FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-10-2014
Ran by Schatz (administrator) on SCHWARZERENGEL on 12-10-2014 00:03:21
Running from C:\Users\Schatz\Downloads
Loaded Profile: Schatz (Available profiles: Schatz)
Platform: Microsoft Windows 8.1 Pro (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x86__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9210400 2010-04-30] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKU\S-1-5-21-45034832-3413565100-2441375110-1001\...\Run: [Steam] => C:\Program Files\Steam\Steam.exe [1938112 2014-09-23] (Valve Corporation)
HKU\S-1-5-21-45034832-3413565100-2441375110-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
Startup: C:\Users\Schatz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk
ShortcutTarget: Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x514EC5F574E0CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Schatz\AppData\Roaming\Mozilla\Firefox\Profiles\9c06m1jo.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Battlefield Play4Free - C:\Users\Schatz\AppData\Roaming\Mozilla\Firefox\Profiles\9c06m1jo.default\Extensions\battlefieldplay4free@ea.com [2014-08-03]
FF Extension: leethax.net extension - C:\Users\Schatz\AppData\Roaming\Mozilla\Firefox\Profiles\9c06m1jo.default\Extensions\leethax@leethax.net.xpi [2014-07-25]
FF Extension: ReloadEvery - C:\Users\Schatz\AppData\Roaming\Mozilla\Firefox\Profiles\9c06m1jo.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2014-09-29]
FF Extension: Adblock Plus - C:\Users\Schatz\AppData\Roaming\Mozilla\Firefox\Profiles\9c06m1jo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-25]
Chrome:
=======
CHR Profile: C:\Users\Schatz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Schatz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-10]
CHR Extension: (Google Docs) - C:\Users\Schatz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-10]
CHR Extension: (Google Drive) - C:\Users\Schatz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Schatz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-10]
CHR Extension: (YouTube) - C:\Users\Schatz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-10]
CHR Extension: (Google-Suche) - C:\Users\Schatz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-10]
CHR Extension: (Google Tabellen) - C:\Users\Schatz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-10]
CHR Extension: (AdBlock) - C:\Users\Schatz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-10]
CHR Extension: (GData Centers 1 Council Bluffs, Iowa) - C:\Users\Schatz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeonacmfdmkgfmmdejlinolgjomhcbmh [2014-10-10]
CHR Extension: (Google Wallet) - C:\Users\Schatz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-10]
CHR Extension: (Google Mail) - C:\Users\Schatz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-10]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915784 2014-09-17] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18044744 2014-09-17] (NVIDIA Corporation)
R2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [977088 2014-03-02] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [279784 2014-05-13] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2014-05-13] (Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1222144 2014-07-24] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
S3 GPIO; C:\Windows\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
S1 MpKsl072f754d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl072f754d.sys [29904 2014-07-24] () [File not signed]
R1 MpKslfaa14ebc; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{67007978-D6A4-4D72-9462-2F5842C7AD83}\MpKslfaa14ebc.sys [39464 2014-10-11] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad32v.sys [32928 2014-09-04] (NVIDIA Corporation)
S3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [92504 2014-05-13] (Microsoft Corporation)
R3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [30256 2014-07-24] (Basil Projects)
R0 Wof; C:\Windows\system32\Drivers\Wof.sys [138584 2014-04-28] (Microsoft Corporation)
R3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
S3 amdiox86; \SystemRoot\System32\drivers\amdiox86.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-11 23:59 - 2014-10-12 00:03 - 00012366 _____ () C:\Users\Schatz\Downloads\FRST.txt
2014-10-11 23:58 - 2014-10-11 23:58 - 01101312 _____ (Farbar) C:\Users\Schatz\Downloads\FRST.exe
2014-10-10 23:07 - 2014-10-10 23:17 - 00000000 ____D () C:\Program Files\CPUCooL
2014-10-10 23:06 - 2014-10-10 23:06 - 01047704 _____ () C:\Users\Schatz\Downloads\CPUCooL-lnstall.exe
2014-10-10 22:46 - 2014-10-10 22:47 - 00044128 _____ () C:\Users\Schatz\Downloads\Addition.txt
2014-10-10 22:45 - 2014-10-12 00:03 - 00000000 ____D () C:\FRST
2014-10-10 12:59 - 2014-10-10 12:59 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-10 12:59 - 2014-10-10 12:59 - 00001117 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-10 12:59 - 2014-10-10 12:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-10 12:58 - 2014-10-10 12:58 - 35095808 _____ () C:\Users\Schatz\Downloads\Firefox_Setup_de32.0.3.exe
2014-10-10 01:49 - 2014-10-11 23:54 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-10 01:49 - 2014-10-11 11:26 - 00002141 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-10 01:49 - 2014-10-11 11:26 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-10 01:49 - 2014-10-10 01:49 - 00000000 ____D () C:\Users\Schatz\AppData\Local\Google
2014-10-10 01:49 - 2014-10-10 01:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-10 01:49 - 2014-10-10 01:49 - 00000000 ____D () C:\Program Files\Google
2014-10-10 01:48 - 2014-10-10 01:48 - 00895120 _____ (Google Inc.) C:\Users\Schatz\Downloads\ChromeSetup.exe
2014-10-06 11:31 - 2014-10-06 11:31 - 00000000 ____D () C:\Users\Schatz\AppData\Local\Adobe
2014-09-26 12:21 - 2014-10-10 22:41 - 00000000 ____D () C:\Users\Schatz\AppData\Local\CrashDumps
2014-09-25 00:22 - 2014-10-10 12:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-21 20:34 - 2014-09-04 21:14 - 00032928 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad32v.sys
2014-09-19 21:14 - 2014-09-19 21:14 - 00000000 ____D () C:\Users\Schatz\AppData\Roaming\Corel
2014-09-19 21:14 - 2014-09-19 21:14 - 00000000 ____D () C:\ProgramData\Protexis
2014-09-19 21:13 - 2014-09-19 21:13 - 00000000 ____D () C:\Users\Schatz\Documents\Corel PaintShop Pro
2014-09-19 21:13 - 2014-09-19 21:13 - 00000000 ____D () C:\Users\Schatz\AppData\Roaming\Ulead Systems
2014-09-19 21:13 - 2014-09-19 21:13 - 00000000 ____D () C:\Users\Schatz\AppData\Local\Corel PaintShop Pro
2014-09-19 21:13 - 2014-09-19 21:13 - 00000000 ____D () C:\Program Files\Common Files\Protexis
2014-09-19 21:12 - 2014-09-19 21:13 - 00000000 ____D () C:\ProgramData\Corel
2014-09-19 21:12 - 2014-09-19 21:12 - 00001076 _____ () C:\Users\Public\Desktop\Corel PaintShop Pro X7.lnk
2014-09-19 21:12 - 2014-09-19 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Pro X7
2014-09-19 21:11 - 2014-09-19 21:11 - 00000000 ____D () C:\Program Files\Corel
2014-09-19 02:50 - 2014-09-19 02:50 - 03520000 _____ () C:\Users\Schatz\Downloads\Fv2Trainer_2014.exe
2014-09-18 17:51 - 2014-09-18 17:51 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-18 17:51 - 2014-09-18 17:51 - 00001136 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-09-18 17:50 - 2014-09-18 17:50 - 06626832 _____ (TeamViewer GmbH) C:\Users\Schatz\Downloads\TeamViewer_Setup_de.exe
2014-09-18 17:50 - 2014-09-18 17:50 - 00816064 _____ ( ) C:\Users\Schatz\Downloads\TeamViewer_Setup_de_CB-DL-Manager.exe
2014-09-18 12:20 - 2014-08-29 03:19 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-09-18 12:20 - 2014-08-29 02:59 - 03117568 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-18 12:20 - 2014-08-29 01:47 - 02321920 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-18 12:20 - 2014-08-26 00:25 - 03525632 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-18 12:20 - 2014-08-16 05:16 - 18722600 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-18 12:20 - 2014-08-16 05:16 - 01205976 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-09-18 12:20 - 2014-08-16 05:08 - 00863528 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-09-18 12:20 - 2014-08-16 05:03 - 01858880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-09-18 12:20 - 2014-08-16 05:03 - 01436888 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-09-18 12:20 - 2014-08-16 05:03 - 00286528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-09-18 12:20 - 2014-08-16 02:43 - 00321024 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2014-09-18 12:20 - 2014-08-16 02:39 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2014-09-18 12:20 - 2014-08-16 02:35 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2014-09-18 12:20 - 2014-08-16 02:31 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll
2014-09-18 12:20 - 2014-08-16 02:30 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2014-09-18 12:20 - 2014-08-16 02:29 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2014-09-18 12:20 - 2014-08-16 02:23 - 00808448 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-09-18 12:20 - 2014-08-16 02:21 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll
2014-09-18 12:20 - 2014-08-16 02:19 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-18 12:20 - 2014-08-16 02:15 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-09-18 12:20 - 2014-08-16 02:14 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-09-18 12:20 - 2014-08-16 02:13 - 05902848 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-09-18 12:20 - 2014-08-16 02:13 - 00840192 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-09-18 12:20 - 2014-08-16 02:11 - 03985408 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-09-18 12:20 - 2014-08-16 02:11 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-09-18 12:20 - 2014-08-16 02:08 - 05777408 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-18 12:20 - 2014-08-16 02:07 - 00756224 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-09-18 12:20 - 2014-08-16 02:05 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-09-18 12:20 - 2014-08-01 01:23 - 00388729 _____ () C:\Windows\system32\ApnDatabase.xml
2014-09-16 19:22 - 2014-09-17 21:09 - 00000000 ____D () C:\Users\Schatz\AppData\Roaming\FileZilla
2014-09-16 19:22 - 2014-09-16 19:22 - 00001958 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-09-16 19:22 - 2014-09-16 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-09-16 19:22 - 2014-09-16 19:22 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2014-09-16 19:21 - 2014-09-16 19:21 - 06057862 _____ (Tim Kosse) C:\Users\Schatz\Downloads\FileZilla_3.9.0.5_win32-setup.exe
2014-09-16 18:13 - 2014-08-16 03:22 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-16 18:13 - 2014-08-16 03:20 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-16 18:13 - 2014-08-16 03:03 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-16 18:13 - 2014-08-16 02:53 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-16 18:13 - 2014-08-16 02:53 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-16 18:13 - 2014-08-16 02:12 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-16 18:12 - 2014-08-16 04:04 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-16 18:12 - 2014-08-16 03:45 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-16 18:12 - 2014-08-16 03:18 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-16 18:12 - 2014-08-16 03:11 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-16 18:12 - 2014-08-16 02:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-16 18:12 - 2014-08-16 02:51 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-16 18:12 - 2014-08-16 02:45 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-16 18:12 - 2014-08-16 02:44 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-16 18:12 - 2014-08-16 02:44 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-16 18:12 - 2014-08-16 02:44 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-16 18:12 - 2014-08-16 02:20 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-16 18:12 - 2014-08-16 02:14 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-16 15:32 - 2014-08-23 09:13 - 02084520 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-09-16 15:32 - 2014-08-23 07:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-09-16 15:32 - 2014-08-23 06:31 - 01038336 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-09-16 15:32 - 2014-08-23 06:20 - 11818496 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-09-16 15:32 - 2014-08-23 06:02 - 00612352 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2014-09-16 15:32 - 2014-08-15 01:35 - 00122688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2014-09-16 15:32 - 2014-07-30 03:57 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2014-09-16 15:32 - 2014-07-29 07:06 - 00163328 _____ (Microsoft Corporation) C:\Windows\system32\tcpmon.dll
2014-09-16 15:27 - 2014-09-05 04:02 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-09-16 15:27 - 2014-09-05 03:58 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-16 15:27 - 2014-09-05 02:44 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-16 15:27 - 2014-08-02 02:15 - 00976384 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-16 15:27 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-12 00:00 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sru
2014-10-11 23:52 - 2014-07-24 22:29 - 01464311 _____ () C:\Windows\WindowsUpdate.log
2014-10-11 23:13 - 2014-07-25 00:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-11 20:32 - 2014-08-26 20:38 - 00000000 ____D () C:\Users\Schatz\AppData\Roaming\vlc
2014-10-11 11:58 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-11 11:26 - 2014-08-04 21:27 - 00000000 ____D () C:\Program Files\Steam
2014-10-11 00:17 - 2014-08-09 02:28 - 00000000 ____D () C:\Users\Schatz\Desktop\Neuer Ordner
2014-10-10 23:12 - 2014-08-02 14:25 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-10 23:12 - 2013-08-22 09:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-10 23:11 - 2013-08-22 08:13 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-10 15:48 - 2014-07-24 23:26 - 00000000 ____D () C:\Users\Schatz\AppData\Roaming\Skype
2014-10-10 15:47 - 2014-03-18 01:54 - 00012292 _____ () C:\Windows\PFRO.log
2014-10-10 11:27 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-09 17:26 - 2014-08-02 23:52 - 00000000 ____D () C:\AdwCleaner
2014-10-07 21:11 - 2014-07-24 22:30 - 00000000 ____D () C:\Users\Schatz
2014-10-04 13:54 - 2014-07-24 23:39 - 00000000 ____D () C:\ProgramData\firebird
2014-09-26 11:30 - 2014-08-04 21:07 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-09-24 10:36 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\rescache
2014-09-24 10:10 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-24 10:10 - 2013-08-22 10:05 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-22 08:41 - 2014-07-25 01:11 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-21 20:36 - 2014-08-02 14:22 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-09-21 20:35 - 2013-08-22 09:23 - 00023484 _____ () C:\Windows\setupact.log
2014-09-19 21:11 - 2014-07-24 23:45 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-19 20:56 - 2013-08-22 09:22 - 00352832 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-18 18:53 - 2014-03-18 10:04 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-18 17:51 - 2014-07-24 23:33 - 00000000 ____D () C:\Program Files\TeamViewer
2014-09-18 12:28 - 2013-08-22 10:17 - 00000000 ___RD () C:\Windows\ToastData
2014-09-18 12:28 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\WinStore
2014-09-17 11:45 - 2014-09-05 18:25 - 00000000 ____D () C:\Program Files\OXXOGames
2014-09-17 04:13 - 2014-08-02 14:26 - 02193560 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap.dll
2014-09-17 04:13 - 2014-08-02 14:26 - 01291280 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge.dll
2014-09-17 04:00 - 2014-07-25 01:19 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-16 18:13 - 2014-07-25 00:26 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-16 18:13 - 2014-07-25 00:26 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-16 18:13 - 2014-07-25 00:26 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-16 18:13 - 2014-07-25 00:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-16 18:13 - 2014-07-25 00:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-16 18:13 - 2014-07-25 00:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-16 18:13 - 2014-07-25 00:26 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-16 18:13 - 2014-07-25 00:26 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-16 18:13 - 2014-05-13 23:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-16 18:12 - 2014-07-24 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-16 16:35 - 2014-07-24 22:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-16 16:14 - 2014-07-25 01:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-16 16:08 - 2014-07-25 01:16 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-16 15:22 - 2014-09-05 18:28 - 00000000 ____D () C:\Program Files\DEUTSCHLAND SPIELT
2014-09-16 15:20 - 2014-07-24 23:00 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
Some content of TEMP:
====================
C:\Users\Schatz\AppData\Local\Temp\CPUCOOL9.EXE
C:\Users\Schatz\AppData\Local\Temp\leethax extension for google chrome__3038_i1365559693_il2101897.exe
C:\Users\Schatz\AppData\Local\Temp\ose00000.exe
C:\Users\Schatz\AppData\Local\Temp\ose00001.exe
C:\Users\Schatz\AppData\Local\Temp\Quarantine.exe
C:\Users\Schatz\AppData\Local\Temp\sdan.exe
C:\Users\Schatz\AppData\Local\Temp\sdapk.exe
C:\Users\Schatz\AppData\Local\Temp\sdaspwn.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-08 11:53
==================== End Of Log ============================ --- --- ---
--- --- --- Zitat:
Zitat von Schwarz
(Beitrag 1370592)
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-10-2014
Ran by Schatz (administrator) on SCHWARZERENGEL on 12-10-2014 00:03:21
Running from C:\Users\Schatz\Downloads
Loaded Profile: Schatz (Available profiles: Schatz)
Platform: Microsoft Windows 8.1 Pro (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x86__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9210400 2010-04-30] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKU\S-1-5-21-45034832-3413565100-2441375110-1001\...\Run: [Steam] => C:\Program Files\Steam\Steam.exe [1938112 2014-09-23] (Valve Corporation)
HKU\S-1-5-21-45034832-3413565100-2441375110-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
Startup: C:\Users\Schatz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk
ShortcutTarget: Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x514EC5F574E0CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Schatz\AppData\Roaming\Mozilla\Firefox\Profiles\9c06m1jo.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Battlefield Play4Free - C:\Users\Schatz\AppData\Roaming\Mozilla\Firefox\Profiles\9c06m1jo.default\Extensions\battlefieldplay4free@ea.com [2014-08-03]
FF Extension: leethax.net extension - C:\Users\Schatz\AppData\Roaming\Mozilla\Firefox\Profiles\9c06m1jo.default\Extensions\leethax@leethax.net.xpi [2014-07-25]
FF Extension: ReloadEvery - C:\Users\Schatz\AppData\Roaming\Mozilla\Firefox\Profiles\9c06m1jo.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2014-09-29]
FF Extension: Adblock Plus - C:\Users\Schatz\AppData\Roaming\Mozilla\Firefox\Profiles\9c06m1jo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-25]
Chrome:
=======
CHR Profile: C:\Users\Schatz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Schatz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-10]
CHR Extension: (Google Docs) - C:\Users\Schatz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-10]
CHR Extension: (Google Drive) - C:\Users\Schatz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Schatz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-10]
CHR Extension: (YouTube) - C:\Users\Schatz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-10]
CHR Extension: (Google-Suche) - C:\Users\Schatz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-10]
CHR Extension: (Google Tabellen) - C:\Users\Schatz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-10]
CHR Extension: (AdBlock) - C:\Users\Schatz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-10]
CHR Extension: (GData Centers 1 Council Bluffs, Iowa) - C:\Users\Schatz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeonacmfdmkgfmmdejlinolgjomhcbmh [2014-10-10]
CHR Extension: (Google Wallet) - C:\Users\Schatz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-10]
CHR Extension: (Google Mail) - C:\Users\Schatz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-10]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915784 2014-09-17] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18044744 2014-09-17] (NVIDIA Corporation)
R2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [977088 2014-03-02] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [279784 2014-05-13] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2014-05-13] (Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1222144 2014-07-24] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
S3 GPIO; C:\Windows\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
S1 MpKsl072f754d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl072f754d.sys [29904 2014-07-24] () [File not signed]
R1 MpKslfaa14ebc; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{67007978-D6A4-4D72-9462-2F5842C7AD83}\MpKslfaa14ebc.sys [39464 2014-10-11] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad32v.sys [32928 2014-09-04] (NVIDIA Corporation)
S3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [92504 2014-05-13] (Microsoft Corporation)
R3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [30256 2014-07-24] (Basil Projects)
R0 Wof; C:\Windows\system32\Drivers\Wof.sys [138584 2014-04-28] (Microsoft Corporation)
R3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
S3 amdiox86; \SystemRoot\System32\drivers\amdiox86.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-11 23:59 - 2014-10-12 00:03 - 00012366 _____ () C:\Users\Schatz\Downloads\FRST.txt
2014-10-11 23:58 - 2014-10-11 23:58 - 01101312 _____ (Farbar) C:\Users\Schatz\Downloads\FRST.exe
2014-10-10 23:07 - 2014-10-10 23:17 - 00000000 ____D () C:\Program Files\CPUCooL
2014-10-10 23:06 - 2014-10-10 23:06 - 01047704 _____ () C:\Users\Schatz\Downloads\CPUCooL-lnstall.exe
2014-10-10 22:46 - 2014-10-10 22:47 - 00044128 _____ () C:\Users\Schatz\Downloads\Addition.txt
2014-10-10 22:45 - 2014-10-12 00:03 - 00000000 ____D () C:\FRST
2014-10-10 12:59 - 2014-10-10 12:59 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-10 12:59 - 2014-10-10 12:59 - 00001117 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-10 12:59 - 2014-10-10 12:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-10 12:58 - 2014-10-10 12:58 - 35095808 _____ () C:\Users\Schatz\Downloads\Firefox_Setup_de32.0.3.exe
2014-10-10 01:49 - 2014-10-11 23:54 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-10 01:49 - 2014-10-11 11:26 - 00002141 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-10 01:49 - 2014-10-11 11:26 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-10 01:49 - 2014-10-10 01:49 - 00000000 ____D () C:\Users\Schatz\AppData\Local\Google
2014-10-10 01:49 - 2014-10-10 01:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-10 01:49 - 2014-10-10 01:49 - 00000000 ____D () C:\Program Files\Google
2014-10-10 01:48 - 2014-10-10 01:48 - 00895120 _____ (Google Inc.) C:\Users\Schatz\Downloads\ChromeSetup.exe
2014-10-06 11:31 - 2014-10-06 11:31 - 00000000 ____D () C:\Users\Schatz\AppData\Local\Adobe
2014-09-26 12:21 - 2014-10-10 22:41 - 00000000 ____D () C:\Users\Schatz\AppData\Local\CrashDumps
2014-09-25 00:22 - 2014-10-10 12:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-21 20:34 - 2014-09-04 21:14 - 00032928 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad32v.sys
2014-09-19 21:14 - 2014-09-19 21:14 - 00000000 ____D () C:\Users\Schatz\AppData\Roaming\Corel
2014-09-19 21:14 - 2014-09-19 21:14 - 00000000 ____D () C:\ProgramData\Protexis
2014-09-19 21:13 - 2014-09-19 21:13 - 00000000 ____D () C:\Users\Schatz\Documents\Corel PaintShop Pro
2014-09-19 21:13 - 2014-09-19 21:13 - 00000000 ____D () C:\Users\Schatz\AppData\Roaming\Ulead Systems
2014-09-19 21:13 - 2014-09-19 21:13 - 00000000 ____D () C:\Users\Schatz\AppData\Local\Corel PaintShop Pro
2014-09-19 21:13 - 2014-09-19 21:13 - 00000000 ____D () C:\Program Files\Common Files\Protexis
2014-09-19 21:12 - 2014-09-19 21:13 - 00000000 ____D () C:\ProgramData\Corel
2014-09-19 21:12 - 2014-09-19 21:12 - 00001076 _____ () C:\Users\Public\Desktop\Corel PaintShop Pro X7.lnk
2014-09-19 21:12 - 2014-09-19 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Pro X7
2014-09-19 21:11 - 2014-09-19 21:11 - 00000000 ____D () C:\Program Files\Corel
2014-09-19 02:50 - 2014-09-19 02:50 - 03520000 _____ () C:\Users\Schatz\Downloads\Fv2Trainer_2014.exe
2014-09-18 17:51 - 2014-09-18 17:51 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-18 17:51 - 2014-09-18 17:51 - 00001136 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-09-18 17:50 - 2014-09-18 17:50 - 06626832 _____ (TeamViewer GmbH) C:\Users\Schatz\Downloads\TeamViewer_Setup_de.exe
2014-09-18 17:50 - 2014-09-18 17:50 - 00816064 _____ ( ) C:\Users\Schatz\Downloads\TeamViewer_Setup_de_CB-DL-Manager.exe
2014-09-18 12:20 - 2014-08-29 03:19 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-09-18 12:20 - 2014-08-29 02:59 - 03117568 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-18 12:20 - 2014-08-29 01:47 - 02321920 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-18 12:20 - 2014-08-26 00:25 - 03525632 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-18 12:20 - 2014-08-16 05:16 - 18722600 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-18 12:20 - 2014-08-16 05:16 - 01205976 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-09-18 12:20 - 2014-08-16 05:08 - 00863528 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-09-18 12:20 - 2014-08-16 05:03 - 01858880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-09-18 12:20 - 2014-08-16 05:03 - 01436888 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-09-18 12:20 - 2014-08-16 05:03 - 00286528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-09-18 12:20 - 2014-08-16 02:43 - 00321024 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2014-09-18 12:20 - 2014-08-16 02:39 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2014-09-18 12:20 - 2014-08-16 02:35 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2014-09-18 12:20 - 2014-08-16 02:31 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll
2014-09-18 12:20 - 2014-08-16 02:30 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2014-09-18 12:20 - 2014-08-16 02:29 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2014-09-18 12:20 - 2014-08-16 02:23 - 00808448 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-09-18 12:20 - 2014-08-16 02:21 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll
2014-09-18 12:20 - 2014-08-16 02:19 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-18 12:20 - 2014-08-16 02:15 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-09-18 12:20 - 2014-08-16 02:14 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-09-18 12:20 - 2014-08-16 02:13 - 05902848 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-09-18 12:20 - 2014-08-16 02:13 - 00840192 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-09-18 12:20 - 2014-08-16 02:11 - 03985408 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-09-18 12:20 - 2014-08-16 02:11 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-09-18 12:20 - 2014-08-16 02:08 - 05777408 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-18 12:20 - 2014-08-16 02:07 - 00756224 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-09-18 12:20 - 2014-08-16 02:05 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-09-18 12:20 - 2014-08-01 01:23 - 00388729 _____ () C:\Windows\system32\ApnDatabase.xml
2014-09-16 19:22 - 2014-09-17 21:09 - 00000000 ____D () C:\Users\Schatz\AppData\Roaming\FileZilla
2014-09-16 19:22 - 2014-09-16 19:22 - 00001958 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-09-16 19:22 - 2014-09-16 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-09-16 19:22 - 2014-09-16 19:22 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2014-09-16 19:21 - 2014-09-16 19:21 - 06057862 _____ (Tim Kosse) C:\Users\Schatz\Downloads\FileZilla_3.9.0.5_win32-setup.exe
2014-09-16 18:13 - 2014-08-16 03:22 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-16 18:13 - 2014-08-16 03:20 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-16 18:13 - 2014-08-16 03:03 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-16 18:13 - 2014-08-16 02:53 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-16 18:13 - 2014-08-16 02:53 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-16 18:13 - 2014-08-16 02:12 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-16 18:12 - 2014-08-16 04:04 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-16 18:12 - 2014-08-16 03:45 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-16 18:12 - 2014-08-16 03:18 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-16 18:12 - 2014-08-16 03:11 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-16 18:12 - 2014-08-16 02:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-16 18:12 - 2014-08-16 02:51 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-16 18:12 - 2014-08-16 02:45 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-16 18:12 - 2014-08-16 02:44 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-16 18:12 - 2014-08-16 02:44 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-16 18:12 - 2014-08-16 02:44 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-16 18:12 - 2014-08-16 02:20 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-16 18:12 - 2014-08-16 02:14 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-16 15:32 - 2014-08-23 09:13 - 02084520 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-09-16 15:32 - 2014-08-23 07:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-09-16 15:32 - 2014-08-23 06:31 - 01038336 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-09-16 15:32 - 2014-08-23 06:20 - 11818496 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-09-16 15:32 - 2014-08-23 06:02 - 00612352 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2014-09-16 15:32 - 2014-08-15 01:35 - 00122688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2014-09-16 15:32 - 2014-07-30 03:57 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2014-09-16 15:32 - 2014-07-29 07:06 - 00163328 _____ (Microsoft Corporation) C:\Windows\system32\tcpmon.dll
2014-09-16 15:27 - 2014-09-05 04:02 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-09-16 15:27 - 2014-09-05 03:58 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-16 15:27 - 2014-09-05 02:44 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-16 15:27 - 2014-08-02 02:15 - 00976384 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-16 15:27 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-12 00:00 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sru
2014-10-11 23:52 - 2014-07-24 22:29 - 01464311 _____ () C:\Windows\WindowsUpdate.log
2014-10-11 23:13 - 2014-07-25 00:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-11 20:32 - 2014-08-26 20:38 - 00000000 ____D () C:\Users\Schatz\AppData\Roaming\vlc
2014-10-11 11:58 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-11 11:26 - 2014-08-04 21:27 - 00000000 ____D () C:\Program Files\Steam
2014-10-11 00:17 - 2014-08-09 02:28 - 00000000 ____D () C:\Users\Schatz\Desktop\Neuer Ordner
2014-10-10 23:12 - 2014-08-02 14:25 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-10 23:12 - 2013-08-22 09:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-10 23:11 - 2013-08-22 08:13 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-10 15:48 - 2014-07-24 23:26 - 00000000 ____D () C:\Users\Schatz\AppData\Roaming\Skype
2014-10-10 15:47 - 2014-03-18 01:54 - 00012292 _____ () C:\Windows\PFRO.log
2014-10-10 11:27 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-09 17:26 - 2014-08-02 23:52 - 00000000 ____D () C:\AdwCleaner
2014-10-07 21:11 - 2014-07-24 22:30 - 00000000 ____D () C:\Users\Schatz
2014-10-04 13:54 - 2014-07-24 23:39 - 00000000 ____D () C:\ProgramData\firebird
2014-09-26 11:30 - 2014-08-04 21:07 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-09-24 10:36 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\rescache
2014-09-24 10:10 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-24 10:10 - 2013-08-22 10:05 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-22 08:41 - 2014-07-25 01:11 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-21 20:36 - 2014-08-02 14:22 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-09-21 20:35 - 2013-08-22 09:23 - 00023484 _____ () C:\Windows\setupact.log
2014-09-19 21:11 - 2014-07-24 23:45 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-19 20:56 - 2013-08-22 09:22 - 00352832 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-18 18:53 - 2014-03-18 10:04 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-18 17:51 - 2014-07-24 23:33 - 00000000 ____D () C:\Program Files\TeamViewer
2014-09-18 12:28 - 2013-08-22 10:17 - 00000000 ___RD () C:\Windows\ToastData
2014-09-18 12:28 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\WinStore
2014-09-17 11:45 - 2014-09-05 18:25 - 00000000 ____D () C:\Program Files\OXXOGames
2014-09-17 04:13 - 2014-08-02 14:26 - 02193560 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap.dll
2014-09-17 04:13 - 2014-08-02 14:26 - 01291280 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge.dll
2014-09-17 04:00 - 2014-07-25 01:19 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-16 18:13 - 2014-07-25 00:26 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-16 18:13 - 2014-07-25 00:26 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-16 18:13 - 2014-07-25 00:26 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-16 18:13 - 2014-07-25 00:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-16 18:13 - 2014-07-25 00:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-16 18:13 - 2014-07-25 00:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-16 18:13 - 2014-07-25 00:26 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-16 18:13 - 2014-07-25 00:26 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-16 18:13 - 2014-05-13 23:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-16 18:12 - 2014-07-24 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-16 16:35 - 2014-07-24 22:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-16 16:14 - 2014-07-25 01:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-16 16:08 - 2014-07-25 01:16 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-16 15:22 - 2014-09-05 18:28 - 00000000 ____D () C:\Program Files\DEUTSCHLAND SPIELT
2014-09-16 15:20 - 2014-07-24 23:00 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
Some content of TEMP:
====================
C:\Users\Schatz\AppData\Local\Temp\CPUCOOL9.EXE
C:\Users\Schatz\AppData\Local\Temp\leethax extension for google chrome__3038_i1365559693_il2101897.exe
C:\Users\Schatz\AppData\Local\Temp\ose00000.exe
C:\Users\Schatz\AppData\Local\Temp\ose00001.exe
C:\Users\Schatz\AppData\Local\Temp\Quarantine.exe
C:\Users\Schatz\AppData\Local\Temp\sdan.exe
C:\Users\Schatz\AppData\Local\Temp\sdapk.exe
C:\Users\Schatz\AppData\Local\Temp\sdaspwn.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-08 11:53
==================== End Of Log ============================ --- --- ---
--- --- ---
--- --- --- | Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-10-2014
Ran by Schatz at 2014-10-12 00:03:47
Running from C:\Users\Schatz\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
8GadgetPack (HKLM\...\{DE18940E-5986-480A-8518-7327D14756D3}) (Version: 6.0.0 - Helmut Buhler)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Battlestrike: Secret Weapons (HKLM\...\Battlestrike: Secret Weapons_is1) (Version: - City Interactive)
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - )
Corel PaintShop Pro X7 (HKLM\...\_{176F50D6-6857-49CE-B731-65F757EE3F0D}) (Version: 17.0.0.199 - Corel Corporation)
Corel PaintShop Pro X7 (Version: 17.0.0.199 - Corel Corporation) Hidden
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{BF1E7B7B-8FBB-45C8-B170-214AA0F4F6AE}) (Version: - Microsoft)
Doom 3 (HKLM\...\InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}) (Version: 1.3 - Activision)
Doom 3 (Version: 1.3 - Activision) Hidden
FileZilla Client 3.9.0.5 (HKLM\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
Firebird 2.5.0.26074 (Win32) (HKLM\...\FBDBServer_2_5_is1) (Version: 2.5.0.26074 - Firebird Project)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.101 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
ICA (Version: 17.0.0.199 - Corel Corporation) Hidden
IPM_PSP_COM (Version: 17.0.0.199 - Corel Corporation) Hidden
Java 8 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
Java Auto Updater (Version: 2.8.20.26 - Oracle Corporation) Hidden
KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - )
Metro 2033 (HKLM\...\Steam App 43110) (Version: - 4A Games)
Microsoft Access MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Word MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 de) (HKLM\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSI to redistribute MS VS2005 CRT libraries (HKLM\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA GeForce Experience Service (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 2.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Update 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.25 (Version: 1.2.25 - NVIDIA Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PSPPContent (Version: 17.0.0.199 - Corel Corporation) Hidden
PSPPHelp (Version: 17.0.0.199 - Corel Corporation) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6101 - Realtek Semiconductor Corp.)
RESIDENT EVIL 5 (HKLM\...\{AC08BBA0-96B9-431A-A7D0-D8598E493775}) (Version: 1.0.0.129 - CAPCOM CO., LTD.)
SAM3 (remove only) (HKLM\...\SAM3) (Version: - )
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (Version: - Microsoft) Hidden
Setup (Version: 17.0.0.199 - Ihr Firmenname) Hidden
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Steam (HKLM\...\Steam) (Version: - Valve Corporation)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM\...\{90150000-0018-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM\...\{90150000-001B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2881083) 32-Bit Edition (HKLM\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{4FC38705-B045-4DAC-A0B0-C573D31B8CD5}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 32-Bit Edition (HKLM\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{1AB594AE-C42D-4194-931B-29AD09067631}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{1AB594AE-C42D-4194-931B-29AD09067631}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760249) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{8C07AD38-38EB-4332-BCB3-F55A77C927DF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{45B7D395-EB9B-414F-9E46-5849B42326E2}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{9BC5FF1D-9626-44D7-BC7F-EB44BD8BDB9F}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881001) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{31849233-AD8B-42D7-9AE1-74C79C8E8C03}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881009) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7A3EF4FF-A9C8-4F7E-8020-A45F7D319387}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM\...\{90150000-0090-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881039) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{1B208923-2810-414F-82CC-AFFC1B19563F}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881081) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{6171BC1B-907E-44D4-930A-4AE0D9260E65}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883036) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{B8E73381-09B1-4895-ACD0-34385B0F526D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883049) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{1C6260FD-A280-49FE-89D0-CCEC647FBD8E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM\...\{90150000-001F-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{0F5FFEB6-2F66-4592-8A34-CC85FF318951}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM\...\{90150000-001F-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{DA288EB3-648C-433C-88AC-71AEAAFAACF7}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM\...\{90150000-001F-040C-0000-0000000FF1CE}_Office15.PROPLUSR_{51865C36-97D4-4210-A33E-50BCC8CDDF72}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM\...\{90150000-001F-0410-0000-0000000FF1CE}_Office15.PROPLUSR_{D533D4E6-5056-487A-8F18-7FA51AF0E283}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 32-Bit Edition (HKLM\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{E1285C4F-1DB7-4A7F-9DEF-22068D09EBFA}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{E1285C4F-1DB7-4A7F-9DEF-22068D09EBFA}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889862) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{96AE4BBC-69CC-4004-8B53-1F40B2461755}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 32-Bit Edition (HKLM\...\{90150000-00BA-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{90EEAEDF-CD51-4E8C-B781-7A071EC53C36}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{90EEAEDF-CD51-4E8C-B781-7A071EC53C36}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM\...\{90150000-00A1-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2881011) 32-Bit Edition (HKLM\...\{90150000-001A-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{E2362D6B-C590-4698-A990-35B4A77A294D}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2881011) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{E2362D6B-C590-4698-A990-35B4A77A294D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2889847) 32-Bit Edition (HKLM\...\{90150000-0018-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{F080A0ED-070F-4E33-833F-CF893968E6A8}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2889847) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{F080A0ED-070F-4E33-833F-CF893968E6A8}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM\...\{90150000-0019-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{A7CD05CC-CA85-428C-91FD-74A908D126E1}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 32-Bit Edition (HKLM\...\{90150000-001A-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{20FF2192-E507-4B44-B861-AED6BE5E890C}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 32-Bit Edition (HKLM\...\{90150000-001B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{20FF2192-E507-4B44-B861-AED6BE5E890C}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 32-Bit Edition (HKLM\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{20FF2192-E507-4B44-B861-AED6BE5E890C}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{20FF2192-E507-4B44-B861-AED6BE5E890C}) (Version: - Microsoft)
VirtualDJ PRO Full (HKLM\...\{C515E2A3-4878-4C85-A519-52630C7AB08B}) (Version: 7.3 - Atomix Productions)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.00 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-45034832-3413565100-2441375110-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\Schatz\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.32.dll (Helmut Buhler)
==================== Restore Points =========================
21-09-2014 18:35:34 DirectX wurde installiert
01-10-2014 08:35:57 Geplanter Prüfpunkt
10-10-2014 02:04:25 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:13 - 2013-08-22 08:13 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {00BC77BF-3352-4FE8-9617-4F1B27BEC19A} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {01BCC00A-C6A8-474C-BA2D-3076F3CE544D} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {02B97B27-29F3-4F0D-B9D9-1A218C58AD6F} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {03F00483-DFF0-469F-88A0-E7C9E3D9F4A7} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {0BA19480-222B-4123-955B-8EF4402456F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-10] (Google Inc.)
Task: {133A0C59-E6E2-4BBA-B3ED-AE9EA28560A9} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {17233BE9-87E9-40B0-B003-AE9D2B92CBBE} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {247BD142-0549-4E91-84B0-172C25563718} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {2560C8D5-8DCE-497A-873E-A4476CF4F362} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-10] (Google Inc.)
Task: {26B6FA9D-FE0A-4B9F-BD36-6C7801B628C8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-09-16] (Microsoft Corporation)
Task: {28938F7E-ADDC-4D18-BA72-FC8BF488CDD6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Schwarzerengel-Schatz Schwarzerengel => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {2BE65564-89D1-4396-A5CC-D7D9283FC4A1} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {392EB017-207C-42BF-A061-F3BE721F456C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {4B7EF56A-8A42-4BD2-BB5C-7C389AC54A37} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {5700ACE8-D0AF-4BA7-98B6-1033521A877A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {6E84A59B-1863-4B21-8BD8-C9B20FD15484} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7276DEEA-6ED2-4091-AF19-079E9B8C56C7} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {7C7CF1DA-F461-4850-96B2-ADCA8A67E59C} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {8B5819AE-7B44-478B-A3D3-8846AF160A8F} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {92ED6570-4654-4BFA-9A6C-1084C6939C16} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {997C8BBD-710B-4E66-B5BC-CC09575A58D2} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {A5D45ED3-F524-4574-8F39-527F3729D1E2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {B8EA3BD3-83CD-41D7-8267-41660E8ABE4B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {C0D0F7C4-419F-41B3-90A2-FE79270B828A} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {C43A8794-EABF-4FFB-8450-83FE27A285D1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-06] (Adobe Systems Incorporated)
Task: {CF5A1DDC-D14D-4D59-AD49-A19A645B087B} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DCF55BED-B1DF-4ABF-8D85-6542C7007799} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E4C8774A-2818-45A4-8A6D-11DDF6348886} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {EF3FDFD5-69D6-4A26-A9B0-97C18B40C0E3} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {F068A084-DA40-463E-977A-34557DA70714} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-03-02] ()
Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-08-02 14:25 - 2014-07-02 21:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-09-06 18:44 - 2014-09-06 18:44 - 00035328 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00091648 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00892416 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll
2014-08-29 09:29 - 2014-08-21 20:15 - 01171456 _____ () C:\Program Files\Steam\libavcodec-56.dll
2014-08-29 09:29 - 2014-08-21 20:15 - 00332800 _____ () C:\Program Files\Steam\libavresample-2.dll
2014-08-29 09:29 - 2014-08-21 20:15 - 00442368 _____ () C:\Program Files\Steam\libavutil-54.dll
2014-08-04 21:35 - 2014-09-03 21:28 - 00774656 _____ () C:\Program Files\Steam\SDL2.dll
2014-08-04 21:35 - 2014-09-23 06:32 - 02226880 _____ () C:\Program Files\Steam\video.dll
2014-08-29 09:29 - 2014-08-21 20:15 - 00403968 _____ () C:\Program Files\Steam\libavformat-56.dll
2014-08-29 09:29 - 2014-08-21 20:15 - 00485888 _____ () C:\Program Files\Steam\libswscale-3.dll
2014-08-04 21:35 - 2014-09-23 06:32 - 00679616 _____ () C:\Program Files\Steam\bin\chromehtml.DLL
2014-08-04 21:35 - 2014-09-05 01:29 - 34589376 _____ () C:\Program Files\Steam\bin\libcef.dll
2014-10-10 12:59 - 2014-09-24 07:09 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKCU\...\StartupApproved\Run: => "Skype"
========================= Accounts: ==========================
Administrator (S-1-5-21-45034832-3413565100-2441375110-500 - Administrator - Disabled)
Gast (S-1-5-21-45034832-3413565100-2441375110-501 - Limited - Disabled)
Schatz (S-1-5-21-45034832-3413565100-2441375110-1001 - Administrator - Enabled) => C:\Users\Schatz
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/10/2014 11:14:39 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (10/10/2014 11:13:33 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (10/10/2014 11:12:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Service_KMS.exe, Version: 13.1.0.0, Zeitstempel: 0x5313ef48
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0x00000000
Fehleroffset: 0x00ca01a0
ID des fehlerhaften Prozesses: 0x53c
Startzeit der fehlerhaften Anwendung: 0xService_KMS.exe0
Pfad der fehlerhaften Anwendung: Service_KMS.exe1
Pfad des fehlerhaften Moduls: Service_KMS.exe2
Berichtskennung: Service_KMS.exe3
Vollständiger Name des fehlerhaften Pakets: Service_KMS.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Service_KMS.exe5
Error: (10/10/2014 11:11:39 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNetworkStreamService did not shut down when asked, terminating. [1008]
Error: (10/10/2014 10:50:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Skype.exe, Version 6.18.0.106 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: d94
Startzeit: 01cfe490e36c7c1d
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\Skype\Phone\Skype.exe
Berichts-ID: 1271032a-50bf-11e4-973e-1c6f65b5cc01
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (10/10/2014 10:41:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.3.5379, Zeitstempel: 0x54224e6b
Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.3.5379, Zeitstempel: 0x54221b67
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0xb4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5
Error: (10/10/2014 03:48:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Service_KMS.exe, Version: 13.1.0.0, Zeitstempel: 0x5313ef48
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0x00000000
Fehleroffset: 0x02e801a0
ID des fehlerhaften Prozesses: 0x848
Startzeit der fehlerhaften Anwendung: 0xService_KMS.exe0
Pfad der fehlerhaften Anwendung: Service_KMS.exe1
Pfad des fehlerhaften Moduls: Service_KMS.exe2
Berichtskennung: Service_KMS.exe3
Vollständiger Name des fehlerhaften Pakets: Service_KMS.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Service_KMS.exe5
Error: (10/10/2014 01:22:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.3.5379, Zeitstempel: 0x54224e6b
Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.3.5379, Zeitstempel: 0x54221b67
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1068
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5
Error: (10/10/2014 04:04:27 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (10/09/2014 05:27:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Service_KMS.exe, Version: 13.1.0.0, Zeitstempel: 0x5313ef48
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0x00000000
Fehleroffset: 0x00b701a0
ID des fehlerhaften Prozesses: 0x824
Startzeit der fehlerhaften Anwendung: 0xService_KMS.exe0
Pfad der fehlerhaften Anwendung: Service_KMS.exe1
Pfad des fehlerhaften Moduls: Service_KMS.exe2
Berichtskennung: Service_KMS.exe3
Vollständiger Name des fehlerhaften Pakets: Service_KMS.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Service_KMS.exe5
System errors:
=============
Error: (10/11/2014 11:59:02 AM) (Source: DCOM) (EventID: 10010) (User: Schwarzerengel)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (10/11/2014 11:58:32 AM) (Source: DCOM) (EventID: 10010) (User: Schwarzerengel)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (10/11/2014 03:05:00 AM) (Source: DCOM) (EventID: 10010) (User: Schwarzerengel)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (10/11/2014 03:04:30 AM) (Source: DCOM) (EventID: 10010) (User: Schwarzerengel)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (10/10/2014 11:16:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Service KMSELDI" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/10/2014 11:12:33 PM) (Source: DCOM) (EventID: 10016) (User: Schwarzerengel)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SchwarzerengelSchatzS-1-5-21-45034832-3413565100-2441375110-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (10/10/2014 11:12:33 PM) (Source: DCOM) (EventID: 10016) (User: Schwarzerengel)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SchwarzerengelSchatzS-1-5-21-45034832-3413565100-2441375110-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (10/10/2014 11:12:33 PM) (Source: DCOM) (EventID: 10016) (User: Schwarzerengel)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SchwarzerengelSchatzS-1-5-21-45034832-3413565100-2441375110-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (10/10/2014 11:12:33 PM) (Source: DCOM) (EventID: 10016) (User: Schwarzerengel)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SchwarzerengelSchatzS-1-5-21-45034832-3413565100-2441375110-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (10/10/2014 11:12:33 PM) (Source: DCOM) (EventID: 10016) (User: Schwarzerengel)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SchwarzerengelSchatzS-1-5-21-45034832-3413565100-2441375110-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Microsoft Office Sessions:
=========================
Error: (10/10/2014 11:14:39 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (10/10/2014 11:13:33 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (10/10/2014 11:12:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe13.1.0.05313ef48unknown0.0.0.0000000000000000000ca01a053c01cfe4cee1b80cceC:\Program Files\KMSpico\Service_KMS.exeunknown2962b070-50c2-11e4-973f-1c6f65b5cc01
Error: (10/10/2014 11:11:39 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNetworkStreamService did not shut down when asked, terminating. [1008]
Error: (10/10/2014 10:50:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Skype.exe6.18.0.106d9401cfe490e36c7c1d4294967295C:\Program Files\Skype\Phone\Skype.exe1271032a-50bf-11e4-973e-1c6f65b5cc01
Error: (10/10/2014 10:41:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.3.537954224e6bmozalloc.dll32.0.3.537954221b67800000030000141bb401cfe4c69ff0686aC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dllc785bfac-50bd-11e4-973e-1c6f65b5cc01
Error: (10/10/2014 03:48:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe13.1.0.05313ef48unknown0.0.0.0000000000000000002e801a084801cfe490d1802a00C:\Program Files\KMSpico\Service_KMS.exeunknown1f0a205c-5084-11e4-973e-1c6f65b5cc01
Error: (10/10/2014 01:22:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.3.537954224e6bmozalloc.dll32.0.3.537954221b67800000030000141b106801cfe47af6997f3cC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dllbd4b2229-506f-11e4-973d-1c6f65b5cc01
Error: (10/10/2014 04:04:27 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
Error: (10/09/2014 05:27:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe13.1.0.05313ef48unknown0.0.0.0000000000000000000b701a082401cfe3d5818b08d6C:\Program Files\KMSpico\Service_KMS.exeunknownc80b37ee-4fc8-11e4-973d-1c6f65b5cc01
CodeIntegrity Errors:
===================================
Date: 2014-10-11 03:05:24.968
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-10 04:27:32.184
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-10 04:27:32.184
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-10 04:27:32.168
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-10 04:27:32.168
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-10 04:27:32.168
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-10 04:27:32.153
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-10 04:27:32.153
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-10 04:27:32.153
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-10 04:27:32.137
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. |