FRST
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Christian (administrator) on CHRISTIAN-PC on 04-08-2014 15:55:17
Running from C:\Users\Christian\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11465320 2010-12-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-12-20] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2010-12-20] (Synaptics Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-12-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ROCCAT Savu Gaming Mouse] => C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe [872048 2012-09-10] (ROCCAT GmbH)
HKLM-x32\...\Run: [BrStsWnd] => C:\Program Files (x86)\Brownie\BrstsW64.exe [3695984 2011-03-25] (brother)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-20] (Microsoft Corporation)
HKU\S-1-5-21-2998117307-905345789-2759643071-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3481408 2012-02-13] (DT Soft Ltd)
HKU\S-1-5-21-2998117307-905345789-2759643071-1000\...\Run: [Microsoft Adobe Driver Update] => C:\Users\CHRIST~1\AppD
HKU\S-1-5-21-2998117307-905345789-2759643071-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21648480 2014-07-02] (Skype Technologies S.A.)
HKU\S-1-5-21-2998117307-905345789-2759643071-1000\...\MountPoints2: {3562a656-6860-11e1-a63b-00262dc4503e} - F:\setup_ftl_1.0.0.6.exe
HKU\S-1-5-21-2998117307-905345789-2759643071-1000\...\MountPoints2: {8e5f4fa6-41f7-11e1-bc9c-806e6f6e6963} - E:\InstallNavi.exe
HKU\S-1-5-21-2998117307-905345789-2759643071-1000\...\MountPoints2: {a58e8600-e1a1-11e3-b7a0-00262dc4503e} - G:\Startme.exe
HKU\S-1-5-21-2998117307-905345789-2759643071-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-2998117307-905345789-2759643071-1000\$46fe286b4516f027b2c781ac33660b1b\n. ATTENTION! ====> ZeroAccess?
Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEB0C2A79BC57CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Hosts: 46.163.108.190 ssc-offdilln.de
Tcpip\Parameters: [DhcpNameServer] 192.168.0.9
FireFox:
========
FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\6b8sj8g0.default
FF NetworkProxy: "ftp", "proxyus1.stealthy.co"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "proxyus1.stealthy.co"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "proxyus1.stealthy.co"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "proxyus1.stealthy.co"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Extension: YouTube Unblocker - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\6b8sj8g0.default\Extensions\youtubeunblocker@unblocker.yt [2014-06-21]
FF Extension: Stealthy - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\6b8sj8g0.default\Extensions\stealthyextension@gmail.com.xpi [2012-07-10]
FF Extension: Video HTML5 Player Free - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\6b8sj8g0.default\Extensions\{60d5d1b1-a4e6-4d21-a4bd-c316fe418af6}.xpi [2013-11-14]
FF Extension: Adblock Plus - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\6b8sj8g0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-17]
FF Extension: Greasemonkey - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\6b8sj8g0.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-09-07]
FF Extension: {ea619470-9fc9-4afa-9ca1-7181142f277b} - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\6b8sj8g0.default\Extensions\{ea619470-9fc9-4afa-9ca1-7181142f277b}.xpi [2013-11-07]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2014-06-19]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2014-06-19]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-10-29]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-10-29]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-10-29]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-10-29]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-10-29]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-06-17]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-07-02] (Perfect World Entertainment Inc)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2012-03-15] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-03-11] (DT Soft Ltd)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-06] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-08-03] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-08-03] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-08-03] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-18] (Kaspersky Lab ZAO)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S2 PLCNDIS5; \SystemRoot\system32\plcndis5.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-04 15:55 - 2014-08-04 15:56 - 00021580 _____ () C:\Users\Christian\Desktop\FRST.txt
2014-08-04 15:55 - 2014-08-04 15:55 - 00000000 ____D () C:\FRST
2014-08-04 15:54 - 2014-08-04 15:54 - 02094080 _____ (Farbar) C:\Users\Christian\Desktop\FRST64.exe
2014-08-03 23:46 - 2014-08-03 23:46 - 00000000 ____D () C:\AdwCleaner
2014-08-03 23:45 - 2014-08-03 23:45 - 01361309 _____ () C:\Users\Christian\Desktop\adwcleaner_3.302.exe
2014-08-03 23:23 - 2014-08-03 23:23 - 00000198 _____ () C:\Users\Christian\Desktop\male.txt
2014-08-01 15:30 - 2014-08-01 15:31 - 00300272 _____ () C:\Windows\Minidump\080114-23946-01.dmp
2014-08-01 11:04 - 2014-08-01 11:04 - 00244408 _____ () C:\Users\Christian\Desktop\Firefox Setup Stub 31.0.exe
2014-08-01 06:39 - 2014-08-03 22:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 06:39 - 2014-08-01 08:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-01 06:39 - 2014-08-01 06:39 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-01 06:39 - 2014-08-01 06:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-01 06:39 - 2014-08-01 06:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 06:39 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-01 06:39 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-01 06:39 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-31 12:13 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 12:13 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 12:13 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 12:13 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 12:12 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 12:12 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-31 12:12 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 12:12 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-31 12:12 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 12:12 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-31 12:12 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 12:12 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-31 12:12 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-31 12:12 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-31 00:02 - 2014-07-31 00:02 - 00000000 _____ () C:\Windows\EEventManager.INI
2014-07-30 14:52 - 2014-07-30 14:52 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\MPC
2014-07-30 14:51 - 2014-07-30 14:51 - 00000000 ____D () C:\Users\Christian\.kodakch
2014-07-30 11:28 - 2014-07-30 21:30 - 00000000 ____D () C:\Program Files (x86)\KODAK Create@Home Software (für dm)
2014-07-30 11:26 - 2014-07-30 11:26 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Eastman Kodak Company
2014-07-30 11:00 - 2014-07-30 11:11 - 102239928 _____ (Eastman Kodak Company) C:\Users\Christian\Downloads\KodakCreateHome(1).exe
2014-07-29 19:30 - 2014-07-29 19:31 - 27581922 _____ (Eastman Kodak Company) C:\Users\Christian\Downloads\KodakCreateHome.exe
2014-07-29 10:03 - 2014-07-29 10:04 - 00024625 _____ () C:\Users\Christian\Downloads\WtW.gp5
2014-07-26 13:01 - 2014-07-26 13:41 - 00000000 ____D () C:\Users\Christian\Desktop\opa
2014-07-26 12:56 - 2014-07-26 13:24 - 00000367 _____ () C:\Users\Christian\Sti_Trace.log
2014-07-26 12:56 - 2014-07-26 13:05 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Epson
2014-07-26 12:43 - 2014-07-26 12:43 - 00002449 _____ () C:\Users\Public\Desktop\Epson Benutzerhandbuch EPSON Perfection V600 Photo.lnk
2014-07-26 12:42 - 2014-07-26 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2014-07-26 12:42 - 2014-07-26 12:43 - 00000000 ____D () C:\Program Files (x86)\Epson Software
2014-07-26 12:40 - 2014-07-26 12:42 - 00000000 ____D () C:\Program Files (x86)\epson
2014-07-26 12:40 - 2014-07-26 12:40 - 00000930 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-07-26 12:40 - 2014-07-26 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-07-26 12:40 - 2012-07-25 00:00 - 00345600 _____ (SEIKO EPSON CORP.) C:\Windows\system32\esxuina1.dll
2014-07-26 12:40 - 2012-07-25 00:00 - 00093696 _____ (Seiko Epson Corporation.) C:\Windows\system32\esxw2_a1.dll
2014-07-26 12:40 - 2012-07-10 01:00 - 00065793 _____ () C:\Windows\system32\esfwa1.bin
2014-07-26 12:40 - 2012-07-10 00:00 - 00319488 _____ (SEIKO EPSON CORP.) C:\Windows\SysWOW64\esinta1.dll
2014-07-26 12:40 - 2011-12-12 00:00 - 00135824 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc64.exe
2014-07-24 10:42 - 2014-08-01 16:36 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-24 10:42 - 2014-08-01 16:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-24 10:42 - 2014-07-24 10:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-24 10:42 - 2014-07-24 10:42 - 00000000 ____D () C:\Users\Christian\AppData\Local\Skype
2014-07-24 10:41 - 2014-08-01 16:36 - 00000000 ____D () C:\ProgramData\Skype
2014-07-24 10:40 - 2014-07-24 10:40 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Christian\Downloads\SkypeSetup.exe
2014-07-15 15:37 - 2014-07-15 15:37 - 00098688 _____ () C:\Users\Christian\Downloads\Guns N Roses - Sweet Child O Mine (Pro).gp4
2014-07-15 15:01 - 2014-07-15 15:01 - 00039749 _____ () C:\Users\Christian\Downloads\Rise Against - I Dont Want To Be Here Anymore (Pro).gpx
2014-07-13 12:00 - 2014-07-13 12:00 - 00048625 _____ () C:\Users\Christian\Downloads\Rise Against - The Strength To Go On (Pro).gp5
2014-07-11 09:46 - 2014-07-11 09:46 - 00488685 _____ () C:\Users\Christian\Downloads\Marketingeffizienz-14Juli2010.ashx
2014-07-10 18:45 - 2014-07-10 18:45 - 00027085 _____ () C:\Users\Christian\Downloads\Billy Talent - Sympathy (Pro).gp5
2014-07-10 13:01 - 2014-07-10 13:02 - 00051142 _____ () C:\Users\Christian\Downloads\empathy -rev2.gp5
2014-07-10 11:34 - 2014-07-10 11:34 - 00098168 _____ () C:\Users\Christian\Downloads\Billy Talent - This Suffering (Pro).gp5
2014-07-10 11:33 - 2014-07-10 11:33 - 00041529 _____ () C:\Users\Christian\Downloads\05.07.2014(1).gp5
2014-07-10 11:33 - 2014-07-10 11:33 - 00002523 _____ () C:\Users\Christian\Downloads\fake guitar anschlag.gp5
2014-07-07 21:22 - 2014-07-07 21:25 - 00000000 ___HD () C:\ArcTemp
2014-07-07 21:20 - 2014-07-07 21:22 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Arc
2014-07-07 21:20 - 2014-07-07 21:20 - 00001842 _____ () C:\Users\Public\Desktop\Arc.lnk
2014-07-07 21:20 - 2014-07-07 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2014-07-07 21:18 - 2014-07-07 21:25 - 00000000 ____D () C:\Program Files (x86)\Perfect World Entertainment
2014-07-07 21:18 - 2014-07-07 21:18 - 09686176 _____ (Perfect World Entertainment) C:\Users\Christian\Downloads\ArcInstall_v20140625a.exe
2014-07-06 18:47 - 2014-07-06 18:48 - 00041529 _____ () C:\Users\Christian\Downloads\05.07.2014.gp5
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-04 15:56 - 2014-08-04 15:55 - 00021580 _____ () C:\Users\Christian\Desktop\FRST.txt
2014-08-04 15:55 - 2014-08-04 15:55 - 00000000 ____D () C:\FRST
2014-08-04 15:55 - 2012-01-18 21:06 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Skype
2014-08-04 15:54 - 2014-08-04 15:54 - 02094080 _____ (Farbar) C:\Users\Christian\Desktop\FRST64.exe
2014-08-04 15:52 - 2012-01-20 09:53 - 00000000 ____D () C:\Users\Christian\Desktop\Uni Siegen
2014-08-04 15:23 - 2014-06-17 21:46 - 00000000 ____D () C:\Users\Christian\Documents\Citavi 4
2014-08-04 15:22 - 2012-01-18 19:16 - 01709451 _____ () C:\Windows\WindowsUpdate.log
2014-08-04 15:19 - 2013-03-31 16:36 - 00000000 ____D () C:\Users\Christian\Desktop\Steam
2014-08-04 14:22 - 2012-01-18 21:13 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-04 07:23 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-04 07:23 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-04 07:09 - 2010-05-12 10:18 - 26474590 _____ () C:\Windows\system32\perfh007.dat
2014-08-04 07:09 - 2010-05-12 10:18 - 08556840 _____ () C:\Windows\system32\perfc007.dat
2014-08-04 07:09 - 2009-07-14 07:13 - 00006252 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-03 23:46 - 2014-08-03 23:46 - 00000000 ____D () C:\AdwCleaner
2014-08-03 23:45 - 2014-08-03 23:45 - 01361309 _____ () C:\Users\Christian\Desktop\adwcleaner_3.302.exe
2014-08-03 23:23 - 2014-08-03 23:23 - 00000198 _____ () C:\Users\Christian\Desktop\male.txt
2014-08-03 23:22 - 2014-06-19 13:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-03 22:56 - 2014-08-01 06:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-03 20:35 - 2012-01-23 11:34 - 00000000 ___RD () C:\Users\Christian\Dropbox
2014-08-03 20:34 - 2012-01-23 11:27 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Dropbox
2014-08-03 20:32 - 2013-02-25 13:54 - 00000105 _____ () C:\Windows\Brownie.ini
2014-08-03 20:30 - 2012-01-18 19:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-03 20:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-03 20:30 - 2009-07-14 06:51 - 00121277 _____ () C:\Windows\setupact.log
2014-08-03 19:30 - 2014-03-16 20:11 - 00000000 ____D () C:\Users\Christian\AppData\Local\Battle.net
2014-08-03 12:52 - 2012-06-18 20:15 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\TS3Client
2014-08-03 12:13 - 2013-10-17 16:47 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-08-03 12:13 - 2013-10-17 16:47 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2014-08-03 12:12 - 2013-06-08 21:18 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-08-01 16:36 - 2014-07-24 10:42 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-01 16:36 - 2014-07-24 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-01 16:36 - 2014-07-24 10:41 - 00000000 ____D () C:\ProgramData\Skype
2014-08-01 15:31 - 2014-08-01 15:30 - 00300272 _____ () C:\Windows\Minidump\080114-23946-01.dmp
2014-08-01 15:30 - 2012-02-14 15:15 - 448935437 _____ () C:\Windows\MEMORY.DMP
2014-08-01 15:30 - 2012-02-14 15:15 - 00000000 ____D () C:\Windows\Minidump
2014-08-01 15:30 - 2012-01-18 19:43 - 00278344 _____ () C:\Windows\PFRO.log
2014-08-01 11:04 - 2014-08-01 11:04 - 00244408 _____ () C:\Users\Christian\Desktop\Firefox Setup Stub 31.0.exe
2014-08-01 08:39 - 2014-08-01 06:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-01 07:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-01 06:39 - 2014-08-01 06:39 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-01 06:39 - 2014-08-01 06:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-01 06:39 - 2014-08-01 06:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 06:12 - 2014-03-16 20:39 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-07-31 00:02 - 2014-07-31 00:02 - 00000000 _____ () C:\Windows\EEventManager.INI
2014-07-30 21:30 - 2014-07-30 11:28 - 00000000 ____D () C:\Program Files (x86)\KODAK Create@Home Software (für dm)
2014-07-30 14:52 - 2014-07-30 14:52 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\MPC
2014-07-30 14:51 - 2014-07-30 14:51 - 00000000 ____D () C:\Users\Christian\.kodakch
2014-07-30 14:51 - 2012-01-18 19:24 - 00000000 ____D () C:\Users\Christian
2014-07-30 11:26 - 2014-07-30 11:26 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Eastman Kodak Company
2014-07-30 11:11 - 2014-07-30 11:00 - 102239928 _____ (Eastman Kodak Company) C:\Users\Christian\Downloads\KodakCreateHome(1).exe
2014-07-29 19:31 - 2014-07-29 19:30 - 27581922 _____ (Eastman Kodak Company) C:\Users\Christian\Downloads\KodakCreateHome.exe
2014-07-29 10:04 - 2014-07-29 10:03 - 00024625 _____ () C:\Users\Christian\Downloads\WtW.gp5
2014-07-26 13:41 - 2014-07-26 13:01 - 00000000 ____D () C:\Users\Christian\Desktop\opa
2014-07-26 13:35 - 2012-12-14 00:12 - 00000000 ____D () C:\Users\Christian\Documents\Eigene PSP-Dateien
2014-07-26 13:24 - 2014-07-26 12:56 - 00000367 _____ () C:\Users\Christian\Sti_Trace.log
2014-07-26 13:05 - 2014-07-26 12:56 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Epson
2014-07-26 12:53 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-07-26 12:43 - 2014-07-26 12:43 - 00002449 _____ () C:\Users\Public\Desktop\Epson Benutzerhandbuch EPSON Perfection V600 Photo.lnk
2014-07-26 12:43 - 2014-07-26 12:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2014-07-26 12:43 - 2014-07-26 12:42 - 00000000 ____D () C:\Program Files (x86)\Epson Software
2014-07-26 12:42 - 2014-07-26 12:40 - 00000000 ____D () C:\Program Files (x86)\epson
2014-07-26 12:42 - 2012-01-18 19:30 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-26 12:40 - 2014-07-26 12:40 - 00000930 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-07-26 12:40 - 2014-07-26 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-07-26 08:32 - 2012-01-23 11:34 - 00001033 _____ () C:\Users\Christian\Desktop\Dropbox.lnk
2014-07-26 08:32 - 2012-01-23 11:28 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-25 12:03 - 2014-03-16 20:11 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-24 22:16 - 2013-01-27 15:36 - 00103736 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-24 10:42 - 2014-07-24 10:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-24 10:42 - 2014-07-24 10:42 - 00000000 ____D () C:\Users\Christian\AppData\Local\Skype
2014-07-24 10:40 - 2014-07-24 10:40 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Christian\Downloads\SkypeSetup.exe
2014-07-15 15:37 - 2014-07-15 15:37 - 00098688 _____ () C:\Users\Christian\Downloads\Guns N Roses - Sweet Child O Mine (Pro).gp4
2014-07-15 15:01 - 2014-07-15 15:01 - 00039749 _____ () C:\Users\Christian\Downloads\Rise Against - I Dont Want To Be Here Anymore (Pro).gpx
2014-07-15 14:21 - 2013-12-14 21:08 - 00000000 ____D () C:\Users\Christian\Desktop\Breaking Bad
2014-07-13 12:00 - 2014-07-13 12:00 - 00048625 _____ () C:\Users\Christian\Downloads\Rise Against - The Strength To Go On (Pro).gp5
2014-07-11 09:46 - 2014-07-11 09:46 - 00488685 _____ () C:\Users\Christian\Downloads\Marketingeffizienz-14Juli2010.ashx
2014-07-10 18:45 - 2014-07-10 18:45 - 00027085 _____ () C:\Users\Christian\Downloads\Billy Talent - Sympathy (Pro).gp5
2014-07-10 13:02 - 2014-07-10 13:01 - 00051142 _____ () C:\Users\Christian\Downloads\empathy -rev2.gp5
2014-07-10 11:34 - 2014-07-10 11:34 - 00098168 _____ () C:\Users\Christian\Downloads\Billy Talent - This Suffering (Pro).gp5
2014-07-10 11:33 - 2014-07-10 11:33 - 00041529 _____ () C:\Users\Christian\Downloads\05.07.2014(1).gp5
2014-07-10 11:33 - 2014-07-10 11:33 - 00002523 _____ () C:\Users\Christian\Downloads\fake guitar anschlag.gp5
2014-07-08 13:08 - 2013-08-12 23:27 - 00000000 ____D () C:\Users\Christian\Desktop\T
2014-07-07 21:27 - 2012-03-04 14:11 - 00111109 _____ () C:\Windows\DirectX.log
2014-07-07 21:25 - 2014-07-07 21:22 - 00000000 ___HD () C:\ArcTemp
2014-07-07 21:25 - 2014-07-07 21:18 - 00000000 ____D () C:\Program Files (x86)\Perfect World Entertainment
2014-07-07 21:22 - 2014-07-07 21:20 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Arc
2014-07-07 21:20 - 2014-07-07 21:20 - 00001842 _____ () C:\Users\Public\Desktop\Arc.lnk
2014-07-07 21:20 - 2014-07-07 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2014-07-07 21:18 - 2014-07-07 21:18 - 09686176 _____ (Perfect World Entertainment) C:\Users\Christian\Downloads\ArcInstall_v20140625a.exe
2014-07-06 18:48 - 2014-07-06 18:47 - 00041529 _____ () C:\Users\Christian\Downloads\05.07.2014.gp5
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2998117307-905345789-2759643071-1000\$46fe286b4516f027b2c781ac33660b1b
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$46fe286b4516f027b2c781ac33660b1b
Some content of TEMP:
====================
C:\Users\Christian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsqsfxv.dll
C:\Users\Christian\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Christian\AppData\Local\Temp\iview435_setup.exe
C:\Users\Christian\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Christian\AppData\Local\Temp\ose00000.exe
C:\Users\Christian\AppData\Local\Temp\Quarantine.exe
C:\Users\Christian\AppData\Local\Temp\setup.exe
C:\Users\Christian\AppData\Local\Temp\Tsu5E47DFF8.dll
C:\Users\Christian\AppData\Local\Temp\WYSIWYG_Web_Builder_8_-_Deutsches_Sprachpaket.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-31 07:45
==================== End Of Log ============================ --- --- ---
Addition Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by Christian at 2014-08-04 15:56:34
Running from C:\Users\Christian\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Reader X (10.1.2) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)
AION Free-To-Play (HKLM-x32\...\AION Free-To-Play) (Version: v0.1 - Gameforge 4D)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Brother HL-3040CN (HKLM-x32\...\{A85B6E2A-BA0D-45AA-9827-C4132EBAF595}) (Version: 1.00 - Brother)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.3.0.15 - Swiss Academic Software)
Counter-Strike 1.6 (HKLM-x32\...\{13B792AA-C078-43A4-8A3A-8B12D629940D}) (Version: 1.00.0000 - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.3.0297 - DT Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{A3AD381D-848C-4478-80DC-228E37309308}) (Version: - Microsoft)
devolo MicroLink dLAN Konfigurations-Assistent (HKLM-x32\...\dlanconf) (Version: 1.6.0.0 - devolo AG)
devolo MicroLink EasyClean (HKLM-x32\...\easyclean) (Version: 1.1.0.0 - devolo AG)
devolo MicroLink EasyShare (HKLM-x32\...\easyshare) (Version: 1.2.0.0 - devolo AG)
devolo MicroLink Informer (HKLM-x32\...\dslmon) (Version: 1.12.0.0 - devolo AG)
Die Siedler III Gold Edition (HKLM-x32\...\S3) (Version: - )
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
Epson Benutzerhandbuch EPSON Perfection V600 Photo (HKLM-x32\...\EPSON Perfection V600 Photo Useg) (Version: - )
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Faster Than Light (HKLM-x32\...\Faster Than Light_is1) (Version: - GOG.com)
FileZilla Client 3.6.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
FireArc Arcade (HKLM-x32\...\{00BF5357-F404-4FE9-981D-119E4F5CF9FC}) (Version: 0.6.1 - FireArc.com)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Guitar Pro 6.0 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music)
Hamachi 1.0.1.5 (HKLM-x32\...\Hamachi) (Version: - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of Might and Magic V (HKLM-x32\...\{20071984-5EB1-4881-8EDB-082532ACEC6D}) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Jasc Paint Shop Pro Studio (HKLM-x32\...\{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}) (Version: 1.00.0000 - Jasc Software Inc)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NC Launcher (GameForge) (HKLM-x32\...\NCLauncher_GameForge) (Version: - NCsoft)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5995 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.5995 - NVIDIA Corporation)
NVIDIA Updatus (x32 Version: 1.0.3 - NVIDIA Corporation) Hidden
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Pinnacle VideoSpin (HKLM-x32\...\{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}) (Version: 2.0.0.669 - Pinnacle Systems)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6192 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0148 - REALTEK Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
Rome - Total War(TM) (HKLM-x32\...\InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}) (Version: 1.0 - Ihr Firmenname)
Rome - Total War(TM) (x32 Version: 1.0 - Ihr Firmenname) Hidden
Savu Mouse (HKLM-x32\...\{6F4B8EA6-4546-4160-A05F-0706F7DC1EFF}) (Version: 1.1.9 - ROCCAT GmbH)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7AC49FC8-F8D2-4DD8-9086-09E52385A21F}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{32E700B9-1A94-48B4-99E1-CB8BD5F7340A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{14B7142F-D7E2-4FB0-9E3B-7CAA8D7FFC56}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{007CC0F3-15DE-426D-95B5-B019FCEF58CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{D1688F5A-9A61-42F0-B8D0-2C9DF315A141}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{0C175ED0-26B9-4B09-AFA9-3F16A03A29B9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1CBE095-403D-466D-BB13-B185A5F33231}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{651EE0E5-C789-48D8-8B91-F79352B783C9}) (Version: - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{81CA2EFA-7250-4B1E-B3A6-E0595224E2CD}) (Version: - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{6B6DDDCE-B456-4FE1-9A07-DBC1708E4158}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version: - Microsoft)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.10 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
WYSIWYG Web Builder 8 (HKLM-x32\...\WYSIWYG_Web_Builder_8) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2998117307-905345789-2759643071-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2998117307-905345789-2759643071-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2998117307-905345789-2759643071-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2998117307-905345789-2759643071-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2998117307-905345789-2759643071-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2998117307-905345789-2759643071-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2998117307-905345789-2759643071-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2998117307-905345789-2759643071-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2998117307-905345789-2759643071-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2998117307-905345789-2759643071-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin ()
==================== Restore Points =========================
26-07-2014 10:41:19 Installed Epson Event Manager
30-07-2014 09:27:33 Installed KODAK Create@Home Software (für dm)
30-07-2014 19:27:46 Removed KODAK Create@Home Software (für dm)
31-07-2014 10:11:41 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-01-24 12:49 - 00000857 ____A C:\Windows\system32\Drivers\etc\hosts
46.163.108.190 ssc-offdilln.de
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
==================== Loaded Modules (whitelisted) =============
2012-03-15 17:35 - 2012-03-15 17:35 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-01-22 16:48 - 2012-01-09 20:44 - 00193536 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2013-10-10 23:48 - 2013-10-10 23:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-08-03 20:33 - 2014-08-03 20:33 - 00043008 _____ () c:\Users\Christian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsqsfxv.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Christian\AppData\Roaming\Dropbox\bin\libcef.dll
2013-01-08 11:39 - 2014-04-24 11:38 - 00835584 _____ () C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll
2013-01-08 11:39 - 2014-04-24 11:38 - 00093696 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll
2013-01-08 11:39 - 2014-04-24 11:38 - 00094208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll
2013-01-08 11:39 - 2014-04-24 11:38 - 00057344 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll
2013-01-08 11:39 - 2014-04-24 11:38 - 00096256 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll
2013-01-08 11:39 - 2014-04-24 11:38 - 00062976 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll
2013-01-08 11:39 - 2014-04-24 11:38 - 00067072 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll
2013-01-08 11:39 - 2014-04-24 11:38 - 00158208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
2013-01-08 11:39 - 2014-04-24 11:38 - 00312832 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll
2013-01-08 11:39 - 2014-04-24 11:38 - 00038912 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll
2013-01-08 11:39 - 2014-04-24 11:38 - 00073728 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll
2013-01-08 11:39 - 2014-04-24 11:38 - 00101888 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll
2013-05-25 12:34 - 2013-05-25 12:34 - 16033160 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Christian\Desktop\Breaking Bad:AFP_AfpInfo
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: Hamachi Network Interface
Description: Hamachi Network Interface
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/04/2014 07:09:11 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (08/04/2014 07:09:11 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (08/04/2014 07:09:11 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (08/03/2014 06:12:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (08/03/2014 06:12:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (08/03/2014 06:12:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (08/03/2014 10:36:35 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (08/03/2014 10:36:35 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (08/03/2014 10:36:34 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (08/03/2014 08:24:04 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
System errors:
=============
Error: (08/03/2014 08:30:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "PLCNDIS5 NDIS Protocol Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (08/03/2014 00:15:13 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (08/01/2014 07:07:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (08/01/2014 07:07:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (08/01/2014 03:44:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "PLCNDIS5 NDIS Protocol Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (08/01/2014 03:44:35 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 01.08.2014 um 15:42:44 unerwartet heruntergefahren.
Error: (08/01/2014 03:31:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "PLCNDIS5 NDIS Protocol Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (08/01/2014 03:31:00 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000c5 (0x0000000000000008, 0x0000000000000002, 0x0000000000000000, 0xfffff800031c5b05)C:\Windows\MEMORY.DMP080114-23946-01
Error: (08/01/2014 03:30:55 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 01.08.2014 um 15:29:28 unerwartet heruntergefahren.
Error: (08/01/2014 11:47:39 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "DIR-645",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{80FF83F9-F709-454A-9446-BC998C887ADB}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Microsoft Office Sessions:
=========================
Error: (08/04/2014 07:09:11 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (08/04/2014 07:09:11 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (08/04/2014 07:09:11 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (08/03/2014 06:12:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (08/03/2014 06:12:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (08/03/2014 06:12:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (08/03/2014 10:36:35 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (08/03/2014 10:36:35 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (08/03/2014 10:36:34 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (08/03/2014 08:24:04 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
CodeIntegrity Errors:
===================================
Date: 2014-08-01 07:26:51.087
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-01 07:26:51.085
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-01 07:26:51.082
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-01 07:26:51.063
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-01 07:26:51.061
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-01 07:26:51.058
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-20 20:37:56.738
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-20 20:37:56.737
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-20 20:37:56.734
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-20 20:37:56.716
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 62%
Total physical RAM: 3893.42 MB
Available physical RAM: 1447.22 MB
Total Pagefile: 7785.03 MB
Available Pagefile: 4793.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:546.25 GB) (Free:243.77 GB) NTFS
Drive d: () (Fixed) (Total:48.83 GB) (Free:48.74 GB) NTFS
Drive e: (EPSON) (CDROM) (Total:0.38 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=546 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1023 MB) - (Type=12)
==================== End Of Log ============================
Scanlog Antimaleware beim ersten mal, als er was gefunden hat Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 01.08.2014
Scan Time: 06:41:21
Logfile: 111.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.08.01.01
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Christian
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 330953
Time Elapsed: 13 min, 10 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 1
Trojan.0Access, HKLM\SOFTWARE\CLASSES\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\INPROCSERVER32, C:\$Recycle.Bin\S-1-5-18\$46fe286b4516f027b2c781ac33660b1b\n., Good: (fastprox.dll), Bad: (C:\$Recycle.Bin\S-1-5-18\$46fe286b4516f027b2c781ac33660b1b\n.),Replaced,[aabb0eb38bf0f73f76754079bc48619f]
Folders: 0
(No malicious items detected)
Files: 5
PUP.Optional.OptimizePro.A, C:\Users\Christian\AppData\Local\Temp\OptimizerPro_new.zip, Quarantined, [085db90836458babe76b0519d0301ce4],
PUP.Optional.Installrex, C:\Users\Christian\AppData\Local\Temp\y_zWEGCI.exe.part, Quarantined, [a2c33889eb906dc98f586faa34cd2bd5],
PUP.Optional.OptimizePro.A, C:\Users\Christian\AppData\Local\Temp\2bc7f693c2d13e046771d4aac84aa3fd\OptimizerPro.exe, Quarantined, [3431f3ce205b89ad262c26f8728efe02],
PUP.Optional.OpenCandy, C:\Users\Christian\Downloads\DTLite4453-0297.exe, Quarantined, [362fd4edc2b9fd397e0ff2ee9b69ba46],
PUP.Optional.OpenCandy, C:\Users\Christian\Downloads\Install_Mario_Forever_5_9.exe, Quarantined, [a5c0c5fc7dfe3204503d0ed27d877e82],
Physical Sectors: 0
(No malicious items detected)
(end)
Scanlog Antimaleware beim zweiten mal Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 03.08.2014
Scan Time: 22:56:54
Logfile: 222.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.08.03.07
Rootkit Database: v2014.08.01.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Christian
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 331798
Time Elapsed: 15 min, 37 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end) |