| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: tbhcn im Autostart - Systemstart sehr langsamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.01.2015, 09:48
| #1 |
 |  tbhcn im Autostart - Systemstart sehr langsam Hallo liebes Team, nachdem mein Rechner beim System-Start seit knapp ner Woche deutlich länger braucht, hab ich mich mal ins MSconfig begeben und bin, wie der Titel schon sagt, über tbhcn gestolpert. Nachdem ich ein wenig bei Google und auch auf eurem Board gestöbert hab, glaub ich nun, dass mein PC doch mehr Hilfe braucht, als ich dachte. Ich weiß nicht, ob da ein Zusammenhang besteht, aber weitere "Auffälligkeiten" sind eine fehlerhafte Netzwerk-Verbindung im Heimnetz und ein recht schnelles Warmwerden des Geräts (Lüfter laufen beide ruhig und sind staubfrei...). Ich würde mich über Unterstützung eurerseits sehr freuen. Vielen Dank schon mal und Grüße Pfälzer zum System: Vista Home Premium (SP 2) 64-Bit Version Pentium Dual-Core 2.5 GHz FRST + Addition Logfile siehe unten GMER Log siehe unten FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015
Ran by Pfälzer (administrator) on PFAELZER-PC on 05-01-2015 08:37:57
Running from C:\Users\Pfälzer_2\Desktop
Loaded Profiles: Pfälzer & Pfälzer_2 (Available profiles: Pfälzer & Pfälzer_2)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Egis Incorporated) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Akamai Technologies, Inc.) C:\Users\Pfälzer_2\AppData\Local\Akamai\netsession_win.exe
(Egis inc.) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
() C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
(Egis Incorporated) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Akamai Technologies, Inc.) C:\Users\Pfälzer_2\AppData\Local\Akamai\netsession_win.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
(NewTech InfoSystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PSIService.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
() C:\Users\Pfälzer\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
() C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe
() C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
() C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\msconfig.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
() C:\Program Files (x86)\Opera\26.0.1656.60\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [eDataSecurity Loader] => C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe [561200 2008-07-29] (Egis Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6456352 2008-08-19] (Realtek Semiconductor)
HKLM\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [6144 2008-10-14] (Acer)
HKLM\...\Run: [Ocs_SM] => C:\Users\Pfälzer\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2013-01-23] (OCS)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-08-19] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [BkupTray] => C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-25] ()
HKLM-x32\...\Run: [eRecoveryService] => [X]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [SiteAdvisor] => C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe [36640 2007-08-24] ()
HKLM-x32\...\Run: [PCMMediaSharing] => C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [204908 2008-05-20] ()
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2771533323-571298105-790965156-1000\...\Run: [EADM] => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
HKU\S-1-5-21-2771533323-571298105-790965156-1000\...\RunOnce: [Adobe Speed Launcher] => 1418286825
HKU\S-1-5-21-2771533323-571298105-790965156-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_246_Plugin.exe -update plugin
HKU\S-1-5-21-2771533323-571298105-790965156-1000\...\MountPoints2: {c87d3439-3dff-11e1-8434-806e6f6e6963} - E:\setup.exe
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Run: [EPSON Stylus SX200 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE [221696 2007-12-13] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Run: [EPSON Stylus SX200 Series (Kopie 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE [221696 2007-12-13] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2012-01-13] (Google Inc.)
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Pfälzer_2\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\MountPoints2: {259b995f-c6f5-11e3-9ea5-0021973d8779} - H:\LaunchU3.exe -a
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\MountPoints2: {950edf81-e700-11e2-b0e8-0021973d8779} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\MountPoints2: {950edfa5-e700-11e2-b0e8-0021973d8779} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\MountPoints2: {c87d3439-3dff-11e1-8434-806e6f6e6963} - E:\SETUP.EXE
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\Pfälzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk
ShortcutTarget: tbhcn.lnk -> C:\Users\Pfälzer\AppData\Roaming\GinyasBrowserCompanion\tbhcn.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll (Egis Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
HKU\S-1-5-21-2771533323-571298105-790965156-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchplusnetwork.com/?sp=st3
HKU\S-1-5-21-2771533323-571298105-790965156-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
HKU\S-1-5-21-2771533323-571298105-790965156-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com
HKU\S-1-5-21-2771533323-571298105-790965156-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKU\S-1-5-21-2771533323-571298105-790965156-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
HKU\S-1-5-21-2771533323-571298105-790965156-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-2771533323-571298105-790965156-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.searchplusnetwork.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E736561726368706C75736E6574776F726B2E636F6D2F3F73703D73743326713D7B7365617263685465726D737D&st={searchTerms}&clid=4494c650-9563-46e4-b154-a0e4353fc7c1&pid=netzwelt&k=0
SearchScopes: HKU\S-1-5-21-2771533323-571298105-790965156-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.searchplusnetwork.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E736561726368706C75736E6574776F726B2E636F6D2F3F73703D73743326713D7B7365617263685465726D737D&st={searchTerms}&clid=4494c650-9563-46e4-b154-a0e4353fc7c1&pid=netzwelt&k=0
SearchScopes: HKU\S-1-5-21-2771533323-571298105-790965156-1000 -> {2A1B955A-4646-4D87-A640-2BC57AE252B4} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=4494c650-9563-46e4-b154-a0e4353fc7c1&pid=netzwelt&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-2771533323-571298105-790965156-1000 -> {67422884-1358-4E32-B7AB-25865C493D0A} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=4494c650-9563-46e4-b154-a0e4353fc7c1&pid=netzwelt&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-2771533323-571298105-790965156-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F736F7572636569643D69653726713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26726C7A3D31493741434157&st={searchTerms}&clid=4494c650-9563-46e4-b154-a0e4353fc7c1&pid=netzwelt&k=0
SearchScopes: HKU\S-1-5-21-2771533323-571298105-790965156-1000 -> {B6176FF5-657B-4AF4-A557-216BABA693C1} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=4494c650-9563-46e4-b154-a0e4353fc7c1&pid=netzwelt&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-2771533323-571298105-790965156-1000 -> {B9A003B2-0991-40BE-9992-696A9AC45306} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=4494c650-9563-46e4-b154-a0e4353fc7c1&pid=netzwelt&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-2771533323-571298105-790965156-1000 -> {DAB60EDB-A5EE-463C-94D5-4285892FC833} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=4494c650-9563-46e4-b154-a0e4353fc7c1&pid=netzwelt&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-2771533323-571298105-790965156-1000 -> {F21CB645-2713-4FEF-A068-0B4C80AFA424} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=4494c650-9563-46e4-b154-a0e4353fc7c1&pid=netzwelt&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-2771533323-571298105-790965156-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Toolbar: HKLM-x32 - No Name - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2771533323-571298105-790965156-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2771533323-571298105-790965156-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAd64.dll ()
Handler-x32: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.dll ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-01-13]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-19]
FF HKU\S-1-5-19\...\Firefox\Extensions: [{1650a312-02bc-40ee-977e-83f158701739}] - C:\Program Files (x86)\SiteAdvisor\6172\FF
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\SiteAdvisor\6172\FF [2008-10-31]
FF HKU\S-1-5-20\...\Firefox\Extensions: [{1650a312-02bc-40ee-977e-83f158701739}] - C:\Program Files (x86)\SiteAdvisor\6172\FF
Chrome:
=======
CHR Profile: C:\Users\Pfälzer\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-06]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-06] (AVAST Software)
R2 BUNAgentSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 eDataSecurity Service; C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [500784 2008-07-29] (Egis Incorporated)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-08-19] () [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 NTIBackupSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] () [File not signed]
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [174656 2006-11-02] () [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [241734 2008-06-13] () [File not signed]
R2 SearchAnonymizer; C:\Users\Pfälzer\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2013-01-23] () [File not signed]
R2 SiteAdvisor Service; C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe [341280 2008-10-31] ()
R2 WiselinkPro; C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [3007488 2010-02-17] () [File not signed]
S4 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
S4 Partner Service; "C:\ProgramData\Partner\partner.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-06] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-12-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-06] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-12-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-06] ()
S3 hugoio64; C:\Windows\system32\drivers\hugoio64.sys [13920 2014-12-03] ()
S3 ITEIO.SYS; c:\Windows\System32\drivers\ITEIO.sys [13144 2008-02-25] (Windows (R) Codename Longhorn DDK provider) [File not signed]
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [22064 2008-07-29] (Egis Incorporated)
R2 PSDNServ; C:\Windows\System32\DRIVERS\PSDNServ.sys [21040 2008-07-29] (Egis Incorporated)
R2 psdvdisk; C:\Windows\System32\DRIVERS\PSDVdisk.sys [60976 2008-07-29] (Egis Incorporated)
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-05 08:38 - 2015-01-05 08:38 - 00380416 _____ () C:\Users\Pfälzer_2\Desktop\Gmer-19357.exe
2015-01-05 08:37 - 2015-01-05 08:38 - 00027302 _____ () C:\Users\Pfälzer_2\Desktop\FRST.txt
2015-01-05 08:37 - 2015-01-05 08:37 - 02123776 _____ (Farbar) C:\Users\Pfälzer_2\Desktop\FRST64.exe
2015-01-05 06:15 - 2015-01-05 07:16 - 367001600 _____ () C:\Users\Pfälzer_2\Desktop\cpe3dwdf.part3.rar
2015-01-04 09:25 - 2015-01-04 10:39 - 367001600 _____ () C:\Users\Pfälzer_2\Desktop\cpe3dwdf.part2.rar
2015-01-04 09:18 - 2015-01-05 08:14 - 00004700 _____ () C:\Windows\PFRO.log
2015-01-03 13:18 - 2015-01-03 13:18 - 00000000 ____H () C:\Users\Pfälzer_2\Documents\Default.rdp
2015-01-03 12:09 - 2015-01-03 12:09 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-03 12:09 - 2015-01-03 12:09 - 00000000 _____ () C:\Windows\setupact.log
2015-01-03 12:01 - 2015-01-03 12:03 - 00000000 ____D () C:\Users\Pfälzer\Silvester 2014
2015-01-03 12:00 - 2015-01-03 12:01 - 00000000 ____D () C:\Users\Pfälzer\Weihnachten 2014
2014-12-30 08:45 - 2014-12-30 09:02 - 367001600 _____ () C:\Users\Pfälzer_2\Desktop\cpe3dwdf.part1.rar
2014-12-29 14:09 - 2012-09-26 00:39 - 00000000 ____D () C:\Users\Pfälzer_2\Desktop\Christopher Paolini - Eragon 2 - Der Auftrag des Ältesten
2014-12-29 13:23 - 2014-12-29 13:23 - 00000219 _____ () C:\Users\Pfälzer_2\Desktop\Counter-Strike Condition Zero Deleted Scenes.url
2014-12-29 13:23 - 2014-12-29 13:23 - 00000218 _____ () C:\Users\Pfälzer_2\Desktop\Counter-Strike.url
2014-12-29 13:23 - 2014-12-29 13:23 - 00000218 _____ () C:\Users\Pfälzer_2\Desktop\Counter-Strike Condition Zero.url
2014-12-29 13:22 - 2014-12-29 13:22 - 00000018 _____ () C:\Users\Pfälzer_2\Desktop\cs.txt
2014-12-29 12:16 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-12-29 12:16 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-12-29 12:16 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-12-29 12:16 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-12-29 12:16 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-12-29 12:16 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-12-29 12:13 - 2014-12-29 12:13 - 00464426 _____ () C:\Users\Pfälzer\AppData\Local\dd_vcredistMSI7AA9.txt
2014-12-29 12:13 - 2014-12-29 12:13 - 00012562 _____ () C:\Users\Pfälzer\AppData\Local\dd_vcredistUI7AA9.txt
2014-12-29 12:12 - 2014-12-29 12:13 - 00382682 _____ () C:\Users\Pfälzer\AppData\Local\dd_vcredistMSI7A9C.txt
2014-12-29 12:12 - 2014-12-29 12:13 - 00012226 _____ () C:\Users\Pfälzer\AppData\Local\dd_vcredistUI7A9C.txt
2014-12-26 09:56 - 2014-12-26 14:41 - 00000000 ____D () C:\Icons
2014-12-23 20:11 - 2014-12-23 20:11 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-21 17:01 - 2014-12-21 17:01 - 00000000 ____D () C:\Users\Pfälzer_2\Documents\Sniper - Ghost Warrior
2014-12-21 15:36 - 2014-12-29 13:23 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-21 15:36 - 2014-12-21 15:36 - 00000221 _____ () C:\Users\Pfälzer_2\Desktop\Sniper Ghost Warrior.url
2014-12-21 15:11 - 2015-01-03 10:04 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-21 15:11 - 2014-12-21 15:28 - 00000806 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-12-21 15:11 - 2014-12-21 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-19 11:00 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-12-19 11:00 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-12-19 11:00 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2014-12-19 11:00 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-12-19 11:00 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-12-19 11:00 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-12-19 11:00 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-12-19 11:00 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-12-19 11:00 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-12-19 11:00 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-12-19 11:00 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-12-19 11:00 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-12-19 11:00 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-12-19 10:37 - 2014-12-19 10:37 - 00507156 _____ () C:\Users\Pfälzer\AppData\Local\dd_vcredistMSI23FF.txt
2014-12-19 10:37 - 2014-12-19 10:37 - 00018412 _____ () C:\Users\Pfälzer\AppData\Local\dd_vcredistUI23FF.txt
2014-12-17 17:08 - 2014-12-17 17:09 - 00000510 _____ () C:\Windows\WORDPAD.INI
2014-12-17 11:13 - 2014-12-17 11:13 - 00002260 _____ () C:\Users\Public\Desktop\TriDef 3D.lnk
2014-12-17 11:13 - 2014-12-17 11:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TriDef 3D
2014-12-17 11:13 - 2014-12-17 11:13 - 00000000 ____D () C:\ProgramData\TriDef 3D
2014-12-17 11:12 - 2014-12-17 11:13 - 00000000 ____D () C:\Program Files (x86)\TriDef 3D
2014-12-14 08:45 - 2014-12-14 08:45 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\eSobi
2014-12-14 08:25 - 2014-12-14 08:25 - 00000000 ____D () C:\Users\Pfälzer\AppData\Local\Microsoft Corporation
2014-12-14 08:22 - 2014-12-14 08:22 - 00002042 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2014-12-14 08:22 - 2014-12-14 08:22 - 00002030 _____ () C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
2014-12-14 08:22 - 2014-12-14 08:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor
2014-12-13 09:01 - 2014-12-13 09:03 - 229101096 _____ () C:\Users\Pfälzer_2\Desktop\Rossmann_Fotosoftware_Setup.exe
2014-12-11 05:56 - 2014-12-11 05:57 - 32021112 _____ (NVIDIA Corporation) C:\Users\Pfälzer_2\Desktop\GeForce_Experience_v2.1.4.0.exe
2014-12-10 05:02 - 2014-11-07 02:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 05:02 - 2014-11-07 02:28 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 05:02 - 2014-11-04 01:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 05:02 - 2014-11-04 01:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 05:00 - 2014-12-03 03:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-10 05:00 - 2014-12-03 02:51 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-10 04:50 - 2014-11-24 23:12 - 17874432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 04:50 - 2014-11-24 22:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 04:50 - 2014-11-24 22:54 - 10921984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 04:50 - 2014-11-24 22:53 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 04:50 - 2014-11-24 22:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 04:50 - 2014-11-24 22:47 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 04:50 - 2014-11-24 22:45 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 04:50 - 2014-11-24 22:45 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-10 04:50 - 2014-11-24 22:45 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 04:50 - 2014-11-24 22:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-10 04:50 - 2014-11-24 22:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 04:50 - 2014-11-24 22:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 04:50 - 2014-11-24 22:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-10 04:50 - 2014-11-24 22:42 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 04:50 - 2014-11-24 21:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-10 04:50 - 2014-11-24 21:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 04:50 - 2014-11-24 21:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 04:50 - 2014-11-24 21:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 04:50 - 2014-11-24 21:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 04:50 - 2014-11-24 21:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 04:50 - 2014-11-24 21:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 04:50 - 2014-11-24 21:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-10 04:50 - 2014-11-24 21:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 04:50 - 2014-11-24 21:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-10 04:50 - 2014-11-24 21:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 04:50 - 2014-11-24 21:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 04:50 - 2014-11-24 21:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-10 04:50 - 2014-11-24 21:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 04:50 - 2014-11-24 21:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-10 04:50 - 2014-11-24 21:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 04:50 - 2014-11-24 21:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 04:50 - 2014-11-24 21:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 04:50 - 2014-11-24 21:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 04:50 - 2014-11-24 21:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 04:50 - 2014-11-24 21:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-10 04:50 - 2014-11-24 21:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-12-09 07:26 - 2014-12-25 04:11 - 00000126 _____ () C:\Users\Pfälzer_2\Desktop\link.txt
2014-12-06 17:11 - 2014-12-06 17:11 - 00001691 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-06 17:10 - 2014-12-06 17:10 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-06 17:10 - 2014-12-06 17:10 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-05 08:38 - 2014-09-15 15:26 - 00000000 ____D () C:\FRST
2015-01-05 08:21 - 2006-11-02 16:22 - 00005264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-05 08:21 - 2006-11-02 16:22 - 00005264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-05 08:19 - 2012-10-17 10:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-05 08:18 - 2012-01-13 17:03 - 02055223 _____ () C:\Windows\WindowsUpdate.log
2015-01-05 08:15 - 2013-10-13 13:15 - 00000300 _____ () C:\Windows\Tasks\Dealply.job
2015-01-05 08:14 - 2012-10-31 16:08 - 89972443 _____ () C:\Windows\SysWOW64\http_ss.log
2015-01-05 08:14 - 2012-01-14 15:27 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-05 08:14 - 2012-01-13 17:25 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2015-01-05 08:14 - 2008-10-31 20:05 - 00746216 _____ () C:\Users\Public\eDSMSNLoader32.log
2015-01-05 08:14 - 2008-10-31 20:00 - 00000147 _____ () C:\Windows\SysWOW64\agent.log
2015-01-05 08:14 - 2006-11-02 16:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-05 08:13 - 2006-11-02 16:42 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-05 08:11 - 2012-01-14 15:27 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-05 08:08 - 2012-07-06 10:07 - 00000000 ____D () C:\Windows\pss
2015-01-05 07:24 - 2012-01-15 04:25 - 00018426 _____ () C:\Users\Pfälzer_2\AppData\Roaming\wklnhst.dat
2015-01-05 06:12 - 2013-03-19 15:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-03 12:04 - 2012-01-13 17:16 - 00000000 ____D () C:\Users\Pfälzer
2015-01-03 09:01 - 2012-01-14 18:16 - 00000000 ___RD () C:\Users\Pfälzer_2\Desktop\Haushaltsführung
2015-01-03 07:46 - 2012-01-14 05:21 - 00055592 _____ () C:\Windows\system32\spsys.log
2014-12-30 08:28 - 2008-01-21 12:10 - 01598440 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-30 08:28 - 2008-01-21 12:09 - 00684500 _____ () C:\Windows\system32\perfh007.dat
2014-12-30 08:28 - 2008-01-21 12:09 - 00150808 _____ () C:\Windows\system32\perfc007.dat
2014-12-29 14:13 - 2013-03-20 17:26 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-12-29 12:16 - 2014-11-11 08:14 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-29 11:16 - 2012-10-17 10:30 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-29 11:16 - 2012-05-07 15:45 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-29 11:16 - 2012-01-14 17:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-29 11:15 - 2014-10-18 08:52 - 00000000 ____D () C:\Users\Pfälzer\AppData\Local\Adobe
2014-12-29 07:43 - 2012-01-28 09:27 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\vlc
2014-12-26 14:41 - 2012-01-24 07:25 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\Corel
2014-12-26 14:41 - 2012-01-14 18:21 - 00000000 ___RD () C:\Users\Pfälzer_2\Desktop\Privat
2014-12-26 14:34 - 2012-01-24 07:25 - 00000848 ___SH () C:\Windows\SysWOW64\KGyGaAvL.sys
2014-12-26 14:34 - 2012-01-24 07:25 - 00000000 ____D () C:\Users\Pfälzer_2\Documents\My PSP Files
2014-12-26 10:43 - 2013-11-07 07:41 - 00000000 ___RD () C:\Users\Pfälzer_2\Desktop\M F&R
2014-12-26 10:36 - 2012-11-02 17:16 - 00000000 ___RD () C:\Users\Pfälzer_2\Desktop\mf-online
2014-12-26 10:35 - 2013-01-05 09:37 - 00000000 ___RD () C:\Users\Pfälzer_2\Desktop\Steffi Arbeit
2014-12-26 10:35 - 2012-01-14 18:14 - 00000000 ___RD () C:\Users\Pfälzer_2\Desktop\Arbeit
2014-12-26 10:18 - 2012-01-16 04:16 - 00000000 ___RD () C:\Users\Pfälzer_2\Dropbox
2014-12-26 10:18 - 2012-01-16 04:14 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\Dropbox
2014-12-25 04:11 - 2012-01-17 18:06 - 00073728 _____ () C:\Users\Pfälzer_2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-19 10:50 - 2012-05-08 04:04 - 00000000 ____D () C:\Users\Pfälzer_2\Documents\My Games
2014-12-19 10:33 - 2008-10-31 19:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-18 06:41 - 2012-01-13 19:53 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-12-16 05:53 - 2013-10-13 12:28 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\NVIDIA
2014-12-14 08:56 - 2014-07-27 11:00 - 00000000 ____D () C:\Users\Pfälzer_2\Desktop\Neue Bib
2014-12-14 08:47 - 2008-10-31 20:05 - 00000000 ____D () C:\Program Files (x86)\Acer GameZone
2014-12-14 08:46 - 2008-10-31 20:17 - 00000000 ____D () C:\Program Files (x86)\eSobi
2014-12-14 08:17 - 2012-01-14 05:14 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-12-14 08:17 - 2012-01-14 05:11 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-13 09:17 - 2012-01-14 04:32 - 00000000 ____D () C:\Program Files (x86)\Corel
2014-12-13 06:22 - 2012-02-03 19:15 - 00004353 _____ () C:\Windows\wininit.ini
2014-12-13 06:22 - 2012-01-16 04:16 - 00000976 _____ () C:\Users\Pfälzer_2\Desktop\Dropbox.lnk
2014-12-13 06:22 - 2012-01-16 04:15 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-12 08:32 - 2014-06-17 06:17 - 00002021 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 05:54 - 2012-01-13 20:09 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-10 07:16 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\rescache
2014-12-10 05:10 - 2013-08-14 04:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 05:03 - 2006-11-02 13:35 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-09 07:27 - 2012-01-13 20:20 - 00000000 ____D () C:\Users\Pfälzer_2
2014-12-06 17:10 - 2014-05-18 03:01 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys
Files to move or delete:
====================
C:\ProgramData\pswi_preloaded.exe
Some content of TEMP:
====================
C:\Users\Pfälzer\AppData\Local\Temp\Medal of Honor_uninst.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-05 08:20
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2015
Ran by Pfälzer at 2015-01-05 08:38:54
Running from C:\Users\Pfälzer_2\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acer Arcade Live Main Page (HKLM-x32\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.1.1819 - Acer Inc.)
Acer DV Magician (HKLM-x32\...\{F6EFFB76-4A07-11DA-9D78-000129760D75}) (Version: 1.5.1730 - Acer Inc.)
Acer DVDivine (HKLM-x32\...\{B145EC69-66F5-11D8-9D75-000129760D75}) (Version: 3.2.1730 - Acer Inc.)
Acer eDataSecurity Management (HKLM-x32\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 3.0.3065 - Egis Inc.)
Acer Empowering Technology (HKLM-x32\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3010 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.0.3014 - Acer Incorporated)
Acer eSettings Management (HKLM-x32\...\{13D85C14-2B85-419F-AC41-C7F21E68B25D}) (Version: 3.0.3007 - Acer Incorporated)
Acer GameZone Console DTV 2.0.1.1 (HKLM-x32\...\Acer GameZone Console_is1) (Version: - Oberon Media, Inc.)
Acer HomeMedia (HKLM-x32\...\{AA4BF92B-2AAF-11DA-9D78-000129760D75}) (Version: 1.5.0530 - Acer Inc.)
Acer HomeMedia Connect (HKLM-x32\...\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}) (Version: 1.4.5330 - Acer Inc.)
Acer HomeMedia Trial Creator (HKLM-x32\...\{B580C409-E16F-44FF-904D-3AE94E113BE0}) (Version: 1.5.0530 - Acer Inc.)
Acer Product Registration (HKLM-x32\...\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}) (Version: 3.0.0.8 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 4.01.0718 - Acer Incorporated)
Acer SlideShow DVD (HKLM-x32\...\{41581EF5-45A7-11DA-9D78-000129760D75}) (Version: 1.5.1730 - Acer Inc.)
Acer VideoMagician (HKLM-x32\...\{F79A208D-D929-11D9-9D77-000129760D75}) (Version: 1.4.2203 - Acer Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Agatha Christie Death on the Nile (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}) (Version: - Oberon Media)
Akamai NetSession Interface (HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version: - Oberon Media)
ANNO 1404 - Königsedition (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Any Video Converter 5.0.9 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Azada (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}) (Version: - Oberon Media)
Big Kahuna Reef (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}) (Version: - Oberon Media)
Bricks of Egypt (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}) (Version: - Oberon Media)
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
calibre 64bit (HKLM\...\{1266D026-FDCA-458F-8849-BF23EF0766D8}) (Version: 1.28.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 3.10 - Piriform)
Chicken Invaders 3 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}) (Version: - Oberon Media)
Content Manager 2 (HKLM-x32\...\Content Manager 2) (Version: 3.18.0.342250 - NNG Llc.)
Corel Paint Shop Pro Photo XI (HKLM-x32\...\{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}) (Version: 11.20.0000 - Corel Corporation)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version: - Valve)
Counter-Strike: Condition Zero Deleted Scenes (HKLM-x32\...\Steam App 100) (Version: - Valve)
Diner Dash Flo on the Go (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}) (Version: - Oberon Media)
Dropbox (HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
EPSON Easy Photo Print (HKLM-x32\...\{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}) (Version: 1.5.1.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EPSON Stylus SX200 Series Printer Uninstall (HKLM\...\EPSON Stylus SX200 Series) (Version: - SEIKO EPSON Corporation)
EPSON Stylus SX200_SX400_TX200_TX400 Handbuch (HKLM-x32\...\EPSON Stylus SX200_SX400_TX200_TX400 Benutzerhandbuch) (Version: - )
Fotosizer 2.05 (HKLM-x32\...\Fotosizer) (Version: 2.05.0.536 - Fotosizer.com)
Free M4a to MP3 Converter 8.2 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Free Video Converter V 3.1 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.1.0.0 - Koyote Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hamster Free Video Converter (HKLM-x32\...\{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1) (Version: 2.5.2.33 - Hamster Soft)
i-Menu 3.9 (HKLM-x32\...\i-Menu_is1) (Version: - AOC)
IPTInstaller (HKLM-x32\...\{6965F2F4-1CD2-4F42-A8EF-9EF433F9AA72}) (Version: 4.0.4 - HTC)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Jewel Quest Solitaire (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}) (Version: - Oberon Media)
Kick N Rush (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}) (Version: - Oberon Media)
Kobo (HKLM-x32\...\Kobo) (Version: 3.5.0 - Kobo Inc.)
LightScribe 1.4.142.1 (x32 Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
MAGIX Filme auf CD & DVD 6 (D) (HKLM-x32\...\MAGIX Filme auf CD & DVD 6 D) (Version: 6.0.0.29 - MAGIX AG)
MAGIX Goya burnR (D) (HKLM-x32\...\MAGIX Goya burnR D) (Version: 1.3.0.7 - MAGIX AG)
MAGIX Online Druck Service (D) (HKLM-x32\...\MAGIX Online Druck Service D) (Version: 2.3.2.0 - MAGIX AG)
Mahjong Escape Ancient China (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version: - Oberon Media)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft FrontPage 2000 (HKLM-x32\...\{00120407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft GIF Animator (HKLM-x32\...\GIF Animator) (Version: - )
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
MixPad (HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\MixPad) (Version: - NCH Software)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery Case Files - Huntsville (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}) (Version: - Oberon Media)
Mystery Solitaire - Secret Island (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}) (Version: - Oberon Media)
Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - Nav N Go Ltd.)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI JewelCase Maker Hot Fix (HKLM-x32\...\InstallShield_{DDA223A7-627F-4173-9CA4-A9C531BCBB62}) (Version: 5.5.0.5202 - NewTech Infosystems)
NTI JewelCase Maker Hot Fix (x32 Version: 5.5.0.5202 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.2.6329 - NewTech Infosystems) Hidden
NTI Photo Maker Hot Fix (HKLM-x32\...\InstallShield_{B9B02A9E-8074-4C3F-AAE5-311528F34FED}) (Version: 2.0.0.16 - NewTech Infosystems)
NTI Photo Maker Hot Fix (x32 Version: 2.0.0.16 - NewTech Infosystems) Hidden
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Opera Stable 26.0.1656.60 (HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Opera 26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA)
PE585QAEncoder-64 (HKLM\...\{D8B2C435-8737-431E-8784-24CD13B0B821}) (Version: 6.00.1918 - YUAN)
Pflanzen gegen Zombies (HKLM-x32\...\Pflanzen gegen Zombies) (Version: - PopCap Games)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5688 - Realtek Semiconductor Corp.)
Remote Camera Control (HKLM-x32\...\{9EF84A20-DCF9-4946-9318-69995258AF00}) (Version: 3.2.10170 - Sony Corporation)
Rossmann Fotowelt Software 4.12.1 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.12.1 - ORWO Net)
SAMSUNG PC Share Manager (HKLM-x32\...\InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}) (Version: 2.3.0 - SAMSUNG)
SAMSUNG PC Share Manager (x32 Version: 2.3.0 - SAMSUNG) Hidden
SearchAnonymizer (HKLM\...\SearchAnonymizer) (Version: 1.0.1 (de) - )
Sniper: Ghost Warrior (HKLM-x32\...\Steam App 34830) (Version: - City Interactive)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Switch Sound File Converter (HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Switch) (Version: - NCH Software)
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version: - (c) 2006-2011, Tom Thielicke IT Solutions)
TriDef 3D (AOC Monitor) 1.2.1 (HKLM-x32\...\experience-aoc-mon-bundle) (Version: 1.2.1 - Dynamic Digital Depth Australia Pty Ltd)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Turbo Pizza (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}) (Version: - Oberon Media)
Ulead GIF Animator 5 Test (HKLM-x32\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version: - )
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WavePad Sound Editor (HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\WavePad) (Version: - NCH Software)
Windows 7 Upgrade Advisor (HKLM-x32\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Zuma Deluxe (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}) (Version: - Oberon Media)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
13-12-2014 06:25:03 Windows Update
14-12-2014 07:27:47 Gerätetreiber-Paketinstallation: NVIDIA Mäuse und andere Zeigegeräte
14-12-2014 08:22:06 Windows 7 Upgrade Advisor wird installiert
14-12-2014 08:45:53 Entfernt eSobi v2
15-12-2014 09:33:24 Geplanter Prüfpunkt
16-12-2014 05:50:09 Installiert Prey
17-12-2014 06:25:06 Windows Update
18-12-2014 14:57:17 Geplanter Prüfpunkt
19-12-2014 10:33:23 Entfernt Prey
19-12-2014 10:38:21 Installed ProductName from default.wxl
19-12-2014 10:48:50 Installed ProductName from default.wxl
19-12-2014 10:57:48 DirectX wurde installiert
19-12-2014 11:01:05 Steam wird installiert
19-12-2014 11:09:17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 wurde entfernt.
19-12-2014 11:11:19 Microsoft Visual C++ 2005 Redistributable wird entfernt
19-12-2014 11:15:51 Steam wird entfernt
21-12-2014 15:05:39 DirectX wurde installiert
21-12-2014 15:09:36 Microsoft Visual C++ 2005 Redistributable wird installiert
21-12-2014 15:10:39 Steam wird installiert
23-12-2014 07:03:33 Windows Update
24-12-2014 15:33:15 Geplanter Prüfpunkt
26-12-2014 08:32:07 Windows Update
28-12-2014 22:54:41 Geplanter Prüfpunkt
29-12-2014 12:13:34 DirectX wurde installiert
30-12-2014 08:26:13 Geplanter Prüfpunkt
03-01-2015 07:52:53 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 13:34 - 2006-09-18 22:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0292117E-2CF8-45E7-BA12-701BB8CB6FE5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {16FA7BEE-227F-4A8A-AE4F-C83FEBA47D10} - System32\Tasks\NCH Software\SwitchDowngrade => C:\Users\Pfälzer_2\AppData\Roaming\NCH Software\Program Files\Switch\switch.exe [2013-04-03] (NCH Software)
Task: {482C9865-53C6-45A3-B2EC-2F9EC33A00AD} - \Dealply No Task File <==== ATTENTION
Task: {8A7FA9ED-7D45-4E47-9033-F48293D7D996} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A3C2AB1E-1E15-4A8B-BE21-2BC494FDED4C} - System32\Tasks\NCH Software\ExpressBurnSevenDays => C:\Users\Pfälzer_2\AppData\Roaming\NCH Software\Program Files\ExpressBurn\ExpressBurn.exe
Task: {BE0EEC95-3C23-43D9-B1E9-E024930BD7D9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-06] (AVAST Software)
Task: {CCA1999C-1D26-46F8-A946-60A5EEAF7D41} - System32\Tasks\NCH Software\WavePadReminder => C:\Users\Pfälzer_2\AppData\Roaming\NCH Software\Program Files\WavePad\WavePad.exe [2013-04-17] (NCH Software)
Task: {D789873F-F862-494B-A61C-6477CB850021} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {D9D602A6-8FE0-4B12-81AF-618FA8610586} - System32\Tasks\NCH Software\SwitchReminder => C:\Users\Pfälzer_2\AppData\Roaming\NCH Software\Program Files\Switch\Switch.exe [2013-04-03] (NCH Software)
Task: {E171B78F-1EB5-4B63-8FF3-AF5371D1389B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-29] (Adobe Systems Incorporated)
Task: {F8720D1C-BFE2-4593-A9EA-16FD63543C33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\PFLZER~1\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-01-14 04:09 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2007-12-13 03:08 - 2007-12-13 03:08 - 01401856 _____ () C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\LIBEAY32.dll
2008-07-29 17:53 - 2008-07-29 17:53 - 00382000 _____ () C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ShowErrMsg.dll
2008-04-25 21:36 - 2008-04-25 21:36 - 00028672 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
2008-10-31 19:31 - 2008-08-19 14:27 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2008-10-31 19:31 - 2008-10-31 19:31 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3010.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2008-10-31 19:31 - 2008-10-31 19:31 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3010.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2008-10-31 19:31 - 2008-10-31 19:31 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3010.0__3036420f80dd6947\Framework.Library.dll
2008-10-31 19:31 - 2008-10-31 19:31 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3010.0__672b450de5a7e94a\Framework.Host.dll
2008-10-31 19:31 - 2008-10-31 19:31 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3010.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2008-10-31 19:31 - 2008-10-31 19:31 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3010.0__4df5dcab8860d239\Framework.Utility.dll
2008-10-31 19:31 - 2008-08-19 14:27 - 00585216 _____ () C:\Windows\system32\INT15_64.dll
2012-01-13 17:27 - 2008-05-26 14:40 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.ServicePlugin.dll
2012-01-13 17:27 - 2008-05-26 14:37 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Logger.dll
2012-01-13 17:27 - 2008-05-26 14:39 - 00143360 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Model.Computer.dll
2012-01-13 17:27 - 2008-05-26 14:37 - 00036864 _____ () C:\Program Files\Acer\Empowering Technology\Service\eSettings.Model.ComputerInterface.dll
2008-10-31 19:57 - 2008-05-20 17:50 - 00204908 _____ () C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
2008-04-25 21:36 - 2008-04-25 21:36 - 00131072 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2012-10-08 16:04 - 2012-10-08 16:04 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2006-11-02 20:40 - 2006-11-02 20:40 - 00174656 _____ () C:\Windows\SysWOW64\PSIService.exe
2008-10-31 19:55 - 2008-06-13 05:17 - 00241734 _____ () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
2013-01-23 20:22 - 2013-01-23 20:22 - 00040960 _____ () C:\Users\Pfälzer\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
2008-10-31 19:50 - 2008-10-31 19:50 - 00341280 _____ () C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe
2010-02-17 17:19 - 2010-02-17 17:19 - 03007488 _____ () C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
2009-02-13 13:29 - 2009-02-13 13:29 - 00409727 _____ () C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
2014-12-18 06:41 - 2014-12-16 16:34 - 00535160 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\opera_crashreporter.exe
2015-01-05 06:11 - 2015-01-05 06:11 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010401\algo.dll
2008-04-28 09:49 - 2008-04-28 09:49 - 00003072 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
2007-06-24 19:09 - 2007-06-24 19:09 - 01024000 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2007-06-24 19:09 - 2007-06-24 19:09 - 00098304 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2007-06-24 19:09 - 2007-06-24 19:09 - 00061440 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2014-01-21 19:39 - 2014-12-06 17:10 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2008-10-31 19:50 - 2008-10-31 19:50 - 00011552 _____ () C:\Program Files (x86)\SiteAdvisor\6172\saHook.dll
2008-10-31 19:50 - 2008-10-31 19:50 - 00111904 _____ () C:\Program Files (x86)\SiteAdvisor\6172\APEngine.dll
2008-10-31 19:50 - 2008-10-31 19:50 - 00070432 _____ () C:\Program Files (x86)\SiteAdvisor\6172\McFrmWk.dll
2008-10-31 19:50 - 2008-10-31 19:50 - 00116000 _____ () C:\Program Files (x86)\SiteAdvisor\6172\CntScan.dll
2009-01-07 20:01 - 2009-01-07 20:01 - 00649019 _____ () C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avformat-52.dll
2009-01-07 19:58 - 2009-01-07 19:58 - 00074795 _____ () C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avutil-49.dll
2009-01-07 20:01 - 2009-01-07 20:01 - 03989516 _____ () C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll
2009-04-15 10:40 - 2009-04-15 10:40 - 00057856 _____ () C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\lang.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-12-18 06:41 - 2014-12-16 16:34 - 09312888 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\pdf.dll
2014-12-18 06:41 - 2014-12-16 16:34 - 00991352 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:4F636E25
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: dealplylive => 2
MSCONFIG\Services: dealplylivem => 3
MSCONFIG\Services: Google MediaServer => 2
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: Partner Service => 3
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\Services: WTabletServiceCon => 2
MSCONFIG\startupreg: Acer Empowering Technology Monitor => C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
MSCONFIG\startupreg: EmpoweringTechnology => C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
MSCONFIG\startupreg: Google Media Scanner => "C:\Program Files (x86)\Google\Google Media Server\GoogleMediaScanner.exe"
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
========================= Accounts: ==========================
Administrator (S-1-5-21-2771533323-571298105-790965156-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2771533323-571298105-790965156-1010 - Limited - Enabled)
Gast (S-1-5-21-2771533323-571298105-790965156-501 - Limited - Disabled)
Pfälzer (S-1-5-21-2771533323-571298105-790965156-1000 - Administrator - Enabled) => C:\Users\Pfälzer
Pfälzer_2 (S-1-5-21-2771533323-571298105-790965156-1001 - Limited - Enabled) => C:\Users\Pfälzer_2
==================== Faulty Device Manager Devices =============
Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/05/2015 08:14:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/05/2015 08:14:40 AM) (Source: WinDefendRtp) (EventID: 3003) (User: )
Description: Vom %Pfaelzer-PC27-Echtzeitschutz-Prüfpunkt wurde ein Fehler festgestellt. Er konnte daraufhin nicht gestartet werden.
Benutzer: Pfaelzer-PC\Pfälzer_2
Prüfpunkt-ID: 27
Fehlercode: 0x80070005
Fehlerbeschreibung: Zugriff verweigert
Error: (01/05/2015 08:14:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/05/2015 08:14:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/05/2015 08:10:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/05/2015 08:10:14 AM) (Source: WinDefendRtp) (EventID: 3003) (User: )
Description: Vom %Pfaelzer-PC27-Echtzeitschutz-Prüfpunkt wurde ein Fehler festgestellt. Er konnte daraufhin nicht gestartet werden.
Benutzer: Pfaelzer-PC\Pfälzer_2
Prüfpunkt-ID: 27
Fehlercode: 0x80070005
Fehlerbeschreibung: Zugriff verweigert
Error: (01/05/2015 08:10:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/05/2015 08:10:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/05/2015 06:12:51 AM) (Source: WinDefendRtp) (EventID: 3003) (User: )
Description: Vom %Pfaelzer-PC27-Echtzeitschutz-Prüfpunkt wurde ein Fehler festgestellt. Er konnte daraufhin nicht gestartet werden.
Benutzer: Pfaelzer-PC\Pfälzer_2
Prüfpunkt-ID: 27
Fehlercode: 0x80070005
Fehlerbeschreibung: Zugriff verweigert
Error: (01/05/2015 06:12:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (01/05/2015 08:23:09 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{DA810F76-63B2-4B88-917F-25EED14CF702}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (01/05/2015 07:59:24 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWStart%%5
Error: (01/05/2015 07:59:24 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWStart%%5
Error: (01/05/2015 07:16:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Error: (01/05/2015 06:17:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Error: (01/05/2015 06:17:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Error: (01/05/2015 06:17:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Error: (01/05/2015 06:17:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Error: (01/05/2015 06:12:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Error: (01/05/2015 06:12:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Microsoft Office Sessions:
=========================
Error: (01/05/2015 08:14:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/05/2015 08:14:40 AM) (Source: WinDefendRtp) (EventID: 3003) (User: )
Description: %%8271.1.1600.0270x80070005Zugriff verweigert Pfaelzer-PCPfälzer_2S-1-5-21-2771533323-571298105-790965156-1001
Error: (01/05/2015 08:14:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL
Error: (01/05/2015 08:14:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL
Error: (01/05/2015 08:10:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/05/2015 08:10:14 AM) (Source: WinDefendRtp) (EventID: 3003) (User: )
Description: %%8271.1.1600.0270x80070005Zugriff verweigert Pfaelzer-PCPfälzer_2S-1-5-21-2771533323-571298105-790965156-1001
Error: (01/05/2015 08:10:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL
Error: (01/05/2015 08:10:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL
Error: (01/05/2015 06:12:51 AM) (Source: WinDefendRtp) (EventID: 3003) (User: )
Description: %%8271.1.1600.0270x80070005Zugriff verweigert Pfaelzer-PCPfälzer_2S-1-5-21-2771533323-571298105-790965156-1001
Error: (01/05/2015 06:12:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL
CodeIntegrity Errors:
===================================
Date: 2014-10-13 18:33:28.746
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-13 18:33:28.557
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-13 18:33:28.362
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-13 18:33:28.137
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-13 18:33:27.676
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-13 18:33:27.483
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-13 18:33:27.254
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-13 18:33:26.995
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-15 17:47:20.786
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-15 17:47:20.599
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 51%
Total physical RAM: 4094.32 MB
Available physical RAM: 1967.4 MB
Total Pagefile: 8395.91 MB
Available Pagefile: 6134.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:457.94 GB) (Free:139.89 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:458.57 GB) (Free:356.13 GB) NTFS
Drive e: (Sniper_GW) (CDROM) (Total:4.46 GB) (Free:0 GB) CDFS
Drive i: (Feschdblood) (Fixed) (Total:298.09 GB) (Free:115.18 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7BEC2B93)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=457.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=458.6 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 55F17C2F)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Grüße |
| Themen zu tbhcn im Autostart - Systemstart sehr langsam |
| adware, akamai, antivirus, auftrag, browser, converter, error, flash player, google, home, iexplore.exe, installation, langsam, logfile, mp3, popup, programm, realtek, registry, rundll, scan, siteadvisor, software, svchost.exe, windows, windows xp |
Baum-Darstellung