FRST
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2013 01
Ran by Marcus (administrator) on 13-08-2013 21:50:41
Running from C:\Users\Marcus\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) c:\PROGRA~1\mcafee.com\agent\mcagent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Malwarebytes Corporation) C:\Users\Marcus\Desktop\mbar-1.06.1.1005\mbar\mbar.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-25] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [PrnStatusMX] - C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1238528 2007-08-29] (Marvell Semiconductor, Inc.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-18] (IDT, Inc.)
HKCU\...\Run: [SkyDrive] - C:\Users\Marcus\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-07-01] (Microsoft Corporation)
HKCU\...\Run: [AVMUSBFernanschluss] - C:\Users\Marcus\AppData\Local\Apps\2.0\8QC1D64Z.G8Y\JBDBVKJY.DJD\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe [139264 2013-02-23] (AVM Berlin)
HKCU\...\Run: [Power2GoExpress8] - NA [x]
HKCU\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2013-07-03] (Siber Systems)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [38984 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [KCodes UDS Control Center] - C:\Program Files (x86)\Assmann\USB Device Server\Control Center.exe [5699072 2012-12-11] ()
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [BtTray] - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk
ShortcutTarget: t@x aktuell.lnk -> C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\taxaktuell.exe ()
Startup: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Marcus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk
ShortcutTarget: Mediencenter.lnk -> C:\Users\Marcus\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {7DB12146-D087-42B0-8F6C-F759DCCEC646} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {7DB12146-D087-42B0-8F6C-F759DCCEC646} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {08C1882F-C0C5-4248-AFDD-295D9A5A69AC} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {7DB12146-D087-42B0-8F6C-F759DCCEC646} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\71px9esy.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: HP Detect - C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\71px9esy.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
FF Extension: firebug - C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\71px9esy.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: No Name - C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\71px9esy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
==================== Services (Whitelisted) =================
S2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
S3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
S2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [332080 2012-01-26] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [384048 2013-02-26] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-09] (Microsoft Corporation)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
S2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] ()
U2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{14469580-af34-d9b4-b9db-ff816580cb5d}\ \...\???\{14469580-af34-d9b4-b9db-ff816580cb5d}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
==================== Drivers (Whitelisted) ====================
R3 AssmannUDSMBus; C:\Windows\SysWow64\Drivers\AssmannUDSMBus.sys [102688 2012-09-21] (Windows (R) Codename Longhorn DDK provider)
S3 AssmannUDSTcpBus; C:\Windows\SysWow64\Drivers\AssmannUDSTcpBus.sys [181024 2012-09-21] (Windows (R) Codename Longhorn DDK provider)
S3 avmaura; C:\Windows\System32\drivers\avmaura.sys [116480 2013-02-23] (AVM Berlin)
S3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg;
U4 BthHFEnum;
U4 bthhfhid;
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-08-13] ()
R3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-08-13] ()
R3 mbamswissarmy; C:\Windows\system32\drivers\mbamswissarmy.sys [162008 2013-08-13] (Malwarebytes Corporation)
R3 mbamswissarmy; C:\Windows\system32\drivers\mbamswissarmy.sys [162008 2013-08-13] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69168 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-14] (Realtek Semiconductor Corp.)
S3 rtbth; C:\Windows\System32\drivers\rtbth.sys [692832 2012-10-02] (Ralink Technology, Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-25] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-02-08] (Hewlett-Packard Development Company, L.P.)
U3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-13 21:44 - 2013-08-13 21:44 - 00162008 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-08-13 21:44 - 2013-08-13 21:44 - 00036680 _____ C:\Windows\system32\Drivers\mbamchameleon.sys
2013-08-13 21:26 - 2013-08-13 21:26 - 00000050 _____ C:\Program Files (x86)\.directory
2013-08-13 21:00 - 2013-08-13 21:48 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-13 20:59 - 2013-08-13 20:59 - 00000000 ____D C:\Users\Marcus\Desktop\mbar-1.06.1.1005
2013-08-13 20:59 - 2013-08-13 20:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-13 20:58 - 2013-08-13 20:59 - 12081912 _____ (Malwarebytes Corp.) C:\Users\Marcus\Desktop\mbar-1.06.1.1005.exe
2013-08-13 20:52 - 2013-08-13 20:52 - 00029995 _____ C:\ComboFix.txt
2013-08-13 20:39 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-13 20:39 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-13 20:39 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-13 20:39 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-13 20:39 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-13 20:39 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2013-08-13 20:39 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-13 20:39 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-13 20:39 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-13 20:37 - 2013-08-13 20:52 - 00000000 ____D C:\Qoobox
2013-08-13 20:37 - 2013-08-13 20:50 - 00000000 ____D C:\Windows\erdnt
2013-08-13 20:36 - 2013-08-13 20:36 - 05103833 ____R (Swearware) C:\Users\Marcus\Desktop\ComboFix.exe
2013-08-13 20:16 - 2013-08-13 20:16 - 00000063 _____ C:\Users\Marcus\Desktop\Fixlist.txt
2013-08-13 20:12 - 2013-08-13 20:12 - 00000103 _____ C:\Users\Marcus\Desktop\regdel.bat
2013-08-13 20:08 - 2013-08-13 20:08 - 00001034 _____ C:\Users\Marcus\Desktop\test.reg
2013-08-13 19:57 - 2013-08-13 19:57 - 00027790 _____ C:\Users\Marcus\Desktop\Addition.txt
2013-08-13 19:56 - 2013-08-13 19:56 - 00000000 ____D C:\FRST
2013-08-13 19:55 - 2013-08-13 19:55 - 01575274 _____ (Farbar) C:\Users\Marcus\Desktop\FRST64.exe
2013-08-13 19:10 - 2013-08-13 19:12 - 00000274 _____ C:\Users\Marcus\Desktop\RootkitRemover20130813191037.txt
2013-08-13 14:44 - 2013-08-13 14:44 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys
2013-08-13 14:39 - 2013-08-13 14:38 - 00551408 _____ (McAfee, Inc.) C:\Users\Marcus\Desktop\rootkitremover.exe
2013-08-13 13:34 - 2013-08-13 13:34 - 00000000 ____D C:\Quarantine
2013-08-13 13:33 - 2013-08-13 13:34 - 11615264 _____ (McAfee Inc) C:\Users\Marcus\Desktop\stinger32.exe
2013-08-13 13:33 - 2013-08-13 13:33 - 00001151 _____ C:\Users\Marcus\Desktop\Mediencenter.lnk
2013-08-13 12:23 - 2013-08-13 13:05 - 00000000 ____D C:\Users\Marcus\Downloads\appgini_freeware
2013-08-13 12:23 - 2013-08-13 12:23 - 00000991 _____ C:\Users\Marcus\Desktop\AppGini.lnk
2013-08-13 12:23 - 2013-08-13 12:23 - 00000000 ____D C:\Program Files (x86)\AppGini
2013-08-13 12:23 - 2013-08-13 12:22 - 06919420 ____R C:\Users\Marcus\Downloads\appgini_freeware.zip
2013-08-13 12:23 - 2010-01-02 00:00 - 00787456 _____ C:\Windows\SysWOW64\EditCtlsU.ocx
2013-08-13 12:23 - 2007-08-08 13:40 - 00244416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msflxgrd.ocx
2013-08-13 12:23 - 2007-08-08 13:39 - 01066176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mscomctl.ocx
2013-08-13 12:23 - 2007-08-08 13:39 - 00415176 _____ (Microsoft Corporation ) C:\Windows\SysWOW64\Comct332.ocx
2013-08-13 12:23 - 2007-08-08 13:39 - 00209608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tabctl32.ocx
2013-08-13 12:23 - 2007-08-08 13:39 - 00152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Comdlg32.ocx
2013-08-13 12:23 - 2004-02-22 23:00 - 00119808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msstdfmt.dll
2013-08-09 20:50 - 2013-08-09 20:56 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\MySQL
2013-08-09 20:48 - 2013-08-09 20:49 - 30949323 _____ C:\Users\Marcus\Downloads\mysql-workbench-gpl-5.2.47-win32-noinstall.zip
2013-08-09 19:03 - 2013-08-09 19:07 - 00002728 _____ C:\Users\Marcus\SuperPutty.settings
2013-08-09 19:01 - 2013-08-09 19:07 - 00000000 ____D C:\Users\Marcus\Documents\SuperPuTTY
2013-08-09 19:00 - 2013-08-09 19:00 - 00728780 _____ C:\Users\Marcus\Downloads\SuperPutty-1.4.0.4.zip
2013-08-09 19:00 - 2013-08-09 19:00 - 00000000 ____D C:\Users\Marcus\Downloads\SuperPutty-1.4.0.4
2013-08-07 17:47 - 2013-08-07 17:47 - 02090358 _____ C:\Users\Marcus\Desktop\fotosJutta.zip
2013-08-07 17:47 - 2013-08-07 17:47 - 00000000 ____D C:\Users\Marcus\Desktop\fotosJutta
2013-08-06 22:04 - 2013-08-06 22:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-04 21:10 - 2013-08-04 21:10 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-08-04 21:10 - 2013-08-04 21:10 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-04 21:10 - 2013-08-04 21:10 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-04 21:10 - 2013-08-04 21:10 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-04 21:10 - 2013-08-04 21:10 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-04 21:10 - 2013-08-04 21:10 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-04 21:10 - 2013-08-04 21:10 - 00000000 ____D C:\ProgramData\Sun
2013-08-04 21:10 - 2013-08-04 21:10 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-04 21:08 - 2013-08-04 21:08 - 00903080 _____ (Oracle Corporation) C:\Users\Marcus\Downloads\jxpiinstall.exe
2013-08-04 12:21 - 2013-08-04 12:21 - 00000000 ____D C:\Users\Marcus\Documents\tax
2013-08-04 12:08 - 2013-08-04 12:09 - 00000000 ____D C:\Users\Marcus\AppData\Local\Buhl
2013-08-04 12:08 - 2013-08-04 12:08 - 00002214 _____ C:\Users\Public\Desktop\t@x 2013.lnk
2013-08-04 12:08 - 2013-08-04 12:08 - 00000063 _____ C:\Windows\wiso.ini
2013-08-04 12:07 - 2013-08-04 12:07 - 00000000 ____D C:\Program Files (x86)\Buhl finance
2013-08-04 12:06 - 2013-08-04 12:09 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
2013-08-04 11:50 - 2013-08-04 12:05 - 502621696 _____ C:\Users\Marcus\Downloads\TaxSteuersoftware2013.exe
2013-08-04 10:58 - 2013-08-04 10:59 - 36864847 _____ (Indigo Rose Corporation) C:\Users\Marcus\Downloads\schrankplaner_setup.exe
2013-07-22 20:58 - 2013-07-22 21:00 - 00000000 ____D C:\Windows\system32\MRT
2013-07-22 20:48 - 2013-07-22 21:08 - 233871960 _____ (NVIDIA Corporation) C:\Users\Marcus\Downloads\320.49-notebook-win8-win7-64bit-international-whql.exe
2013-07-20 22:27 - 2013-08-13 13:09 - 04993816 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-18 21:03 - 2013-07-18 21:03 - 00156539 _____ C:\Users\Marcus\Downloads\pkg_xmap-2.3.2.zip
2013-07-17 06:35 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-07-17 06:35 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-07-17 06:35 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-07-17 06:35 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-07-17 06:35 - 2013-06-01 13:33 - 02233600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-07-17 06:35 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2013-07-17 06:35 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2013-07-17 06:35 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-07-17 06:35 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2013-07-17 06:35 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2013-07-17 06:35 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-17 06:35 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2013-07-17 06:35 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2013-07-17 06:35 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2013-07-17 06:35 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2013-07-17 06:35 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2013-07-17 06:35 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2013-07-17 06:35 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-07-17 06:35 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-07-17 06:35 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2013-07-17 06:35 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MbaeParserTask.exe
2013-07-17 06:35 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2013-07-17 06:35 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2013-07-17 06:35 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2013-07-17 06:35 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2013-07-17 06:35 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2013-07-17 06:35 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2013-07-17 06:35 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2013-07-17 06:35 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManager.dll
2013-07-17 06:35 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2013-07-17 06:35 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2013-07-17 06:35 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2013-07-17 06:35 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2013-07-17 06:35 - 2013-05-20 02:08 - 00386642 _____ C:\Windows\system32\ApnDatabase.xml
2013-07-17 06:34 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys
2013-07-14 11:17 - 2013-07-14 11:19 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\YCanPDF
2013-07-14 11:17 - 2013-07-14 11:18 - 00000000 ____D C:\output
2013-07-14 11:17 - 2013-07-14 11:17 - 00000000 ____D C:\tmp
2013-07-14 11:15 - 2013-07-14 11:18 - 00000030 _____ C:\Users\Marcus\AppData\Roaming\setup.ini
2013-07-14 11:15 - 2013-07-14 11:17 - 00000003 _____ C:\Users\Marcus\AppData\Roaming\options.ini
2013-07-14 11:15 - 2013-07-14 11:15 - 00000943 _____ C:\Users\Public\Desktop\PDFZilla.lnk
2013-07-14 11:15 - 2013-07-14 11:15 - 00000000 ____D C:\Program Files (x86)\PDFZilla
2013-07-14 11:15 - 2013-06-09 10:34 - 00000043 _____ C:\Users\Marcus\AppData\Roaming\setup_pdfrotator.ini
2013-07-14 11:15 - 2013-06-09 09:38 - 00000053 _____ C:\Users\Marcus\AppData\Roaming\setting.ini
2013-07-14 11:15 - 2013-06-09 09:30 - 00000043 _____ C:\Users\Marcus\AppData\Roaming\setup_pdfcombine.ini
2013-07-14 11:15 - 2013-02-23 12:15 - 00000003 _____ C:\Users\Marcus\AppData\Roaming\options_pdfrotator.ini
2013-07-14 11:15 - 2012-07-07 13:04 - 00000003 _____ C:\Users\Marcus\AppData\Roaming\options_pdfcombine.ini
2013-07-14 11:13 - 2013-07-14 11:13 - 00000000 ____D C:\Users\Marcus\Downloads\PDFZillaV3
2013-07-14 11:12 - 2013-07-14 11:13 - 18016895 _____ C:\Users\Marcus\Downloads\PDFZillaV3.zip
==================== One Month Modified Files and Folders =======
2013-08-13 21:48 - 2013-08-13 21:00 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-13 21:45 - 2013-08-13 21:45 - 00000050 _____ C:\Program Files\.directory
2013-08-13 21:45 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-13 21:44 - 2013-08-13 21:44 - 00162008 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-08-13 21:44 - 2013-08-13 21:44 - 00036680 _____ C:\Windows\system32\Drivers\mbamchameleon.sys
2013-08-13 21:26 - 2013-08-13 21:26 - 00000050 _____ C:\Program Files (x86)\.directory
2013-08-13 20:59 - 2013-08-13 20:59 - 00000000 ____D C:\Users\Marcus\Desktop\mbar-1.06.1.1005
2013-08-13 20:59 - 2013-08-13 20:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-13 20:59 - 2013-08-13 20:58 - 12081912 _____ (Malwarebytes Corp.) C:\Users\Marcus\Desktop\mbar-1.06.1.1005.exe
2013-08-13 20:52 - 2013-08-13 20:52 - 00029995 _____ C:\ComboFix.txt
2013-08-13 20:52 - 2013-08-13 20:37 - 00000000 ____D C:\Qoobox
2013-08-13 20:52 - 2012-07-26 07:37 - 00000000 __RHD C:\Users\Default
2013-08-13 20:50 - 2013-08-13 20:37 - 00000000 ____D C:\Windows\erdnt
2013-08-13 20:49 - 2012-07-26 07:26 - 00000215 _____ C:\Windows\system.ini
2013-08-13 20:36 - 2013-08-13 20:36 - 05103833 ____R (Swearware) C:\Users\Marcus\Desktop\ComboFix.exe
2013-08-13 20:16 - 2013-08-13 20:16 - 00000063 _____ C:\Users\Marcus\Desktop\Fixlist.txt
2013-08-13 20:12 - 2013-08-13 20:12 - 00000103 _____ C:\Users\Marcus\Desktop\regdel.bat
2013-08-13 20:08 - 2013-08-13 20:08 - 00001034 _____ C:\Users\Marcus\Desktop\test.reg
2013-08-13 19:57 - 2013-08-13 19:57 - 00027790 _____ C:\Users\Marcus\Desktop\Addition.txt
2013-08-13 19:57 - 2012-10-25 00:16 - 00828878 _____ C:\Windows\system32\perfh007.dat
2013-08-13 19:57 - 2012-10-25 00:16 - 00188018 _____ C:\Windows\system32\perfc007.dat
2013-08-13 19:57 - 2012-07-26 09:28 - 01949368 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-13 19:56 - 2013-08-13 19:56 - 00000000 ____D C:\FRST
2013-08-13 19:55 - 2013-08-13 19:55 - 01575274 _____ (Farbar) C:\Users\Marcus\Desktop\FRST64.exe
2013-08-13 19:16 - 2013-01-28 20:34 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Dropbox
2013-08-13 19:15 - 2013-03-27 13:49 - 00000000 ____D C:\Windows\pss
2013-08-13 19:12 - 2013-08-13 19:10 - 00000274 _____ C:\Users\Marcus\Desktop\RootkitRemover20130813191037.txt
2013-08-13 19:12 - 2013-01-28 18:04 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-418063148-2677929952-3949280998-1002
2013-08-13 19:09 - 2013-02-02 22:15 - 00000000 ___RD C:\Users\Marcus\Mediencenter
2013-08-13 19:09 - 2013-01-28 20:38 - 00000000 ___RD C:\Users\Marcus\Dropbox
2013-08-13 19:08 - 2013-02-23 11:39 - 00008380 _____ C:\Windows\avmacc.log
2013-08-13 19:07 - 2013-01-28 19:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-13 19:06 - 2012-09-26 09:53 - 00000950 _____ C:\Windows\SysWOW64\bscs.ini
2013-08-13 19:06 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-13 19:04 - 2013-02-19 07:39 - 00000000 ____D C:\Program Files (x86)\stinger
2013-08-13 14:56 - 2013-01-28 17:53 - 01386972 _____ C:\Windows\WindowsUpdate.log
2013-08-13 14:44 - 2013-08-13 14:44 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys
2013-08-13 14:38 - 2013-08-13 14:39 - 00551408 _____ (McAfee, Inc.) C:\Users\Marcus\Desktop\rootkitremover.exe
2013-08-13 14:26 - 2013-01-28 17:53 - 00000000 ____D C:\Users\Marcus
2013-08-13 13:59 - 2013-06-25 21:10 - 00003620 _____ C:\Windows\SysWOW64\LOCALSERVICE.INI
2013-08-13 13:59 - 2013-06-25 21:10 - 00000043 _____ C:\Windows\SysWOW64\LOCALDEVICE.INI
2013-08-13 13:59 - 2013-02-23 11:52 - 00005168 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for NOTEBOOK-MARCUS-Marcus Notebook-Marcus
2013-08-13 13:58 - 2013-02-02 22:02 - 00000000 ___RD C:\Users\Marcus\SkyDrive
2013-08-13 13:36 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-08-13 13:34 - 2013-08-13 13:34 - 00000000 ____D C:\Quarantine
2013-08-13 13:34 - 2013-08-13 13:33 - 11615264 _____ (McAfee Inc) C:\Users\Marcus\Desktop\stinger32.exe
2013-08-13 13:33 - 2013-08-13 13:33 - 00001151 _____ C:\Users\Marcus\Desktop\Mediencenter.lnk
2013-08-13 13:33 - 2013-02-02 22:13 - 00001137 _____ C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mediencenter.lnk
2013-08-13 13:29 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-08-13 13:14 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-08-13 13:09 - 2013-07-20 22:27 - 04993816 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-13 13:09 - 2013-01-31 16:43 - 00000368 _____ C:\Windows\Tasks\HPCeeScheduleForMarcus.job
2013-08-13 13:08 - 2013-01-28 18:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-13 13:08 - 2012-08-04 00:23 - 00475140 _____ C:\Windows\PFRO.log
2013-08-13 13:05 - 2013-08-13 12:23 - 00000000 ____D C:\Users\Marcus\Downloads\appgini_freeware
2013-08-13 12:23 - 2013-08-13 12:23 - 00000991 _____ C:\Users\Marcus\Desktop\AppGini.lnk
2013-08-13 12:23 - 2013-08-13 12:23 - 00000000 ____D C:\Program Files (x86)\AppGini
2013-08-13 12:22 - 2013-08-13 12:23 - 06919420 ____R C:\Users\Marcus\Downloads\appgini_freeware.zip
2013-08-13 11:59 - 2013-01-31 16:43 - 00003184 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMarcus
2013-08-13 11:59 - 2013-01-29 15:45 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-08-13 11:58 - 2012-11-04 02:25 - 00000000 ____D C:\Windows\Hewlett-Packard
2013-08-13 11:58 - 2012-08-04 02:02 - 00000000 ____D C:\SWSetup
2013-08-13 11:55 - 2013-01-29 15:45 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-08-13 11:55 - 2012-10-24 14:53 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-08-13 08:36 - 2013-01-28 22:01 - 00000000 ____D C:\Users\Marcus\AppData\Local\Adobe
2013-08-09 21:17 - 2013-02-02 00:46 - 00000600 _____ C:\Users\Marcus\AppData\Local\PUTTY.RND
2013-08-09 21:17 - 2013-01-28 23:05 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\FileZilla
2013-08-09 20:56 - 2013-08-09 20:50 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\MySQL
2013-08-09 20:49 - 2013-08-09 20:48 - 30949323 _____ C:\Users\Marcus\Downloads\mysql-workbench-gpl-5.2.47-win32-noinstall.zip
2013-08-09 19:07 - 2013-08-09 19:03 - 00002728 _____ C:\Users\Marcus\SuperPutty.settings
2013-08-09 19:07 - 2013-08-09 19:01 - 00000000 ____D C:\Users\Marcus\Documents\SuperPuTTY
2013-08-09 19:00 - 2013-08-09 19:00 - 00728780 _____ C:\Users\Marcus\Downloads\SuperPutty-1.4.0.4.zip
2013-08-09 19:00 - 2013-08-09 19:00 - 00000000 ____D C:\Users\Marcus\Downloads\SuperPutty-1.4.0.4
2013-08-09 16:14 - 2013-01-28 17:53 - 00000000 ____D C:\Users\Marcus\AppData\Local\Packages
2013-08-09 16:14 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-08-08 22:21 - 2013-03-25 14:43 - 00069120 ___SH C:\Users\Marcus\Desktop\Thumbs.db
2013-08-07 21:31 - 2013-01-30 17:43 - 00001090 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-08-07 17:47 - 2013-08-07 17:47 - 02090358 _____ C:\Users\Marcus\Desktop\fotosJutta.zip
2013-08-07 17:47 - 2013-08-07 17:47 - 00000000 ____D C:\Users\Marcus\Desktop\fotosJutta
2013-08-06 22:04 - 2013-08-06 22:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-04 21:10 - 2013-08-04 21:10 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-08-04 21:10 - 2013-08-04 21:10 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-04 21:10 - 2013-08-04 21:10 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-04 21:10 - 2013-08-04 21:10 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-04 21:10 - 2013-08-04 21:10 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-04 21:10 - 2013-08-04 21:10 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-04 21:10 - 2013-08-04 21:10 - 00000000 ____D C:\ProgramData\Sun
2013-08-04 21:10 - 2013-08-04 21:10 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-04 21:08 - 2013-08-04 21:08 - 00903080 _____ (Oracle Corporation) C:\Users\Marcus\Downloads\jxpiinstall.exe
2013-08-04 12:28 - 2013-01-28 20:38 - 00001027 _____ C:\Users\Marcus\Desktop\Dropbox.lnk
2013-08-04 12:28 - 2013-01-28 20:36 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-08-04 12:28 - 2013-01-28 17:56 - 00000000 ___RD C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-04 12:21 - 2013-08-04 12:21 - 00000000 ____D C:\Users\Marcus\Documents\tax
2013-08-04 12:09 - 2013-08-04 12:08 - 00000000 ____D C:\Users\Marcus\AppData\Local\Buhl
2013-08-04 12:09 - 2013-08-04 12:06 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
2013-08-04 12:08 - 2013-08-04 12:08 - 00002214 _____ C:\Users\Public\Desktop\t@x 2013.lnk
2013-08-04 12:08 - 2013-08-04 12:08 - 00000063 _____ C:\Windows\wiso.ini
2013-08-04 12:07 - 2013-08-04 12:07 - 00000000 ____D C:\Program Files (x86)\Buhl finance
2013-08-04 12:07 - 2012-10-24 14:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-04 12:05 - 2013-08-04 11:50 - 502621696 _____ C:\Users\Marcus\Downloads\TaxSteuersoftware2013.exe
2013-08-04 10:59 - 2013-08-04 10:58 - 36864847 _____ (Indigo Rose Corporation) C:\Users\Marcus\Downloads\schrankplaner_setup.exe
2013-07-30 20:06 - 2013-02-03 21:32 - 00001456 _____ C:\Users\Marcus\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2013-07-29 21:35 - 2013-01-28 19:47 - 00000000 ___RD C:\Users\Marcus\Kunden
2013-07-25 21:07 - 2012-10-24 14:41 - 00000000 ____D C:\Program Files (x86)\CyberLink
2013-07-25 20:35 - 2013-03-22 18:51 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Mp3tag
2013-07-25 20:34 - 2013-01-28 19:20 - 00000000 ____D C:\mp3
2013-07-22 21:08 - 2013-07-22 20:48 - 233871960 _____ (NVIDIA Corporation) C:\Users\Marcus\Downloads\320.49-notebook-win8-win7-64bit-international-whql.exe
2013-07-22 21:03 - 2012-11-04 02:31 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-07-22 21:03 - 2012-11-04 02:31 - 00000000 ____D C:\Windows\system32\NV
2013-07-22 21:03 - 2012-11-04 02:17 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-22 21:00 - 2013-07-22 20:58 - 00000000 ____D C:\Windows\system32\MRT
2013-07-20 22:27 - 2013-02-20 20:42 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-07-18 21:03 - 2013-07-18 21:03 - 00156539 _____ C:\Users\Marcus\Downloads\pkg_xmap-2.3.2.zip
2013-07-15 21:05 - 2013-05-03 16:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-15 21:05 - 2013-05-03 16:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-15 21:02 - 2012-07-26 09:52 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-15 21:02 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
2013-07-14 23:21 - 2013-06-04 20:11 - 00000132 _____ C:\Users\Marcus\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-07-14 11:19 - 2013-07-14 11:17 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\YCanPDF
2013-07-14 11:18 - 2013-07-14 11:17 - 00000000 ____D C:\output
2013-07-14 11:18 - 2013-07-14 11:15 - 00000030 _____ C:\Users\Marcus\AppData\Roaming\setup.ini
2013-07-14 11:17 - 2013-07-14 11:17 - 00000000 ____D C:\tmp
2013-07-14 11:17 - 2013-07-14 11:15 - 00000003 _____ C:\Users\Marcus\AppData\Roaming\options.ini
2013-07-14 11:15 - 2013-07-14 11:15 - 00000943 _____ C:\Users\Public\Desktop\PDFZilla.lnk
2013-07-14 11:15 - 2013-07-14 11:15 - 00000000 ____D C:\Program Files (x86)\PDFZilla
2013-07-14 11:13 - 2013-07-14 11:13 - 00000000 ____D C:\Users\Marcus\Downloads\PDFZillaV3
2013-07-14 11:13 - 2013-07-14 11:12 - 18016895 _____ C:\Users\Marcus\Downloads\PDFZillaV3.zip
2013-07-14 11:05 - 2013-01-28 18:31 - 00000000 ____D C:\Program Files\Microsoft Office 15
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
safeboot: ==> The system is configured to boot to Safe Mode <===== ATTENTION!
LastRegBack: 2013-07-21 11:05
==================== End Of Log ============================ --- --- ---
Addition Code:
==================== Event log errors: =========================
Application errors:
==================
Error: (08/13/2013 09:51:11 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
.
Vorgang:
VSS-Server wird instanziiert
Error: (08/13/2013 09:51:11 PM) (Source: VSS) (User: )
Description: Fehler bei Volumenschattenkopie-Dienst: Der COM-Server mit CLSID "{e579ab5f-1cc4-44b4-bed9-de0991ff0623}" und dem Namen "IVssCoordinatorEx2" kann nicht bei der Ausführung im abgesicherten Modus gestartet werden.
Der Volumenschattenkopie-Dienst kann nicht gestartet werden, während der abgesicherte Modus ausgeführt wird. [0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
]
Vorgang:
VSS-Server wird instanziiert
Error: (08/13/2013 08:39:57 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\wbem\wmiprvse.exe; Beschreibung = ComboFix created restore point; Fehler = 0x80042302).
Error: (08/13/2013 08:39:57 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
.
Vorgang:
VSS-Server wird instanziiert
Error: (08/13/2013 08:39:57 PM) (Source: VSS) (User: )
Description: Fehler bei Volumenschattenkopie-Dienst: Der COM-Server mit CLSID "{e579ab5f-1cc4-44b4-bed9-de0991ff0623}" und dem Namen "IVssCoordinatorEx2" kann nicht bei der Ausführung im abgesicherten Modus gestartet werden.
Der Volumenschattenkopie-Dienst kann nicht gestartet werden, während der abgesicherte Modus ausgeführt wird. [0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
]
Vorgang:
VSS-Server wird instanziiert
Error: (08/13/2013 08:39:57 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
.
Vorgang:
VSS-Server wird instanziiert
Error: (08/13/2013 08:39:57 PM) (Source: VSS) (User: )
Description: Fehler bei Volumenschattenkopie-Dienst: Der COM-Server mit CLSID "{e579ab5f-1cc4-44b4-bed9-de0991ff0623}" und dem Namen "IVssCoordinatorEx2" kann nicht bei der Ausführung im abgesicherten Modus gestartet werden.
Der Volumenschattenkopie-Dienst kann nicht gestartet werden, während der abgesicherte Modus ausgeführt wird. [0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
]
Vorgang:
VSS-Server wird instanziiert
Error: (08/13/2013 02:32:53 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: mcshield.exe, Version: 15.1.0.520, Zeitstempel: 0x50f59f8d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x8d8
Startzeit der fehlerhaften Anwendung: 0xmcshield.exe0
Pfad der fehlerhaften Anwendung: mcshield.exe1
Pfad des fehlerhaften Moduls: mcshield.exe2
Berichtskennung: mcshield.exe3
Vollständiger Name des fehlerhaften Pakets: mcshield.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mcshield.exe5
Error: (08/13/2013 02:32:51 PM) (Source: McLogEvent) (User: NT-AUTORITÄT)
Description: Exception in McShield.Exe!
Exception details follow :
VSCORE.15.1.0.520
Exception Code : 0X00000000C0000005
Exception Address : 0000000000000000
Exception Parameters : 2
Param 1 = 0X0000000000000008
Param 2 = 0000000000000000
More information :
Error: (08/13/2013 01:50:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: NOTEBOOK-MARCUS)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
System errors:
=============
Error: (08/13/2013 09:51:26 PM) (Source: DCOM) (User: NOTEBOOK-MARCUS)
Description: 1084WSearchNicht verfügbar{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (08/13/2013 09:51:26 PM) (Source: DCOM) (User: NOTEBOOK-MARCUS)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (08/13/2013 09:51:11 PM) (Source: DCOM) (User: NOTEBOOK-MARCUS)
Description: 1084VSSNicht verfügbar{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Error: (08/13/2013 09:51:11 PM) (Source: DCOM) (User: NOTEBOOK-MARCUS)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (08/13/2013 09:50:42 PM) (Source: DCOM) (User: NOTEBOOK-MARCUS)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (08/13/2013 09:50:28 PM) (Source: DCOM) (User: NOTEBOOK-MARCUS)
Description: 1084BlueSoleilCS-Service{DC22CE61-F0A5-415C-986E-4DF78C2D1029}
Error: (08/13/2013 09:50:28 PM) (Source: DCOM) (User: NOTEBOOK-MARCUS)
Description: 1084BsHelpCS-Service{1CE3EB56-16B9-40A0-8110-284EF53ACF04}
Error: (08/13/2013 09:50:28 PM) (Source: DCOM) (User: NOTEBOOK-MARCUS)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (08/13/2013 09:48:46 PM) (Source: DCOM) (User: NOTEBOOK-MARCUS)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (08/13/2013 09:44:07 PM) (Source: DCOM) (User: NOTEBOOK-MARCUS)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Microsoft Office Sessions:
=========================
Error: (08/13/2013 09:51:11 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
Vorgang:
VSS-Server wird instanziiert
Error: (08/13/2013 09:51:11 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
Vorgang:
VSS-Server wird instanziiert
Error: (08/13/2013 08:39:57 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x80042302
Error: (08/13/2013 08:39:57 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
Vorgang:
VSS-Server wird instanziiert
Error: (08/13/2013 08:39:57 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
Vorgang:
VSS-Server wird instanziiert
Error: (08/13/2013 08:39:57 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
Vorgang:
VSS-Server wird instanziiert
Error: (08/13/2013 08:39:57 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
Vorgang:
VSS-Server wird instanziiert
Error: (08/13/2013 02:32:53 PM) (Source: Application Error)(User: )
Description: mcshield.exe15.1.0.52050f59f8dunknown0.0.0.000000000c000000500000000000000008d801ce98206a58109aC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeunknown7928ebef-0414-11e3-be99-689423b7754a
Error: (08/13/2013 02:32:51 PM) (Source: McLogEvent)(User: NT-AUTORITÄT)
Description: VSCORE.15.1.0.520
Exception Code : 0X00000000C0000005
Exception Address : 0000000000000000
Exception Parameters : 2
Param 1 = 0X0000000000000008
Param 2 = 0000000000000000
More information :
Error: (08/13/2013 01:50:53 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: NOTEBOOK-MARCUS)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141
CodeIntegrity Errors:
===================================
Date: 2013-08-13 20:49:24.539
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 17%
Total physical RAM: 8081.27 MB
Available physical RAM: 6628.19 MB
Total Pagefile: 9297.27 MB
Available Pagefile: 7953.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:576.9 GB) (Free:453.75 GB) NTFS (Disk=0 Partition=4) ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:18.49 GB) (Free:1.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596 GB) (Disk ID: A50E1C7D)
Partition: GPT Partition Type
==================== End Of Log ============================
|