Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to access jarfile when I start my PC


  • This topic is locked This topic is locked
20 replies to this topic

#1 poliborti

poliborti

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 14 January 2015 - 12:08 PM

Hi, English is not my native language but I try my best!

Yeah I've seen that problem already in here, but these solutions doesn't help me at all.

Ive tried to uninstall all java files but it doesnt help too.

 

Any solutions?



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,011 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:14 AM

Posted 14 January 2015 - 03:14 PM

Hey, :)

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 poliborti

poliborti
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 15 January 2015 - 10:28 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015
Ran by Lucas (administrator) on LUCAS-PC on 15-01-2015 16:24:51
Running from C:\Users\Lucas\Desktop
Loaded Profiles: Lucas (Available profiles: Lucas & Zweiter Versuch)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) D:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) D:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) D:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() D:\Program Files (x86)\puush\puush.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Adobe Systems Incorporated) D:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() D:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(BlueStack Systems, Inc.) D:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(SEIKO EPSON CORPORATION) D:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(FileZilla Project) D:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(BlueStack Systems, Inc.) D:\Program Files (x86)\BlueStacks\HD-Service.exe
(Microsoft Corp.) D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) D:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) D:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(BlueStack Systems) D:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) D:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) D:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Adobe Systems Incorporated) D:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) D:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) D:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(MPC-HC Team) E:\Driver_and_tools\MPC-HC.1.7.5.x64\MPC-HC.1.7.5.x64\mpc-hc64.exe
(BlueStack Systems, Inc.) D:\Program Files (x86)\BlueStacks\HD-Frontend.exe
(BlueStack Systems, Inc.) D:\Program Files (x86)\BlueStacks\HD-Agent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM\...\Run: [AdobeAAMUpdater-1.0] => D:\ProgramFiles (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => D:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-31] (AVAST Software)
HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe
HKLM-x32\...\Run: [Avira Systray] => D:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe Creative Cloud] => D:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-616130686-3194881943-3060448193-1000\...\Run: [puush] => D:\Program Files (x86)\puush\puush.exe [567880 2014-06-14] ()
HKU\S-1-5-21-616130686-3194881943-3060448193-1000\...\Run: [Server] => D:\Program Files (x86)\Java\jre1.8.0_25\bin\javaw.exe -jar "
HKU\S-1-5-21-616130686-3194881943-3060448193-1000\...\MountPoints2: {07ac404d-e8e9-11e3-9b55-806e6f6e6963} - F:\Setup.EXE
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => D:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => D:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => D:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-616130686-3194881943-3060448193-1000] => 93.115.8.229:8089
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-616130686-3194881943-3060448193-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - D:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> D:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\l0v1z4ra.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> d:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> D:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> D:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> D:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> d:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Lucas\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> D:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> D:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: adobe.com/AdobeAAMDetect -> D:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: Avira Browser Safety - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\l0v1z4ra.default\Extensions\abs@avira.com [2014-12-21]
FF Extension: Security Protection - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\l0v1z4ra.default\Extensions\detgdp@gmail.com [2014-12-17]
FF Extension: Adblock Plus - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\l0v1z4ra.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-17]
FF HKLM-x32\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\l0v1z4ra.default\extensions\detgdp@gmail.com
FF HKU\S-1-5-21-616130686-3194881943-3060448193-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - D:\ProgramFiles (x86)\Common Files\DVDVideoSoft\plugins\ff

Chrome:
=======
CHR Profile: C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-21]
CHR Extension: (Google Drive) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-21]
CHR Extension: (YouTube) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-21]
CHR Extension: (Google-Suche) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-21]
CHR Extension: (Google Wallet) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-21]
CHR Extension: (Google Mail) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-21]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device; D:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [60744 2014-10-07] (Apple Inc.)
R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-31] (AVAST Software)
R2 Avira.OE.ServiceHost; D:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 Bonjour Service; D:\Program Files\Bonjour\mDNSResponder.exe [462184 2011-08-30] (Apple Inc.)
R2 BstHdAndroidSvc; D:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; D:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; D:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
R2 EPSON_PM_RPCV4_05; D:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [136576 2011-04-24] (SEIKO EPSON CORPORATION)
R2 FileZilla Server; D:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [627712 2014-04-08] (FileZilla Project) [File not signed]
S3 ICCS; D:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)
S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-12] (Intel Corporation)
S3 iPod Service; D:\Program Files\iPod\bin\iPodService.exe [643880 2014-10-15] (Apple Inc.)
S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [315496 2014-12-11] (Skype Technologies)
S3 Steam Client Service; D:\ProgramFiles (x86)\Common Files\Steam\SteamService.exe [833728 2014-09-23] (Valve Corporation)
R2 Stereo Service; D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [411936 2014-07-02] (NVIDIA Corporation)
R2 VMAuthdService; D:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [86744 2014-06-12] (VMware, Inc.)
R2 VMUSBArbService; D:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [906432 2014-02-27] (VMware, Inc.)
S2 VMwareHostd; D:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14407384 2014-06-12] ()
R2 wlidsvc; D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292480 2012-07-17] (Microsoft Corp.)
S4 gupdate; "D:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "D:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 Update Deal Keeper; "D:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe" [X]
S4 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AIDA64Driver; E:\Driver_and_tools\aida64extreme450\kerneld.x64 [34136 2014-05-27] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-31] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-31] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; D:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-10-28] (Intel Corporation)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [3729920 2014-03-07] (Intel Corporation) [File not signed]
U5 UnlockerDriver5; D:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 16:24 - 2015-01-15 16:25 - 00017418 _____ () C:\Users\Lucas\Desktop\FRST.txt
2015-01-15 16:24 - 2015-01-15 16:24 - 02125312 _____ (Farbar) C:\Users\Lucas\Desktop\FRST64.exe
2015-01-15 16:24 - 2015-01-15 16:24 - 00000000 ____D () C:\FRST
2015-01-12 19:12 - 2015-01-12 19:12 - 00001535 _____ () C:\Users\Lucas\Desktop\Photoshop.lnk
2015-01-12 18:54 - 2015-01-12 18:54 - 00000903 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2015-01-12 18:53 - 2015-01-12 19:02 - 00000000 ____D () D:\Program Files\Adobe
2015-01-12 18:52 - 2015-01-12 19:03 - 00000000 ____D () D:\Program Files\Common Files\Adobe
2015-01-12 17:45 - 2015-01-12 18:52 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-12 17:45 - 2015-01-12 17:45 - 00001148 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-01-12 17:45 - 2015-01-12 17:45 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-01-12 17:42 - 2015-01-12 19:02 - 00000000 ____D () D:\Program Files (x86)\Adobe
2015-01-11 14:45 - 2015-01-11 14:45 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-10 23:42 - 2015-01-10 23:42 - 00000000 ____D () D:\Program Files (x86)\PingPlotter Standard
2015-01-10 23:42 - 2015-01-10 23:42 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\PingPlotter
2015-01-10 23:42 - 2015-01-10 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PingPlotter Standard
2015-01-10 23:42 - 2015-01-09 11:42 - 00000044 ____H () D:\Program Files (x86)\78a7a1e4.tmp
2015-01-10 23:41 - 2015-01-10 23:41 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Downloaded Installations
2015-01-03 02:13 - 2015-01-13 00:15 - 00000000 ____D () C:\Users\Lucas\Desktop\coc pics
2015-01-03 00:46 - 2015-01-07 23:44 - 00011830 _____ () C:\Users\Lucas\Desktop\coc copy paste.odt
2014-12-28 22:33 - 2014-12-28 22:33 - 00001698 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-12-28 22:33 - 2014-12-28 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-28 22:32 - 2014-12-28 22:33 - 00000000 ____D () D:\Program Files\iTunes
2014-12-28 22:32 - 2014-12-28 22:33 - 00000000 ____D () D:\Program Files (x86)\iTunes
2014-12-28 22:32 - 2014-12-28 22:33 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-28 22:32 - 2014-12-28 22:32 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-12-28 22:32 - 2014-12-28 22:32 - 00000000 ____D () D:\Program Files\iPod
2014-12-28 22:32 - 2014-12-28 22:32 - 00000000 ____D () D:\Program Files\Common Files\Apple
2014-12-28 22:32 - 2014-12-28 22:32 - 00000000 ____D () D:\Program Files\Bonjour
2014-12-28 22:32 - 2014-12-28 22:32 - 00000000 ____D () D:\Program Files (x86)\Bonjour
2014-12-28 22:32 - 2014-12-28 22:32 - 00000000 ____D () D:\Program Files (x86)\Apple Software Update
2014-12-28 21:01 - 2014-12-28 21:03 - 122418480 _____ (Apple Inc.) C:\Users\Lucas\Desktop\iTunes64Setup.exe
2014-12-25 22:25 - 2014-12-25 22:25 - 09241788 _____ () C:\Users\Lucas\Documents\clip0005.avi
2014-12-23 00:52 - 2014-12-23 00:52 - 00000000 ____D () D:\Program Files\Microsoft Silverlight
2014-12-23 00:52 - 2014-12-23 00:52 - 00000000 ____D () D:\Program Files (x86)\Microsoft Silverlight
2014-12-23 00:52 - 2014-12-23 00:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-21 14:55 - 2014-12-21 15:08 - 00000000 ____D () C:\AdwCleaner
2014-12-21 14:42 - 2014-12-21 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-21 14:38 - 2014-12-21 14:37 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-12-21 14:37 - 2014-12-21 14:42 - 00001016 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-21 14:37 - 2014-12-21 14:37 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Avira
2014-12-21 14:36 - 2014-12-21 14:36 - 00001947 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-12-21 14:35 - 2014-12-21 14:42 - 00000000 ____D () D:\Program Files (x86)\Avira
2014-12-21 14:35 - 2014-12-21 14:37 - 00000000 ____D () C:\ProgramData\Avira
2014-12-21 14:35 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-12-21 14:35 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-12-21 14:35 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-12-17 13:14 - 2014-12-21 15:08 - 00000944 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-17 13:14 - 2014-12-17 13:14 - 00000000 ____D () D:\Program Files (x86)\Mozilla Maintenance Service
2014-12-17 13:09 - 2014-12-17 13:20 - 00000000 ____D () C:\Users\Lucas\Desktop\jd7ogdx8.default-1418817237702
2014-12-17 12:58 - 2014-12-17 12:58 - 00000000 ____D () C:\ProgramData\Mozilla
2014-12-17 12:54 - 2014-12-17 12:54 - 00000000 ____D () C:\Users\Lucas\Desktop\Alte Firefox-Daten

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 16:23 - 2014-09-04 11:43 - 00000000 ____D () C:\Users\Lucas\AppData\Local\Adobe
2015-01-15 16:22 - 2014-07-19 20:50 - 00000000 ____D () C:\ProgramData\VMware
2015-01-15 16:22 - 2014-06-21 23:39 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-15 16:22 - 2014-05-31 19:04 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-15 16:22 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 16:21 - 2014-07-04 16:41 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-15 16:21 - 2014-05-31 19:48 - 00029147 _____ () C:\Windows\setupact.log
2015-01-14 22:43 - 2014-05-31 20:46 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Skype
2015-01-14 22:43 - 2014-05-31 15:00 - 01553771 _____ () C:\Windows\WindowsUpdate.log
2015-01-14 21:50 - 2014-06-21 23:39 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-14 18:00 - 2009-07-14 05:45 - 00032704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-14 18:00 - 2009-07-14 05:45 - 00032704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-14 17:58 - 2011-04-12 08:43 - 00701372 _____ () C:\Windows\system32\perfh007.dat
2015-01-14 17:58 - 2011-04-12 08:43 - 00150038 _____ () C:\Windows\system32\perfc007.dat
2015-01-14 17:58 - 2009-07-14 06:13 - 01626502 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-13 07:27 - 2009-07-14 05:45 - 00288384 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-12 23:17 - 2014-10-22 21:32 - 00000000 ____D () D:\Program Files (x86)\Movies
2015-01-12 22:09 - 2014-05-31 15:05 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\TeamViewer
2015-01-12 21:17 - 2014-05-31 19:04 - 00065200 _____ () C:\Users\Lucas\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-12 21:00 - 2014-05-31 20:04 - 00000000 ____D () C:\Users\Lucas\Desktop\Brauch isch net
2015-01-12 19:13 - 2014-05-31 19:44 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Adobe
2015-01-12 17:54 - 2014-05-31 14:59 - 00000000 ____D () C:\Users\Lucas
2015-01-11 22:20 - 2014-12-03 22:17 - 00001051 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-01-11 14:47 - 2014-07-28 19:24 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-11 14:45 - 2014-08-17 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-10 23:42 - 2014-06-27 11:00 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2015-01-05 21:35 - 2014-05-31 19:10 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-05 21:35 - 2014-05-31 19:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-04 02:39 - 2014-09-07 01:39 - 00000000 ____D () D:\Program Files (x86)\Steam
2015-01-01 23:56 - 2014-09-27 20:49 - 00000000 ___RD () D:\Program Files (x86)\Skype
2015-01-01 23:56 - 2014-05-31 20:46 - 00000000 ____D () C:\ProgramData\Skype
2014-12-28 22:32 - 2014-07-06 14:10 - 00000000 ____D () C:\ProgramData\Apple
2014-12-26 17:59 - 2014-08-22 15:23 - 00001199 _____ () C:\Users\Public\Desktop\paint.net.lnk
2014-12-26 17:59 - 2014-05-31 19:46 - 00000896 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-12-25 13:39 - 2014-06-01 17:35 - 00000000 ____D () C:\Users\Lucas\AppData\Local\Battle.net
2014-12-25 13:36 - 2014-06-01 17:35 - 00000000 ____D () D:\Program Files (x86)\Battle.net
2014-12-24 16:19 - 2014-08-26 13:35 - 00000000 ____D () C:\Windows\pss
2014-12-21 15:09 - 2010-11-21 04:47 - 00218344 _____ () C:\Windows\PFRO.log
2014-12-21 15:08 - 2014-06-21 23:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-21 15:08 - 2014-05-31 16:03 - 00000944 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-21 15:08 - 2014-05-31 14:59 - 00001025 _____ () C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-21 15:08 - 2014-05-31 14:59 - 00000989 _____ () C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-12-21 14:42 - 2014-05-31 18:09 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-17 13:20 - 2014-12-09 18:10 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2
2014-12-17 13:20 - 2014-07-06 17:58 - 00000000 ____D () C:\Users\Zweiter Versuch
2014-12-17 13:20 - 2014-07-06 14:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-12-17 13:20 - 2014-06-14 22:26 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\puush
2014-12-17 13:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-12-17 13:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-17 13:15 - 2014-05-31 16:03 - 00000000 ____D () D:\Program Files (x86)\Mozilla Firefox
2014-12-17 12:58 - 2014-12-11 21:56 - 00000000 ____D () D:\Program Files (x86)\LOLReplay

Some content of TEMP:
====================
C:\Users\Lucas\AppData\Local\Temp\avgnt.exe
C:\Users\Lucas\AppData\Local\Temp\Quarantine.exe
C:\Users\Lucas\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 19:42

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015
Ran by Lucas at 2015-01-15 16:25:40
Running from C:\Users\Lucas\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Andy OS (HKLM-x32\...\Andy OS) (Version: 0.41 - Andy OS, Inc)
Any Audio Converter 4.0.1 (HKLM-x32\...\Any Audio Converter_is1) (Version:  - Any-Audio-Converter.com)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
AVS Video Converter 8.5 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.5.1.551 - Online Media Technologies Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Belkin Basic Wireless USB Adapter (HKLM-x32\...\{577EA8FF-7FA8-4D88-B7E2-29A437605F80}) (Version: 2.0.5.0 - Belkin International, Inc.)
Belkin F7D1101 Basic Wireless USB Adapter (HKLM-x32\...\InstallShield_{AFD89880-C544-4777-B645-FBF6D3391B11}) (Version: 1.0.0.4 - Belkin)
Belkin F7D1101 Basic Wireless USB Adapter (x32 Version: 1.0.0.4 - Belkin) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{152E0B21-19D5-4772-9EF8-8E76074B0C0A}) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
CopyTrans Control Center deinstallieren (HKU\S-1-5-21-616130686-3194881943-3060448193-1000\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-616130686-3194881943-3060448193-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Dxtory version 2.0.128 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.128 - ExKode Co. Ltd.)
EPSON BX635FWD Series Printer Uninstall (HKLM\...\EPSON BX635FWD Series) (Version:  - SEIKO EPSON Corporation)
FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.44 - FileZilla Project)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Audio Converter version 5.0.52.1122 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.52.1122 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.44.820 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.44.820 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HS800 (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006300}) (Version: 1.00.0005 - TeckNet Online Ltd.)
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.29.01 - Hyperionics Technology LLC)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 19.1 - Intel)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.9.16 - www.leaguereplays.com)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Oracle VM VirtualBox 4.3.18 (HKLM\...\{74B7E6F9-DCAC-4ADB-B2D0-EEFDD1B5AC25}) (Version: 4.3.18 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
PingPlotter Standard 3.42.3s (HKLM-x32\...\{1C1D0A2C-C8B4-4C2C-9877-884F8FC082B5}) (Version: 3.42.3.6 - Nessoft, LLC)
PowerMenu 1.51 (HKLM-x32\...\PowerMenu) (Version: 1.51 - Thong Nguyen)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.4-1.0.12889.86 - raidcall.com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Recorder (HKLM-x32\...\{73DFE8A3-C2F1-4CF8-8188-6FCB3335F1D0}) (Version: 7.3.20 - KraTronic)
Sharepod 4.0.1.1 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version:  - Macroplant LLC)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Vegas Pro 13.0 (64-bit) (HKLM\...\{386F5740-091D-11E4-B13E-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 10.0.3 - VMware, Inc)
VMware Workstation (Version: 10.0.3 - VMware, Inc.) Hidden
Window On Top version 3.8 (HKU\S-1-5-21-616130686-3194881943-3060448193-1000\...\{7F2C28D2-EE31-49A5-94F2-67285DAE372B}_is1) (Version: 3.8 - Skybn Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
XSplit Broadcaster (HKLM-x32\...\{19F00CA3-338D-497C-BA31-0507101F2BBB}) (Version: 1.3.1403.1202 - SplitmediaLabs)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-616130686-3194881943-3060448193-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-616130686-3194881943-3060448193-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-616130686-3194881943-3060448193-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-616130686-3194881943-3060448193-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-616130686-3194881943-3060448193-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-616130686-3194881943-3060448193-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-616130686-3194881943-3060448193-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-616130686-3194881943-3060448193-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-616130686-3194881943-3060448193-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-616130686-3194881943-3060448193-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

07-01-2015 16:24:46 Geplanter Prüfpunkt
10-01-2015 23:41:59 Installed PingPlotter Standard 3.42.3s
11-01-2015 14:41:11 Removed Java 8 Update 25
12-01-2015 17:43:20 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
12-01-2015 17:43:29 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
12-01-2015 17:44:06 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
12-01-2015 17:44:34 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
12-01-2015 18:52:48 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
12-01-2015 18:52:56 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {63F17DEB-33A5-43FA-AF87-43D0C48C162E} - System32\Tasks\GoogleUpdateTaskMachineUA => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {7C29FCF2-48ED-49C7-8E1E-023FEAA9B263} - System32\Tasks\GoogleUpdateTaskMachineCore => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {B3ACA517-0FDD-4486-BBFC-1B3D55C78BA3} - System32\Tasks\avast! Emergency Update => D:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-31] (AVAST Software)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-04 16:37 - 2014-07-02 19:55 - 00116568 _____ () D:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-19 15:57 - 2014-12-19 15:57 - 01039008 _____ () D:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () D:\Program Files\Unlocker\UnlockerCOM.dll
2012-01-10 13:41 - 2014-06-14 22:26 - 00567880 _____ () D:\Program Files (x86)\puush\puush.exe
2014-12-19 15:57 - 2014-12-19 15:57 - 05979808 _____ () D:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-05-01 15:02 - 2014-05-01 15:00 - 00284920 _____ () E:\Driver_and_tools\MPC-HC.1.7.5.x64\MPC-HC.1.7.5.x64\LAVFilters64\libbluray.dll
2015-01-14 21:54 - 2015-01-14 21:54 - 02909696 _____ () D:\Program Files\AVAST Software\Avast\defs\15011401\algo.dll
2015-01-15 16:22 - 2015-01-15 16:22 - 02910720 _____ () D:\Program Files\AVAST Software\Avast\defs\15011500\algo.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () D:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () D:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-31 19:04 - 2014-05-31 19:04 - 19336120 _____ () D:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-07 21:27 - 2015-01-07 21:27 - 36730032 _____ () D:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2014-06-12 17:22 - 2014-06-12 17:22 - 01261272 _____ () D:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2015-01-07 21:27 - 2015-01-07 21:27 - 00746160 _____ () D:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
2015-01-07 21:27 - 2015-01-07 21:27 - 00136368 _____ () D:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll
2014-12-17 13:14 - 2014-11-26 17:40 - 03758192 _____ () D:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-10-07 15:50 - 2014-11-25 20:55 - 00195584 _____ () D:\Program Files (x86)\BlueStacks\libEGL.dll
2014-10-07 15:50 - 2014-11-25 20:55 - 01467392 _____ () D:\Program Files (x86)\BlueStacks\libGLESv2.dll
2015-01-05 21:35 - 2015-01-05 21:35 - 16843952 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: gupdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^avsinit.vbs => C:\Windows\pss\avsinit.vbs.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk => C:\Windows\pss\LOLRecorder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Lucas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerMenu.lnk => C:\Windows\pss\PowerMenu.lnk.Startup
MSCONFIG\startupreg: avgnt => "D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: BlueStacks Agent => D:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: FileZilla Server Interface => "D:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
MSCONFIG\startupreg: iTunesHelper => "D:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NvBackend => "D:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: puush => D:\Program Files (x86)\puush\puush.exe
MSCONFIG\startupreg: RTHDVCPL => "D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: Skype => "D:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: vmware-tray.exe => "D:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-616130686-3194881943-3060448193-500 - Administrator - Disabled)
Gast (S-1-5-21-616130686-3194881943-3060448193-501 - Limited - Disabled)
Lucas (S-1-5-21-616130686-3194881943-3060448193-1000 - Administrator - Enabled) => C:\Users\Lucas
Zweiter Versuch (S-1-5-21-616130686-3194881943-3060448193-1002 - Administrator - Enabled) => C:\Users\Zweiter Versuch

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/15/2015 04:23:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (01/14/2015 08:13:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475dd5d
Name des fehlerhaften Moduls: mozalloc.dll, Version: 34.0.5.5443, Zeitstempel: 0x5475d664
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1df0
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/14/2015 05:53:54 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (01/13/2015 03:38:25 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (01/12/2015 06:53:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable).

Error: (01/12/2015 06:52:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable).

Error: (01/12/2015 05:55:49 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (01/12/2015 05:44:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable).

Error: (01/12/2015 05:44:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable).

Error: (01/12/2015 05:44:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable).


System errors:
=============
Error: (01/15/2015 04:23:03 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/15/2015 04:22:56 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "VMware Workstation Server" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1.

Error: (01/15/2015 04:22:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update Deal Keeper" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (01/14/2015 05:53:35 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/14/2015 05:53:06 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "VMware Workstation Server" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1.

Error: (01/14/2015 05:52:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update Deal Keeper" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (01/13/2015 03:37:54 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/13/2015 03:37:29 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "VMware Workstation Server" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1.

Error: (01/13/2015 03:37:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update Deal Keeper" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (01/13/2015 07:28:17 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "VMware Workstation Server" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1.


Microsoft Office Sessions:
=========================
Error: (01/15/2015 04:23:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2015 08:13:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d66480000003000014251df001d0302b13a3feaeD:\Program Files (x86)\Mozilla Firefox\plugin-container.exeD:\Program Files (x86)\Mozilla Firefox\mozalloc.dll6d6f1dcc-9c21-11e4-80c2-005056c00008

Error: (01/14/2015 05:53:54 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 03:38:25 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/12/2015 06:53:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable)

Error: (01/12/2015 06:52:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable)

Error: (01/12/2015 05:55:49 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/12/2015 05:44:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable)

Error: (01/12/2015 05:44:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable)

Error: (01/12/2015 05:44:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable)


==================== Memory info ===========================

Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 44%
Total physical RAM: 8128.98 MB
Available physical RAM: 4494.59 MB
Total Pagefile: 10175.16 MB
Available Pagefile: 5650.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:92.77 GB) (Free:57.28 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Programme) (Fixed) (Total:878.91 GB) (Free:709.76 GB) NTFS
Drive e: (Daten) (Fixed) (Total:891.33 GB) (Free:679.1 GB) NTFS
Drive f: (HS800 DRIVER) (CDROM) (Total:0.14 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 0006024F)
Partition 1: (Active) - (Size=92.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1770.2 GB) - (Type=05)

==================== End Of Log ============================


Edited by poliborti, 15 January 2015 - 10:32 AM.


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,011 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:14 AM

Posted 15 January 2015 - 10:29 AM

Hey, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 poliborti

poliborti
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 15 January 2015 - 10:39 AM

f315b86616.png#

 

 

There is no Scan button no are there logs who opened ( bin auch deutsch :)!)

 

Wieso sollte ich nochmal son Scan machen? Hab ich doch schon...


Edited by poliborti, 15 January 2015 - 10:41 AM.


#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,011 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:14 AM

Posted 15 January 2015 - 10:47 AM

Klick da auf Löschen. :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 poliborti

poliborti
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 15 January 2015 - 10:48 AM

Okay hab ich, hier der Scan von JRT

 

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by Lucas on 15.01.2015 at 16:41:44,69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\Lucas\AppData\Roaming\mozilla\firefox\profiles\l0v1z4ra.default\minidumps [12 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.01.2015 at 16:44:00,72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Irgendwas oben beim großen Log rausgekommen warum ich diese lästige Meldung bekomme?



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,011 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:14 AM

Posted 15 January 2015 - 01:57 PM

Mache die Schritte fertig. Adwarecleaner Log fehlt. MBAM Log fehlt. Dann kann ich mehr sagen. ;)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 poliborti

poliborti
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 16 January 2015 - 10:19 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 16.01.2015
Scan Time: 15:59:37
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.16.06
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Lucas

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 384047
Time Elapsed: 7 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.Optional.Bunndle, D:\Program Files\CamStudio 2.7\BunndleOfferManager.exe, Quarantined, [d47d1bdc0287360012528ad379876997],
PUP.Optional.Giga, D:\Program Files (x86)\Andy_-Der-ultimative-Android-Emulator-lnstall.exe, Quarantined, [d77a8f68f693bc7a727ded9547be4fb1],
PUP.Optional.OpenCandy.A, D:\Program Files (x86)\HC2Setup-2.29.01.exe, Quarantined, [df7226d154353df9ccfcf74b21dfb947],
PUP.Optional.Giga, D:\Program Files (x86)\Free-Screen-Video-Recorder-lnstall.exe, Quarantined, [4c051bdc5e2b76c0737c2b5737ce7a86],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

# AdwCleaner v4.107 - Bericht erstellt am 16/01/2015 um 15:55:00
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-13.2 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Lucas - LUCAS-PC
# Gestartet von : E:\Downloads\adwcleaner_4.107.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : Update Deal Keeper

***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16555


-\\ Mozilla Firefox v24.5.0 (de)

[l0v1z4ra.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[l0v1z4ra.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v37.0.2062.103


*************************

AdwCleaner[R0].txt - [6272 octets] - [21/12/2014 14:55:22]
AdwCleaner[R1].txt - [6332 octets] - [21/12/2014 14:57:40]
AdwCleaner[R2].txt - [6392 octets] - [21/12/2014 14:59:27]
AdwCleaner[R3].txt - [1575 octets] - [15/01/2015 16:36:17]
AdwCleaner[R4].txt - [1631 octets] - [16/01/2015 15:53:49]
AdwCleaner[S0].txt - [6175 octets] - [21/12/2014 15:08:24]
AdwCleaner[S1].txt - [1574 octets] - [16/01/2015 15:55:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1634 octets] ##########
 



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,011 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:14 AM

Posted 16 January 2015 - 10:24 AM

Was ist mit Schritt 4?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 poliborti

poliborti
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 16 January 2015 - 12:54 PM

Hab zwar oben schon den Scan gepostet, aber hier nochmal.

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01
Ran by Lucas at 2015-01-16 18:52:45
Running from E:\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Andy OS (HKLM-x32\...\Andy OS) (Version: 0.41 - Andy OS, Inc)
Any Audio Converter 4.0.1 (HKLM-x32\...\Any Audio Converter_is1) (Version:  - Any-Audio-Converter.com)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
AVS Video Converter 8.5 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.5.1.551 - Online Media Technologies Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Belkin Basic Wireless USB Adapter (HKLM-x32\...\{577EA8FF-7FA8-4D88-B7E2-29A437605F80}) (Version: 2.0.5.0 - Belkin International, Inc.)
Belkin F7D1101 Basic Wireless USB Adapter (HKLM-x32\...\InstallShield_{AFD89880-C544-4777-B645-FBF6D3391B11}) (Version: 1.0.0.4 - Belkin)
Belkin F7D1101 Basic Wireless USB Adapter (x32 Version: 1.0.0.4 - Belkin) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{152E0B21-19D5-4772-9EF8-8E76074B0C0A}) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
CopyTrans Control Center deinstallieren (HKU\S-1-5-21-616130686-3194881943-3060448193-1000\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-616130686-3194881943-3060448193-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Dxtory version 2.0.128 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.128 - ExKode Co. Ltd.)
EPSON BX635FWD Series Printer Uninstall (HKLM\...\EPSON BX635FWD Series) (Version:  - SEIKO EPSON Corporation)
FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.44 - FileZilla Project)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Audio Converter version 5.0.52.1122 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.52.1122 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.44.820 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.44.820 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HS800 (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006300}) (Version: 1.00.0005 - TeckNet Online Ltd.)
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.29.01 - Hyperionics Technology LLC)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 19.1 - Intel)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.9.16 - www.leaguereplays.com)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Oracle VM VirtualBox 4.3.18 (HKLM\...\{74B7E6F9-DCAC-4ADB-B2D0-EEFDD1B5AC25}) (Version: 4.3.18 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
PingPlotter Standard 3.42.3s (HKLM-x32\...\{1C1D0A2C-C8B4-4C2C-9877-884F8FC082B5}) (Version: 3.42.3.6 - Nessoft, LLC)
PowerMenu 1.51 (HKLM-x32\...\PowerMenu) (Version: 1.51 - Thong Nguyen)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.4-1.0.12889.86 - raidcall.com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Recorder (HKLM-x32\...\{73DFE8A3-C2F1-4CF8-8188-6FCB3335F1D0}) (Version: 7.3.20 - KraTronic)
Sharepod 4.0.1.1 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version:  - Macroplant LLC)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sid Meier's Civilization: Beyond Earth (HKLM-x32\...\Steam App 65980) (Version:  - Firaxis Games)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Vegas Pro 13.0 (64-bit) (HKLM\...\{386F5740-091D-11E4-B13E-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 10.0.3 - VMware, Inc)
VMware Workstation (Version: 10.0.3 - VMware, Inc.) Hidden
Window On Top version 3.8 (HKU\S-1-5-21-616130686-3194881943-3060448193-1000\...\{7F2C28D2-EE31-49A5-94F2-67285DAE372B}_is1) (Version: 3.8 - Skybn Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
XSplit Broadcaster (HKLM-x32\...\{19F00CA3-338D-497C-BA31-0507101F2BBB}) (Version: 1.3.1403.1202 - SplitmediaLabs)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-616130686-3194881943-3060448193-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-616130686-3194881943-3060448193-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-616130686-3194881943-3060448193-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-616130686-3194881943-3060448193-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-616130686-3194881943-3060448193-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-616130686-3194881943-3060448193-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-616130686-3194881943-3060448193-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-616130686-3194881943-3060448193-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-616130686-3194881943-3060448193-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-616130686-3194881943-3060448193-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

07-01-2015 16:24:46 Geplanter Prüfpunkt
10-01-2015 23:41:59 Installed PingPlotter Standard 3.42.3s
11-01-2015 14:41:11 Removed Java 8 Update 25
12-01-2015 17:43:20 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
12-01-2015 17:43:29 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
12-01-2015 17:44:06 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
12-01-2015 17:44:34 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
12-01-2015 18:52:48 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
12-01-2015 18:52:56 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {63F17DEB-33A5-43FA-AF87-43D0C48C162E} - System32\Tasks\GoogleUpdateTaskMachineUA => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {7C29FCF2-48ED-49C7-8E1E-023FEAA9B263} - System32\Tasks\GoogleUpdateTaskMachineCore => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {B3ACA517-0FDD-4486-BBFC-1B3D55C78BA3} - System32\Tasks\avast! Emergency Update => D:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-31] (AVAST Software)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-04 16:37 - 2014-07-02 19:55 - 00116568 _____ () D:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-19 15:57 - 2014-12-19 15:57 - 01039008 _____ () D:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () D:\Program Files\Unlocker\UnlockerCOM.dll
2012-01-10 13:41 - 2014-06-14 22:26 - 00567880 _____ () D:\Program Files (x86)\puush\puush.exe
2009-03-13 02:32 - 2009-03-13 02:18 - 00602624 _____ () E:\Driver_and_tools\Everything-1.2.1.371\Everything-1.2.1.371.exe
2014-12-19 15:57 - 2014-12-19 15:57 - 05979808 _____ () D:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-01-16 15:38 - 2015-01-16 15:38 - 02911744 _____ () D:\Program Files\AVAST Software\Avast\defs\15011600\algo.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () D:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () D:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-12 17:22 - 2014-06-12 17:22 - 01261272 _____ () D:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2014-05-31 19:04 - 2014-05-31 19:04 - 19336120 _____ () D:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-07 21:27 - 2015-01-07 21:27 - 36730032 _____ () D:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2015-01-07 21:27 - 2015-01-07 21:27 - 00746160 _____ () D:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
2015-01-07 21:27 - 2015-01-07 21:27 - 00136368 _____ () D:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll
2014-04-22 12:00 - 2014-04-22 12:00 - 00988160 _____ () D:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2014-04-15 15:23 - 2014-04-15 15:23 - 00170496 _____ () D:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
2014-10-07 15:50 - 2014-11-25 20:55 - 00195584 _____ () D:\Program Files (x86)\BlueStacks\libEGL.dll
2014-10-07 15:50 - 2014-11-25 20:55 - 01467392 _____ () D:\Program Files (x86)\BlueStacks\libGLESv2.dll
2014-12-17 13:14 - 2014-11-26 17:40 - 03758192 _____ () D:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-01-05 21:35 - 2015-01-05 21:35 - 16843952 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll
2014-09-07 01:41 - 2014-11-11 19:48 - 01171456 _____ () D:\Program Files (x86)\Steam\libavcodec-56.dll
2014-09-07 01:41 - 2014-11-11 19:48 - 00442368 _____ () D:\Program Files (x86)\Steam\libavutil-54.dll
2014-09-07 01:41 - 2014-11-11 19:48 - 00332800 _____ () D:\Program Files (x86)\Steam\libavresample-2.dll
2014-09-07 01:41 - 2014-11-11 19:47 - 00774656 _____ () D:\Program Files (x86)\Steam\SDL2.dll
2014-09-07 01:41 - 2014-11-18 21:23 - 02227904 _____ () D:\Program Files (x86)\Steam\video.dll
2014-09-07 01:41 - 2014-11-11 19:48 - 00403968 _____ () D:\Program Files (x86)\Steam\libavformat-56.dll
2014-09-07 01:41 - 2014-11-11 19:48 - 00485888 _____ () D:\Program Files (x86)\Steam\libswscale-3.dll
2014-09-07 01:41 - 2014-11-18 21:23 - 00690880 _____ () D:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-09-07 01:41 - 2014-11-11 19:48 - 34589888 _____ () D:\Program Files (x86)\Steam\bin\libcef.dll
2014-09-07 01:41 - 2014-11-11 19:48 - 00837824 _____ () D:\Program Files (x86)\Steam\bin\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: gupdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^avsinit.vbs => C:\Windows\pss\avsinit.vbs.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk => C:\Windows\pss\LOLRecorder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Lucas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerMenu.lnk => C:\Windows\pss\PowerMenu.lnk.Startup
MSCONFIG\startupreg: avgnt => "D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: BlueStacks Agent => D:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: FileZilla Server Interface => "D:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
MSCONFIG\startupreg: iTunesHelper => "D:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NvBackend => "D:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: puush => D:\Program Files (x86)\puush\puush.exe
MSCONFIG\startupreg: RTHDVCPL => "D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: Skype => "D:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: vmware-tray.exe => "D:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-616130686-3194881943-3060448193-500 - Administrator - Disabled)
Gast (S-1-5-21-616130686-3194881943-3060448193-501 - Limited - Disabled)
Lucas (S-1-5-21-616130686-3194881943-3060448193-1000 - Administrator - Enabled) => C:\Users\Lucas
Zweiter Versuch (S-1-5-21-616130686-3194881943-3060448193-1002 - Administrator - Enabled) => C:\Users\Zweiter Versuch

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2015 04:11:28 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (01/16/2015 03:57:34 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (01/16/2015 03:39:14 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.


System errors:
=============
Error: (01/16/2015 04:11:16 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/16/2015 04:10:12 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "VMware Workstation Server" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1.

Error: (01/16/2015 03:57:41 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/16/2015 03:56:40 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "VMware Workstation Server" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1.

Error: (01/16/2015 03:55:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VMware USB Arbitration Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%109

Error: (01/16/2015 03:55:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "BlueStacks Updater Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/16/2015 03:55:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/16/2015 03:55:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "VMware USB Arbitration Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/16/2015 03:55:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "VMware DHCP Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/16/2015 03:55:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "VMware Authorization Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (01/16/2015 04:11:28 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2015 03:57:34 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2015 03:39:14 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 49%
Total physical RAM: 8128.98 MB
Available physical RAM: 4116.55 MB
Total Pagefile: 10175.16 MB
Available Pagefile: 5178.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:92.77 GB) (Free:57.27 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Programme) (Fixed) (Total:878.91 GB) (Free:704.08 GB) NTFS
Drive e: (Daten) (Fixed) (Total:891.33 GB) (Free:679.08 GB) NTFS
Drive f: (HS800 DRIVER) (CDROM) (Total:0.14 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 0006024F)
Partition 1: (Active) - (Size=92.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1770.2 GB) - (Type=05)

==================== End Of Log ============================

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by Lucas (administrator) on LUCAS-PC on 16-01-2015 18:52:11
Running from E:\Downloads
Loaded Profiles: Lucas (Available profiles: Lucas & Zweiter Versuch)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) D:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) D:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) D:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) D:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(SEIKO EPSON CORPORATION) D:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(FileZilla Project) D:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(BlueStack Systems, Inc.) D:\Program Files (x86)\BlueStacks\HD-Service.exe
(VMware, Inc.) D:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
(BlueStack Systems) D:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) D:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) D:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) D:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() D:\Program Files (x86)\puush\puush.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Adobe Systems Incorporated) D:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) D:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) D:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(BlueStack Systems, Inc.) D:\Program Files (x86)\BlueStacks\HD-Agent.exe
() E:\Driver_and_tools\Everything-1.2.1.371\Everything-1.2.1.371.exe
(Skype Technologies S.A.) D:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\SndVol.exe
(Apache Software Foundation) D:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) D:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) D:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(BlueStack Systems, Inc.) D:\Program Files (x86)\BlueStacks\HD-Frontend.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Kra-Tronic Corp) D:\Program Files (x86)\KraTronic\Recorder\Recorder.exe
() D:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM\...\Run: [AdobeAAMUpdater-1.0] => D:\ProgramFiles (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => D:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-31] (AVAST Software)
HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe
HKLM-x32\...\Run: [Avira Systray] => D:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe Creative Cloud] => D:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-616130686-3194881943-3060448193-1000\...\Run: [puush] => D:\Program Files (x86)\puush\puush.exe [567880 2014-06-14] ()
HKU\S-1-5-21-616130686-3194881943-3060448193-1000\...\Run: [Server] => D:\Program Files (x86)\Java\jre1.8.0_25\bin\javaw.exe -jar "
HKU\S-1-5-21-616130686-3194881943-3060448193-1000\...\MountPoints2: {07ac404d-e8e9-11e3-9b55-806e6f6e6963} - F:\Setup.EXE
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => D:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => D:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => D:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-616130686-3194881943-3060448193-1000] => 93.115.8.229:8089
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-616130686-3194881943-3060448193-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - D:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> D:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\l0v1z4ra.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> d:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> D:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> D:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> D:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> d:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Lucas\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> D:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> D:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: adobe.com/AdobeAAMDetect -> D:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: Avira Browser Safety - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\l0v1z4ra.default\Extensions\abs@avira.com [2014-12-21]
FF Extension: Security Protection - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\l0v1z4ra.default\Extensions\detgdp@gmail.com [2014-12-17]
FF Extension: Adblock Plus - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\l0v1z4ra.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-17]
FF HKLM-x32\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\l0v1z4ra.default\extensions\detgdp@gmail.com
FF HKU\S-1-5-21-616130686-3194881943-3060448193-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - D:\ProgramFiles (x86)\Common Files\DVDVideoSoft\plugins\ff

Chrome:
=======
CHR Profile: C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-21]
CHR Extension: (Google Drive) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-21]
CHR Extension: (YouTube) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-21]
CHR Extension: (Google-Suche) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-21]
CHR Extension: (Google Wallet) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-21]
CHR Extension: (Google Mail) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-21]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device; D:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [60744 2014-10-07] (Apple Inc.)
R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-31] (AVAST Software)
R2 Avira.OE.ServiceHost; D:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 Bonjour Service; D:\Program Files\Bonjour\mDNSResponder.exe [462184 2011-08-30] (Apple Inc.)
R2 BstHdAndroidSvc; D:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; D:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; D:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
R2 EPSON_PM_RPCV4_05; D:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [136576 2011-04-24] (SEIKO EPSON CORPORATION)
R2 FileZilla Server; D:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [627712 2014-04-08] (FileZilla Project) [File not signed]
S3 ICCS; D:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)
S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-12] (Intel Corporation)
S3 iPod Service; D:\Program Files\iPod\bin\iPodService.exe [643880 2014-10-15] (Apple Inc.)
S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [315496 2014-12-11] (Skype Technologies)
S3 Steam Client Service; D:\ProgramFiles (x86)\Common Files\Steam\SteamService.exe [833728 2014-09-23] (Valve Corporation)
R2 Stereo Service; D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [411936 2014-07-02] (NVIDIA Corporation)
R2 VMAuthdService; D:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [86744 2014-06-12] (VMware, Inc.)
R2 VMUSBArbService; D:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [906432 2014-02-27] (VMware, Inc.)
S2 VMwareHostd; D:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14407384 2014-06-12] ()
R2 wlidsvc; D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292480 2012-07-17] (Microsoft Corp.)
S4 gupdate; "D:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "D:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S4 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AIDA64Driver; E:\Driver_and_tools\aida64extreme450\kerneld.x64 [34136 2014-05-27] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-31] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-31] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; D:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-10-28] (Intel Corporation)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [3729920 2014-03-07] (Intel Corporation) [File not signed]
U5 UnlockerDriver5; D:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 18:40 - 2015-01-16 18:40 - 00000221 _____ () C:\Users\Lucas\Desktop\Sid Meier's Civilization Beyond Earth.url
2015-01-16 16:30 - 2015-01-16 16:30 - 00000094 ____H () C:\Users\Lucas\Desktop\.~lock.coc copy paste.odt#
2015-01-16 15:58 - 2015-01-16 16:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-16 15:57 - 2015-01-16 15:57 - 00000983 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-16 15:57 - 2015-01-16 15:57 - 00000000 ____D () D:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-16 15:57 - 2015-01-16 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-16 15:57 - 2015-01-16 15:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-16 15:57 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-16 15:57 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-16 15:57 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-15 20:43 - 2015-01-15 20:43 - 05537370 _____ () C:\Users\Lucas\Desktop\coc max 8.psb
2015-01-15 16:45 - 2015-01-15 16:45 - 00000094 ____H () C:\Users\Lucas\Desktop\.~lock.coc copy paste.odt
2015-01-15 16:41 - 2015-01-15 16:41 - 00000000 ____D () C:\Windows\ERUNT
2015-01-15 16:24 - 2015-01-16 18:52 - 00000000 ____D () C:\FRST
2015-01-12 19:12 - 2015-01-12 19:12 - 00001535 _____ () C:\Users\Lucas\Desktop\Photoshop.lnk
2015-01-12 18:54 - 2015-01-12 18:54 - 00000903 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2015-01-12 18:53 - 2015-01-12 19:02 - 00000000 ____D () D:\Program Files\Adobe
2015-01-12 18:52 - 2015-01-12 19:03 - 00000000 ____D () D:\Program Files\Common Files\Adobe
2015-01-12 17:45 - 2015-01-12 18:52 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-12 17:45 - 2015-01-12 17:45 - 00001148 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-01-12 17:45 - 2015-01-12 17:45 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-01-12 17:42 - 2015-01-12 19:02 - 00000000 ____D () D:\Program Files (x86)\Adobe
2015-01-11 14:45 - 2015-01-11 14:45 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-10 23:42 - 2015-01-10 23:42 - 00000000 ____D () D:\Program Files (x86)\PingPlotter Standard
2015-01-10 23:42 - 2015-01-10 23:42 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\PingPlotter
2015-01-10 23:42 - 2015-01-10 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PingPlotter Standard
2015-01-10 23:42 - 2015-01-09 11:42 - 00000044 ____H () D:\Program Files (x86)\78a7a1e4.tmp
2015-01-10 23:41 - 2015-01-10 23:41 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Downloaded Installations
2015-01-03 02:13 - 2015-01-15 19:24 - 00000000 ____D () C:\Users\Lucas\Desktop\coc pics
2015-01-03 00:46 - 2015-01-15 23:07 - 00011826 _____ () C:\Users\Lucas\Desktop\coc copy paste.odt
2014-12-28 22:33 - 2014-12-28 22:33 - 00001698 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-12-28 22:33 - 2014-12-28 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-28 22:32 - 2014-12-28 22:33 - 00000000 ____D () D:\Program Files\iTunes
2014-12-28 22:32 - 2014-12-28 22:33 - 00000000 ____D () D:\Program Files (x86)\iTunes
2014-12-28 22:32 - 2014-12-28 22:33 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-28 22:32 - 2014-12-28 22:32 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-12-28 22:32 - 2014-12-28 22:32 - 00000000 ____D () D:\Program Files\iPod
2014-12-28 22:32 - 2014-12-28 22:32 - 00000000 ____D () D:\Program Files\Common Files\Apple
2014-12-28 22:32 - 2014-12-28 22:32 - 00000000 ____D () D:\Program Files\Bonjour
2014-12-28 22:32 - 2014-12-28 22:32 - 00000000 ____D () D:\Program Files (x86)\Bonjour
2014-12-28 22:32 - 2014-12-28 22:32 - 00000000 ____D () D:\Program Files (x86)\Apple Software Update
2014-12-28 21:01 - 2014-12-28 21:03 - 122418480 _____ (Apple Inc.) C:\Users\Lucas\Desktop\iTunes64Setup.exe
2014-12-25 22:25 - 2014-12-25 22:25 - 09241788 _____ () C:\Users\Lucas\Documents\clip0005.avi
2014-12-23 00:52 - 2014-12-23 00:52 - 00000000 ____D () D:\Program Files\Microsoft Silverlight
2014-12-23 00:52 - 2014-12-23 00:52 - 00000000 ____D () D:\Program Files (x86)\Microsoft Silverlight
2014-12-23 00:52 - 2014-12-23 00:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-21 14:55 - 2015-01-16 16:17 - 00000000 ____D () C:\AdwCleaner
2014-12-21 14:42 - 2014-12-21 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-21 14:38 - 2014-12-21 14:37 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-12-21 14:37 - 2014-12-21 14:42 - 00001016 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-21 14:37 - 2014-12-21 14:37 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Avira
2014-12-21 14:36 - 2014-12-21 14:36 - 00001947 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-12-21 14:35 - 2014-12-21 14:42 - 00000000 ____D () D:\Program Files (x86)\Avira
2014-12-21 14:35 - 2014-12-21 14:37 - 00000000 ____D () C:\ProgramData\Avira
2014-12-21 14:35 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-12-21 14:35 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-12-21 14:35 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-12-17 13:14 - 2014-12-21 15:08 - 00000944 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-17 13:14 - 2014-12-17 13:14 - 00000000 ____D () D:\Program Files (x86)\Mozilla Maintenance Service
2014-12-17 12:58 - 2014-12-17 12:58 - 00000000 ____D () C:\ProgramData\Mozilla
2014-12-17 12:54 - 2014-12-17 12:54 - 00000000 ____D () C:\Users\Lucas\Desktop\Alte Firefox-Daten

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 18:50 - 2014-06-21 23:39 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 18:46 - 2014-05-31 20:46 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Skype
2015-01-16 18:41 - 2014-09-07 01:39 - 00000000 ____D () D:\Program Files (x86)\Steam
2015-01-16 16:17 - 2009-07-14 05:45 - 00032704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 16:17 - 2009-07-14 05:45 - 00032704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 16:15 - 2011-04-12 08:43 - 00701372 _____ () C:\Windows\system32\perfh007.dat
2015-01-16 16:15 - 2011-04-12 08:43 - 00150038 _____ () C:\Windows\system32\perfc007.dat
2015-01-16 16:15 - 2009-07-14 06:13 - 01626502 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-16 16:13 - 2014-05-31 15:00 - 01642257 _____ () C:\Windows\WindowsUpdate.log
2015-01-16 16:10 - 2014-07-19 20:50 - 00000000 ____D () C:\ProgramData\VMware
2015-01-16 16:09 - 2014-07-04 16:41 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-16 16:09 - 2014-06-21 23:39 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 16:09 - 2014-05-31 19:48 - 00029315 _____ () C:\Windows\setupact.log
2015-01-16 16:09 - 2010-11-21 04:47 - 00220050 _____ () C:\Windows\PFRO.log
2015-01-16 16:09 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-16 16:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Speech
2015-01-16 16:08 - 2014-09-07 00:28 - 00000000 ____D () D:\Program Files\CamStudio 2.7
2015-01-15 16:23 - 2014-09-04 11:43 - 00000000 ____D () C:\Users\Lucas\AppData\Local\Adobe
2015-01-15 16:22 - 2014-05-31 19:04 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-13 07:27 - 2009-07-14 05:45 - 00288384 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-12 23:17 - 2014-10-22 21:32 - 00000000 ____D () D:\Program Files (x86)\Movies
2015-01-12 22:09 - 2014-05-31 15:05 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\TeamViewer
2015-01-12 21:17 - 2014-05-31 19:04 - 00065200 _____ () C:\Users\Lucas\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-12 21:00 - 2014-05-31 20:04 - 00000000 ____D () C:\Users\Lucas\Desktop\Brauch isch net
2015-01-12 19:13 - 2014-05-31 19:44 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Adobe
2015-01-12 17:54 - 2014-05-31 14:59 - 00000000 ____D () C:\Users\Lucas
2015-01-11 22:20 - 2014-12-03 22:17 - 00001051 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-01-11 14:47 - 2014-07-28 19:24 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-11 14:45 - 2014-08-17 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-05 21:35 - 2014-05-31 19:10 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-05 21:35 - 2014-05-31 19:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-01 23:56 - 2014-09-27 20:49 - 00000000 ___RD () D:\Program Files (x86)\Skype
2015-01-01 23:56 - 2014-05-31 20:46 - 00000000 ____D () C:\ProgramData\Skype
2014-12-28 22:32 - 2014-07-06 14:10 - 00000000 ____D () C:\ProgramData\Apple
2014-12-26 17:59 - 2014-08-22 15:23 - 00001199 _____ () C:\Users\Public\Desktop\paint.net.lnk
2014-12-26 17:59 - 2014-05-31 19:46 - 00000896 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-12-25 13:39 - 2014-06-01 17:35 - 00000000 ____D () C:\Users\Lucas\AppData\Local\Battle.net
2014-12-25 13:36 - 2014-06-01 17:35 - 00000000 ____D () D:\Program Files (x86)\Battle.net
2014-12-24 16:19 - 2014-08-26 13:35 - 00000000 ____D () C:\Windows\pss
2014-12-21 15:08 - 2014-06-21 23:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-21 15:08 - 2014-05-31 16:03 - 00000944 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-21 15:08 - 2014-05-31 14:59 - 00001025 _____ () C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-21 15:08 - 2014-05-31 14:59 - 00000989 _____ () C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-12-21 14:42 - 2014-05-31 18:09 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-17 13:20 - 2014-12-09 18:10 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2
2014-12-17 13:20 - 2014-07-06 17:58 - 00000000 ____D () C:\Users\Zweiter Versuch
2014-12-17 13:20 - 2014-07-06 14:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-12-17 13:20 - 2014-06-14 22:26 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\puush
2014-12-17 13:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-12-17 13:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-17 13:15 - 2014-05-31 16:03 - 00000000 ____D () D:\Program Files (x86)\Mozilla Firefox
2014-12-17 12:58 - 2014-12-11 21:56 - 00000000 ____D () D:\Program Files (x86)\LOLReplay

Some content of TEMP:
====================
C:\Users\Lucas\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 19:42

==================== End Of Log ============================



#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,011 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:14 AM

Posted 16 January 2015 - 01:09 PM

Hey,
please move FRST to your Desktop.

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKU\S-1-5-21-616130686-3194881943-3060448193-1000\...\MountPoints2: {07ac404d-e8e9-11e3-9b55-806e6f6e6963} - F:\Setup.EXE
    ProxyServer: [S-1-5-21-616130686-3194881943-3060448193-1000] => 93.115.8.229:8089
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> D:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> D:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
    EmptyTemp:
  • Click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
  • Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
    • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
    • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
    Step 2: FRST Scan
    • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
    • Click Scan to start FRST.
    • When FRST finishes scanning, a log, FRST.txt, will open.
    • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
    Step 3: ESET

    Please run a free online scan with the ESET Online Scanner:

    IMPORTANT: You MUST use Internet Explorer for this step!
    • Visit the ESET Online Scanner Web Page
    • Select the blue Run ESET Online Scanner button:
      ESET1_zps23a5e840.png
    • Tick the box next to YES, I accept the Terms of Use and click Start
      ESET_EULA2_zps9451f1c3.png
    • When asked, allow the ActiveX control to install.
    • Select Enable detection of potentially unwanted applications and select Advanced Settings:
      ESET2_zpsc701c045.png
    • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
      ESET4_zps0afafd0d.png
    • Click Start. (This scan can take several hours, so please be patient):
      ESET3_zpsccd1657d.png
    • Once the scan is completed, select List of found threats:
      ESET5_zpsd27be299.png
    • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
      ESET6_zpsc17d154e.png
    • Click the Back button.
    • Click the Finish button:
      ESET9_zps51587217.png
    • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
    • Copy and paste that log as a reply to this topic.
    Step 4: Question

    How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 poliborti

poliborti
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 16 January 2015 - 02:22 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2015 01
Ran by Lucas at 2015-01-16 19:22:40 Run:1
Running from C:\Users\Lucas\Desktop
Loaded Profiles: Lucas (Available profiles: Lucas & Zweiter Versuch)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-616130686-3194881943-3060448193-1000\...\MountPoints2: {07ac404d-e8e9-11e3-9b55-806e6f6e6963} - F:\Setup.EXE
ProxyServer: [S-1-5-21-616130686-3194881943-3060448193-1000] => 93.115.8.229:8089
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> D:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> D:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
EmptyTemp:
*****************

"HKU\S-1-5-21-616130686-3194881943-3060448193-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07ac404d-e8e9-11e3-9b55-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{07ac404d-e8e9-11e3-9b55-806e6f6e6963} => Key not found.
HKU\S-1-5-21-616130686-3194881943-3060448193-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
EmptyTemp: => Removed 1.2 GB temporary data.


The system needed a reboot.

==== End of Fixlog 19:23:15 ====

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01
Ran by Lucas at 2015-01-16 19:27:41
Running from C:\Users\Lucas\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Andy OS (HKLM-x32\...\Andy OS) (Version: 0.41 - Andy OS, Inc)
Any Audio Converter 4.0.1 (HKLM-x32\...\Any Audio Converter_is1) (Version:  - Any-Audio-Converter.com)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
AVS Video Converter 8.5 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.5.1.551 - Online Media Technologies Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Belkin Basic Wireless USB Adapter (HKLM-x32\...\{577EA8FF-7FA8-4D88-B7E2-29A437605F80}) (Version: 2.0.5.0 - Belkin International, Inc.)
Belkin F7D1101 Basic Wireless USB Adapter (HKLM-x32\...\InstallShield_{AFD89880-C544-4777-B645-FBF6D3391B11}) (Version: 1.0.0.4 - Belkin)
Belkin F7D1101 Basic Wireless USB Adapter (x32 Version: 1.0.0.4 - Belkin) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{152E0B21-19D5-4772-9EF8-8E76074B0C0A}) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
CopyTrans Control Center deinstallieren (HKU\S-1-5-21-616130686-3194881943-3060448193-1000\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-616130686-3194881943-3060448193-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Dxtory version 2.0.128 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.128 - ExKode Co. Ltd.)
EPSON BX635FWD Series Printer Uninstall (HKLM\...\EPSON BX635FWD Series) (Version:  - SEIKO EPSON Corporation)
FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.44 - FileZilla Project)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Audio Converter version 5.0.52.1122 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.52.1122 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.44.820 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.44.820 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HS800 (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006300}) (Version: 1.00.0005 - TeckNet Online Ltd.)
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.29.01 - Hyperionics Technology LLC)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 19.1 - Intel)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.9.16 - www.leaguereplays.com)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Oracle VM VirtualBox 4.3.18 (HKLM\...\{74B7E6F9-DCAC-4ADB-B2D0-EEFDD1B5AC25}) (Version: 4.3.18 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
PingPlotter Standard 3.42.3s (HKLM-x32\...\{1C1D0A2C-C8B4-4C2C-9877-884F8FC082B5}) (Version: 3.42.3.6 - Nessoft, LLC)
PowerMenu 1.51 (HKLM-x32\...\PowerMenu) (Version: 1.51 - Thong Nguyen)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.4-1.0.12889.86 - raidcall.com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Recorder (HKLM-x32\...\{73DFE8A3-C2F1-4CF8-8188-6FCB3335F1D0}) (Version: 7.3.20 - KraTronic)
Sharepod 4.0.1.1 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version:  - Macroplant LLC)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sid Meier's Civilization: Beyond Earth (HKLM-x32\...\Steam App 65980) (Version:  - Firaxis Games)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Vegas Pro 13.0 (64-bit) (HKLM\...\{386F5740-091D-11E4-B13E-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 10.0.3 - VMware, Inc)
VMware Workstation (Version: 10.0.3 - VMware, Inc.) Hidden
Window On Top version 3.8 (HKU\S-1-5-21-616130686-3194881943-3060448193-1000\...\{7F2C28D2-EE31-49A5-94F2-67285DAE372B}_is1) (Version: 3.8 - Skybn Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
XSplit Broadcaster (HKLM-x32\...\{19F00CA3-338D-497C-BA31-0507101F2BBB}) (Version: 1.3.1403.1202 - SplitmediaLabs)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-616130686-3194881943-3060448193-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-616130686-3194881943-3060448193-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-616130686-3194881943-3060448193-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-616130686-3194881943-3060448193-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-616130686-3194881943-3060448193-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-616130686-3194881943-3060448193-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-616130686-3194881943-3060448193-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-616130686-3194881943-3060448193-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-616130686-3194881943-3060448193-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-616130686-3194881943-3060448193-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

07-01-2015 16:24:46 Geplanter Prüfpunkt
10-01-2015 23:41:59 Installed PingPlotter Standard 3.42.3s
11-01-2015 14:41:11 Removed Java 8 Update 25
12-01-2015 17:43:20 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
12-01-2015 17:43:29 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
12-01-2015 17:44:06 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
12-01-2015 17:44:34 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
12-01-2015 18:52:48 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
12-01-2015 18:52:56 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {63F17DEB-33A5-43FA-AF87-43D0C48C162E} - System32\Tasks\GoogleUpdateTaskMachineUA => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {7C29FCF2-48ED-49C7-8E1E-023FEAA9B263} - System32\Tasks\GoogleUpdateTaskMachineCore => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {B3ACA517-0FDD-4486-BBFC-1B3D55C78BA3} - System32\Tasks\avast! Emergency Update => D:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-31] (AVAST Software)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-04 16:37 - 2014-07-02 19:55 - 00116568 _____ () D:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-19 15:57 - 2014-12-19 15:57 - 01039008 _____ () D:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2012-01-10 13:41 - 2014-06-14 22:26 - 00567880 _____ () D:\Program Files (x86)\puush\puush.exe
2014-12-19 15:57 - 2014-12-19 15:57 - 05979808 _____ () D:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-01-16 15:38 - 2015-01-16 15:38 - 02911744 _____ () D:\Program Files\AVAST Software\Avast\defs\15011600\algo.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () D:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () D:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-31 19:04 - 2014-05-31 19:04 - 19336120 _____ () D:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-07 21:27 - 2015-01-07 21:27 - 36730032 _____ () D:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2014-06-12 17:22 - 2014-06-12 17:22 - 01261272 _____ () D:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2014-12-17 13:14 - 2014-11-26 17:40 - 03758192 _____ () D:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-01-07 21:27 - 2015-01-07 21:27 - 00746160 _____ () D:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
2015-01-07 21:27 - 2015-01-07 21:27 - 00136368 _____ () D:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll
2014-10-07 15:50 - 2014-11-25 20:55 - 00195584 _____ () D:\Program Files (x86)\BlueStacks\libEGL.dll
2014-10-07 15:50 - 2014-11-25 20:55 - 01467392 _____ () D:\Program Files (x86)\BlueStacks\libGLESv2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: gupdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^avsinit.vbs => C:\Windows\pss\avsinit.vbs.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk => C:\Windows\pss\LOLRecorder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Lucas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerMenu.lnk => C:\Windows\pss\PowerMenu.lnk.Startup
MSCONFIG\startupreg: avgnt => "D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: BlueStacks Agent => D:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: FileZilla Server Interface => "D:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
MSCONFIG\startupreg: iTunesHelper => "D:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NvBackend => "D:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: puush => D:\Program Files (x86)\puush\puush.exe
MSCONFIG\startupreg: RTHDVCPL => "D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: Skype => "D:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: vmware-tray.exe => "D:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-616130686-3194881943-3060448193-500 - Administrator - Disabled)
Gast (S-1-5-21-616130686-3194881943-3060448193-501 - Limited - Disabled)
Lucas (S-1-5-21-616130686-3194881943-3060448193-1000 - Administrator - Enabled) => C:\Users\Lucas
Zweiter Versuch (S-1-5-21-616130686-3194881943-3060448193-1002 - Administrator - Enabled) => C:\Users\Zweiter Versuch

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2015 07:25:54 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (01/16/2015 07:22:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475dd5d
Name des fehlerhaften Moduls: mozalloc.dll, Version: 34.0.5.5443, Zeitstempel: 0x5475d664
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1848
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/16/2015 04:11:28 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (01/16/2015 03:57:34 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (01/16/2015 03:39:14 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.


System errors:
=============
Error: (01/16/2015 07:25:15 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/16/2015 07:25:02 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "VMware Workstation Server" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1.

Error: (01/16/2015 04:11:16 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/16/2015 04:10:12 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "VMware Workstation Server" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1.

Error: (01/16/2015 03:57:41 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/16/2015 03:56:40 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "VMware Workstation Server" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1.

Error: (01/16/2015 03:55:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VMware USB Arbitration Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%109

Error: (01/16/2015 03:55:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "BlueStacks Updater Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/16/2015 03:55:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/16/2015 03:55:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "VMware USB Arbitration Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (01/16/2015 07:25:54 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2015 07:22:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d6648000000300001425184801d031a927106057D:\Program Files (x86)\Mozilla Firefox\plugin-container.exeD:\Program Files (x86)\Mozilla Firefox\mozalloc.dlla7caa1aa-9dac-11e4-8de9-005056c00008

Error: (01/16/2015 04:11:28 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2015 03:57:34 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2015 03:39:14 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 42%
Total physical RAM: 8128.98 MB
Available physical RAM: 4707.02 MB
Total Pagefile: 10175.16 MB
Available Pagefile: 6043.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:92.77 GB) (Free:58.43 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Programme) (Fixed) (Total:878.91 GB) (Free:704.09 GB) NTFS
Drive e: (Daten) (Fixed) (Total:891.33 GB) (Free:679.08 GB) NTFS
Drive f: (HS800 DRIVER) (CDROM) (Total:0.14 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 0006024F)
Partition 1: (Active) - (Size=92.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1770.2 GB) - (Type=05)

==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by Lucas (administrator) on LUCAS-PC on 16-01-2015 19:26:53
Running from C:\Users\Lucas\Desktop
Loaded Profiles: Lucas (Available profiles: Lucas & Zweiter Versuch)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) D:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) D:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) D:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) D:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(SEIKO EPSON CORPORATION) D:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(FileZilla Project) D:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corp.) D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() D:\Program Files (x86)\puush\puush.exe
(Adobe Systems Incorporated) D:\ProgramFiles (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Adobe Systems Incorporated) D:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(BlueStack Systems, Inc.) D:\Program Files (x86)\BlueStacks\HD-Service.exe
(VMware, Inc.) D:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) D:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(BlueStack Systems) D:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) D:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) D:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
() D:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) D:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) D:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) D:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(BlueStack Systems, Inc.) D:\Program Files (x86)\BlueStacks\HD-Frontend.exe
(BlueStack Systems, Inc.) D:\Program Files (x86)\BlueStacks\HD-Agent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM\...\Run: [AdobeAAMUpdater-1.0] => D:\ProgramFiles (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => D:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-31] (AVAST Software)
HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe
HKLM-x32\...\Run: [Avira Systray] => D:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe Creative Cloud] => D:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-616130686-3194881943-3060448193-1000\...\Run: [puush] => D:\Program Files (x86)\puush\puush.exe [567880 2014-06-14] ()
HKU\S-1-5-21-616130686-3194881943-3060448193-1000\...\Run: [Server] => D:\Program Files (x86)\Java\jre1.8.0_25\bin\javaw.exe -jar "
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => D:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => D:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => D:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-616130686-3194881943-3060448193-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - D:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> D:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\l0v1z4ra.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> d:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> D:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> D:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> D:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> d:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Lucas\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> D:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: Avira Browser Safety - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\l0v1z4ra.default\Extensions\abs@avira.com [2014-12-21]
FF Extension: Security Protection - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\l0v1z4ra.default\Extensions\detgdp@gmail.com [2014-12-17]
FF Extension: Adblock Plus - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\l0v1z4ra.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-17]
FF HKLM-x32\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\l0v1z4ra.default\extensions\detgdp@gmail.com
FF HKU\S-1-5-21-616130686-3194881943-3060448193-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - D:\ProgramFiles (x86)\Common Files\DVDVideoSoft\plugins\ff

Chrome:
=======
CHR Profile: C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-21]
CHR Extension: (Google Drive) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-21]
CHR Extension: (YouTube) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-21]
CHR Extension: (Google-Suche) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-21]
CHR Extension: (Google Wallet) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-21]
CHR Extension: (Google Mail) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device; D:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [60744 2014-10-07] (Apple Inc.)
R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-31] (AVAST Software)
R2 Avira.OE.ServiceHost; D:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 Bonjour Service; D:\Program Files\Bonjour\mDNSResponder.exe [462184 2011-08-30] (Apple Inc.)
R2 BstHdAndroidSvc; D:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; D:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; D:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
R2 EPSON_PM_RPCV4_05; D:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [136576 2011-04-24] (SEIKO EPSON CORPORATION)
R2 FileZilla Server; D:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [627712 2014-04-08] (FileZilla Project) [File not signed]
S3 ICCS; D:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)
S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-12] (Intel Corporation)
S3 iPod Service; D:\Program Files\iPod\bin\iPodService.exe [643880 2014-10-15] (Apple Inc.)
S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [315496 2014-12-11] (Skype Technologies)
S3 Steam Client Service; D:\ProgramFiles (x86)\Common Files\Steam\SteamService.exe [833728 2014-09-23] (Valve Corporation)
R2 Stereo Service; D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [411936 2014-07-02] (NVIDIA Corporation)
R2 VMAuthdService; D:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [86744 2014-06-12] (VMware, Inc.)
R2 VMUSBArbService; D:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [906432 2014-02-27] (VMware, Inc.)
S2 VMwareHostd; D:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14407384 2014-06-12] ()
R2 wlidsvc; D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292480 2012-07-17] (Microsoft Corp.)
S4 gupdate; "D:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "D:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S4 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AIDA64Driver; E:\Driver_and_tools\aida64extreme450\kerneld.x64 [34136 2014-05-27] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-31] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-31] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; D:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-10-28] (Intel Corporation)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [3729920 2014-03-07] (Intel Corporation) [File not signed]
U5 UnlockerDriver5; D:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 19:26 - 2015-01-16 19:27 - 00016458 _____ () C:\Users\Lucas\Desktop\FRST.txt
2015-01-16 19:21 - 2015-01-16 18:52 - 02125312 _____ (Farbar) C:\Users\Lucas\Desktop\FRST64.exe
2015-01-16 15:58 - 2015-01-16 16:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-16 15:57 - 2015-01-16 15:57 - 00000983 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-16 15:57 - 2015-01-16 15:57 - 00000000 ____D () D:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-16 15:57 - 2015-01-16 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-16 15:57 - 2015-01-16 15:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-16 15:57 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-16 15:57 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-16 15:57 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-15 20:43 - 2015-01-15 20:43 - 05537370 _____ () C:\Users\Lucas\Desktop\coc max 8.psb
2015-01-15 16:45 - 2015-01-15 16:45 - 00000094 ____H () C:\Users\Lucas\Desktop\.~lock.coc copy paste.odt
2015-01-15 16:41 - 2015-01-15 16:41 - 00000000 ____D () C:\Windows\ERUNT
2015-01-15 16:24 - 2015-01-16 19:26 - 00000000 ____D () C:\FRST
2015-01-12 19:12 - 2015-01-12 19:12 - 00001535 _____ () C:\Users\Lucas\Desktop\Photoshop.lnk
2015-01-12 18:54 - 2015-01-12 18:54 - 00000903 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2015-01-12 18:53 - 2015-01-12 19:02 - 00000000 ____D () D:\Program Files\Adobe
2015-01-12 18:52 - 2015-01-12 19:03 - 00000000 ____D () D:\Program Files\Common Files\Adobe
2015-01-12 17:45 - 2015-01-12 18:52 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-12 17:45 - 2015-01-12 17:45 - 00001148 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-01-12 17:45 - 2015-01-12 17:45 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-01-12 17:42 - 2015-01-12 19:02 - 00000000 ____D () D:\Program Files (x86)\Adobe
2015-01-11 14:45 - 2015-01-11 14:45 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-10 23:42 - 2015-01-10 23:42 - 00000000 ____D () D:\Program Files (x86)\PingPlotter Standard
2015-01-10 23:42 - 2015-01-10 23:42 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\PingPlotter
2015-01-10 23:42 - 2015-01-10 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PingPlotter Standard
2015-01-10 23:42 - 2015-01-09 11:42 - 00000044 ____H () D:\Program Files (x86)\78a7a1e4.tmp
2015-01-10 23:41 - 2015-01-10 23:41 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Downloaded Installations
2015-01-03 02:13 - 2015-01-15 19:24 - 00000000 ____D () C:\Users\Lucas\Desktop\coc pics
2015-01-03 00:46 - 2015-01-15 23:07 - 00011826 _____ () C:\Users\Lucas\Desktop\coc copy paste.odt
2014-12-28 22:33 - 2014-12-28 22:33 - 00001698 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-12-28 22:33 - 2014-12-28 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-28 22:32 - 2014-12-28 22:33 - 00000000 ____D () D:\Program Files\iTunes
2014-12-28 22:32 - 2014-12-28 22:33 - 00000000 ____D () D:\Program Files (x86)\iTunes
2014-12-28 22:32 - 2014-12-28 22:33 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-28 22:32 - 2014-12-28 22:32 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-12-28 22:32 - 2014-12-28 22:32 - 00000000 ____D () D:\Program Files\iPod
2014-12-28 22:32 - 2014-12-28 22:32 - 00000000 ____D () D:\Program Files\Common Files\Apple
2014-12-28 22:32 - 2014-12-28 22:32 - 00000000 ____D () D:\Program Files\Bonjour
2014-12-28 22:32 - 2014-12-28 22:32 - 00000000 ____D () D:\Program Files (x86)\Bonjour
2014-12-28 22:32 - 2014-12-28 22:32 - 00000000 ____D () D:\Program Files (x86)\Apple Software Update
2014-12-28 21:01 - 2014-12-28 21:03 - 122418480 _____ (Apple Inc.) C:\Users\Lucas\Desktop\iTunes64Setup.exe
2014-12-25 22:25 - 2014-12-25 22:25 - 09241788 _____ () C:\Users\Lucas\Documents\clip0005.avi
2014-12-23 00:52 - 2014-12-23 00:52 - 00000000 ____D () D:\Program Files\Microsoft Silverlight
2014-12-23 00:52 - 2014-12-23 00:52 - 00000000 ____D () D:\Program Files (x86)\Microsoft Silverlight
2014-12-23 00:52 - 2014-12-23 00:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-21 14:55 - 2015-01-16 16:17 - 00000000 ____D () C:\AdwCleaner
2014-12-21 14:42 - 2014-12-21 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-21 14:38 - 2014-12-21 14:37 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-12-21 14:37 - 2014-12-21 14:42 - 00001016 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-21 14:37 - 2014-12-21 14:37 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Avira
2014-12-21 14:36 - 2014-12-21 14:36 - 00001947 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-12-21 14:35 - 2014-12-21 14:42 - 00000000 ____D () D:\Program Files (x86)\Avira
2014-12-21 14:35 - 2014-12-21 14:37 - 00000000 ____D () C:\ProgramData\Avira
2014-12-21 14:35 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-12-21 14:35 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-12-21 14:35 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-12-17 13:14 - 2014-12-21 15:08 - 00000944 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-17 13:14 - 2014-12-17 13:14 - 00000000 ____D () D:\Program Files (x86)\Mozilla Maintenance Service
2014-12-17 12:58 - 2014-12-17 12:58 - 00000000 ____D () C:\ProgramData\Mozilla
2014-12-17 12:54 - 2014-12-17 12:54 - 00000000 ____D () C:\Users\Lucas\Desktop\Alte Firefox-Daten

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 19:25 - 2014-09-04 11:43 - 00000000 ____D () C:\Users\Lucas\AppData\Local\Adobe
2015-01-16 19:24 - 2014-07-19 20:50 - 00000000 ____D () C:\ProgramData\VMware
2015-01-16 19:24 - 2014-07-04 16:41 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-16 19:24 - 2014-06-21 23:39 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 19:24 - 2014-05-31 19:48 - 00029371 _____ () C:\Windows\setupact.log
2015-01-16 19:24 - 2010-11-21 04:47 - 00222760 _____ () C:\Windows\PFRO.log
2015-01-16 19:24 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-16 19:23 - 2014-05-31 15:00 - 01643825 _____ () C:\Windows\WindowsUpdate.log
2015-01-16 19:18 - 2014-05-31 20:46 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Skype
2015-01-16 18:50 - 2014-06-21 23:39 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 18:41 - 2014-09-07 01:39 - 00000000 ____D () D:\Program Files (x86)\Steam
2015-01-16 16:17 - 2009-07-14 05:45 - 00032704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 16:17 - 2009-07-14 05:45 - 00032704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 16:15 - 2011-04-12 08:43 - 00701372 _____ () C:\Windows\system32\perfh007.dat
2015-01-16 16:15 - 2011-04-12 08:43 - 00150038 _____ () C:\Windows\system32\perfc007.dat
2015-01-16 16:15 - 2009-07-14 06:13 - 01626502 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-16 16:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Speech
2015-01-16 16:08 - 2014-09-07 00:28 - 00000000 ____D () D:\Program Files\CamStudio 2.7
2015-01-15 16:22 - 2014-05-31 19:04 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-13 07:27 - 2009-07-14 05:45 - 00288384 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-12 23:17 - 2014-10-22 21:32 - 00000000 ____D () D:\Program Files (x86)\Movies
2015-01-12 22:09 - 2014-05-31 15:05 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\TeamViewer
2015-01-12 21:17 - 2014-05-31 19:04 - 00065200 _____ () C:\Users\Lucas\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-12 21:00 - 2014-05-31 20:04 - 00000000 ____D () C:\Users\Lucas\Desktop\Brauch isch net
2015-01-12 19:13 - 2014-05-31 19:44 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Adobe
2015-01-12 17:54 - 2014-05-31 14:59 - 00000000 ____D () C:\Users\Lucas
2015-01-11 22:20 - 2014-12-03 22:17 - 00001051 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-01-11 14:47 - 2014-07-28 19:24 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-11 14:45 - 2014-08-17 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-05 21:35 - 2014-05-31 19:10 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-05 21:35 - 2014-05-31 19:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-01 23:56 - 2014-09-27 20:49 - 00000000 ___RD () D:\Program Files (x86)\Skype
2015-01-01 23:56 - 2014-05-31 20:46 - 00000000 ____D () C:\ProgramData\Skype
2014-12-28 22:32 - 2014-07-06 14:10 - 00000000 ____D () C:\ProgramData\Apple
2014-12-26 17:59 - 2014-08-22 15:23 - 00001199 _____ () C:\Users\Public\Desktop\paint.net.lnk
2014-12-26 17:59 - 2014-05-31 19:46 - 00000896 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-12-25 13:39 - 2014-06-01 17:35 - 00000000 ____D () C:\Users\Lucas\AppData\Local\Battle.net
2014-12-25 13:36 - 2014-06-01 17:35 - 00000000 ____D () D:\Program Files (x86)\Battle.net
2014-12-24 16:19 - 2014-08-26 13:35 - 00000000 ____D () C:\Windows\pss
2014-12-21 15:08 - 2014-06-21 23:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-21 15:08 - 2014-05-31 16:03 - 00000944 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-21 15:08 - 2014-05-31 14:59 - 00001025 _____ () C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-21 15:08 - 2014-05-31 14:59 - 00000989 _____ () C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-12-21 14:42 - 2014-05-31 18:09 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-17 13:20 - 2014-12-09 18:10 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2
2014-12-17 13:20 - 2014-07-06 17:58 - 00000000 ____D () C:\Users\Zweiter Versuch
2014-12-17 13:20 - 2014-07-06 14:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-12-17 13:20 - 2014-06-14 22:26 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\puush
2014-12-17 13:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-12-17 13:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-17 13:15 - 2014-05-31 16:03 - 00000000 ____D () D:\Program Files (x86)\Mozilla Firefox
2014-12-17 12:58 - 2014-12-11 21:56 - 00000000 ____D () D:\Program Files (x86)\LOLReplay

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 19:42

==================== End Of Log ============================

C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\update\update.exe.vir    a variant of Win32/ELEX.BD potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\D\Program Files (x86)\Search Extensions\Client.exe.vir    a variant of MSIL/Adware.iBryte.F application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\D\Program Files (x86)\Search Extensions\uninstall.exe.vir    a variant of MSIL/Adware.iBryte.N application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\D\Program Files (x86)\WinZipper\TrayDownloader.exe.vir    Win32/ELEX.BF potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\D\Program Files (x86)\WinZipper\winzipersvc.exe.vir    a variant of Win32/ELEX.Y potentially unwanted application    deleted - quarantined
C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\l0v1z4ra.default\extensions\detgdp@gmail.com\chrome\content\js\epurls.js    JS/Trackware.Agent.A potentially unwanted application    deleted - quarantined
C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\l0v1z4ra.default\extensions\detgdp@gmail.com\chrome\content\js\inject.js    JS/Trackware.Agent.A potentially unwanted application    deleted - quarantined
C:\Users\Lucas\AppData\Roaming\RefBoost\App\RefBoost.exe    a variant of MSIL/Packed.Confuser.N potentially unwanted application    deleted - quarantined
D:\Program Files (x86)\Bandicam - CHIP-Installer.exe    a variant of Win32/DownloadSponsor.C potentially unwanted application    deleted - quarantined
D:\Program Files (x86)\Camtasia Studio - CHIP-Installer.exe    a variant of Win32/DownloadSponsor.C potentially unwanted application    deleted - quarantined
D:\Program Files (x86)\CopyTrans Manager - CHIP-Installer.exe    a variant of Win32/DownloadSponsor.C potentially unwanted application    deleted - quarantined
D:\Program Files (x86)\Finestra Virtual Desktops - CHIP-Installer.exe    a variant of Win32/DownloadSponsor.C potentially unwanted application    deleted - quarantined
D:\Program Files (x86)\Mumble - CHIP-Installer.exe    a variant of Win32/DownloadSponsor.C potentially unwanted application    deleted - quarantined
D:\Program Files (x86)\paint.net.lnk.exe    a variant of Win32/DownloadSponsor.C potentially unwanted application    deleted - quarantined
D:\Program Files (x86)\Sandboxie - CHIP-Installer.exe    a variant of Win32/DownloadSponsor.C potentially unwanted application    deleted - quarantined
D:\Program Files (x86)\Sony Vegas Pro - CHIP-Installer.exe    a variant of Win32/DownloadSponsor.C potentially unwanted application    deleted - quarantined
D:\Program Files (x86)\TrackMania_-Canyon-lnstall.exe    a variant of Win32/WinloadSDA.D potentially unwanted application    deleted - quarantined
D:\Program Files (x86)\RefBoost_Loader\RefBoost Loader\RefBoost.exe    a variant of MSIL/Packed.Confuser.J potentially unwanted application    deleted - quarantined
E:\Downloads\BlueStacks App Player - CHIP-Installer.exe    a variant of Win32/DownloadSponsor.C potentially unwanted application    deleted - quarantined
E:\Downloads\BlueStacks036_AppPlayer-Beta - CHIP-Installer.exe    a variant of Win32/DownloadSponsor.C potentially unwanted application    deleted - quarantined
E:\Downloads\CopyTrans Manager - CHIP-Installer.exe    a variant of Win32/DownloadSponsor.C potentially unwanted application    deleted - quarantined
E:\Downloads\grooveshark_unlocker-1.3.6-fx.xpi - CHIP-Installer.exe    a variant of Win32/DownloadSponsor.C potentially unwanted application    deleted - quarantined
E:\Downloads\iDevice Manager iPhone Explorer - CHIP-Installer.exe    a variant of Win32/DownloadSponsor.C potentially unwanted application    deleted - quarantined
E:\Downloads\VMware-workstation-full-10.0.2-1744117_CB-DL-Manager.exe    a variant of Win32/InstallCore.PK potentially unwanted application    deleted - quarantined
E:\Downloads\vmware-workstation_setup.exe    a variant of Win32/InstallCore.PK potentially unwanted application    deleted - quarantined
E:\Downloads\Windows_XP_2003_eXPerience_Edition_October_2011.exe    Win32/AdWare.1ClickDownload.AT application    cleaned by deleting - quarantined
 



#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,011 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:14 AM

Posted 16 January 2015 - 02:37 PM

What's with Step 4? How is your system running? :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 poliborti

poliborti
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 17 January 2015 - 07:08 AM

Es geht ja nur um den Fehler da oben, der ist immer noch da..






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users