FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-03-2015
Ran by Sophokles (administrator) on SOPHOKLES-PC on 10-03-2015 23:03:59
Running from C:\Users\Sophokles\Desktop
Loaded Profiles: Sophokles (Available profiles: Sophokles)
Platform: Microsoft Windows 7 Professional N Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-
recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
(Schomäcker GmbH) C:\Program Files\Q-Pilot Client\Service\QPilot-Client-Service.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Connectify) C:\Program Files\Connectify\ConnectifyService.exe
(Connectify) C:\Program Files\Connectify\Connectifyd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Schomäcker GmbH) C:\Program Files\Q-Pilot Client\GUI\QPilot-Client-GUI.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\redirector.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALMon.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Flux Software LLC) C:\Users\Sophokles\AppData\Local\FluxSoftware\Flux\flux.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Dropbox, Inc.) C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be
moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9755240 2010-10-19] (Realtek Semiconductor)
HKLM\...\Run: [QPilotClientGUI] => C:\Program Files\Q-Pilot Client\GUI\QPilot-Client-GUI.exe [18442752 2010-04-21]
(Schomäcker GmbH)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20]
(Apple Inc.)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [185896 2013-10-28] (Geek Software GmbH)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [395616 2014-09-03] (Citrix Systems,
Inc.)
HKLM\...\Run: [Redirector] => C:\Program Files\Citrix\ICA Client\redirector.exe [153952 2014-09-03] (Citrix Systems, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files\Sophos\AutoUpdate\almon.exe [1593640 2015-03-03] (Sophos
Limited)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure
Mobility Client\vpnui.exe [707984 2014-11-19] (Cisco Systems, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-01-27] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17]
(Oracle Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Run: [f.lux] => C:\Users\Sophokles\AppData\Local\FluxSoftware\Flux
\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe
[5282584 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe
[354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\MountPoints2: E - E:\SBLauncher.exe
HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\MountPoints2: {5d6f3f61-d6db-11e3-89b1-f0def1d86fd1} - E:
\MotoCastSetup.exe -a
HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\MountPoints2: {fe1621e9-afde-11e2-b537-f0def1d86fd1} - E:
\SBLauncher.exe
HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
AppInit_DLLs: c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL => c:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll
[275352 2015-01-13] (Sophos Limited)
Startup: C:\Users\Sophokles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft
Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll
[2015-03-02] (Oracle Corporation)
BHO: No Name -> {95A12F4E-76E9-48FC-8813-D8CA7928229C}} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin
\jp2ssv.dll [2015-03-02] (Oracle Corporation)
BHO: No Name -> {EDCFBF0B-D47D-460C-9000-FA74A8CD6F3C}} -> No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information
Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-
02] (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
[2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client
\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA
Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client
\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client
\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client
\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client
\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client
\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client
\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client
\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client
\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client
\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client
\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client
\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client
\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03]
(Citrix Systems, Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 21 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Sophokles\AppData\Roaming\Mozilla\Firefox\Profiles\6b5zntlu.default-1425421356005
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-24] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll [2014-09-03] (Citrix Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-03
-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-02]
(Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13]
( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26]
(Microsoft Corp.)
FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll [2013-12-13] (Nullsoft,
Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-04-11] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: ProxTube - C:\Users\Sophokles\AppData\Roaming\Mozilla\Firefox\Profiles\6b5zntlu.default-
1425421356005\Extensions\ich@maltegoetz.de.xpi [2015-03-03]
FF Extension: SciLor's Grooveshark(tm) Unlocker for Germany - C:\Users\Sophokles\AppData\Roaming\Mozilla\Firefox\Profiles
\6b5zntlu.default-1425421356005\Extensions\SciLorsGrooveUnlocker@scilor.com.xpi [2015-03-03]
FF Extension: Adblock Plus - C:\Users\Sophokles\AppData\Roaming\Mozilla\Firefox\Profiles\6b5zntlu.default-
1425421356005\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-03]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect
\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-06-17]
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi
Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-04-14]
FF HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] -
C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-05-16]
FF HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Sophokles
\AppData\Roaming\Mozilla\Firefox\Profiles\bffu3egs.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR Profile: C:\Users\Sophokles\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (getithd) - C:\Users\Sophokles\AppData\Local\Google\Chrome\User Data\Default\Extensions
\jcejcjdkakbnmifgblkhmckcccjfeljg [2014-01-20]
CHR HKLM\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\Sophokles\AppData\LocalLow\proxtube\CHROME
\proxtube.crx [2012-04-19]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless
listed separately.)
S3 ALG; C:\Windows\System32\alg.exe [59392 2014-09-05] (Microsoft Corporation) [File not signed]
S4 aspnet_state; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [30720 2014-09-05] (Microsoft Corporation)
[File not signed]
S4 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [60416 2014-09-05] (Microsoft
Corporation) [File not signed]
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [89600 2014-09-05] (Microsoft
Corporation) [File not signed]
R2 Connectify; C:\Program Files\Connectify\ConnectifyService.exe [217088 2015-02-23] (Connectify) [File not signed]
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [270848 2014-09-05] (Intel Corporation) [File not signed]
S3 Fax; C:\Windows\system32\fxssvc.exe [523264 2014-09-05] (Microsoft Corporation) [File not signed]
S2 idsvc; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [872448 2014-09-05]
(Microsoft Corporation) [File not signed]
S3 MSDTC; C:\Windows\System32\msdtc.exe [134144 2014-09-05] (Microsoft Corporation) [File not signed]
S2 ose; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [138240 2014-09-05] (Microsoft Corporation)
[File not signed]
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 QPilotClientService; C:\Program Files\Q-Pilot Client\Service\QPilot-Client-Service.exe [10706432 2010-04-21] (Schomäcker
GmbH) [File not signed]
R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-05-21] (Sophos Limited)
R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [208168 2014-10-14] (Sophos Limited)
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [12800 2014-09-05] (Microsoft Corporation) [File not signed]
R2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [340776 2015-03-03] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2014-10-14]
(Sophos Limited)
R2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3274536 2015-01-13] (Sophos
Limited)
S2 swi_update; C:\ProgramData\Sophos\Web Intelligence\swi_update.exe [1487144 2015-01-13] (Sophos Limited)
S2 UI0Detect; C:\Windows\system32\UI0Detect.exe [35840 2014-09-05] (Microsoft Corporation) [File not signed]
R2 vds; C:\Windows\System32\vds.exe [453632 2014-09-05] (Microsoft Corporation) [File not signed]
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [562576 2014-11-19] (Cisco
Systems, Inc.)
S3 VSS; C:\Windows\system32\vssvc.exe [1025536 2014-09-05] (Microsoft Corporation) [File not signed]
S2 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1333760 2014-09-05] (Microsoft Corporation) [File not signed]
S2 wbengine; C:\Windows\system32\wbengine.exe [1203200 2014-09-05] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [136192 2014-09-05] (Microsoft Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless
listed separately.)
R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-01-20] (Lenovo Corporation)
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92528 2014-11-19] (Cisco Systems, Inc.)
R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [36520 2014-12-11] (Connectify)
S3 FFUsbAudio; C:\Windows\System32\DRIVERS\ffusbaudio.sys [31744 2010-03-05] (Focusrite Audio Engineering Ltd.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-10-10] ()
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [134912 2014-05-20] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [34560 2014-05-20] (Sophos Limited)
R1 SKMScan; C:\Windows\System32\DRIVERS\skmscan.sys [33408 2014-05-20] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [23680 2014-05-20] (Sophos Limited)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43888 2014-03-12] (Cisco Systems, Inc.)
S3 catchme; \??\C:\Users\SOPHOK~1\AppData\Local\Temp\catchme.sys [X]
S3 RSUSBVSTOR; System32\Drivers\RtsUVStor.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed
separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-10 23:03 - 2015-03-10 23:05 - 00021401 _____ () C:\Users\Sophokles\Desktop\FRST.txt
2015-03-10 23:00 - 2015-03-10 23:00 - 01134592 _____ (Farbar) C:\Users\Sophokles\Desktop\FRST.exe
2015-03-10 12:18 - 2015-03-10 14:43 - 00000000 ____D () C:\Users\Sophokles\Desktop\Wohngeld
2015-03-09 00:45 - 2015-03-09 00:45 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers
\MBAMSwissArmy.sys
2015-03-09 00:45 - 2015-03-09 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
Anti-Malware
2015-03-09 00:44 - 2015-03-09 00:45 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-09 00:44 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers
\mbamchameleon.sys
2015-03-09 00:44 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-09 00:44 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-09 00:43 - 2015-03-09 00:43 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Sophokles\Downloads\mbam-setup-
2.0.4.1028(1).exe
2015-03-09 00:15 - 2015-03-09 00:19 - 00000000 ____D () C:\Users\Sophokles\AppData\Local\CrashDumps
2015-03-06 19:23 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-06 19:23 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-06 13:00 - 2015-03-10 15:53 - 00000336 _____ () C:\Windows\setupact.log
2015-03-06 13:00 - 2015-03-06 13:00 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-06 12:59 - 2015-03-09 01:09 - 00000714 _____ () C:\Windows\PFRO.log
2015-03-06 12:59 - 2015-03-06 13:00 - 00412656 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-06 00:51 - 2015-03-06 00:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-04 22:54 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-04 22:54 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-04 22:54 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-04 22:54 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-04 22:54 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-04 22:54 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-04 22:54 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-04 22:53 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-04 22:53 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-04 22:53 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-04 22:53 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-04 22:53 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-04 22:53 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-04 22:53 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-04 22:53 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-04 22:53 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-04 22:53 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-04 22:53 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-04 22:53 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-04 22:53 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-04 22:53 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-04 22:53 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows
\system32\MsSpellCheckingFacility.exe
2015-03-04 22:53 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-04 22:53 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows
\system32\JavaScriptCollectionAgent.dll
2015-03-04 22:53 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-04 22:53 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-04 22:53 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-04 22:53 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-04 22:53 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-04 22:53 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-04 22:53 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-04 22:53 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-04 22:53 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-04 22:53 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-04 22:53 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-04 18:03 - 2015-03-04 18:04 - 06208736 _____ (Tim Kosse) C:\Users\Sophokles\Downloads\FileZilla_3.10.2_win32-
setup.exe
2015-03-04 16:33 - 2015-03-04 16:33 - 00000000 ____D () C:\ComboFix
2015-03-04 14:22 - 2015-03-04 14:22 - 00011645 _____ () C:\Users\Sophokles\Downloads\hijackthis.log
2015-03-04 14:04 - 2015-03-04 14:04 - 00388608 _____ (Trend Micro Inc.) C:\Users\Sophokles\Downloads\HijackThis.exe
2015-03-04 14:03 - 2015-03-04 14:04 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Sophokles\Downloads\mbam-setup-
2.0.4.1028.exe
2015-03-04 12:28 - 2015-03-04 12:28 - 00111264 _____ () C:\Users\Sophokles\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-04 12:15 - 2015-03-04 12:15 - 00309304 _____ () C:\Users\Sophokles\Documents\cc_20150304_121512.reg
2015-03-04 10:08 - 2015-03-04 10:08 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-04 09:24 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-03-04 09:18 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-04 09:18 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-04 09:18 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-04 09:18 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-04 09:18 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-04 09:18 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-04 09:18 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-04 09:18 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-04 09:18 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-04 09:18 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-04 09:18 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-04 09:18 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-04 09:18 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-03-04 09:18 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-04 09:18 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-03-04 09:18 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-03-04 09:18 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-03-04 09:16 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-04 09:16 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-04 09:15 - 2015-01-09 03:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-04 09:15 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-04 09:15 - 2015-01-09 03:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-04 09:15 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-04 09:15 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-03-04 09:14 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-03-04 09:14 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-03-04 09:14 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-03-04 09:09 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-03-04 09:08 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-03-04 09:08 - 2014-10-03 02:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-04 09:08 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-04 09:08 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-04 09:08 - 2014-10-03 02:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-04 09:08 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-04 09:08 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-04 09:07 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-04 09:07 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-04 09:07 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-04 09:07 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-04 09:07 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-04 09:07 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-04 09:07 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-04 09:07 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-03-04 09:06 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-03-04 09:06 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-03-04 09:06 - 2014-07-17 02:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-03-04 09:06 - 2014-07-17 02:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-03-04 09:06 - 2014-07-17 02:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-03-04 09:06 - 2014-07-17 02:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-03-04 09:05 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-03-04 09:05 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-03-04 09:05 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-03-04 09:05 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-03-04 09:05 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-03-04 09:04 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-03-04 09:04 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-04 09:04 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-03-04 09:04 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-03-04 09:04 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-03-04 09:04 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-03-04 09:04 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-04 09:04 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-04 09:04 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-03-04 09:01 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-03-04 09:00 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-03-04 08:07 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-03-04 07:56 - 2015-03-04 07:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-04 07:55 - 2015-03-04 07:56 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-04 07:51 - 2015-03-04 07:52 - 05162080 _____ (Piriform Ltd) C:\Users\Sophokles\Downloads\ccsetup500.exe
2015-03-04 00:52 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-04 00:50 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-03-04 00:50 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-03-04 00:50 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-03-04 00:50 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-03-04 00:50 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-03-04 00:48 - 2015-03-04 00:48 - 00000000 ____D () C:\Users\Sophokles\Downloads\lang
2015-03-04 00:48 - 2013-01-08 06:04 - 00005535 _____ () C:\Users\Sophokles\Downloads\License.txt
2015-03-04 00:48 - 2009-11-26 13:02 - 00000010 _____ () C:\Users\Sophokles\Downloads\portable.dat
2015-03-04 00:32 - 2015-03-04 08:20 - 00000000 ____D () C:\Windows\Minidump
2015-03-04 00:27 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-04 00:27 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-04 00:27 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-04 00:27 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-04 00:27 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-04 00:27 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-04 00:27 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-04 00:18 - 2015-03-04 00:27 - 00000000 ____D () C:\Qoobox
2015-03-04 00:17 - 2015-03-04 00:17 - 00000000 ____D () C:\Windows\erdnt
2015-03-03 23:58 - 2015-03-03 23:58 - 01388333 _____ (Thisisu) C:\Users\Sophokles\Downloads\JRT.exe
2015-03-03 23:39 - 2015-03-03 23:39 - 02126848 _____ () C:\Users\Sophokles\Downloads\AdwCleaner.exe
2015-03-02 10:37 - 2015-03-02 10:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connectify
2015
2015-02-25 20:41 - 2015-02-26 16:34 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-02-23 22:45 - 2015-02-23 22:45 - 00000355 _____ () C:\Users\Sophokles\Documents\Computer - Verknüpfung.lnk
2015-02-16 15:43 - 2015-02-16 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-16 15:42 - 2015-02-16 15:43 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-02-16 15:42 - 2015-02-16 15:43 - 00000000 ____D () C:\Program Files\iTunes
2015-02-16 15:42 - 2015-02-16 15:42 - 00000000 ____D () C:\Program Files\iPod
2015-02-13 00:21 - 2015-02-13 00:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2015-02-12 22:39 - 2015-03-10 14:43 - 00000000 ____D () C:\Users\Sophokles\Desktop\Kurse+Termine
2015-02-12 15:20 - 2015-03-04 10:42 - 00000000 ____D () C:\Users\Sophokles\Desktop\Masti
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-10 23:06 - 2013-04-24 17:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-10 23:04 - 2014-11-03 19:18 - 00000000 ____D () C:\FRST
2015-03-10 22:57 - 2013-04-24 11:49 - 01116055 _____ () C:\Windows\WindowsUpdate.log
2015-03-10 17:21 - 2013-04-24 17:04 - 00000000 ____D () C:\Users\Sophokles\AppData\Roaming\Skype
2015-03-09 23:57 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-03-09 21:56 - 2009-07-14 05:02 - 00028368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-
1.C7483456-A289-439d-8115-601632D005A0
2015-03-09 21:56 - 2009-07-14 05:02 - 00028368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-
0.C7483456-A289-439d-8115-601632D005A0
2015-03-09 01:11 - 2013-08-16 06:49 - 00000000 ___RD () C:\Users\Sophokles\Dropbox
2015-03-09 01:11 - 2013-08-16 01:32 - 00000000 ____D () C:\Users\Sophokles\AppData\Roaming\Dropbox
2015-03-09 01:09 - 2014-12-07 18:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-09 01:09 - 2009-07-14 05:17 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-09 01:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Help
2015-03-08 23:27 - 2013-05-12 01:03 - 00000000 ____D () C:\Users\Sophokles\AppData\Roaming\FileZilla
2015-03-08 23:23 - 2013-05-10 15:06 - 00000000 ____D () C:\Users\Sophokles\AppData\Roaming\Audacity
2015-03-06 12:57 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-03-05 00:03 - 2010-11-20 22:03 - 00006292 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-04 18:51 - 2013-05-12 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP
Client
2015-03-04 18:51 - 2013-05-12 01:03 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2015-03-04 14:30 - 2014-09-22 19:59 - 00000000 ____D () C:\Users\Sophokles\AppData\Local\com
2015-03-04 10:30 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-04 10:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing
2015-03-04 10:08 - 2014-05-09 12:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-04 10:08 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-03-04 09:23 - 2013-04-26 20:09 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-03-04 08:25 - 2015-01-21 15:52 - 00000000 ____D () C:\Program Files\PDFCreator
2015-03-04 08:25 - 2014-12-11 21:35 - 00000000 ____D () C:\Program Files\Connectify
2015-03-04 08:22 - 2013-04-24 12:45 - 00000000 ____D () C:\Windows\Panther
2015-03-04 08:20 - 2013-07-28 19:05 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-03 23:54 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Registration
2015-03-03 23:50 - 2013-11-22 12:24 - 00000000 ____D () C:\AdwCleaner
2015-03-02 21:59 - 2013-10-16 19:54 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-02 21:56 - 2014-11-20 12:02 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-03-02 21:56 - 2013-04-26 09:39 - 00000000 ____D () C:\Program Files\Java
2015-02-26 14:27 - 2013-11-08 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitZipper
2015-02-24 22:12 - 2013-04-25 08:24 - 00000000 ____D () C:\Users\Sophokles\AppData\Local\Adobe
2015-02-24 22:11 - 2013-04-24 17:07 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-24 22:11 - 2013-04-24 17:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-24 19:54 - 2013-04-25 18:23 - 00000000 ____D () C:\Users\Sophokles\AppData\Roaming\vlc
2015-02-24 03:23 - 2013-04-24 14:59 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-23 14:34 - 2014-09-16 19:28 - 00000000 ___RD () C:\Program Files\Skype
2015-02-23 14:34 - 2013-04-24 17:04 - 00000000 ____D () C:\ProgramData\Skype
2015-02-17 21:48 - 2013-07-13 20:36 - 00000000 _____ () C:\Windows\system32\vireng.log
2015-02-17 14:57 - 2014-04-14 20:53 - 00000000 ____D () C:\Users\Sophokles\Documents\Citavi 4
2015-02-17 13:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-16 15:42 - 2013-05-11 22:20 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-16 12:02 - 2013-08-16 01:34 - 00000000 ____D () C:\Users\Sophokles\AppData\Roaming\Microsoft\Windows\Start Menu
\Programs\Dropbox
2015-02-15 22:49 - 2015-01-22 10:31 - 00000000 ____D () C:\Users\Sophokles\AppData\Local\PDFCreator
2015-02-13 00:21 - 2014-01-11 23:18 - 00000000 ____D () C:\Program Files\Cisco
2015-02-13 00:21 - 2014-01-11 23:17 - 00000000 ____D () C:\ProgramData\Cisco
==================== Files in the root of some directories =======
2014-11-20 12:04 - 2014-11-20 12:04 - 0000093 _____ () C:\Users\Sophokles\AppData\Roaming\ARCompanion.log
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Sophokles\AppData\Roaming\NTMXMN
2014-09-01 09:18 - 2014-09-01 09:18 - 0002086 _____ () C:\Users\Sophokles\AppData\Roaming\VIWK
2014-12-26 12:21 - 2014-12-26 12:21 - 0000045 _____ () C:\Users\Sophokles\AppData\Roaming\WB.CFG
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Sophokles\AppData\Roaming\YRRKNG
2014-09-11 17:11 - 2014-12-26 18:08 - 0006268 _____ () C:\Users\Sophokles\AppData\Local\Citavi Picker Internet Explorer
Protocol.txt
2013-07-22 14:48 - 2013-07-22 14:48 - 0004096 ____H () C:\Users\Sophokles\AppData\Local\keyfile3.drm
2013-07-18 21:30 - 2013-07-18 21:30 - 0005033 _____ () C:\ProgramData\mtbjfghn.xbe
Some content of TEMP:
====================
C:\Users\Sophokles\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp53c9ur.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-07 15:42
==================== End Of Log ============================ --- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-03-2015
Ran by Sophokles at 2015-03-10 23:06:31
Running from C:\Users\Sophokles\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be
uninstalled manually.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems
Incorporated)
Apple Application Support (32-Bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Bass Station 1.6 (HKLM\...\{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1) (Version: 1.6 - Novation Digital Music Systems Ltd.)
BitZipper 2013 (HKLM\...\BitZipper_is1) (Version: 2013.13.4.16 - Bitberry Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Cisco AnyConnect Secure Mobility Client (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.06073 - Cisco
Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.06073 - Cisco Systems, Inc.) Hidden
Citavi 4 (HKLM\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.3.0.15 - Swiss Academic Software)
Citrix Receiver (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 14.1.200.13 - Citrix Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 -
Microsoft Corporation)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 -
Microsoft Corporation)
Connectify 2015 (HKLM\...\Connectify) (Version: 2015.0.3.34560 - Connectify)
Dropbox (HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
EPUB File Reader (HKLM\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version: - epubfilereader.com)
f.lux (HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Flux) (Version: - )
FileZilla Client 3.10.2 (HKLM\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
Focusrite Plug-in Suite 1.0.2 (HKLM\...\{CF07B703-ACF2-4003-AF18-1EA840920D38}}_is1) (Version: 1.0.2 - Focusrite Audio
Engineering Ltd.)
Focusrite USB 2.0 Audio Driver 2.2 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.2 - Focusrite Audio
Engineering Limited.)
Focusrite USB Audio Driver 1.8 (HKLM\...\Focusrite USB Audio Driver_is1) (Version: 1.8 - Focusrite Audio Engineering Ltd.)
Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free YouTube to MP3 Converter version 3.12.35.514 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.35.514 -
DVDVideoSoft Ltd.)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
jMemorize (HKLM\...\jMemorize) (Version: - )
Live 8.0.9 (HKLM\...\Live 8.0.9) (Version: - )
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes
Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 -
Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft
Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 -
Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft
Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 -
Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM\...\MSTTS) (Version: - )
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version:
9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version:
9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version:
10.0.30319 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 de) (HKLM\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
MyStudioPC 2.05.02.00 (HKLM\...\InstallShield_{E37404FC-DD7A-468B-8692-C4065B382D84}) (Version: 2.05.02.00 - Japanese
Society for Rehabilitation of Persons with Disabilities)
MyStudioPC 2.05.02.00 (Version: 2.05.02.00 - Japanese Society for Rehabilitation of Persons with Disabilities) Hidden
ODF Add-in for Microsoft Office (HKLM\...\{2BC21CD2-8053-406A-80F6-9AB61717B49D}) (Version: 4.0.5309.0 - OpenXML/ODF
Translator Team)
Online Plug-in (Version: 14.1.200.13 - Citrix Systems, Inc.) Hidden
PCFriendly (HKLM\...\PCFriendly) (Version: - )
PDF Architect (HKLM\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 6.0.1 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.1 - pdfforge)
PhotoFiltre 7 (HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\PhotoFiltre 7) (Version: - )
Q-Pilot Client 4.0.0.5727 (HKLM\...\{870126DA-33D5-4DA8-BB6D-6E3A61969072}) (Version: 4.0.0.5727 - Schomäcker GmbH)
Q-Pilot: Konfiguration der Druck-Queues und -Treiber (HKLM\...\HRZQPilotQueues) (Version: 0.51 - Uni Marburg, HRZ)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6225 - Realtek
Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Saffire MixControl 3.2 (HKLM\...\Saffire PRO 40_is1) (Version: 3.2 - Focusrite Audio Engineering Ltd.)
Scarlett MixControl 1.3 (HKLM\...\Saffire USB 26_is1) (Version: 1.3 - Focusrite Audio Engineering Limited)
SciLor's grooveshark™.com Downloader 0.4.12 (HKLM\...\{DDEAE484-D5FB-49CB-BD47-9512E8ACCA65}_is1) (Version: 0.4.12 -
SciLor)
Self-Service Plug-in (Version: 4.1.200.588 - Citrix Systems, Inc.) Hidden
Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Snap.Do (HKLM\...\{FAC08B7A-F059-4FD6-ACA2-9C2FD0B5B241}) (Version: 11.75.1.17220 - ReSoft Ltd.) <==== ATTENTION
Sophos Anti-Virus (HKLM\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.12 - Sophos Limited)
Sophos AutoUpdate (HKLM\...\{7CD26A0C-9B59-4E84-B5EE-B386B2F7AA16}) (Version: 4.1.0.273 - Sophos Limited)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited)
TexMakerX 2.1 (HKLM\...\TexMakerX_is1) (Version: 2.1 - Benito van der Zander)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Winamp Detect) (Version: 1.0.0.1 -
Nullsoft, Inc)
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (03/27/2013 2.5.64.2) (HKLM\...
\33363B6D2E200ED19F75DDF6CC777BB5A1947A25) (Version: 03/27/2013 2.5.64.2 - Focusrite)
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (09/10/2012 2.4.128.0) (HKLM\...
\4214A1CFC1A368A5078729BFD4B211F0CDB5CEC5) (Version: 09/10/2012 2.4.128.0 - Focusrite)
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (09/22/2011 2.2.0.0) (HKLM\...
\54CB6483AA6621FEF67643C55EC698A0CF71605E) (Version: 09/22/2011 2.2.0.0 - Focusrite)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3804236533-1989176325-2614330732-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-
C0CE100EA736}\localserver32 -> C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3804236533-1989176325-2614330732-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-
CDD82E34AF8B}\InprocServer32 -> C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3804236533-1989176325-2614330732-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-
CDD82E34AF8B}\InprocServer32 -> C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3804236533-1989176325-2614330732-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-
CDD82E34AF8B}\InprocServer32 -> C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3804236533-1989176325-2614330732-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-
CDD82E34AF8B}\InprocServer32 -> C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3804236533-1989176325-2614330732-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-
CDD82E34AF8B}\InprocServer32 -> C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3804236533-1989176325-2614330732-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-
CDD82E34AF8B}\InprocServer32 -> C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3804236533-1989176325-2614330732-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-
CDD82E34AF8B}\InprocServer32 -> C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3804236533-1989176325-2614330732-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-
CDD82E34AF8B}\InprocServer32 -> C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
06-03-2015 00:30:22 Windows Update
06-03-2015 08:06:48 Windows Update
08-03-2015 20:36:15 Windows-Sicherung
09-03-2015 21:55:24 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately
to be moved.)
Task: {01EF53E7-048B-4323-A594-1BC40BF06A66} - System32\Tasks\{3A2AC715-DABB-41D7-94E0-A6C823338DC0} => pcalua.exe -a C:
\Users\Sophokles\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=tugs <==== ATTENTION
Task: {0AD06B14-0DA8-4C9C-84C9-33A8376665BE} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files
\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {0DC70879-9A0A-431D-8E46-C8FB7D7324BD} - System32\Tasks\{F1D2DB9D-2E9C-4C3C-81DC-037C974D575F} => pcalua.exe -a E:
\Win7\Lenovo-B570(1068)-Treiber\IN1PCH32WW5.exe -d E:\Win7\Lenovo-B570(1068)-Treiber
Task: {17BB234E-1FC5-4029-AA02-9768526619B3} - System32\Tasks\{A7329049-A4A6-4784-A0CC-7FDC5A6DD1A8} => pcalua.exe -a E:
\Win7\Lenovo-B570(1068)-Treiber\IN1WLN113WW5.exe -d E:\Win7\Lenovo-B570(1068)-Treiber
Task: {2E1A84FC-64A3-4710-A43D-EBD8A7FAC83D} - System32\Tasks\{165C64A7-0882-48A2-931B-3FAB530E5096} => pcalua.exe -a C:
\Users\Sophokles\Downloads\wmp11-windowsxp-x86-DE-DE.exe -d C:\Users\Sophokles\Downloads
Task: {2FDC2965-CE6D-4D8C-B70F-4AD3CB3126AB} - System32\Tasks\{7B58BE47-E866-4787-BA41-5AAD7B96B5A4} => pcalua.exe -a "C:
\Drivers\Broadcom Bluetooth Driver\Win32\instmsiw.exe" -d "C:\Drivers\Broadcom Bluetooth Driver\Win32"
Task: {43F324C4-4FB3-492C-923F-0750D34E8EA7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software
Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4CBE22AB-81C4-472E-99E7-6F5E9275829E} - System32\Tasks\{13D72250-A214-4368-B58E-811C74A8D71D} => pcalua.exe -a E:
\Win7\Lenovo-B570(1068)-Treiber\IN1CAM44WW5.exe -d E:\Win7\Lenovo-B570(1068)-Treiber
Task: {AF2A3A49-1B8C-4FD3-A7F3-920B780C9732} - System32\Tasks\{2E136FB4-049F-4914-A366-CDF43BB2EA2A} => pcalua.exe -a E:
\Win7\Lenovo-B570(1068)-Treiber\IN1WLN85WW5.exe -d E:\Win7\Lenovo-B570(1068)-Treiber
Task: {B4161777-2B30-4DA7-A47D-5A8CBE800B93} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java
\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {CB17EC52-0BB0-43CC-A777-34083D598289} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe
[2014-11-21] (Piriform Ltd)
Task: {DE3100B3-8E87-4183-ADEC-3F8D241CB6C9} - System32\Tasks\{8D2DB329-90A3-434B-A72D-8657CAB1530B} => pcalua.exe -a E:
\Win7\Lenovo-B570(1068)-Treiber\IN3BTH49WW5.exe -d E:\Win7\Lenovo-B570(1068)-Treiber
Task: {F0C7303F-D12C-4F7E-9F4A-CAAF07851923} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files
\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {F799CD3F-8A5B-47A9-8D6B-C39275BFF875} - System32\Tasks\{D487B9B6-BE51-42D5-ACFF-C98A6CE27803} => pcalua.exe -a "C:
\Drivers\Broadcom Bluetooth Driver\Win32\instmsia.exe" -d "C:\Drivers\Broadcom Bluetooth Driver\Win32"
Task: {F93F1FD5-A71F-4834-8E9B-5C61D9EE9C55} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed
\Flash\FlashPlayerUpdateService.exe [2015-02-24] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not
be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\NTMXMN.job => C:\Users\Sophokles\AppData\Roaming\NTMXMN.exe <==== ATTENTION
Task: C:\Windows\Tasks\VIWK.job => C:\Users\Sophokles\AppData\Roaming\VIWK.exe <==== ATTENTION
Task: C:\Windows\Tasks\YRRKNG.job => C:\Users\Sophokles\AppData\Roaming\YRRKNG.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) ==============
2015-03-02 21:30 - 2015-03-02 21:30 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2003-07-11 01:09 - 2003-07-11 01:09 - 00048192 _____ () C:\Program Files\Common Files\Microsoft Shared\Web Folders
\1031\nsextint.dll
2014-11-19 16:36 - 2014-11-19 16:36 - 00063376 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client
\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support
\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support
\libxml2.dll
2009-12-12 16:40 - 2009-12-12 16:40 - 00020480 _____ () C:\Program Files\Q-Pilot Client\Common\Java\bin\jetvm\jvm.dll
2009-12-12 16:40 - 2009-12-12 16:40 - 00069632 _____ () C:\Program Files\Q-Pilot Client\Common\Java\bin\java.dll
2010-03-10 18:21 - 2010-03-10 18:21 - 00126976 _____ () C:\Program Files\Q-Pilot Client\Common\Java\bin\zip.dll
2009-12-12 16:35 - 2009-12-12 16:35 - 00155648 _____ () C:\Program Files\Q-Pilot Client\Common\Java\jetrt\baseline700.dll
2014-12-11 21:35 - 2015-02-23 18:23 - 00715000 _____ () C:\Program Files\Connectify\log4cplus.dll
2011-03-25 16:28 - 2011-03-25 16:28 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-09 01:10 - 2015-03-09 01:10 - 00043008 _____ () c:\Users\Sophokles\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153
-5bce-5766-8f84-3e3e7ecf0d81}.tmp53c9ur.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\plugins\platforms
\qwindows.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\plugins
\imageformats\qjpeg.dll
2014-11-22 01:03 - 2014-11-22 01:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-02-25 20:41 - 2015-02-25 20:41 - 03348080 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2015-02-25 20:41 - 2015-02-25 20:41 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2015-02-25 20:41 - 2015-02-25 20:41 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-04-14 12:33 - 2014-01-28 06:47 - 00430080 _____ () C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
\components\FirefoxPickerCommunication.dll
2015-02-05 07:28 - 2015-02-24 22:11 - 16852144 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:373E1720
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sophokles\AppData\Roaming
\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-3804236533-1989176325-2614330732-500 - Administrator - Disabled)
Gast (S-1-5-21-3804236533-1989176325-2614330732-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3804236533-1989176325-2614330732-1007 - Limited - Enabled)
Sophokles (S-1-5-21-3804236533-1989176325-2614330732-1000 - Administrator - Enabled) => C:\Users\Sophokles
SophosSAUSOPHOKLES-0 (S-1-5-21-3804236533-1989176325-2614330732-1001 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow
the instructions.
Name: EgisTec_ES603
Description: EgisTec_ES603
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/10/2015 01:13:08 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für
"Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung
"Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/10/2015 00:03:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4477
Error: (03/10/2015 00:03:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4477
Error: (03/10/2015 00:03:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/09/2015 11:51:31 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für
"Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung
"Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/09/2015 09:54:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 74356644
Error: (03/09/2015 09:54:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 74356644
Error: (03/09/2015 09:54:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/09/2015 01:11:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor"
AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/09/2015 01:11:02 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für
"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Fehler in Manifest- oder Richtliniendatei
"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2"
in Zeile
Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis:
Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition:
Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
System errors:
=============
Error: (03/10/2015 01:47:49 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{C8E51499-928D-
44F1-AE3E-34C4D03E972D} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error: (03/09/2015 01:10:51 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.
Error: (03/09/2015 01:07:06 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}
Error: (03/08/2015 08:46:20 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 70. Der interne Fehlerstatus lautet: 105.
Error: (03/06/2015 07:09:39 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.
Error: (03/06/2015 00:57:26 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}
Error: (03/06/2015 08:06:15 AM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{C8E51499-928D-
44F1-AE3E-34C4D03E972D} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error: (03/06/2015 00:46:24 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070652 fehlgeschlagen: Update
für Microsoft Office 2010 (KB2825635) 32-Bit-Edition
Error: (03/06/2015 00:36:55 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070652 fehlgeschlagen: Update
für Office-Dateiüberprüfung 2010, 32-Bit-Edition (KB2553065)
Error: (03/06/2015 00:28:54 AM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{C8E51499-928D-
44F1-AE3E-34C4D03E972D} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Microsoft Office Sessions:
=========================
Error: (03/10/2015 01:13:08 AM) (Source: SideBySide) (EventID: 33) (User: )
Description:
Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:
\program files\bitzipper\BZSHLEXTLOADER.EXE
Error: (03/10/2015 00:03:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4477
Error: (03/10/2015 00:03:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4477
Error: (03/10/2015 00:03:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/09/2015 11:51:31 PM) (Source: SideBySide) (EventID: 33) (User: )
Description:
Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:
\program files\bitzipper\BZSHLEXTLOADER.EXE
Error: (03/09/2015 09:54:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 74356644
Error: (03/09/2015 09:54:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 74356644
Error: (03/09/2015 09:54:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/09/2015 01:11:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor"
AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/09/2015 01:11:02 AM) (Source: SideBySide) (EventID: 35) (User: )
Description:
Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Micro
soft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:
\Program Files\Citrix\ICA Client\MFC80.DLLC:\Program Files\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz
Percentage of memory in use: 56%
Total physical RAM: 2988.14 MB
Available physical RAM: 1313.33 MB
Total Pagefile: 6274.57 MB
Available Pagefile: 3806.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1920.53 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:296.91 GB) (Free:204.99 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 0BFE5315)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=296.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1.1 GB) - (Type=12)
==================== End Of Log ============================ |