FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
Ran by DIMA (administrator) on DIMA-PC on 25-11-2014 09:42:35
Running from C:\Users\DIMA\Desktop
Loaded Profiles: DIMA & (Available profiles: DIMA)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Users\DIMA\sJz64H\svchost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [PDF8 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Professional 8\RegistryController.exe [179600 2012-11-19] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Professional 8\pdfpro8hook.exe [1826816 2012-11-22] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKU\S-1-5-21-2717071264-1556804699-3599014186-1000\...\Run: [Google+ Auto Backup] => C:\Users\DIMA\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.)
HKU\S-1-5-21-2717071264-1556804699-3599014186-1000\...\Run: [ISUSPM Startup] => c:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-16] (InstallShield Software Corporation)
HKU\S-1-5-21-2717071264-1556804699-3599014186-1000\...\Run: [HKCU] => C:\Users\DIMA\AppData\Roaming\WindowsDDL\dlhost.exe [784290 2014-05-17] ()
HKU\S-1-5-21-2717071264-1556804699-3599014186-1000\...\RunOnce: [tKi81K] => C:\Users\DIMA\sJz64H\svchost.exe [784290 2014-05-17] ()
HKU\S-1-5-21-2717071264-1556804699-3599014186-1000\...\Policies\Explorer: [NoFolderOptions] 1
HKU\S-1-5-21-2717071264-1556804699-3599014186-1000\...\MountPoints2: {8ff8575b-03cf-11e1-b1d0-002511708c7a} - K:\AutoRun.exe --autorun
HKU\S-1-5-21-2717071264-1556804699-3599014186-1000\...\MountPoints2: {9265ba42-0fbf-11e1-8467-002511708c7a} - K:\OriginInstaller.exe
HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google+ Auto Backup] => C:\Users\DIMA\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.)
HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM Startup] => c:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-16] (InstallShield Software Corporation)
HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HKCU] => C:\Users\DIMA\AppData\Roaming\WindowsDDL\dlhost.exe [784290 2014-05-17] ()
HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [tKi81K] => C:\Users\DIMA\sJz64H\svchost.exe [784290 2014-05-17] ()
HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFolderOptions] 1
HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8ff8575b-03cf-11e1-b1d0-002511708c7a} - K:\AutoRun.exe --autorun
HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {9265ba42-0fbf-11e1-8467-002511708c7a} - K:\OriginInstaller.exe
AppInit_DLLs: C:\PROGRA~3\Prowebi\PROWEB~1.DLL => C:\PROGRA~3\Prowebi\PROWEB~1.DLL File Not Found
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => No File
BootExecute:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-2717071264-1556804699-3599014186-1000] => http=127.0.0.1:8897;https=127.0.0.1:8897
ProxyServer: [S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=127.0.0.1:8897;https=127.0.0.1:8897
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2717071264-1556804699-3599014186-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-2717071264-1556804699-3599014186-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x507C95ADDF97CC01
HKU\S-1-5-21-2717071264-1556804699-3599014186-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x507C95ADDF97CC01
HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\.DEFAULT -> {E4097784-2EB8-486D-A094-D46B608BE09F} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=668083&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2717071264-1556804699-3599014186-1000 -> {16C0C30F-669E-446F-AEAF-437B70220EDA} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=668083&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {16C0C30F-669E-446F-AEAF-437B70220EDA} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=668083&p={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
ShellExecuteHooks-x32: - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\DIMA\AppData\Roaming\Mozilla\Firefox\Profiles\qig2tcel.default
FF DefaultSearchEngine,S:
FF DefaultSearchUrl:
FF SearchEngineOrder.1:
FF SearchEngineOrder.1,S:
FF SelectedSearchEngine,S:
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=668083&p=
FF NetworkProxy: "http", "23.22.26.80"
FF NetworkProxy: "http_port", 80
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKU\S-1-5-21-2717071264-1556804699-3599014186-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Plugin HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Extension: YTNoAds - C:\Users\DIMA\AppData\Roaming\Mozilla\Firefox\Profiles\qig2tcel.default\Extensions\xjki8uxokor@yei-hwyii.com [2014-07-22]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\extensions\afproxy@anchorfree.com [2014-04-16]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-11-12]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: No Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012-04-17]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: No Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012-04-17]
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: No Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012-04-17]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-07-24]
Chrome:
=======
CHR HomePage: Default -> https://www.facebook.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.youtube.com/"
CHR Profile: C:\Users\DIMA\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\DIMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-24]
CHR Extension: (Adblock Plus) - C:\Users\DIMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-18]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\DIMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2014-03-15]
CHR Extension: (AdBlock) - C:\Users\DIMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-15]
CHR Extension: (Facebook Notifications) - C:\Users\DIMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo [2014-03-15]
CHR Extension: (Google Wallet) - C:\Users\DIMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM-x32\...\Chrome\Extension: [begbnpffhnpedhocnobliippgejhjpfp] - C:\Program Files (x86)\Cool Mirage Ltd\gophotoit\1.8.29.2\gophotoit.crx []
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\urladvisor.crx []
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\virtkbd.crx []
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\ab.crx []
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-03-25] () [File not signed]
S3 BFE; . [0 2014-11-25] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 LanmanWorkstation; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 LanmanWorkstation; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-03-12] (Nero AG)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-11-19] (Nuance Communications, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-05] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software)
S2 6ea8c3d5; "C:\Windows\system32\rundll32.exe" "c:\progra~3\prowebi\ProwebiSvc.dll",service <==== ATTENTION
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ALSysIO; No ImagePath
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-11-18] ()
R3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx64.sys [33488 2014-05-24] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-12] (DT Soft Ltd)
S3 EagleX64; No ImagePath
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2012-10-31] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-11-18] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-25] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S2 SVKP; C:\Windows\SysWOW64\SVKP.sys [2368 2014-11-19] () [File not signed]
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
S3 usbet; C:\Windows\System32\DRIVERS\ETdrv.sys [182912 2010-04-29] (Etron)
U3 DfSdkS; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-25 09:42 - 2014-11-25 09:43 - 00029264 _____ () C:\Users\DIMA\Desktop\FRST.txt
2014-11-25 09:42 - 2014-11-25 09:42 - 00000000 ____D () C:\FRST
2014-11-25 09:41 - 2014-11-25 09:41 - 02118144 _____ (Farbar) C:\Users\DIMA\Downloads\FRST64.exe
2014-11-25 09:41 - 2014-11-25 09:41 - 02118144 _____ (Farbar) C:\Users\DIMA\Desktop\FRST64.exe
2014-11-24 22:28 - 2014-11-24 22:28 - 01310488 _____ (Uniblue Systems Limited ) C:\Users\DIMA\Downloads\setup.exe
2014-11-24 22:25 - 2014-11-24 22:25 - 00000000 ____D () C:\Users\DIMA\AppData\Roaming\WindowsDDL
2014-11-24 22:20 - 2014-11-25 09:36 - 00000336 _____ () C:\Windows\setupact.log
2014-11-24 22:20 - 2014-11-24 22:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-24 18:13 - 2014-11-24 18:13 - 00001166 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-11-24 18:13 - 2014-11-24 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-11-24 18:13 - 2014-11-24 18:13 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-11-24 18:01 - 2014-11-24 18:01 - 28115400 _____ (TeamSpeak Systems GmbH) C:\Users\DIMA\Downloads\TeamSpeak3-Client-win32-3.0.16.exe
2014-11-24 17:28 - 2014-11-24 17:28 - 00000000 ___SD () C:\ComboFix
2014-11-24 17:22 - 2014-11-24 17:24 - 00000000 ____D () C:\Qoobox
2014-11-24 17:22 - 2014-11-24 17:22 - 00000000 ____D () C:\Windows\erdnt
2014-11-24 17:20 - 2014-11-24 17:20 - 05598874 _____ (Swearware) C:\Users\DIMA\Downloads\ComboFix.exe
2014-11-24 17:03 - 2014-11-24 17:03 - 02148864 _____ () C:\Users\DIMA\Desktop\adwcleaner_4.102.exe
2014-11-24 17:03 - 2014-11-24 17:03 - 00002251 _____ () C:\Users\DIMA\Desktop\Google Chrome.lnk
2014-11-24 16:24 - 2014-11-24 16:24 - 00000000 __SHD () C:\Users\DIMA\AppData\Local\EmieUserList
2014-11-24 16:24 - 2014-11-24 16:24 - 00000000 __SHD () C:\Users\DIMA\AppData\Local\EmieSiteList
2014-11-24 16:24 - 2014-11-24 16:24 - 00000000 __SHD () C:\Users\DIMA\AppData\Local\EmieBrowserModeList
2014-11-22 18:34 - 2014-11-22 19:44 - 00000000 ____D () C:\Users\DIMA\Desktop\Fabi Geburtstag
2014-11-21 00:34 - 2014-11-21 00:34 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab
2014-11-21 00:34 - 2014-11-21 00:34 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-11-21 00:10 - 2014-11-21 00:10 - 00046384 _____ () C:\Users\DIMA\Downloads\ed77f2e03747180525e87783247c4f09.dlc
2014-11-21 00:00 - 2014-11-21 00:05 - 1572864000 _____ () C:\Users\DIMA\Downloads\5412421241-ascreeduntyrelo.part05.rar
2014-11-20 23:54 - 2014-11-20 23:59 - 1572864000 _____ () C:\Users\DIMA\Downloads\5412421241-ascreeduntyrelo.part04.rar
2014-11-20 23:51 - 2014-11-20 23:56 - 1572864000 _____ () C:\Users\DIMA\Downloads\5412421241-ascreeduntyrelo.part03.rar
2014-11-20 23:42 - 2014-11-20 23:50 - 1572864000 _____ () C:\Users\DIMA\Downloads\5412421241-ascreeduntyrelo.part02.rar
2014-11-20 23:42 - 2014-11-20 23:50 - 1572864000 _____ () C:\Users\DIMA\Downloads\5412421241-ascreeduntyrelo.part01.rar
2014-11-20 23:39 - 2014-11-20 23:39 - 00002392 _____ () C:\Users\DIMA\Downloads\5fdce9ba323b882526a75b1e55eac4da.rsdf
2014-11-20 23:26 - 2014-11-20 23:26 - 00005912 _____ () C:\Users\DIMA\Downloads\5fdce9ba323b882526a75b1e55eac4da.dlc
2014-11-20 16:42 - 2014-11-20 16:42 - 00360648 _____ () C:\Users\DIMA\Downloads\MediaPlayerClassicInstaller.exe
2014-11-20 16:42 - 2014-11-20 16:42 - 00360648 _____ () C:\Users\DIMA\Downloads\MediaPlayerClassicInstaller (1).exe
2014-11-19 23:57 - 2014-11-20 00:00 - 272649583 _____ () C:\Users\DIMA\Downloads\PremiumLeech_freshme.rar
2014-11-19 16:59 - 2014-11-19 16:59 - 00000000 ____D () C:\Program Files (x86)\JoWooD
2014-11-19 12:26 - 2014-09-04 20:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-11-19 12:26 - 2014-09-04 20:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-11-19 12:23 - 2014-11-19 12:23 - 00767782 _____ () C:\Users\DIMA\Downloads\vol-gii.notr-mi.rar
2014-11-19 12:20 - 2014-11-19 12:21 - 308364224 _____ (NVIDIA Corporation) C:\Users\DIMA\Downloads\344.75-notebook-win8-win7-64bit-international-whql.exe
2014-11-19 12:17 - 2014-11-19 12:17 - 00000000 _____ () C:\Windows\zSpy.INI
2014-11-19 12:14 - 2014-11-19 12:14 - 00092970 _____ () C:\Users\DIMA\Downloads\gothic2_playerkit-2.6f.exe
2014-11-19 12:11 - 2014-11-19 12:11 - 00002368 _____ () C:\Windows\SysWOW64\SVKP.sys
2014-11-19 12:10 - 2014-11-19 12:10 - 09755449 _____ () C:\Users\DIMA\Downloads\g2addon-2_6.exe
2014-11-19 12:06 - 2014-11-19 12:06 - 03031183 _____ (${MOD_COMP}) C:\Users\DIMA\Downloads\gothic2_fix-2.6.0.0-rev2.exe
2014-11-19 11:57 - 2014-11-19 12:28 - 00000000 __SHD () C:\Users\DIMA\sJz64H
2014-11-19 11:52 - 2014-11-19 14:08 - 00000000 ____D () C:\Users\DIMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoWooD
2014-11-19 11:39 - 2014-11-19 11:40 - 00000000 ____D () C:\Users\DIMA\Desktop\Neuer Ordner
2014-11-14 15:03 - 2014-11-14 15:03 - 00001181 _____ () C:\Users\DIMA\AppData\Roaming\trace_FilterInstaller.txt
2014-11-14 15:03 - 2014-11-14 15:03 - 00000000 _____ () C:\Users\DIMA\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2014-11-14 12:12 - 2014-11-14 12:13 - 104400058 _____ () C:\Users\DIMA\Downloads\Kool_Savas_-_Maertyrer-2014-NoGroup.rar
2014-11-12 22:59 - 2014-11-12 22:59 - 08052296 _____ () C:\Users\DIMA\Downloads\HSS-3.42-install-hss-600-conduit (1).exe
2014-11-09 16:06 - 2014-11-09 16:06 - 00000000 ____D () C:\Users\DIMA\Desktop\The Binding of Isaac
2014-11-09 16:05 - 2014-11-09 16:05 - 324813198 _____ () C:\Users\DIMA\Downloads\The Binding Of Isaac Rebirth FULL GAME.rar
2014-11-07 23:09 - 2014-11-07 23:10 - 113494287 _____ () C:\Users\DIMA\Downloads\BaSa-DaLeIsSa20 [Wiredbots.net].zip
2014-10-30 21:02 - 2014-10-30 21:02 - 00000000 ____D () C:\Users\DIMA\aTubeCatcher
2014-10-30 21:01 - 2014-10-30 21:01 - 00001190 _____ () C:\Users\Public\Desktop\aTube Catcher.lnk
2014-10-30 21:01 - 2014-10-30 21:01 - 00000049 _____ () C:\Windows\SysWOW64\ScrRecX.log
2014-10-30 21:01 - 2014-10-30 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2014-10-30 21:01 - 2014-10-30 21:01 - 00000000 ____D () C:\Program Files (x86)\DsNET Corp
2014-10-30 21:01 - 2008-08-18 19:18 - 00077824 _____ (Fox Magic Software) C:\Windows\SysWOW64\fmcodec.DLL
2014-10-30 21:00 - 2014-10-30 21:00 - 17089408 _____ (DsNET Corp ) C:\Users\DIMA\Downloads\aTube_Catcher_3.8.7980 (1).exe
2014-10-30 12:48 - 2014-10-30 12:48 - 00638888 _____ (Oracle Corporation) C:\Users\DIMA\Downloads\chromeinstall-8u25 (1).exe
2014-10-30 12:42 - 2014-10-30 12:42 - 00638888 _____ (Oracle Corporation) C:\Users\DIMA\Downloads\chromeinstall-8u25.exe
2014-10-26 16:49 - 2014-10-26 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-25 09:43 - 2013-08-01 21:48 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-25 09:43 - 2009-07-14 18:58 - 00701688 _____ () C:\Windows\system32\perfh007.dat
2014-11-25 09:43 - 2009-07-14 18:58 - 00149884 _____ () C:\Windows\system32\perfc007.dat
2014-11-25 09:43 - 2009-07-14 06:13 - 01625786 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-25 09:40 - 2011-10-31 15:52 - 01373680 _____ () C:\Windows\WindowsUpdate.log
2014-11-25 09:37 - 2014-07-19 10:24 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-25 09:36 - 2014-03-15 00:14 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-25 09:36 - 2011-11-02 15:15 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-25 09:36 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-25 00:00 - 2012-04-08 09:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-24 23:59 - 2014-03-15 00:15 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-24 22:28 - 2009-07-14 05:45 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-24 22:28 - 2009-07-14 05:45 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-24 22:14 - 2014-03-12 19:31 - 00000000 ____D () C:\AdwCleaner
2014-11-24 22:07 - 2012-01-05 20:36 - 00000000 ____D () C:\Users\DIMA\AppData\Roaming\TS3Client
2014-11-24 17:30 - 2014-01-25 08:26 - 00000000 ____D () C:\Windows\Minidump
2014-11-24 17:30 - 2013-07-24 15:08 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-11-24 17:30 - 2013-07-22 21:50 - 00000000 ____D () C:\Users\DIMA\AppData\Local\CrashDumps
2014-11-24 17:30 - 2012-03-02 17:26 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-24 17:30 - 2011-11-14 19:04 - 00000000 ____D () C:\Users\DIMA\AppData\Roaming\uTorrent
2014-11-24 17:30 - 2011-10-31 16:59 - 00000000 ____D () C:\Users\DIMA\AppData\Roaming\DAEMON Tools Lite
2014-11-24 17:30 - 2011-10-31 15:21 - 00000000 ____D () C:\Windows\Panther
2014-11-24 16:54 - 2014-03-15 00:15 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-24 16:54 - 2014-03-15 00:14 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-24 16:44 - 2011-10-31 15:36 - 00000000 ____D () C:\Users\DIMA
2014-11-24 16:42 - 2014-03-15 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-24 16:42 - 2013-02-28 12:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-24 16:42 - 2012-11-12 06:34 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-24 16:42 - 2009-07-14 19:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-11-24 16:42 - 2009-07-14 18:58 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-11-24 16:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-11-24 16:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\MUI
2014-11-24 16:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-24 16:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-24 16:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-11-24 15:56 - 2012-07-27 17:49 - 00007597 _____ () C:\Users\DIMA\AppData\Local\Resmon.ResmonCfg
2014-11-23 23:46 - 2013-12-08 13:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-22 21:29 - 2011-10-31 17:25 - 00000000 ____D () C:\Users\DIMA\AppData\Local\Paint.NET
2014-11-22 19:08 - 2011-10-31 16:10 - 00000000 ____D () C:\Users\DIMA\Desktop\Bilder
2014-11-21 10:59 - 2014-07-03 17:20 - 00000000 ____D () C:\Users\DIMA\Desktop\Favorite
2014-11-21 00:41 - 2012-07-29 11:10 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2
2014-11-20 23:40 - 2011-11-11 17:22 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-11-20 00:00 - 2012-10-26 15:47 - 00000000 ____D () C:\Users\DIMA\Desktop\Musik
2014-11-19 23:58 - 2012-12-26 19:50 - 00000000 ____D () C:\Users\DIMA\Desktop\Fav
2014-11-19 14:14 - 2011-11-11 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD
2014-11-19 12:28 - 2011-11-02 15:14 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-11-19 12:01 - 2014-05-11 10:51 - 00000081 _____ () C:\Users\DIMA\AppData\default.pls
2014-11-19 09:16 - 2011-11-14 20:21 - 00003814 _____ () C:\Windows\System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm
2014-11-18 16:40 - 2014-05-30 12:00 - 00000000 ____D () C:\Users\DIMA\AppData\Local\Battle.net
2014-11-16 17:21 - 2011-10-31 23:15 - 00002503 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
2014-11-13 13:51 - 2014-05-20 08:11 - 00000000 ____D () C:\Program Files\CamStudio 2.7
2014-11-12 16:01 - 2012-04-08 09:30 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 16:01 - 2012-04-08 09:30 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 16:01 - 2011-10-31 16:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-09 16:06 - 2012-02-10 16:02 - 00000000 ____D () C:\Users\DIMA\AppData\Local\SKIDROW
2014-11-09 16:06 - 2011-11-20 14:13 - 00000000 ____D () C:\Users\DIMA\Documents\My Games
2014-11-05 23:54 - 2011-12-22 17:47 - 00000000 ____D () C:\Users\DIMA\AppData\Roaming\vlc
2014-10-30 12:51 - 2012-10-19 07:54 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-30 12:50 - 2014-05-07 11:06 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-30 12:50 - 2014-05-07 11:06 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-30 12:50 - 2014-05-07 11:06 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-30 12:50 - 2014-05-07 11:06 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-30 12:46 - 2013-10-28 10:54 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-30 12:46 - 2013-10-28 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-26 19:32 - 2011-10-31 16:31 - 00000000 ____D () C:\Users\DIMA\AppData\Roaming\Skype
2014-10-26 16:49 - 2011-10-31 16:31 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-26 16:49 - 2011-10-31 16:31 - 00000000 ____D () C:\ProgramData\Skype
ZeroAccess:
C:\Windows\assembly\tmp
C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
C:\Windows\assembly\tmp\ZW1C6SFO\Microsoft.SqlServer.SString.dll
C:\Windows\assembly\tmp\X7IYPAVP\microsoft.sqlserver.batchparser.dll
C:\Windows\assembly\tmp\TIS68MVX\Microsoft.DataWarehouse.Interfaces.DLL
C:\Windows\assembly\tmp\RNKGV8FO\Microsoft.SqlServer.InstApi.dll
C:\Windows\assembly\tmp\RIV9RDYZ\Microsoft.AnalysisServices.DeploymentEngine.dll
C:\Windows\assembly\tmp\RCLDA064\Microsoft.SqlServer.Replication.BusinessLogicSupport.dll
C:\Windows\assembly\tmp\R5LUP78P\Microsoft.AnalysisServices.AdomdClient.dll
C:\Windows\assembly\tmp\OCB6D0XY\Microsoft.SqlServer.ServiceBrokerEnum.dll
C:\Windows\assembly\tmp\MCW7AW3W\Microsoft.AnalysisServices.DLL
C:\Windows\assembly\tmp\KNTK6REQ\Microsoft.SqlServer.WmiEnum.dll
C:\Windows\assembly\tmp\J3YKKGGY\Microsoft.SqlServer.Rmo.dll
C:\Windows\assembly\tmp\F6HXL0MB\Microsoft.SqlServer.SmoEnum.dll
C:\Windows\assembly\tmp\F1YNN10P\Microsoft.SqlServer.Smo.dll
C:\Windows\assembly\tmp\BQNF3M5B\microsoft.sqlserver.mgdsqldumper.dll
C:\Windows\assembly\tmp\A26ZRLHL\Microsoft.SqlServer.SqlEnum.dll
C:\Windows\assembly\tmp\9RF7TR3G\Microsoft.SqlServer.SqlTDiagM.dll
C:\Windows\assembly\tmp\9CE0UJ1C\Microsoft.SqlServer.ConnectionInfo.dll
C:\Windows\assembly\tmp\5V64DCFT\MSClusterLib.dll
C:\Windows\assembly\tmp\4E812MZB\Microsoft.SqlServer.RegSvrEnum.dll
C:\Windows\assembly\tmp\1K4YGPEK\Microsoft.SqlServer.Replication.dll
ZeroAccess:
C:\Users\DIMA\AppData\Local\5418379e
C:\Users\DIMA\AppData\Local\5418379e\@
C:\Users\DIMA\AppData\Local\5418379e\loader.tlb
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-16 16:16
==================== End Of Log ============================ --- --- ---
Addition Logfile: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 01
Ran by DIMA at 2014-11-25 09:44:21
Running from C:\Users\DIMA\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.0.0 - )
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
AION Free-To-Play (x32 Version: 2.70.0000 - Gameforge) Hidden
applicationupdater (HKU\S-1-5-21-2717071264-1556804699-3599014186-1000\...\SOE-C:/Users/DIMA/AppData/Local/Sony Online Entertainment/ApplicationUpdater) (Version: - Sony Online Entertainment)
applicationupdater (HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SOE-C:/Users/DIMA/AppData/Local/Sony Online Entertainment/ApplicationUpdater) (Version: - Sony Online Entertainment)
Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive)
aTube Catcher Version 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
Belkin Connect Wireless USB Adapter (HKLM-x32\...\InstallShield_{08B73C99-D071-488F-8861-5DDA897C510D}) (Version: 1.0.0.3 - Belkin)
Belkin Connect Wireless USB Adapter (x32 Version: 1.0.0.3 - Belkin) Hidden
Bewerbungsfoto-/Passbild-Generator v3.5b (HKLM-x32\...\Passbild-Generator_is1) (Version: - )
Call of Duty Black Ops (HKLM-x32\...\Call of Duty Black Ops_is1) (Version: 1.0 - Activision Blizzard)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
Camtasia Studio 8 (HKLM-x32\...\{19F81C0C-D0DB-453D-9C1C-AD26C4140E7E}) (Version: 8.4.0.1691 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - )
DriverAgent by eSupport.com (HKLM\...\DriverAgent.exe) (Version: - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Free YouTube Download version 3.2.13.925 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.13.925 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.11.37.1212 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.37.1212 - DVDVideoSoft Ltd.)
Ghost Recon Online (EU) (HKU\S-1-5-21-2717071264-1556804699-3599014186-1000\...\d8be6c3f847d7d92) (Version: 1.34.7344.1 - Ubisoft)
Ghost Recon Online (EU) (HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\d8be6c3f847d7d92) (Version: 1.34.7344.1 - Ubisoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader 2 (HKLM-x32\...\0630-0716-3135-7887) (Version: 2 - AppWork GmbH)
Kaspersky Internet Security 2012 (HKLM-x32\...\InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}) (Version: 12.0.0.374 - Kaspersky Lab)
Kaspersky Internet Security 2012 (x32 Version: 12.0.0.374 - Kaspersky Lab) Hidden
League of Legends (HKLM-x32\...\{918A9082-6287-4D25-9002-5E5D5E4971CB}) (Version: 1.02.0000 - Riot Games)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 1.0.0.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{86177DAE-38B1-49DD-912E-35CB703AB779}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MinecraftAlpha (HKLM-x32\...\MinecraftAlpha) (Version: - )
Mozilla Firefox 13.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 13.0.1 (x86 de)) (Version: 13.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 13.0.1 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
Nero 7 Premium (HKLM-x32\...\{43FFE159-3199-4188-A1CD-629166AD1031}) (Version: 7.02.6445 - Nero AG)
Nuance PDF Converter Enterprise 8 (HKLM\...\{CCBC433F-343E-402A-9FB0-721218C52127}) (Version: 8.10.7268 - Nuance Communications, Inc.)
NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9713 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7325.0 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
OXPDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.1.0 - TaoRuan)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.42.0 - Razer Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.45 - Piriform)
Reus (HKLM-x32\...\GOGPACKREUS_is1) (Version: 2.0.0.10 - GOG.com)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Safari (HKLM-x32\...\{5E453519-60F6-4A4D-A0BF-16663F9B3536}) (Version: 5.34.51.22 - Apple Inc.)
Saints Row IV (HKLM-x32\...\U2FpbnRzUm93SVY=_is1) (Version: 1 - )
Scansoft PDF Professional (x32 Version: - ) Hidden
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
SIW version 2011.10.29 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions)
Six Updater (HKLM-x32\...\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}) (Version: 2.09.7016 - Six Projects)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Terraria v1.2.0.2 cracked-KEBAB (HKLM-x32\...\{A1264D7F-CEF6-4033-8F9D-3E27392E3627}) (Version: 1.2.0.2 - KEBAB)
Trials Evolution Gold Edition (HKLM-x32\...\InstallShield_{07D857B8-C956-401D-BC8F-EDA8459AF037}) (Version: 1.0.0.3 - Ubisoft)
Trials Evolution Gold Edition (x32 Version: 1.0.0.3 - Ubisoft) Hidden
TubeBox (HKLM-x32\...\{c5b74464-3a04-417c-9eee-d0dc7d6af196}) (Version: 4.1.0.0 - Freetec)
TubeBox (x32 Version: 4.1.0.0 - Freetec) Hidden
TuneUp Utilities 2013 (HKLM-x32\...\TuneUp Utilities 2013) (Version: 13.0.3020.2 - TuneUp Software)
TuneUp Utilities 2013 (x32 Version: 13.0.3020.2 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.2030.5 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3020.2 - TuneUp Software) Hidden
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 10.0 (64-bit) (HKLM\...\{7B8F9BF0-A1D5-11E0-B4E5-0013D3D69929}) (Version: 10.0.738 - Sony)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
WebCam (HKLM-x32\...\{ED1674F5-5165-49BF-B546-AE5343111540}) (Version: 5.1.0.0 - ETRON)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
19-11-2014 13:07:35 Revo Uninstaller's restore point - Gothic II
23-11-2014 22:21:27 Windows Update
24-11-2014 14:57:20 Revo Uninstaller's restore point - System Requirements Lab CYRI
24-11-2014 15:23:07 Revo Uninstaller's restore point - Google Chrome
24-11-2014 15:34:27 Wiederherstellungsvorgang
24-11-2014 17:08:36 Revo Uninstaller's restore point - TeamSpeak 3 Client
24-11-2014 21:51:08 Revo Uninstaller's restore point - System Requirements Lab CYRI
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 __RAH C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {332ACFAF-111D-4AA4-B8CA-83B1DB2F00DF} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2013-01-28] (TuneUp Software)
Task: {3AE92997-CFD2-4DDE-9DB0-FD6BE4072545} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {5852D241-1FE8-4870-B8D9-9BF0DA9D0847} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {634C1BED-8943-4486-A4ED-98716540E4D1} - System32\Tasks\DivX-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2014-01-10] ()
Task: {7156F30C-2A86-4876-B122-CEA6E0EB5E3B} - System32\Tasks\InstallShield Software-Aktualisierungsdienst => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16] (InstallShield Software Corporation)
Task: {7BF0D218-1D9E-48FD-890A-1EFFF9A4C072} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-15] (Google Inc.)
Task: {A1C1EED0-8FCC-41E6-BAF3-E6ED8428C1AA} - System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm => c:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [2004-06-16] (InstallShield Software Corporation)
Task: {C113B528-3227-48DD-BBB6-CA95EF16D5A5} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {CA40B92F-5882-46A8-AAA1-4DDED46E9120} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-15] (Google Inc.)
Task: {DE2586A6-EB76-4DCC-8D38-B3C07BF0CF79} - System32\Tasks\Game_Booster_Startup => C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe
Task: {E7B8B663-6656-4AB7-A5F1-3B21DB9F9945} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {FF5B47EF-8858-48B1-A7F8-6CB3CA24CAEE} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
Task: {FF775C4A-B79F-4CB1-9A48-D3239C484780} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-11-10 11:33 - 2014-05-20 02:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-30 16:34 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2011-10-31 15:47 - 2010-03-15 11:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2014-11-19 11:57 - 2014-05-17 19:30 - 00784290 _____ () C:\Users\DIMA\sJz64H\svchost.exe
2013-12-02 17:26 - 2013-12-05 10:27 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-11-10 12:10 - 2010-01-21 01:53 - 00496232 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2012-11-10 12:10 - 2010-01-21 01:52 - 00076392 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2012-11-10 12:10 - 2010-01-21 01:53 - 00731752 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2012-11-10 12:10 - 2010-01-21 01:53 - 00209000 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:7C784982
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk => C:\Windows\pss\LOLRecorder.lnk.CommonStartup
MSCONFIG\startupreg: HKCU => C:\Users\DIMA\AppData\Roaming\WindowsDDL\dlhost.exe
MSCONFIG\startupreg: InboxMonitor => "C:\Program Files (x86)\Nuance\PDF Professional 8\InboxMonitor.exe" /run
========================= Accounts: ==========================
Administrator (S-1-5-21-2717071264-1556804699-3599014186-500 - Administrator - Disabled)
DIMA (S-1-5-21-2717071264-1556804699-3599014186-1000 - Administrator - Enabled) => C:\Users\DIMA
Gast (S-1-5-21-2717071264-1556804699-3599014186-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2717071264-1556804699-3599014186-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Microsoft-ISATAP-Adapter
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft-ISATAP-Adapter #2
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/24/2014 10:04:48 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/24/2014 10:04:48 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/24/2014 10:04:48 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/24/2014 10:04:48 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Error: (11/24/2014 10:04:48 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/24/2014 10:04:48 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (11/24/2014 10:04:48 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/24/2014 10:04:48 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/24/2014 10:04:48 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.
Details:
0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800))
Error: (11/24/2014 10:04:48 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (2724) Windows: Fehler -1811 beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00278.log.
System errors:
=============
Error: (11/25/2014 09:36:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "MBAMWebAccessControl" ist vom Dienst "BFE" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%5
Error: (11/25/2014 09:36:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "BFE" wurde aufgrund folgenden Fehlers nicht gestartet:
%%5
Error: (11/25/2014 09:36:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "MBAMWebAccessControl" ist vom Dienst "BFE" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%5
Error: (11/25/2014 09:36:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "BFE" wurde aufgrund folgenden Fehlers nicht gestartet:
%%5
Error: (11/25/2014 09:36:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (11/25/2014 09:36:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SVKP" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/25/2014 09:36:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Kaspersky Anti-Virus Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (11/25/2014 09:36:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Kaspersky Anti-Virus Service erreicht.
Error: (11/25/2014 09:36:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Prowebi erreicht.
Error: (11/25/2014 09:36:08 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%2
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2012-08-11 12:09:47.288
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\DIMA\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-08-11 12:09:46.810
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\DIMA\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-08-11 12:09:46.075
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-08-11 12:09:45.539
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-11-18 06:26:51.214
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-11-18 06:26:51.042
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-11-18 06:26:50.840
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-11-18 06:26:50.652
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-11-17 13:20:38.585
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-11-17 13:20:38.395
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: AMD Phenom(tm) 9600 Quad-Core Processor
Percentage of memory in use: 40%
Total physical RAM: 4095.24 MB
Available physical RAM: 2429.87 MB
Total Pagefile: 10235.42 MB
Available Pagefile: 8332.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:270.44 GB) (Free:65.03 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Games) (Fixed) (Total:97.63 GB) (Free:60.45 GB) NTFS
Drive e: (Games) (Fixed) (Total:97.69 GB) (Free:71.13 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 509F509F)
Partition 1: (Active) - (Size=270.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.3 GB) - (Type=OF Extended)
==================== End Of Log ============================ Malwarebytes Logs vom 24.11
Ich glaube mal das das die Logs sind ich kenn mich da nicht so aus Code:
<?xml version="1.0" encoding="UTF-16"?>
-<mbam-log>
-<header>
<date>2014/11/24 15:58:27 +0100</date>
<logfile>mbam-log-2014-11-24 (15-58-26).xml</logfile>
<isadmin>yes</isadmin>
</header>
-<engine>
<version>2.00.3.1025</version>
<malware-database>v2014.11.24.05</malware-database>
<rootkit-database>v2014.11.22.01</rootkit-database>
<license>premium</license>
<file-protection>enabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
-<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>DIMA</username>
<filesys>NTFS</filesys>
</system>
-<summary>
<type>threat</type>
<result>completed</result>
<objects>374167</objects>
<time>1127</time>
<processes>0</processes>
<modules>0</modules>
<keys>2</keys>
<values>2</values>
<datas>0</datas>
<folders>0</folders>
<files>2</files>
<sectors>0</sectors>
</summary>
-<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>warn</pup>
<pum>enabled</pum>
</options>
-<items>
-<key>
<path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5460C4DF-B266-909E-CB58-E32B79832EB2}</path>
<vendor>Backdoor.Agent</vendor>
<action>success</action>
<hash>474ed966631960d6222b855537cbeb15</hash>
</key>
-<key>
<path>HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5460C4DF-B266-909E-CB58-E32B79832EB2}</path>
<vendor>Backdoor.Agent</vendor>
<action>success</action>
<hash>474ed966631960d6222b855537cbeb15</hash>
</key>
-<value>
<path>HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path>
<valuename>HKCU</valuename>
<vendor>Backdoor.Agent</vendor>
<action>success</action>
<valuedata>C:\Users\DIMA\AppData\Roaming\WindowsDDL\dlhost.exe</valuedata>
<hash>474ed966631960d6222b855537cbeb15</hash>
</value>
-<value>
<path>HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER</path>
<valuename>NoFolderOptions</valuename>
<vendor>Hijack.FolderOptions</vendor>
<action>success</action>
<valuedata>1</valuedata>
<hash>296c4bf485f7b58104f116d48c77fc04</hash>
</value>
-<file>
<path>C:\Users\DIMA\AppData\Roaming\WindowsDDL\dlhost.exe</path>
<vendor>Backdoor.Agent</vendor>
<action>success</action>
<hash>474ed966631960d6222b855537cbeb15</hash>
</file>
-<file>
<path>C:\Windows\SysWOW64\SVKP.sys</path>
<vendor>Trojan.Agent</vendor>
<action>success</action>
<hash>e0b562dda0dcee483afdae8e679dff01</hash>
</file>
</items>
</mbam-log> Code:
<?xml version="1.0" encoding="UTF-16"?>
-<mbam-log>
-<header>
<date>2014/11/24 22:58:00 +0100</date>
<logfile>mbam-log-2014-11-24 (22-57-59).xml</logfile>
<isadmin>yes</isadmin>
</header>
-<engine>
<version>2.00.3.1025</version>
<malware-database>v2014.11.24.08</malware-database>
<rootkit-database>v2014.11.22.01</rootkit-database>
<license>premium</license>
<file-protection>enabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
-<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>DIMA</username>
<filesys>NTFS</filesys>
</system>
-<summary>
<type>threat</type>
<result>completed</result>
<objects>370807</objects>
<time>1146</time>
<processes>0</processes>
<modules>0</modules>
<keys>2</keys>
<values>2</values>
<datas>0</datas>
<folders>0</folders>
<files>2</files>
<sectors>0</sectors>
</summary>
-<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>warn</pup>
<pum>enabled</pum>
</options>
-<items>
-<key>
<path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5460C4DF-B266-909E-CB58-E32B79832EB2}</path>
<vendor>Backdoor.Agent</vendor>
<action>none</action>
<hash>3d5b7ac5f28aa78f8059c31762a0cf31</hash>
</key>
-<key>
<path>HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5460C4DF-B266-909E-CB58-E32B79832EB2}</path>
<vendor>Backdoor.Agent</vendor>
<action>none</action>
<hash>3d5b7ac5f28aa78f8059c31762a0cf31</hash>
</key>
-<value>
<path>HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path>
<valuename>HKCU</valuename>
<vendor>Backdoor.Agent</vendor>
<action>none</action>
<valuedata>C:\Users\DIMA\AppData\Roaming\WindowsDDL\dlhost.exe</valuedata>
<hash>3d5b7ac5f28aa78f8059c31762a0cf31</hash>
</value>
-<value>
<path>HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER</path>
<valuename>NoFolderOptions</valuename>
<vendor>Hijack.FolderOptions</vendor>
<action>none</action>
<valuedata>1</valuedata>
<hash>64347bc49ae283b3d7e540ab5ba860a0</hash>
</value>
-<file>
<path>C:\Users\DIMA\AppData\Roaming\WindowsDDL\dlhost.exe</path>
<vendor>Backdoor.Agent</vendor>
<action>none</action>
<hash>3d5b7ac5f28aa78f8059c31762a0cf31</hash>
</file>
-<file>
<path>C:\Windows\SysWOW64\SVKP.sys</path>
<vendor>Trojan.Agent</vendor>
<action>none</action>
<hash>435508379ddf7eb88678211b2cd8fa06</hash>
</file>
</items>
</mbam-log> |