000 ____D () C:\Users\Sonny\AppData\Local\Deployment
2014-11-10 04:12 - 2014-11-10 04:12 - 00000000 ____D () C:\Users\Sonny\AppData\Local\Apps\2.0
2014-11-10 04:11 - 2014-11-10 04:12 - 00417064 _____ () C:\Users\Sonny\Downloads\DellSystemDetect.exe
2014-11-08 01:46 - 2014-11-08 01:47 - 174569431 _____ () C:\Users\Sonny\Desktop\video_2Fpublic_2Frestricted_2FTackleberry_Darth_Vader_The_Ne.mp4
2014-11-08 01:46 - 2014-11-08 01:46 - 25564477 _____ () C:\Users\Sonny\Desktop\Sie_nannten_es_GTO_V3_QS_hdr.mp4
2014-11-08 01:45 - 2014-11-08 01:46 - 115159219 _____ () C:\Users\Sonny\Desktop\CREV_Basics_Part_2.mp4
2014-11-08 01:45 - 2014-11-08 01:45 - 74047327 _____ () C:\Users\Sonny\Desktop\FCREV_Basics_DE_Part_1_hdr.mp4
2014-11-08 01:44 - 2014-11-08 01:45 - 107242463 _____ () C:\Users\Sonny\Desktop\CREV_Basics_Part_3_hdr.mp4
2014-11-08 00:39 - 2014-11-08 00:39 - 00000000 ____D () C:\Users\Sonny\Documents\Fax
2014-11-08 00:11 - 2014-11-08 00:11 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-11-08 00:11 - 2012-03-14 12:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMLMAE.DLL
2014-11-07 23:49 - 2014-11-07 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-11-07 23:49 - 2014-11-07 23:49 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-11-07 23:48 - 2014-11-07 23:48 - 49819216 _____ () C:\Users\Sonny\Downloads\mpnx_4_0-win-4_03-ea23_2.exe
2014-11-07 12:51 - 2014-11-07 12:52 - 67856800 _____ () C:\Users\Sonny\Downloads\Deine Mutter.wav
2014-11-05 12:44 - 2014-11-05 12:44 - 00110589 _____ () C:\Users\Sonny\Downloads\Accommodation Research - Thailand (November) v.6.xlsx
2014-11-05 03:51 - 2014-11-05 03:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_mvusbews_01009.Wdf
2014-11-05 03:51 - 2014-11-05 03:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-11-05 03:51 - 2012-09-27 07:30 - 00126880 _____ (HP) C:\Windows\system32\HPSIsvc.exe
2014-11-05 03:51 - 2012-08-31 22:03 - 01696256 _____ () C:\Windows\system32\HP1100SM.EXE
2014-11-05 03:51 - 2012-08-31 22:03 - 00288768 _____ () C:\Windows\system32\HP1100LM.DLL
2014-11-05 03:50 - 2014-11-05 03:50 - 00000000 ____D () C:\Program Files\HP
2014-11-05 03:50 - 2012-09-26 12:45 - 00082944 _____ () C:\Windows\system32\mvusbews.dll
2014-11-05 03:50 - 2012-09-26 12:45 - 00056832 _____ () C:\Windows\system32\HP1100SMs.dll
2014-11-05 03:50 - 2012-09-26 12:45 - 00020480 _____ (Marvell Semiconductor, Inc.) C:\Windows\system32\Drivers\mvusbews.sys
2014-11-05 03:50 - 2012-08-31 14:10 - 00350720 _____ () C:\Windows\system32\mvhlewsi.dll
2014-11-02 06:16 - 2014-11-10 00:35 - 00000000 ____D () C:\Users\Sonny\Desktop\Versicherung
2014-11-02 06:04 - 2014-11-02 06:05 - 00000000 ____D () C:\Users\Sonny\Desktop\Jonas
2014-11-01 14:39 - 2014-11-01 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\partypoker
2014-11-01 08:46 - 2014-11-23 00:34 - 00000000 ____D () C:\Users\Sonny\Documents\My Kindle Content
2014-11-01 08:46 - 2014-11-01 08:46 - 00002197 _____ () C:\Users\Sonny\Desktop\Kindle.lnk
2014-11-01 08:46 - 2014-11-01 08:46 - 00000000 ____D () C:\Users\Sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-11-01 08:46 - 2014-11-01 08:46 - 00000000 ____D () C:\Users\Sonny\AppData\Local\Amazon
2014-11-01 08:45 - 2014-11-01 08:45 - 38157960 _____ (Amazon.com) C:\Users\Sonny\Downloads\KindleForPC-installer.exe
2014-10-31 23:52 - 2014-10-31 23:52 - 00000000 ____D () C:\Program Files (x86)\Winamax Poker
2014-10-31 23:48 - 2014-10-31 23:48 - 00063919 _____ () C:\Users\Sonny\Desktop\My HUD.xml
2014-10-31 22:45 - 2014-10-31 22:55 - 00000000 ____D () C:\Users\Sonny\Desktop\Abrechnungen
2014-10-31 12:22 - 2014-11-05 03:21 - 00000000 ____D () C:\Users\Sonny\Desktop\tai lopez
2014-10-30 11:28 - 2014-10-30 11:28 - 00114251 _____ () C:\Users\Sonny\Desktop\Accommodation Research - Thailand (November) v.5.xlsx
 Tiltbuster.com) C:\Users\Sonny\Desktop\MightyMouse-Stars.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-27 22:56 - 2014-03-17 03:45 - 00000000 ____D () C:\Users\Sonny\AppData\Roaming\Skype
2014-11-27 22:27 - 2014-04-30 00:30 - 00005136 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Sonny-PC-Sonny Sonny-PC
2014-11-27 22:15 - 2014-04-21 04:02 - 00000000 ___RD () C:\Users\Sonny\OneDrive
2014-11-27 22:14 - 2009-07-14 11:45 - 00026096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-27 22:14 - 2009-07-14 11:45 - 00026096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-27 22:11 - 2014-03-16 17:32 - 00697082 _____ () C:\Windows\system32\perfh007.dat
2014-11-27 22:11 - 2014-03-16 17:32 - 00148346 _____ () C:\Windows\system32\perfc007.dat
2014-11-27 22:11 - 2009-07-14 12:13 - 01613340 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-27 22:10 - 2014-03-16 08:40 - 01365278 _____ () C:\Windows\WindowsUpdate.log
2014-11-27 22:07 - 2014-03-17 01:59 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-11-27 22:07 - 2014-03-17 00:34 - 00000000 ____D () C:\Users\postgres.Sonny-PC
2014-11-27 22:07 - 2014-03-16 08:51 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-27 22:07 - 2009-07-14 12:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-27 22:07 - 2009-07-14 11:51 - 00077189 _____ () C:\Windows\setupact.log
2014-11-27 20:46 - 2014-10-08 05:05 - 00000000 ____D () C:\Users\Sonny\AppData\Roaming\HoldemManager
2014-11-27 20:46 - 2014-03-17 18:18 - 00000000 ____D () C:\Users\Sonny\AppData\Roaming\KeePass
2014-11-27 20:45 - 2014-03-17 00:48 - 00000000 ____D () C:\Users\Sonny\AppData\Local\PokerStars.EU
2014-11-23 21:23 - 2013-11-22 02:27 - 00147456 _____ () C:\Users\Sonny\Desktop\Preflop-Chart Omaha allsheets (2).xls
2014-11-21 19:05 - 2014-03-17 01:03 - 00000000 ____D () C:\Program Files (x86)\Full Tilt Poker.Eu
2014-11-21 17:14 - 2014-03-17 17:38 - 00000000 ____D () C:\Users\Sonny\AppData\Local\PokerStars.FR
2014-11-16 16:26 - 2014-03-17 00:48 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU
2014-11-16 06:23 - 2012-05-23 04:08 - 00000000 ____D () C:\HM2Archive
2014-11-15 21:50 - 2010-11-21 10:47 - 00053990 _____ () C:\Windows\PFRO.log
2014-11-15 11:57 - 2014-04-21 03:49 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-14 22:36 - 2013-07-31 23:15 - 00000000 ____D () C:\Users\Sonny\Desktop\runnitonce
2014-11-12 14:58 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\rescache
2014-11-12 14:21 - 2009-07-14 11:45 - 00339048 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 10:01 - 2014-03-17 22:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 10:00 - 2014-03-17 22:51 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 09:43 - 2014-10-08 05:02 - 00001096 _____ () C:\Users\Public\Desktop\HoldemManager2.lnk
2014-11-12 09:43 - 2014-10-08 05:02 - 00000000 ____D () C:\Program Files (x86)\Holdem Manager 2
2014-11-11 22:45 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-09 13:24 - 2014-04-01 22:42 - 00000000 ____D () C:\Users\Sonny\AppData\Local\AuxClient
2014-11-09 09:01 - 2013-10-30 18:34 - 00000000 ____D () C:\Users\Sonny\Desktop\programme
2014-11-08 01:00 - 2013-10-30 18:34 - 00000000 ____D () C:\Users\Sonny\Desktop\fotos
2014-11-07 15:40 - 2014-03-18 22:31 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-11-06 21:44 - 2014-03-17 01:03 - 00000000 ____D () C:\Users\Sonny\AppData\Local\FullTiltPoker.eu
2014-11-06 17:48 - 2014-03-18 22:32 - 00001012 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-11-06 17:48 - 2014-03-18 22:31 - 00000996 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-11-05 04:36 - 2013-12-09 11:15 - 00004510 _____ () C:\Users\Sonny\Documents\NewDatabase.kdbx
2014-11-05 02:12 - 2013-10-30 19:38 - 00000000 ____D () C:\Users\Sonny\Desktop\poker
2014-11-05 00:07 - 2014-03-17 03:45 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-05 00:07 - 2014-03-17 03:45 - 00000000 ____D () C:\ProgramData\Skype
2014-11-04 14:30 - 2010-11-21 10:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-04 04:56 - 2014-03-18 22:31 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-11-03 04:46 - 2014-03-17 17:38 - 00000000 ____D () C:\Program Files (x86)\PokerStars.FR
2014-11-02 06:33 - 2014-09-11 20:33 - 00000000 ___RD () C:\Users\Sonny\Desktop\musik
2014-11-02 06:28 - 2014-03-17 00:42 - 00011735 _____ () C:\Users\Sonny\Desktop\plo txt.odt
2014-11-02 06:23 - 2012-05-23 03:55 - 00000000 ____D () C:\Users\Sonny\Desktop\rest
2014-11-02 06:22 - 2014-03-17 02:36 - 00000000 ____D () C:\BestPokerClassic
2014-11-01 14:39 - 2014-03-17 00:38 - 00001537 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\partypoker.lnk
2014-11-01 14:39 - 2014-03-17 00:38 - 00001531 _____ () C:\Users\Sonny\Desktop\partypoker.lnk
2014-11-01 14:39 - 2009-07-14 12:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-31 23:52 - 2014-05-05 07:32 - 00000941 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamax Poker.lnk
2014-10-31 23:52 - 2014-05-05 07:32 - 00000929 _____ () C:\Users\Public\Desktop\Winamax Poker.lnk
2014-10-31 22:49 - 2014-04-21 22:13 - 01461101 _____ () C:\Users\Sonny\Desktop\Marko_Excel.xlsx
2014-10-31 18:55 - 2014-03-18 22:32 - 00107392 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-10-31 18:54 - 2014-03-18 22:32 - 00035688 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-10-31 18:54 - 2014-03-18 22:31 - 00092520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-10-31 12:12 - 2014-03-17 00:13 - 00000000 ____D () C:\Program Files\Waterfox
2014-10-29 08:19 - 2014-03-17 00:13 - 00000000 ____D () C:\Users\Sonny\AppData\Local\Mozilla

Some content of TEMP:
====================
C:\Users\Sonny\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpntr1dn.dll
C:\Users\Sonny\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Sonny\AppData\Local\Temp\i4jdel0.exe
C:\Users\Sonny\AppData\Local\Temp\siinst.exe
C:\Users\Sonny\AppData\Local\Temp\SIInvoker.exe
C:\Users\Sonny\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Sonny\AppData\Local\Temp\strings.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-25 02:21

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014 01
Ran by Sonny at 2014-11-27 22:58:35
Running from C:\Users\Sonny\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
888poker (HKLM-x32\...\888poker) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2286107830-123670605-936515880-1000\...\Amazon Kindle) (Version:  - Amazon)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bestpoker Classic 1.0.0 (HKLM-x32\...\Bestpoker Classic_is1) (Version: 1.0.0 - bestpoker_classic)
Boot Camp-Dienste (HKLM\...\{FA2B2C2A-EA41-495A-9308-60726125D562}) (Version: 5.1.5640 - Apple Inc.)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Dell System Detect (HKU\S-1-5-21-2286107830-123670605-936515880-1000\...\73f463568823ebbe) (Version: 5.12.0.3 - Dell)
Dropbox (HKU\S-1-5-21-2286107830-123670605-936515880-1000\...\Dropbox) (Version: 2.8.3 - Dropbox, Inc.)
Evernote v. 5.7.2 (HKLM-x32\...\{FB57263E-706F-11E4-A65F-00163E98E7D6}) (Version: 5.7.2.5753 - Evernote Corp.)
Full Tilt Poker.Eu (HKLM-x32\...\{127BEFB3-24B2-4B44-8E99-AD22C2A5A8ED}) (Version: 5.6.20.WIN.FullTilt.EU - )
GoTrusted Secure Tunnel v2.3.7.5 (HKLM-x32\...\{450AB3A8-679B-431D-AF52-FFA7A7EBD345}) (Version: 2.3.0075 - GoTrusted.com)
HMA! Pro VPN 2.8.6.0 (HKLM-x32\...\HMA! Pro VPN) (Version: 2.8.6.0 - Privax Ltd)
Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version:  - )
HoldemResources Calculator (HKLM-x32\...\HoldemResources Calculator) (Version: release - HoldemResources)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.3.34 - Intel Corporation)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
KeePass Password Safe 2.25 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.25 - Dominik Reichl)
LogMeIn (HKLM-x32\...\{F8511796-1457-4A92-BEF7-71080FCF297A}) (Version: 4.1.4132 - LogMeIn, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Excel 2013 - de-de (HKLM\...\ExcelRetail - de-de) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2286107830-123670605-936515880-1000\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.25.01.127 - Huawei Technologies Co.,Ltd)
NVIDIA 3D Vision Treiber 332.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.28 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.28 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Package: Mighty Mouse Theme for PokerStars (HKLM-x32\...\MightyMouseThemeforPokerStars41) (Version: 1003.06.24.2014 - Bar Nuthin | Tiltbuster.com)
partypoker (HKLM-x32\...\PartyPoker) (Version:  - PartyGaming)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
PokerStars.fr (HKLM-x32\...\PokerStars.fr) (Version:  - PokerStars.fr)
PokerTracker 4 (remove only) (HKLM-x32\...\PokerTracker4) (Version:  - )
PostgreSQL 9.0  (HKLM\...\PostgreSQL 9.0) (Version: 9.0 - PostgreSQL Global Development Group)
ProPokerTools Odds Oracle 2.2.6 (HKLM\...\5992-1726-3179-3433) (Version: 2.2.6 - ProPokerTools)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5936 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
TN2 (HKLM-x32\...\{CD363783-DE26-4E13-91EE-BC0CBF00D942}) (Version: 2.3.173 - PASG)
Waterfox 32.0.3 (x64 en-US) (HKLM\...\Waterfox 32.0.3 (x64 en-US)) (Version: 32.0.3 - Mozilla)
Winamax Poker (HKLM-x32\...\wameu.04351C371E530C3762CBA45FA283ED972DCDEFB6.1) (Version: 3.2.1.1414419332 - Winamax)
Winamax Poker (x32 Version: 3.2.1 - Winamax) Hidden
Windows-Treiberpaket - Apple Inc. (AppleCamera) Image  (11/21/2013 5.0.22.0) (HKLM\...\1FCF3C93707C46D648F0B00E216A55E96DEB5A17) (Version: 11/21/2013 5.0.22.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net  (02/01/2008 3.10.3.10) (HKLM\...\D53CBF2C12DF51DA5E9C1A9DA97FF0DCA0C524C5) (Version: 02/01/2008 3.10.3.10 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5) (HKLM\...\EA3C044F6FD39CEC8F4F596836BF4197E97E1D39) (Version: 03/01/2010 3.0.0.5 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Display (01/23/2009 3.0.0.0) (HKLM\...\E0EAD0CEA9119B77350ED4DE28D9A82E57014D94) (Version: 01/23/2009 3.0.0.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) (HKLM\...\D5BB697E7D0C75712F3AD00AB1B85412CB5C0FD3) (Version: 02/21/2008 2.0.4.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Keyboard (01/10/2014 5.0.8.0) (HKLM\...\ABCCA6C3F97A148D7C69114CB55DFA9D46053BEA) (Version: 01/10/2014 5.0.8.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Multitouch (09/04/2013 5.0.2.0) (HKLM\...\277F15E06E6EEB458048F41BCB8FB843B3241E95) (Version: 09/04/2013 5.0.2.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (09/11/2012 4.0.3.0) (HKLM\...\742CB1BDA52EA9F1BBE482DA6DAA17944652B476) (Version: 09/11/2012 4.0.3.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple ODD (05/17/2010 3.1.0.0) (HKLM\...\D6B4CB6AD2F81752C2EF8DCF6AD5EBC567ADD45C) (Version: 05/17/2010 3.1.0.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple SD Card Reader (07/22/2013 1.0.0.1) (HKLM\...\D323E2C0C5E4948B07EE346CF62161281B0A8578) (Version: 07/22/2013 1.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple System Device (05/20/2013 5.0.2.0) (HKLM\...\1A9F109A8ACEE4CA1F898708DBB0FBA6EF0587FC) (Version: 05/20/2013 5.0.2.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) (HKLM\...\D088EE4BD2819FBA2B349EF9D55176F223419BE6) (Version: 06/01/2011 4.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Wireless Trackpad (10/29/2011 5.0.0.0) (HKLM\...\551732BB0872DA97E26385C221B172A5BD4DE93C) (Version: 10/29/2011 5.0.0.0 - Apple Inc.)
Windows-Treiberpaket - Atheros Communications Inc. (athr) Net  (11/13/2010 9.2.0.113) (HKLM\...\F0A3F8394866FA91E82C8D5AB92C918FE40FE1DF) (Version: 11/13/2010 9.2.0.113 - Atheros Communications Inc.)
Windows-Treiberpaket - Broadcom (b57nd60a) Net  (09/04/2012 15.4.0.17) (HKLM\...\75E64992A03EC5E73D33586790CC506561DCC5DB) (Version: 09/04/2012 15.4.0.17 - Broadcom)
Windows-Treiberpaket - Broadcom (B57ports) Net  (06/16/2009 1.0.0.1) (HKLM\...\FC2077892425ED71A137B1CB6D99A9CA7475435D) (Version: 06/16/2009 1.0.0.1 - Broadcom)
Windows-Treiberpaket - Broadcom (BCM43XX) Net  (11/13/2012 5.106.199.1) (HKLM\...\3D6DDDCF8961C8C866F6660579A59B5B6CFA281F) (Version: 11/13/2012 5.106.199.1 - Broadcom)
Windows-Treiberpaket - Broadcom (BCM43XX) Net  (12/13/2013 6.30.223.215) (HKLM\...\A5E73046BA905B7B0235AB40FA98A4E3AB96E00E) (Version: 12/13/2013 6.30.223.215 - Broadcom)
Windows-Treiberpaket - Broadcom Corporation (bScsiSDa) SDHost  (08/14/2012 1.0.0.243) (HKLM\...\ADF3AD5C5705E56E7DEA1447D58EFF216BA1223D) (Version: 08/14/2012 1.0.0.243 - Broadcom Corporation)
Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA  (02/19/2013 6.6001.1.40) (HKLM\...\969EFE1D5E95B01D3C42B9D0363FA64AF9E336E7) (Version: 02/19/2013 6.6001.1.40 - Cirrus Logic, Inc.)
Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusLFD) MEDIA  (10/03/2013 6.6001.3.13) (HKLM\...\9EBC96DD99F2C854D540FBF6A16A557BADDBC228) (Version: 10/03/2013 6.6001.3.13 - Cirrus Logic, Inc.)
Windows-Treiberpaket - Intel (e1express) Net  (03/26/2010 9.13.41.0) (HKLM\...\159439476E3A00F9FAE49DD6C1A78F2F6288A5B9) (Version: 03/26/2010 9.13.41.0 - Intel)
Windows-Treiberpaket - Intel (e1kexpress) Net  (04/12/2010 11.6.92.0) (HKLM\...\5BEF08C10896D86DC13394FFA75874564B700368) (Version: 04/12/2010 11.6.92.0 - Intel)
Windows-Treiberpaket - Intel (e1qexpress) Net  (12/04/2009 11.4.7.0) (HKLM\...\57AFA39B22ADEC4E383572E9331167546EB3C9C7) (Version: 12/04/2009 11.4.7.0 - Intel)
Windows-Treiberpaket - Intel (e1rexpress) Net  (01/07/2010 11.4.16.0) (HKLM\...\F71DB41300D30088C8D3716343D1429488E605C1) (Version: 01/07/2010 11.4.16.0 - Intel)
Windows-Treiberpaket - Intel (e1yexpress) Net  (04/07/2010 10.1.9.0) (HKLM\...\CB599752301BCA080D135697FDD05900F5A5CF4C) (Version: 04/07/2010 10.1.9.0 - Intel)
Windows-Treiberpaket - Intel System  (07/20/2007 1.2.76.0) (HKLM\...\E2708073906571A0B56F17FD825EF19281ECE29B) (Version: 07/20/2007 1.2.76.0 - Intel)
Windows-Treiberpaket - Marvell (yukonx64) Net  (12/06/2007 10.51.1.3) (HKLM\...\CDD703ED0B390A5643DB748EBFA5BD55FEEC0D8A) (Version: 12/06/2007 10.51.1.3 - Marvell)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2286107830-123670605-936515880-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sonny\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2286107830-123670605-936515880-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Sonny\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2286107830-123670605-936515880-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Sonny\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2286107830-123670605-936515880-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Sonny\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2286107830-123670605-936515880-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Sonny\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2286107830-123670605-936515880-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Sonny\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2286107830-123670605-936515880-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sonny\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2286107830-123670605-936515880-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sonny\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2286107830-123670605-936515880-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sonny\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2286107830-123670605-936515880-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sonny\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points  =========================

18-11-2014 10:06:14 Windows Update
22-11-2014 07:09:17 Windows Update
23-11-2014 03:13:16 Windows Update
25-11-2014 11:57:01 Installed Evernote v. 5.7.2
26-11-2014 04:20:49 Windows Update
27-11-2014 13:42:31 Windows-Sicherung
27-11-2014 13:46:38 Windows-Sicherung

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:34 - 2009-06-11 04:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06B1EBBC-2BDA-49EE-8753-C9B4D014EDFB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {15444C07-DCE9-457F-A46B-075A2163A0B0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {586E298A-9039-40AA-BB08-5B3980093C71} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Sonny-PC-Sonny Sonny-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-23] (Microsoft Corporation)
Task: {CFF7C8FB-2711-4429-BD8C-B7052483D00B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E7972875-D36C-46C1-ACFD-8EB5D17DAC5B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {F5D3782F-3F75-4602-AB08-C69042D9F882} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

==================== Loaded Modules (whitelisted) =============

2014-11-05 03:51 - 2012-08-31 22:03 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL
2014-11-05 03:51 - 2012-08-31 22:02 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2014-02-06 18:36 - 2014-02-06 18:36 - 00226112 _____ () C:\Windows\system32\AppleOSSMgr.exe
2014-03-16 08:51 - 2013-12-25 03:49 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-21 03:49 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-11-12 19:26 - 2014-02-15 13:59 - 00239184 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2014-03-17 00:34 - 2012-09-21 14:55 - 00217600 _____ () C:\Program Files\PostgreSQL\9.0\bin\LIBPQ.dll
2014-03-17 00:34 - 2012-08-14 19:02 - 02258432 _____ () C:\Program Files\PostgreSQL\9.0\bin\libxml2.dll
2014-03-17 00:13 - 2014-10-28 09:11 - 07638816 _____ () C:\Program Files\Waterfox\mozjs.dll
2013-06-17 18:35 - 2013-06-17 18:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\dblite.dll
2013-05-08 20:52 - 2013-05-08 20:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\kpcengine.2.3.dll
2014-09-26 01:12 - 2014-09-26 01:12 - 00081056 _____ () C:\Users\Sonny\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.dll
2014-09-26 01:12 - 2014-09-26 01:12 - 00081056 _____ () C:\Users\Sonny\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL
2014-11-19 22:14 - 2014-11-19 22:14 - 00438336 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-11-19 22:14 - 2014-11-19 22:14 - 00320064 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2014-03-16 08:55 - 2014-01-31 23:54 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-11-15 11:56 - 2014-11-15 11:56 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2286107830-123670605-936515880-500 - Administrator - Disabled)
Gast (S-1-5-21-2286107830-123670605-936515880-501 - Limited - Disabled)
LogMeInRemoteUser (S-1-5-21-2286107830-123670605-936515880-1003 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser
postgres (S-1-5-21-2286107830-123670605-936515880-1002 - Limited - Enabled) => C:\Users\postgres.Sonny-PC
Sonny (S-1-5-21-2286107830-123670605-936515880-1000 - Administrator - Enabled) => C:\Users\Sonny
UpdatusUser (S-1-5-21-2286107830-123670605-936515880-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/27/2014 10:14:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Dropbox.exe, Version 2.8.3.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: eb0

Startzeit: 01d00a53d2c596f1

Endzeit: 0

Anwendungspfad: C:\Users\Sonny\AppData\Roaming\Dropbox\bin\Dropbox.exe

Berichts-ID: 042a77ac-7648-11e4-bdbc-f73433b1b52d

Error: (11/27/2014 10:08:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/27/2014 08:47:28 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Zugriff verweigert (0x80070005)"

Error: (11/27/2014 08:43:20 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Zugriff verweigert (0x80070005)"

Error: (11/27/2014 11:17:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2014 02:10:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/23/2014 06:46:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PPT Odds Oracle.exe, Version: 0.0.0.0, Zeitstempel: 0x50129648
Name des fehlerhaften Moduls: awt.dll, Version: 6.0.230.5, Zeitstempel: 0x4cdef4ce
Ausnahmecode: 0xc000041d
Fehleroffset: 0x00000000000f9e9d
ID des fehlerhaften Prozesses: 0xcd8
Startzeit der fehlerhaften Anwendung: 0xPPT Odds Oracle.exe0
Pfad der fehlerhaften Anwendung: PPT Odds Oracle.exe1
Pfad des fehlerhaften Moduls: PPT Odds Oracle.exe2
Berichtskennung: PPT Odds Oracle.exe3

Error: (11/23/2014 06:46:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PPT Odds Oracle.exe, Version: 0.0.0.0, Zeitstempel: 0x50129648
Name des fehlerhaften Moduls: awt.dll, Version: 6.0.230.5, Zeitstempel: 0x4cdef4ce
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000f9e9d
ID des fehlerhaften Prozesses: 0xcd8
Startzeit der fehlerhaften Anwendung: 0xPPT Odds Oracle.exe0
Pfad der fehlerhaften Anwendung: PPT Odds Oracle.exe1
Pfad des fehlerhaften Moduls: PPT Odds Oracle.exe2
Berichtskennung: PPT Odds Oracle.exe3

Error: (11/23/2014 02:25:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 00:57:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/27/2014 10:07:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (11/27/2014 10:07:02 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video8CMDre 00000000 00000454 01200000 00000004 00000010

Error: (11/27/2014 11:15:32 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (11/27/2014 11:15:23 AM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video8CMDre 00000000 00000454 01200000 00000004 00000010

Error: (11/25/2014 10:31:19 AM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\000000adCMDre 00000000 00000454 01200000 00000004 00000010

Error: (11/24/2014 02:08:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (11/24/2014 02:08:18 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video8CMDre 00000000 00000454 01200000 00000004 00000010

Error: (11/23/2014 11:51:09 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video8CMDre 00000000 00000454 01200000 00000004 00000010

Error: (11/23/2014 02:23:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (11/23/2014 02:23:40 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video8CMDre 00000000 00000454 01200000 00000004 00000010


Microsoft Office Sessions:
=========================
Error: (11/27/2014 10:14:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Dropbox.exe2.8.3.0eb001d00a53d2c596f10C:\Users\Sonny\AppData\Roaming\Dropbox\bin\Dropbox.exe042a77ac-7648-11e4-bdbc-f73433b1b52d

Error: (11/27/2014 10:08:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/27/2014 08:47:28 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Zugriff verweigert (0x80070005)

Error: (11/27/2014 08:43:20 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Zugriff verweigert (0x80070005)

Error: (11/27/2014 11:17:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2014 02:10:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/23/2014 06:46:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PPT Odds Oracle.exe0.0.0.050129648awt.dll6.0.230.54cdef4cec000041d00000000000f9e9dcd801d0070d0c3e45f7C:\Program Files\PPTOddsOracle\PPT Odds Oracle.exeC:\Program Files\PPTOddsOracle\jre\bin\awt.dll597bf2b0-7306-11e4-b4be-e2a09da6ef2b

Error: (11/23/2014 06:46:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PPT Odds Oracle.exe0.0.0.050129648awt.dll6.0.230.54cdef4cec000000500000000000f9e9dcd801d0070d0c3e45f7C:\Program Files\PPTOddsOracle\PPT Odds Oracle.exeC:\Program Files\PPTOddsOracle\jre\bin\awt.dll58200c10-7306-11e4-b4be-e2a09da6ef2b

Error: (11/23/2014 02:25:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 00:57:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-10-15 16:20:38.421
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-15 16:20:38.421
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-15 16:20:38.421
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-15 16:20:38.421
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-15 16:20:38.421
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-15 16:20:38.421
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-12 06:30:21.689
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-12 06:30:21.689
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-12 06:30:21.679
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-12 06:30:21.679
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4960HQ CPU @ 2.60GHz
Percentage of memory in use: 21%
Total physical RAM: 16292.68 MB
Available physical RAM: 12800.09 MB
Total Pagefile: 32583.54 MB
Available Pagefile: 25035.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (BOOTCAMP) (Fixed) (Total:486.15 GB) (Free:292.91 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Macintosh HD) (Fixed) (Total:444.89 GB) (Free:187.85 GB) HFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.8 GB) (Disk ID: 45030B1F)

Partition: GPT Partition Type.
Partition 2: (Not Active) - (Size=444.9 GB) - (Type=AF)
Partition 3: (Not Active) - (Size=620 MB) - (Type=AB)
Partition 4: (Active) - (Size=486.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 28.11.2014, 17:42

Festplatte schon mal mit Seatools oder ähnlichem geprüft? Malware ist da keine.

sonny696 · 29.11.2014, 08:41

mit seatools scheiter jede untersuchung.
das programm sagt direkt Gescheitert

schrauber · 29.11.2014, 22:36

das is entweder ein Zeichen für Festplattenschaden oder Seatools kann deine HDD nicht, was unwarscheinlich ist. Malware ist da auf jeden Fall keine, also würde ich jetzt erstmal Daten sichern.

28.11.2014, 17:42	#4
schrauber /// the machine /// TB-Ausbilder	Es wurde ein FestplattenFehler gefunden Festplatte schon mal mit Seatools oder ähnlichem geprüft? Malware ist da keine. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

29.11.2014, 22:36	#6
schrauber /// the machine /// TB-Ausbilder	Es wurde ein FestplattenFehler gefunden das is entweder ein Zeichen für Festplattenschaden oder Seatools kann deine HDD nicht, was unwarscheinlich ist. Malware ist da auf jeden Fall keine, also würde ich jetzt erstmal Daten sichern. __________________ --> Es wurde ein FestplattenFehler gefunden

Es wurde ein FestplattenFehler gefunden

Log-Analyse und Auswertung: Es wurde ein FestplattenFehler gefunden