| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: tbhcn im Autostart - Systemstart sehr langsamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.01.2015, 09:48
| #1 |
 |  tbhcn im Autostart - Systemstart sehr langsam Hallo liebes Team, nachdem mein Rechner beim System-Start seit knapp ner Woche deutlich länger braucht, hab ich mich mal ins MSconfig begeben und bin, wie der Titel schon sagt, über tbhcn gestolpert. Nachdem ich ein wenig bei Google und auch auf eurem Board gestöbert hab, glaub ich nun, dass mein PC doch mehr Hilfe braucht, als ich dachte. Ich weiß nicht, ob da ein Zusammenhang besteht, aber weitere "Auffälligkeiten" sind eine fehlerhafte Netzwerk-Verbindung im Heimnetz und ein recht schnelles Warmwerden des Geräts (Lüfter laufen beide ruhig und sind staubfrei...). Ich würde mich über Unterstützung eurerseits sehr freuen. Vielen Dank schon mal und Grüße Pfälzer zum System: Vista Home Premium (SP 2) 64-Bit Version Pentium Dual-Core 2.5 GHz FRST + Addition Logfile siehe unten GMER Log siehe unten FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015
Ran by Pfälzer (administrator) on PFAELZER-PC on 05-01-2015 08:37:57
Running from C:\Users\Pfälzer_2\Desktop
Loaded Profiles: Pfälzer & Pfälzer_2 (Available profiles: Pfälzer & Pfälzer_2)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Egis Incorporated) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Akamai Technologies, Inc.) C:\Users\Pfälzer_2\AppData\Local\Akamai\netsession_win.exe
(Egis inc.) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
() C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
(Egis Incorporated) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Akamai Technologies, Inc.) C:\Users\Pfälzer_2\AppData\Local\Akamai\netsession_win.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
(NewTech InfoSystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PSIService.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
() C:\Users\Pfälzer\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
() C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe
() C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
() C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\msconfig.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
() C:\Program Files (x86)\Opera\26.0.1656.60\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [eDataSecurity Loader] => C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe [561200 2008-07-29] (Egis Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6456352 2008-08-19] (Realtek Semiconductor)
HKLM\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [6144 2008-10-14] (Acer)
HKLM\...\Run: [Ocs_SM] => C:\Users\Pfälzer\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2013-01-23] (OCS)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-08-19] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [BkupTray] => C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-25] ()
HKLM-x32\...\Run: [eRecoveryService] => [X]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [SiteAdvisor] => C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe [36640 2007-08-24] ()
HKLM-x32\...\Run: [PCMMediaSharing] => C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [204908 2008-05-20] ()
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2771533323-571298105-790965156-1000\...\Run: [EADM] => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
HKU\S-1-5-21-2771533323-571298105-790965156-1000\...\RunOnce: [Adobe Speed Launcher] => 1418286825
HKU\S-1-5-21-2771533323-571298105-790965156-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_246_Plugin.exe -update plugin
HKU\S-1-5-21-2771533323-571298105-790965156-1000\...\MountPoints2: {c87d3439-3dff-11e1-8434-806e6f6e6963} - E:\setup.exe
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Run: [EPSON Stylus SX200 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE [221696 2007-12-13] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Run: [EPSON Stylus SX200 Series (Kopie 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE [221696 2007-12-13] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2012-01-13] (Google Inc.)
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Pfälzer_2\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\MountPoints2: {259b995f-c6f5-11e3-9ea5-0021973d8779} - H:\LaunchU3.exe -a
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\MountPoints2: {950edf81-e700-11e2-b0e8-0021973d8779} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\MountPoints2: {950edfa5-e700-11e2-b0e8-0021973d8779} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\MountPoints2: {c87d3439-3dff-11e1-8434-806e6f6e6963} - E:\SETUP.EXE
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\Pfälzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk
ShortcutTarget: tbhcn.lnk -> C:\Users\Pfälzer\AppData\Roaming\GinyasBrowserCompanion\tbhcn.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll (Egis Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
HKU\S-1-5-21-2771533323-571298105-790965156-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchplusnetwork.com/?sp=st3
HKU\S-1-5-21-2771533323-571298105-790965156-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
HKU\S-1-5-21-2771533323-571298105-790965156-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com
HKU\S-1-5-21-2771533323-571298105-790965156-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKU\S-1-5-21-2771533323-571298105-790965156-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
HKU\S-1-5-21-2771533323-571298105-790965156-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-2771533323-571298105-790965156-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.searchplusnetwork.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E736561726368706C75736E6574776F726B2E636F6D2F3F73703D73743326713D7B7365617263685465726D737D&st={searchTerms}&clid=4494c650-9563-46e4-b154-a0e4353fc7c1&pid=netzwelt&k=0
SearchScopes: HKU\S-1-5-21-2771533323-571298105-790965156-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.searchplusnetwork.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E736561726368706C75736E6574776F726B2E636F6D2F3F73703D73743326713D7B7365617263685465726D737D&st={searchTerms}&clid=4494c650-9563-46e4-b154-a0e4353fc7c1&pid=netzwelt&k=0
SearchScopes: HKU\S-1-5-21-2771533323-571298105-790965156-1000 -> {2A1B955A-4646-4D87-A640-2BC57AE252B4} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=4494c650-9563-46e4-b154-a0e4353fc7c1&pid=netzwelt&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-2771533323-571298105-790965156-1000 -> {67422884-1358-4E32-B7AB-25865C493D0A} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=4494c650-9563-46e4-b154-a0e4353fc7c1&pid=netzwelt&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-2771533323-571298105-790965156-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F736F7572636569643D69653726713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26726C7A3D31493741434157&st={searchTerms}&clid=4494c650-9563-46e4-b154-a0e4353fc7c1&pid=netzwelt&k=0
SearchScopes: HKU\S-1-5-21-2771533323-571298105-790965156-1000 -> {B6176FF5-657B-4AF4-A557-216BABA693C1} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=4494c650-9563-46e4-b154-a0e4353fc7c1&pid=netzwelt&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-2771533323-571298105-790965156-1000 -> {B9A003B2-0991-40BE-9992-696A9AC45306} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=4494c650-9563-46e4-b154-a0e4353fc7c1&pid=netzwelt&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-2771533323-571298105-790965156-1000 -> {DAB60EDB-A5EE-463C-94D5-4285892FC833} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=4494c650-9563-46e4-b154-a0e4353fc7c1&pid=netzwelt&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-2771533323-571298105-790965156-1000 -> {F21CB645-2713-4FEF-A068-0B4C80AFA424} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=4494c650-9563-46e4-b154-a0e4353fc7c1&pid=netzwelt&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-2771533323-571298105-790965156-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Toolbar: HKLM-x32 - No Name - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2771533323-571298105-790965156-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2771533323-571298105-790965156-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAd64.dll ()
Handler-x32: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.dll ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-01-13]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-19]
FF HKU\S-1-5-19\...\Firefox\Extensions: [{1650a312-02bc-40ee-977e-83f158701739}] - C:\Program Files (x86)\SiteAdvisor\6172\FF
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\SiteAdvisor\6172\FF [2008-10-31]
FF HKU\S-1-5-20\...\Firefox\Extensions: [{1650a312-02bc-40ee-977e-83f158701739}] - C:\Program Files (x86)\SiteAdvisor\6172\FF
Chrome:
=======
CHR Profile: C:\Users\Pfälzer\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-06]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-06] (AVAST Software)
R2 BUNAgentSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 eDataSecurity Service; C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [500784 2008-07-29] (Egis Incorporated)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-08-19] () [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 NTIBackupSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] () [File not signed]
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [174656 2006-11-02] () [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [241734 2008-06-13] () [File not signed]
R2 SearchAnonymizer; C:\Users\Pfälzer\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2013-01-23] () [File not signed]
R2 SiteAdvisor Service; C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe [341280 2008-10-31] ()
R2 WiselinkPro; C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [3007488 2010-02-17] () [File not signed]
S4 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
S4 Partner Service; "C:\ProgramData\Partner\partner.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-06] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-12-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-06] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-12-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-06] ()
S3 hugoio64; C:\Windows\system32\drivers\hugoio64.sys [13920 2014-12-03] ()
S3 ITEIO.SYS; c:\Windows\System32\drivers\ITEIO.sys [13144 2008-02-25] (Windows (R) Codename Longhorn DDK provider) [File not signed]
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [22064 2008-07-29] (Egis Incorporated)
R2 PSDNServ; C:\Windows\System32\DRIVERS\PSDNServ.sys [21040 2008-07-29] (Egis Incorporated)
R2 psdvdisk; C:\Windows\System32\DRIVERS\PSDVdisk.sys [60976 2008-07-29] (Egis Incorporated)
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-05 08:38 - 2015-01-05 08:38 - 00380416 _____ () C:\Users\Pfälzer_2\Desktop\Gmer-19357.exe
2015-01-05 08:37 - 2015-01-05 08:38 - 00027302 _____ () C:\Users\Pfälzer_2\Desktop\FRST.txt
2015-01-05 08:37 - 2015-01-05 08:37 - 02123776 _____ (Farbar) C:\Users\Pfälzer_2\Desktop\FRST64.exe
2015-01-05 06:15 - 2015-01-05 07:16 - 367001600 _____ () C:\Users\Pfälzer_2\Desktop\cpe3dwdf.part3.rar
2015-01-04 09:25 - 2015-01-04 10:39 - 367001600 _____ () C:\Users\Pfälzer_2\Desktop\cpe3dwdf.part2.rar
2015-01-04 09:18 - 2015-01-05 08:14 - 00004700 _____ () C:\Windows\PFRO.log
2015-01-03 13:18 - 2015-01-03 13:18 - 00000000 ____H () C:\Users\Pfälzer_2\Documents\Default.rdp
2015-01-03 12:09 - 2015-01-03 12:09 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-03 12:09 - 2015-01-03 12:09 - 00000000 _____ () C:\Windows\setupact.log
2015-01-03 12:01 - 2015-01-03 12:03 - 00000000 ____D () C:\Users\Pfälzer\Silvester 2014
2015-01-03 12:00 - 2015-01-03 12:01 - 00000000 ____D () C:\Users\Pfälzer\Weihnachten 2014
2014-12-30 08:45 - 2014-12-30 09:02 - 367001600 _____ () C:\Users\Pfälzer_2\Desktop\cpe3dwdf.part1.rar
2014-12-29 14:09 - 2012-09-26 00:39 - 00000000 ____D () C:\Users\Pfälzer_2\Desktop\Christopher Paolini - Eragon 2 - Der Auftrag des Ältesten
2014-12-29 13:23 - 2014-12-29 13:23 - 00000219 _____ () C:\Users\Pfälzer_2\Desktop\Counter-Strike Condition Zero Deleted Scenes.url
2014-12-29 13:23 - 2014-12-29 13:23 - 00000218 _____ () C:\Users\Pfälzer_2\Desktop\Counter-Strike.url
2014-12-29 13:23 - 2014-12-29 13:23 - 00000218 _____ () C:\Users\Pfälzer_2\Desktop\Counter-Strike Condition Zero.url
2014-12-29 13:22 - 2014-12-29 13:22 - 00000018 _____ () C:\Users\Pfälzer_2\Desktop\cs.txt
2014-12-29 12:16 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-12-29 12:16 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-12-29 12:16 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-12-29 12:16 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-12-29 12:16 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-12-29 12:16 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-12-29 12:13 - 2014-12-29 12:13 - 00464426 _____ () C:\Users\Pfälzer\AppData\Local\dd_vcredistMSI7AA9.txt
2014-12-29 12:13 - 2014-12-29 12:13 - 00012562 _____ () C:\Users\Pfälzer\AppData\Local\dd_vcredistUI7AA9.txt
2014-12-29 12:12 - 2014-12-29 12:13 - 00382682 _____ () C:\Users\Pfälzer\AppData\Local\dd_vcredistMSI7A9C.txt
2014-12-29 12:12 - 2014-12-29 12:13 - 00012226 _____ () C:\Users\Pfälzer\AppData\Local\dd_vcredistUI7A9C.txt
2014-12-26 09:56 - 2014-12-26 14:41 - 00000000 ____D () C:\Icons
2014-12-23 20:11 - 2014-12-23 20:11 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-21 17:01 - 2014-12-21 17:01 - 00000000 ____D () C:\Users\Pfälzer_2\Documents\Sniper - Ghost Warrior
2014-12-21 15:36 - 2014-12-29 13:23 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-21 15:36 - 2014-12-21 15:36 - 00000221 _____ () C:\Users\Pfälzer_2\Desktop\Sniper Ghost Warrior.url
2014-12-21 15:11 - 2015-01-03 10:04 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-21 15:11 - 2014-12-21 15:28 - 00000806 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-12-21 15:11 - 2014-12-21 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-19 11:00 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-12-19 11:00 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-12-19 11:00 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2014-12-19 11:00 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-12-19 11:00 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-12-19 11:00 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-12-19 11:00 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-12-19 11:00 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-12-19 11:00 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-12-19 11:00 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-12-19 11:00 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-12-19 11:00 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-12-19 11:00 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-12-19 10:37 - 2014-12-19 10:37 - 00507156 _____ () C:\Users\Pfälzer\AppData\Local\dd_vcredistMSI23FF.txt
2014-12-19 10:37 - 2014-12-19 10:37 - 00018412 _____ () C:\Users\Pfälzer\AppData\Local\dd_vcredistUI23FF.txt
2014-12-17 17:08 - 2014-12-17 17:09 - 00000510 _____ () C:\Windows\WORDPAD.INI
2014-12-17 11:13 - 2014-12-17 11:13 - 00002260 _____ () C:\Users\Public\Desktop\TriDef 3D.lnk
2014-12-17 11:13 - 2014-12-17 11:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TriDef 3D
2014-12-17 11:13 - 2014-12-17 11:13 - 00000000 ____D () C:\ProgramData\TriDef 3D
2014-12-17 11:12 - 2014-12-17 11:13 - 00000000 ____D () C:\Program Files (x86)\TriDef 3D
2014-12-14 08:45 - 2014-12-14 08:45 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\eSobi
2014-12-14 08:25 - 2014-12-14 08:25 - 00000000 ____D () C:\Users\Pfälzer\AppData\Local\Microsoft Corporation
2014-12-14 08:22 - 2014-12-14 08:22 - 00002042 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2014-12-14 08:22 - 2014-12-14 08:22 - 00002030 _____ () C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
2014-12-14 08:22 - 2014-12-14 08:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor
2014-12-13 09:01 - 2014-12-13 09:03 - 229101096 _____ () C:\Users\Pfälzer_2\Desktop\Rossmann_Fotosoftware_Setup.exe
2014-12-11 05:56 - 2014-12-11 05:57 - 32021112 _____ (NVIDIA Corporation) C:\Users\Pfälzer_2\Desktop\GeForce_Experience_v2.1.4.0.exe
2014-12-10 05:02 - 2014-11-07 02:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 05:02 - 2014-11-07 02:28 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 05:02 - 2014-11-04 01:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 05:02 - 2014-11-04 01:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 05:00 - 2014-12-03 03:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-10 05:00 - 2014-12-03 02:51 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-10 04:50 - 2014-11-24 23:12 - 17874432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 04:50 - 2014-11-24 22:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 04:50 - 2014-11-24 22:54 - 10921984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 04:50 - 2014-11-24 22:53 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 04:50 - 2014-11-24 22:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 04:50 - 2014-11-24 22:47 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 04:50 - 2014-11-24 22:45 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 04:50 - 2014-11-24 22:45 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-10 04:50 - 2014-11-24 22:45 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 04:50 - 2014-11-24 22:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-10 04:50 - 2014-11-24 22:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 04:50 - 2014-11-24 22:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 04:50 - 2014-11-24 22:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-10 04:50 - 2014-11-24 22:42 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 04:50 - 2014-11-24 21:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-10 04:50 - 2014-11-24 21:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 04:50 - 2014-11-24 21:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 04:50 - 2014-11-24 21:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 04:50 - 2014-11-24 21:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 04:50 - 2014-11-24 21:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 04:50 - 2014-11-24 21:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 04:50 - 2014-11-24 21:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-10 04:50 - 2014-11-24 21:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 04:50 - 2014-11-24 21:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-10 04:50 - 2014-11-24 21:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 04:50 - 2014-11-24 21:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 04:50 - 2014-11-24 21:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-10 04:50 - 2014-11-24 21:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 04:50 - 2014-11-24 21:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-10 04:50 - 2014-11-24 21:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 04:50 - 2014-11-24 21:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 04:50 - 2014-11-24 21:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 04:50 - 2014-11-24 21:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 04:50 - 2014-11-24 21:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 04:50 - 2014-11-24 21:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-10 04:50 - 2014-11-24 21:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-12-09 07:26 - 2014-12-25 04:11 - 00000126 _____ () C:\Users\Pfälzer_2\Desktop\link.txt
2014-12-06 17:11 - 2014-12-06 17:11 - 00001691 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-06 17:10 - 2014-12-06 17:10 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-06 17:10 - 2014-12-06 17:10 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-05 08:38 - 2014-09-15 15:26 - 00000000 ____D () C:\FRST
2015-01-05 08:21 - 2006-11-02 16:22 - 00005264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-05 08:21 - 2006-11-02 16:22 - 00005264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-05 08:19 - 2012-10-17 10:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-05 08:18 - 2012-01-13 17:03 - 02055223 _____ () C:\Windows\WindowsUpdate.log
2015-01-05 08:15 - 2013-10-13 13:15 - 00000300 _____ () C:\Windows\Tasks\Dealply.job
2015-01-05 08:14 - 2012-10-31 16:08 - 89972443 _____ () C:\Windows\SysWOW64\http_ss.log
2015-01-05 08:14 - 2012-01-14 15:27 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-05 08:14 - 2012-01-13 17:25 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2015-01-05 08:14 - 2008-10-31 20:05 - 00746216 _____ () C:\Users\Public\eDSMSNLoader32.log
2015-01-05 08:14 - 2008-10-31 20:00 - 00000147 _____ () C:\Windows\SysWOW64\agent.log
2015-01-05 08:14 - 2006-11-02 16:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-05 08:13 - 2006-11-02 16:42 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-05 08:11 - 2012-01-14 15:27 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-05 08:08 - 2012-07-06 10:07 - 00000000 ____D () C:\Windows\pss
2015-01-05 07:24 - 2012-01-15 04:25 - 00018426 _____ () C:\Users\Pfälzer_2\AppData\Roaming\wklnhst.dat
2015-01-05 06:12 - 2013-03-19 15:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-03 12:04 - 2012-01-13 17:16 - 00000000 ____D () C:\Users\Pfälzer
2015-01-03 09:01 - 2012-01-14 18:16 - 00000000 ___RD () C:\Users\Pfälzer_2\Desktop\Haushaltsführung
2015-01-03 07:46 - 2012-01-14 05:21 - 00055592 _____ () C:\Windows\system32\spsys.log
2014-12-30 08:28 - 2008-01-21 12:10 - 01598440 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-30 08:28 - 2008-01-21 12:09 - 00684500 _____ () C:\Windows\system32\perfh007.dat
2014-12-30 08:28 - 2008-01-21 12:09 - 00150808 _____ () C:\Windows\system32\perfc007.dat
2014-12-29 14:13 - 2013-03-20 17:26 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-12-29 12:16 - 2014-11-11 08:14 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-29 11:16 - 2012-10-17 10:30 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-29 11:16 - 2012-05-07 15:45 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-29 11:16 - 2012-01-14 17:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-29 11:15 - 2014-10-18 08:52 - 00000000 ____D () C:\Users\Pfälzer\AppData\Local\Adobe
2014-12-29 07:43 - 2012-01-28 09:27 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\vlc
2014-12-26 14:41 - 2012-01-24 07:25 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\Corel
2014-12-26 14:41 - 2012-01-14 18:21 - 00000000 ___RD () C:\Users\Pfälzer_2\Desktop\Privat
2014-12-26 14:34 - 2012-01-24 07:25 - 00000848 ___SH () C:\Windows\SysWOW64\KGyGaAvL.sys
2014-12-26 14:34 - 2012-01-24 07:25 - 00000000 ____D () C:\Users\Pfälzer_2\Documents\My PSP Files
2014-12-26 10:43 - 2013-11-07 07:41 - 00000000 ___RD () C:\Users\Pfälzer_2\Desktop\M F&R
2014-12-26 10:36 - 2012-11-02 17:16 - 00000000 ___RD () C:\Users\Pfälzer_2\Desktop\mf-online
2014-12-26 10:35 - 2013-01-05 09:37 - 00000000 ___RD () C:\Users\Pfälzer_2\Desktop\Steffi Arbeit
2014-12-26 10:35 - 2012-01-14 18:14 - 00000000 ___RD () C:\Users\Pfälzer_2\Desktop\Arbeit
2014-12-26 10:18 - 2012-01-16 04:16 - 00000000 ___RD () C:\Users\Pfälzer_2\Dropbox
2014-12-26 10:18 - 2012-01-16 04:14 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\Dropbox
2014-12-25 04:11 - 2012-01-17 18:06 - 00073728 _____ () C:\Users\Pfälzer_2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-19 10:50 - 2012-05-08 04:04 - 00000000 ____D () C:\Users\Pfälzer_2\Documents\My Games
2014-12-19 10:33 - 2008-10-31 19:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-18 06:41 - 2012-01-13 19:53 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-12-16 05:53 - 2013-10-13 12:28 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\NVIDIA
2014-12-14 08:56 - 2014-07-27 11:00 - 00000000 ____D () C:\Users\Pfälzer_2\Desktop\Neue Bib
2014-12-14 08:47 - 2008-10-31 20:05 - 00000000 ____D () C:\Program Files (x86)\Acer GameZone
2014-12-14 08:46 - 2008-10-31 20:17 - 00000000 ____D () C:\Program Files (x86)\eSobi
2014-12-14 08:17 - 2012-01-14 05:14 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-12-14 08:17 - 2012-01-14 05:11 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-13 09:17 - 2012-01-14 04:32 - 00000000 ____D () C:\Program Files (x86)\Corel
2014-12-13 06:22 - 2012-02-03 19:15 - 00004353 _____ () C:\Windows\wininit.ini
2014-12-13 06:22 - 2012-01-16 04:16 - 00000976 _____ () C:\Users\Pfälzer_2\Desktop\Dropbox.lnk
2014-12-13 06:22 - 2012-01-16 04:15 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-12 08:32 - 2014-06-17 06:17 - 00002021 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 05:54 - 2012-01-13 20:09 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-10 07:16 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\rescache
2014-12-10 05:10 - 2013-08-14 04:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 05:03 - 2006-11-02 13:35 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-09 07:27 - 2012-01-13 20:20 - 00000000 ____D () C:\Users\Pfälzer_2
2014-12-06 17:10 - 2014-05-18 03:01 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys
Files to move or delete:
====================
C:\ProgramData\pswi_preloaded.exe
Some content of TEMP:
====================
C:\Users\Pfälzer\AppData\Local\Temp\Medal of Honor_uninst.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-05 08:20
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2015
Ran by Pfälzer at 2015-01-05 08:38:54
Running from C:\Users\Pfälzer_2\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acer Arcade Live Main Page (HKLM-x32\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.1.1819 - Acer Inc.)
Acer DV Magician (HKLM-x32\...\{F6EFFB76-4A07-11DA-9D78-000129760D75}) (Version: 1.5.1730 - Acer Inc.)
Acer DVDivine (HKLM-x32\...\{B145EC69-66F5-11D8-9D75-000129760D75}) (Version: 3.2.1730 - Acer Inc.)
Acer eDataSecurity Management (HKLM-x32\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 3.0.3065 - Egis Inc.)
Acer Empowering Technology (HKLM-x32\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3010 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.0.3014 - Acer Incorporated)
Acer eSettings Management (HKLM-x32\...\{13D85C14-2B85-419F-AC41-C7F21E68B25D}) (Version: 3.0.3007 - Acer Incorporated)
Acer GameZone Console DTV 2.0.1.1 (HKLM-x32\...\Acer GameZone Console_is1) (Version: - Oberon Media, Inc.)
Acer HomeMedia (HKLM-x32\...\{AA4BF92B-2AAF-11DA-9D78-000129760D75}) (Version: 1.5.0530 - Acer Inc.)
Acer HomeMedia Connect (HKLM-x32\...\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}) (Version: 1.4.5330 - Acer Inc.)
Acer HomeMedia Trial Creator (HKLM-x32\...\{B580C409-E16F-44FF-904D-3AE94E113BE0}) (Version: 1.5.0530 - Acer Inc.)
Acer Product Registration (HKLM-x32\...\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}) (Version: 3.0.0.8 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 4.01.0718 - Acer Incorporated)
Acer SlideShow DVD (HKLM-x32\...\{41581EF5-45A7-11DA-9D78-000129760D75}) (Version: 1.5.1730 - Acer Inc.)
Acer VideoMagician (HKLM-x32\...\{F79A208D-D929-11D9-9D77-000129760D75}) (Version: 1.4.2203 - Acer Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Agatha Christie Death on the Nile (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}) (Version: - Oberon Media)
Akamai NetSession Interface (HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version: - Oberon Media)
ANNO 1404 - Königsedition (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Any Video Converter 5.0.9 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Azada (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}) (Version: - Oberon Media)
Big Kahuna Reef (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}) (Version: - Oberon Media)
Bricks of Egypt (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}) (Version: - Oberon Media)
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
calibre 64bit (HKLM\...\{1266D026-FDCA-458F-8849-BF23EF0766D8}) (Version: 1.28.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 3.10 - Piriform)
Chicken Invaders 3 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}) (Version: - Oberon Media)
Content Manager 2 (HKLM-x32\...\Content Manager 2) (Version: 3.18.0.342250 - NNG Llc.)
Corel Paint Shop Pro Photo XI (HKLM-x32\...\{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}) (Version: 11.20.0000 - Corel Corporation)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version: - Valve)
Counter-Strike: Condition Zero Deleted Scenes (HKLM-x32\...\Steam App 100) (Version: - Valve)
Diner Dash Flo on the Go (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}) (Version: - Oberon Media)
Dropbox (HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
EPSON Easy Photo Print (HKLM-x32\...\{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}) (Version: 1.5.1.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EPSON Stylus SX200 Series Printer Uninstall (HKLM\...\EPSON Stylus SX200 Series) (Version: - SEIKO EPSON Corporation)
EPSON Stylus SX200_SX400_TX200_TX400 Handbuch (HKLM-x32\...\EPSON Stylus SX200_SX400_TX200_TX400 Benutzerhandbuch) (Version: - )
Fotosizer 2.05 (HKLM-x32\...\Fotosizer) (Version: 2.05.0.536 - Fotosizer.com)
Free M4a to MP3 Converter 8.2 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Free Video Converter V 3.1 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.1.0.0 - Koyote Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hamster Free Video Converter (HKLM-x32\...\{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1) (Version: 2.5.2.33 - Hamster Soft)
i-Menu 3.9 (HKLM-x32\...\i-Menu_is1) (Version: - AOC)
IPTInstaller (HKLM-x32\...\{6965F2F4-1CD2-4F42-A8EF-9EF433F9AA72}) (Version: 4.0.4 - HTC)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Jewel Quest Solitaire (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}) (Version: - Oberon Media)
Kick N Rush (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}) (Version: - Oberon Media)
Kobo (HKLM-x32\...\Kobo) (Version: 3.5.0 - Kobo Inc.)
LightScribe 1.4.142.1 (x32 Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
MAGIX Filme auf CD & DVD 6 (D) (HKLM-x32\...\MAGIX Filme auf CD & DVD 6 D) (Version: 6.0.0.29 - MAGIX AG)
MAGIX Goya burnR (D) (HKLM-x32\...\MAGIX Goya burnR D) (Version: 1.3.0.7 - MAGIX AG)
MAGIX Online Druck Service (D) (HKLM-x32\...\MAGIX Online Druck Service D) (Version: 2.3.2.0 - MAGIX AG)
Mahjong Escape Ancient China (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version: - Oberon Media)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft FrontPage 2000 (HKLM-x32\...\{00120407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft GIF Animator (HKLM-x32\...\GIF Animator) (Version: - )
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
MixPad (HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\MixPad) (Version: - NCH Software)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery Case Files - Huntsville (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}) (Version: - Oberon Media)
Mystery Solitaire - Secret Island (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}) (Version: - Oberon Media)
Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - Nav N Go Ltd.)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI JewelCase Maker Hot Fix (HKLM-x32\...\InstallShield_{DDA223A7-627F-4173-9CA4-A9C531BCBB62}) (Version: 5.5.0.5202 - NewTech Infosystems)
NTI JewelCase Maker Hot Fix (x32 Version: 5.5.0.5202 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.2.6329 - NewTech Infosystems) Hidden
NTI Photo Maker Hot Fix (HKLM-x32\...\InstallShield_{B9B02A9E-8074-4C3F-AAE5-311528F34FED}) (Version: 2.0.0.16 - NewTech Infosystems)
NTI Photo Maker Hot Fix (x32 Version: 2.0.0.16 - NewTech Infosystems) Hidden
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Opera Stable 26.0.1656.60 (HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Opera 26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA)
PE585QAEncoder-64 (HKLM\...\{D8B2C435-8737-431E-8784-24CD13B0B821}) (Version: 6.00.1918 - YUAN)
Pflanzen gegen Zombies (HKLM-x32\...\Pflanzen gegen Zombies) (Version: - PopCap Games)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5688 - Realtek Semiconductor Corp.)
Remote Camera Control (HKLM-x32\...\{9EF84A20-DCF9-4946-9318-69995258AF00}) (Version: 3.2.10170 - Sony Corporation)
Rossmann Fotowelt Software 4.12.1 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.12.1 - ORWO Net)
SAMSUNG PC Share Manager (HKLM-x32\...\InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}) (Version: 2.3.0 - SAMSUNG)
SAMSUNG PC Share Manager (x32 Version: 2.3.0 - SAMSUNG) Hidden
SearchAnonymizer (HKLM\...\SearchAnonymizer) (Version: 1.0.1 (de) - )
Sniper: Ghost Warrior (HKLM-x32\...\Steam App 34830) (Version: - City Interactive)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Switch Sound File Converter (HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Switch) (Version: - NCH Software)
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version: - (c) 2006-2011, Tom Thielicke IT Solutions)
TriDef 3D (AOC Monitor) 1.2.1 (HKLM-x32\...\experience-aoc-mon-bundle) (Version: 1.2.1 - Dynamic Digital Depth Australia Pty Ltd)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Turbo Pizza (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}) (Version: - Oberon Media)
Ulead GIF Animator 5 Test (HKLM-x32\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version: - )
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WavePad Sound Editor (HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\WavePad) (Version: - NCH Software)
Windows 7 Upgrade Advisor (HKLM-x32\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Zuma Deluxe (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}) (Version: - Oberon Media)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
13-12-2014 06:25:03 Windows Update
14-12-2014 07:27:47 Gerätetreiber-Paketinstallation: NVIDIA Mäuse und andere Zeigegeräte
14-12-2014 08:22:06 Windows 7 Upgrade Advisor wird installiert
14-12-2014 08:45:53 Entfernt eSobi v2
15-12-2014 09:33:24 Geplanter Prüfpunkt
16-12-2014 05:50:09 Installiert Prey
17-12-2014 06:25:06 Windows Update
18-12-2014 14:57:17 Geplanter Prüfpunkt
19-12-2014 10:33:23 Entfernt Prey
19-12-2014 10:38:21 Installed ProductName from default.wxl
19-12-2014 10:48:50 Installed ProductName from default.wxl
19-12-2014 10:57:48 DirectX wurde installiert
19-12-2014 11:01:05 Steam wird installiert
19-12-2014 11:09:17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 wurde entfernt.
19-12-2014 11:11:19 Microsoft Visual C++ 2005 Redistributable wird entfernt
19-12-2014 11:15:51 Steam wird entfernt
21-12-2014 15:05:39 DirectX wurde installiert
21-12-2014 15:09:36 Microsoft Visual C++ 2005 Redistributable wird installiert
21-12-2014 15:10:39 Steam wird installiert
23-12-2014 07:03:33 Windows Update
24-12-2014 15:33:15 Geplanter Prüfpunkt
26-12-2014 08:32:07 Windows Update
28-12-2014 22:54:41 Geplanter Prüfpunkt
29-12-2014 12:13:34 DirectX wurde installiert
30-12-2014 08:26:13 Geplanter Prüfpunkt
03-01-2015 07:52:53 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 13:34 - 2006-09-18 22:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0292117E-2CF8-45E7-BA12-701BB8CB6FE5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {16FA7BEE-227F-4A8A-AE4F-C83FEBA47D10} - System32\Tasks\NCH Software\SwitchDowngrade => C:\Users\Pfälzer_2\AppData\Roaming\NCH Software\Program Files\Switch\switch.exe [2013-04-03] (NCH Software)
Task: {482C9865-53C6-45A3-B2EC-2F9EC33A00AD} - \Dealply No Task File <==== ATTENTION
Task: {8A7FA9ED-7D45-4E47-9033-F48293D7D996} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A3C2AB1E-1E15-4A8B-BE21-2BC494FDED4C} - System32\Tasks\NCH Software\ExpressBurnSevenDays => C:\Users\Pfälzer_2\AppData\Roaming\NCH Software\Program Files\ExpressBurn\ExpressBurn.exe
Task: {BE0EEC95-3C23-43D9-B1E9-E024930BD7D9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-06] (AVAST Software)
Task: {CCA1999C-1D26-46F8-A946-60A5EEAF7D41} - System32\Tasks\NCH Software\WavePadReminder => C:\Users\Pfälzer_2\AppData\Roaming\NCH Software\Program Files\WavePad\WavePad.exe [2013-04-17] (NCH Software)
Task: {D789873F-F862-494B-A61C-6477CB850021} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {D9D602A6-8FE0-4B12-81AF-618FA8610586} - System32\Tasks\NCH Software\SwitchReminder => C:\Users\Pfälzer_2\AppData\Roaming\NCH Software\Program Files\Switch\Switch.exe [2013-04-03] (NCH Software)
Task: {E171B78F-1EB5-4B63-8FF3-AF5371D1389B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-29] (Adobe Systems Incorporated)
Task: {F8720D1C-BFE2-4593-A9EA-16FD63543C33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\PFLZER~1\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-01-14 04:09 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2007-12-13 03:08 - 2007-12-13 03:08 - 01401856 _____ () C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\LIBEAY32.dll
2008-07-29 17:53 - 2008-07-29 17:53 - 00382000 _____ () C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ShowErrMsg.dll
2008-04-25 21:36 - 2008-04-25 21:36 - 00028672 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
2008-10-31 19:31 - 2008-08-19 14:27 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2008-10-31 19:31 - 2008-10-31 19:31 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3010.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2008-10-31 19:31 - 2008-10-31 19:31 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3010.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2008-10-31 19:31 - 2008-10-31 19:31 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3010.0__3036420f80dd6947\Framework.Library.dll
2008-10-31 19:31 - 2008-10-31 19:31 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3010.0__672b450de5a7e94a\Framework.Host.dll
2008-10-31 19:31 - 2008-10-31 19:31 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3010.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2008-10-31 19:31 - 2008-10-31 19:31 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3010.0__4df5dcab8860d239\Framework.Utility.dll
2008-10-31 19:31 - 2008-08-19 14:27 - 00585216 _____ () C:\Windows\system32\INT15_64.dll
2012-01-13 17:27 - 2008-05-26 14:40 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.ServicePlugin.dll
2012-01-13 17:27 - 2008-05-26 14:37 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Logger.dll
2012-01-13 17:27 - 2008-05-26 14:39 - 00143360 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Model.Computer.dll
2012-01-13 17:27 - 2008-05-26 14:37 - 00036864 _____ () C:\Program Files\Acer\Empowering Technology\Service\eSettings.Model.ComputerInterface.dll
2008-10-31 19:57 - 2008-05-20 17:50 - 00204908 _____ () C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
2008-04-25 21:36 - 2008-04-25 21:36 - 00131072 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2012-10-08 16:04 - 2012-10-08 16:04 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2006-11-02 20:40 - 2006-11-02 20:40 - 00174656 _____ () C:\Windows\SysWOW64\PSIService.exe
2008-10-31 19:55 - 2008-06-13 05:17 - 00241734 _____ () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
2013-01-23 20:22 - 2013-01-23 20:22 - 00040960 _____ () C:\Users\Pfälzer\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
2008-10-31 19:50 - 2008-10-31 19:50 - 00341280 _____ () C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe
2010-02-17 17:19 - 2010-02-17 17:19 - 03007488 _____ () C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
2009-02-13 13:29 - 2009-02-13 13:29 - 00409727 _____ () C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
2014-12-18 06:41 - 2014-12-16 16:34 - 00535160 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\opera_crashreporter.exe
2015-01-05 06:11 - 2015-01-05 06:11 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010401\algo.dll
2008-04-28 09:49 - 2008-04-28 09:49 - 00003072 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
2007-06-24 19:09 - 2007-06-24 19:09 - 01024000 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2007-06-24 19:09 - 2007-06-24 19:09 - 00098304 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2007-06-24 19:09 - 2007-06-24 19:09 - 00061440 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2014-01-21 19:39 - 2014-12-06 17:10 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2008-10-31 19:50 - 2008-10-31 19:50 - 00011552 _____ () C:\Program Files (x86)\SiteAdvisor\6172\saHook.dll
2008-10-31 19:50 - 2008-10-31 19:50 - 00111904 _____ () C:\Program Files (x86)\SiteAdvisor\6172\APEngine.dll
2008-10-31 19:50 - 2008-10-31 19:50 - 00070432 _____ () C:\Program Files (x86)\SiteAdvisor\6172\McFrmWk.dll
2008-10-31 19:50 - 2008-10-31 19:50 - 00116000 _____ () C:\Program Files (x86)\SiteAdvisor\6172\CntScan.dll
2009-01-07 20:01 - 2009-01-07 20:01 - 00649019 _____ () C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avformat-52.dll
2009-01-07 19:58 - 2009-01-07 19:58 - 00074795 _____ () C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avutil-49.dll
2009-01-07 20:01 - 2009-01-07 20:01 - 03989516 _____ () C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll
2009-04-15 10:40 - 2009-04-15 10:40 - 00057856 _____ () C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\lang.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-12-18 06:41 - 2014-12-16 16:34 - 09312888 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\pdf.dll
2014-12-18 06:41 - 2014-12-16 16:34 - 00991352 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:4F636E25
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: dealplylive => 2
MSCONFIG\Services: dealplylivem => 3
MSCONFIG\Services: Google MediaServer => 2
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: Partner Service => 3
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\Services: WTabletServiceCon => 2
MSCONFIG\startupreg: Acer Empowering Technology Monitor => C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
MSCONFIG\startupreg: EmpoweringTechnology => C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
MSCONFIG\startupreg: Google Media Scanner => "C:\Program Files (x86)\Google\Google Media Server\GoogleMediaScanner.exe"
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
========================= Accounts: ==========================
Administrator (S-1-5-21-2771533323-571298105-790965156-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2771533323-571298105-790965156-1010 - Limited - Enabled)
Gast (S-1-5-21-2771533323-571298105-790965156-501 - Limited - Disabled)
Pfälzer (S-1-5-21-2771533323-571298105-790965156-1000 - Administrator - Enabled) => C:\Users\Pfälzer
Pfälzer_2 (S-1-5-21-2771533323-571298105-790965156-1001 - Limited - Enabled) => C:\Users\Pfälzer_2
==================== Faulty Device Manager Devices =============
Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/05/2015 08:14:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/05/2015 08:14:40 AM) (Source: WinDefendRtp) (EventID: 3003) (User: )
Description: Vom %Pfaelzer-PC27-Echtzeitschutz-Prüfpunkt wurde ein Fehler festgestellt. Er konnte daraufhin nicht gestartet werden.
Benutzer: Pfaelzer-PC\Pfälzer_2
Prüfpunkt-ID: 27
Fehlercode: 0x80070005
Fehlerbeschreibung: Zugriff verweigert
Error: (01/05/2015 08:14:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/05/2015 08:14:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/05/2015 08:10:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/05/2015 08:10:14 AM) (Source: WinDefendRtp) (EventID: 3003) (User: )
Description: Vom %Pfaelzer-PC27-Echtzeitschutz-Prüfpunkt wurde ein Fehler festgestellt. Er konnte daraufhin nicht gestartet werden.
Benutzer: Pfaelzer-PC\Pfälzer_2
Prüfpunkt-ID: 27
Fehlercode: 0x80070005
Fehlerbeschreibung: Zugriff verweigert
Error: (01/05/2015 08:10:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/05/2015 08:10:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/05/2015 06:12:51 AM) (Source: WinDefendRtp) (EventID: 3003) (User: )
Description: Vom %Pfaelzer-PC27-Echtzeitschutz-Prüfpunkt wurde ein Fehler festgestellt. Er konnte daraufhin nicht gestartet werden.
Benutzer: Pfaelzer-PC\Pfälzer_2
Prüfpunkt-ID: 27
Fehlercode: 0x80070005
Fehlerbeschreibung: Zugriff verweigert
Error: (01/05/2015 06:12:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (01/05/2015 08:23:09 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{DA810F76-63B2-4B88-917F-25EED14CF702}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (01/05/2015 07:59:24 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWStart%%5
Error: (01/05/2015 07:59:24 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWStart%%5
Error: (01/05/2015 07:16:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Error: (01/05/2015 06:17:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Error: (01/05/2015 06:17:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Error: (01/05/2015 06:17:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Error: (01/05/2015 06:17:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Error: (01/05/2015 06:12:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Error: (01/05/2015 06:12:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Microsoft Office Sessions:
=========================
Error: (01/05/2015 08:14:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/05/2015 08:14:40 AM) (Source: WinDefendRtp) (EventID: 3003) (User: )
Description: %%8271.1.1600.0270x80070005Zugriff verweigert Pfaelzer-PCPfälzer_2S-1-5-21-2771533323-571298105-790965156-1001
Error: (01/05/2015 08:14:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL
Error: (01/05/2015 08:14:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL
Error: (01/05/2015 08:10:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/05/2015 08:10:14 AM) (Source: WinDefendRtp) (EventID: 3003) (User: )
Description: %%8271.1.1600.0270x80070005Zugriff verweigert Pfaelzer-PCPfälzer_2S-1-5-21-2771533323-571298105-790965156-1001
Error: (01/05/2015 08:10:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL
Error: (01/05/2015 08:10:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL
Error: (01/05/2015 06:12:51 AM) (Source: WinDefendRtp) (EventID: 3003) (User: )
Description: %%8271.1.1600.0270x80070005Zugriff verweigert Pfaelzer-PCPfälzer_2S-1-5-21-2771533323-571298105-790965156-1001
Error: (01/05/2015 06:12:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL
CodeIntegrity Errors:
===================================
Date: 2014-10-13 18:33:28.746
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-13 18:33:28.557
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-13 18:33:28.362
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-13 18:33:28.137
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-13 18:33:27.676
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-13 18:33:27.483
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-13 18:33:27.254
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-13 18:33:26.995
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-15 17:47:20.786
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-15 17:47:20.599
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 51%
Total physical RAM: 4094.32 MB
Available physical RAM: 1967.4 MB
Total Pagefile: 8395.91 MB
Available Pagefile: 6134.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:457.94 GB) (Free:139.89 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:458.57 GB) (Free:356.13 GB) NTFS
Drive e: (Sniper_GW) (CDROM) (Total:4.46 GB) (Free:0 GB) CDFS
Drive i: (Feschdblood) (Fixed) (Total:298.09 GB) (Free:115.18 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7BEC2B93)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=457.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=458.6 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 55F17C2F)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Grüße |
|
05.01.2015, 10:12
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | tbhcn im Autostart - Systemstart sehr langsam Hi,
__________________Adware/Junkware/Toolbars entfernen (alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!) 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
05.01.2015, 10:53
| #3 |
| | tbhcn im Autostart - Systemstart sehr langsam Hi Cosinus,
__________________danke für die schnelle Antwort.  Hier die Logfile vom adwCleaner Code:
ATTFilter # AdwCleaner v4.106 - Bericht erstellt am 05/01/2015 um 10:22:11
# Aktualisiert 21/12/2014 von Xplode
# Database : 2014-12-21.4 [Local]
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzername : Pfälzer - PFAELZER-PC
# Gestartet von : C:\Users\Pfälzer_2\Desktop\AdwCleaner_4.106.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : Partner Service
Dienst Gelöscht : SearchAnonymizer
***** [ Dateien / Ordner ] *****
[!] Ordner Gelöscht : C:\ProgramData\NCH Software
[!] Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter
[!] Ordner Gelöscht : C:\Program Files (x86)\DealPly
[!] Ordner Gelöscht : C:\Program Files (x86)\Free Video Converter
[!] Ordner Gelöscht : C:\Program Files (x86)\GinyasBrowserCompanion
[!] Ordner Gelöscht : C:\Users\Pfälzer\AppData\Roaming\DesktopIconForAmazon
[!] Ordner Gelöscht : C:\Users\Pfälzer\AppData\Roaming\GinyasBrowserCompanion
[!] Ordner Gelöscht : C:\Users\Pfälzer\AppData\Roaming\OCS
[!] Ordner Gelöscht : C:\Users\Pfälzer_2\AppData\Roaming\NCH Software
Datei Gelöscht : \END
Datei Gelöscht : C:\Users\Pfälzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk
***** [ Tasks ] *****
Task Gelöscht : Dealply
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2A1B955A-4646-4D87-A640-2BC57AE252B4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67422884-1358-4E32-B7AB-25865C493D0A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B6176FF5-657B-4AF4-A557-216BABA693C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9A003B2-0991-40BE-9992-696A9AC45306}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DAB60EDB-A5EE-463C-94D5-4285892FC833}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F21CB645-2713-4FEF-A068-0B4C80AFA424}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\bbrs_002.tb
Schlüssel Gelöscht : HKCU\Software\Blabbers
Schlüssel Gelöscht : HKCU\Software\Blabbers
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\PIP
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\GinyasBrowserCompanion
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchAnonymizer
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Speedchecker Limited
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16599
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Google Chrome v39.0.2171.95
*************************
AdwCleaner[R0].txt - [6114 octets] - [05/01/2015 10:19:27]
AdwCleaner[S0].txt - [4646 octets] - [05/01/2015 10:22:11]
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [4706 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows (TM) Vista Home Premium x64
Ran by Pf„lzer on 05.01.2015 at 10:38:18,75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Windows\wininit.ini"
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.01.2015 at 10:43:48,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015
Ran by Pfälzer (administrator) on PFAELZER-PC on 05-01-2015 10:51:32
Running from C:\Users\Pfälzer_2\Desktop
Loaded Profiles: Pfälzer & Pfälzer_2 (Available profiles: Pfälzer & Pfälzer_2)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
(Egis Incorporated) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(NewTech InfoSystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PSIService.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
() C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe
() C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
() C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Egis Incorporated) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Akamai Technologies, Inc.) C:\Users\Pfälzer_2\AppData\Local\Akamai\netsession_win.exe
(Egis inc.) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
() C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
(Akamai Technologies, Inc.) C:\Users\Pfälzer_2\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [eDataSecurity Loader] => C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe [561200 2008-07-29] (Egis Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6456352 2008-08-19] (Realtek Semiconductor)
HKLM\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [6144 2008-10-14] (Acer)
HKLM\...\Run: [Ocs_SM] => C:\Users\Pfälzer\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-08-19] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [BkupTray] => C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-25] ()
HKLM-x32\...\Run: [eRecoveryService] => [X]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [SiteAdvisor] => C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe [36640 2007-08-24] ()
HKLM-x32\...\Run: [PCMMediaSharing] => C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [204908 2008-05-20] ()
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2771533323-571298105-790965156-1000\...\Run: [EADM] => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
HKU\S-1-5-21-2771533323-571298105-790965156-1000\...\MountPoints2: {c87d3439-3dff-11e1-8434-806e6f6e6963} - E:\setup.exe
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Run: [EPSON Stylus SX200 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE [221696 2007-12-13] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Run: [EPSON Stylus SX200 Series (Kopie 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE [221696 2007-12-13] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2012-01-13] (Google Inc.)
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Pfälzer_2\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\MountPoints2: {259b995f-c6f5-11e3-9ea5-0021973d8779} - H:\LaunchU3.exe -a
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\MountPoints2: {950edf81-e700-11e2-b0e8-0021973d8779} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\MountPoints2: {950edfa5-e700-11e2-b0e8-0021973d8779} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\MountPoints2: {c87d3439-3dff-11e1-8434-806e6f6e6963} - E:\SETUP.EXE
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll (Egis Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
HKU\S-1-5-21-2771533323-571298105-790965156-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
HKU\S-1-5-21-2771533323-571298105-790965156-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com
HKU\S-1-5-21-2771533323-571298105-790965156-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKU\S-1-5-21-2771533323-571298105-790965156-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
HKU\S-1-5-21-2771533323-571298105-790965156-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2771533323-571298105-790965156-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - No Name - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - No File
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-2771533323-571298105-790965156-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAd64.dll ()
Handler-x32: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.dll ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-01-13]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-01-05]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-19]
FF HKLM-x32\...\Firefox\Extensions: [{B7082FAA-CB62-4872-9106-E42DD88EDE45}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKU\S-1-5-19\...\Firefox\Extensions: [{1650a312-02bc-40ee-977e-83f158701739}] - C:\Program Files (x86)\SiteAdvisor\6172\FF
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\SiteAdvisor\6172\FF [2008-10-31]
FF HKU\S-1-5-20\...\Firefox\Extensions: [{1650a312-02bc-40ee-977e-83f158701739}] - C:\Program Files (x86)\SiteAdvisor\6172\FF
Chrome:
=======
CHR Profile: C:\Users\Pfälzer\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-06]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 0216541420450659mcinstcleanup; C:\Windows\TEMP\021654~1.EXE [315776 2009-12-08] (McAfee, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-06] (AVAST Software)
R2 BUNAgentSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 eDataSecurity Service; C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [500784 2008-07-29] (Egis Incorporated)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-08-19] () [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S4 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [110312 2009-12-08] (McAfee, Inc.)
R2 NTIBackupSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] () [File not signed]
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [174656 2006-11-02] () [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [241734 2008-06-13] () [File not signed]
R2 SiteAdvisor Service; C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe [341280 2008-10-31] ()
R2 WiselinkPro; C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [3007488 2010-02-17] () [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-06] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-12-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-06] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-12-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-06] ()
S3 hugoio64; C:\Windows\system32\drivers\hugoio64.sys [13920 2014-12-03] ()
S3 ITEIO.SYS; c:\Windows\System32\drivers\ITEIO.sys [13144 2008-02-25] (Windows (R) Codename Longhorn DDK provider) [File not signed]
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [22064 2008-07-29] (Egis Incorporated)
R2 PSDNServ; C:\Windows\System32\DRIVERS\PSDNServ.sys [21040 2008-07-29] (Egis Incorporated)
R2 psdvdisk; C:\Windows\System32\DRIVERS\PSDVdisk.sys [60976 2008-07-29] (Egis Incorporated)
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-05 10:51 - 2015-01-05 10:51 - 00023317 _____ () C:\Users\Pfälzer_2\Desktop\FRST.txt
2015-01-05 10:44 - 2015-01-05 10:44 - 00000763 _____ () C:\Users\Pfälzer\Documents\JRT.txt
2015-01-05 10:38 - 2015-01-05 10:38 - 00000000 ____D () C:\Windows\ERUNT
2015-01-05 10:34 - 2015-01-05 10:34 - 769271860 _____ () C:\Windows\MEMORY.DMP
2015-01-05 10:34 - 2015-01-05 10:34 - 00283072 _____ () C:\Windows\Minidump\Mini010515-01.dmp
2015-01-05 10:34 - 2015-01-05 10:34 - 00000000 ____D () C:\Windows\Minidump
2015-01-05 10:21 - 2015-01-05 10:21 - 01707939 _____ (Thisisu) C:\Users\Pfälzer_2\Desktop\JRT.exe
2015-01-05 10:19 - 2015-01-05 10:22 - 00000000 ____D () C:\AdwCleaner
2015-01-05 10:18 - 2015-01-05 10:18 - 02173952 _____ () C:\Users\Pfälzer_2\Desktop\AdwCleaner_4.106.exe
2015-01-05 09:53 - 2015-01-05 10:48 - 00000000 ____D () C:\Users\Pfälzer_2\Desktop\tbhcn
2015-01-05 08:38 - 2015-01-05 08:38 - 00380416 _____ () C:\Users\Pfälzer_2\Desktop\Gmer-19357.exe
2015-01-05 08:37 - 2015-01-05 08:37 - 02123776 _____ (Farbar) C:\Users\Pfälzer_2\Desktop\FRST64.exe
2015-01-05 06:15 - 2015-01-05 07:16 - 367001600 _____ () C:\Users\Pfälzer_2\Desktop\cpe3dwdf.part3.rar
2015-01-04 09:25 - 2015-01-04 10:39 - 367001600 _____ () C:\Users\Pfälzer_2\Desktop\cpe3dwdf.part2.rar
2015-01-04 09:18 - 2015-01-05 10:34 - 00005684 _____ () C:\Windows\PFRO.log
2015-01-03 13:18 - 2015-01-03 13:18 - 00000000 ____H () C:\Users\Pfälzer_2\Documents\Default.rdp
2015-01-03 12:09 - 2015-01-03 12:09 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-03 12:09 - 2015-01-03 12:09 - 00000000 _____ () C:\Windows\setupact.log
2015-01-03 12:01 - 2015-01-03 12:03 - 00000000 ____D () C:\Users\Pfälzer\Silvester 2014
2015-01-03 12:00 - 2015-01-03 12:01 - 00000000 ____D () C:\Users\Pfälzer\Weihnachten 2014
2014-12-30 08:45 - 2014-12-30 09:02 - 367001600 _____ () C:\Users\Pfälzer_2\Desktop\cpe3dwdf.part1.rar
2014-12-29 14:09 - 2012-09-26 00:39 - 00000000 ____D () C:\Users\Pfälzer_2\Desktop\Christopher Paolini - Eragon 2 - Der Auftrag des Ältesten
2014-12-29 13:23 - 2014-12-29 13:23 - 00000219 _____ () C:\Users\Pfälzer_2\Desktop\Counter-Strike Condition Zero Deleted Scenes.url
2014-12-29 13:23 - 2014-12-29 13:23 - 00000218 _____ () C:\Users\Pfälzer_2\Desktop\Counter-Strike.url
2014-12-29 13:23 - 2014-12-29 13:23 - 00000218 _____ () C:\Users\Pfälzer_2\Desktop\Counter-Strike Condition Zero.url
2014-12-29 13:22 - 2014-12-29 13:22 - 00000018 _____ () C:\Users\Pfälzer_2\Desktop\cs.txt
2014-12-29 12:16 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-12-29 12:16 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-12-29 12:16 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-12-29 12:16 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-12-29 12:16 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-12-29 12:16 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-12-29 12:13 - 2014-12-29 12:13 - 00464426 _____ () C:\Users\Pfälzer\AppData\Local\dd_vcredistMSI7AA9.txt
2014-12-29 12:13 - 2014-12-29 12:13 - 00012562 _____ () C:\Users\Pfälzer\AppData\Local\dd_vcredistUI7AA9.txt
2014-12-29 12:12 - 2014-12-29 12:13 - 00382682 _____ () C:\Users\Pfälzer\AppData\Local\dd_vcredistMSI7A9C.txt
2014-12-29 12:12 - 2014-12-29 12:13 - 00012226 _____ () C:\Users\Pfälzer\AppData\Local\dd_vcredistUI7A9C.txt
2014-12-26 09:56 - 2014-12-26 14:41 - 00000000 ____D () C:\Icons
2014-12-23 20:11 - 2014-12-23 20:11 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-21 17:01 - 2014-12-21 17:01 - 00000000 ____D () C:\Users\Pfälzer_2\Documents\Sniper - Ghost Warrior
2014-12-21 15:36 - 2014-12-29 13:23 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-21 15:36 - 2014-12-21 15:36 - 00000221 _____ () C:\Users\Pfälzer_2\Desktop\Sniper Ghost Warrior.url
2014-12-21 15:11 - 2015-01-03 10:04 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-21 15:11 - 2014-12-21 15:28 - 00000806 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-12-21 15:11 - 2014-12-21 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-19 11:00 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-12-19 11:00 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-12-19 11:00 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2014-12-19 11:00 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-12-19 11:00 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-12-19 11:00 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-12-19 11:00 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-12-19 11:00 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-12-19 11:00 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-12-19 11:00 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-12-19 11:00 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-12-19 11:00 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-12-19 11:00 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-12-19 10:37 - 2014-12-19 10:37 - 00507156 _____ () C:\Users\Pfälzer\AppData\Local\dd_vcredistMSI23FF.txt
2014-12-19 10:37 - 2014-12-19 10:37 - 00018412 _____ () C:\Users\Pfälzer\AppData\Local\dd_vcredistUI23FF.txt
2014-12-17 17:08 - 2014-12-17 17:09 - 00000510 _____ () C:\Windows\WORDPAD.INI
2014-12-17 11:13 - 2014-12-17 11:13 - 00002260 _____ () C:\Users\Public\Desktop\TriDef 3D.lnk
2014-12-17 11:13 - 2014-12-17 11:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TriDef 3D
2014-12-17 11:13 - 2014-12-17 11:13 - 00000000 ____D () C:\ProgramData\TriDef 3D
2014-12-17 11:12 - 2014-12-17 11:13 - 00000000 ____D () C:\Program Files (x86)\TriDef 3D
2014-12-14 08:45 - 2014-12-14 08:45 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\eSobi
2014-12-14 08:25 - 2014-12-14 08:25 - 00000000 ____D () C:\Users\Pfälzer\AppData\Local\Microsoft Corporation
2014-12-14 08:22 - 2014-12-14 08:22 - 00002042 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2014-12-14 08:22 - 2014-12-14 08:22 - 00002030 _____ () C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
2014-12-14 08:22 - 2014-12-14 08:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor
2014-12-13 09:01 - 2014-12-13 09:03 - 229101096 _____ () C:\Users\Pfälzer_2\Desktop\Rossmann_Fotosoftware_Setup.exe
2014-12-11 05:56 - 2014-12-11 05:57 - 32021112 _____ (NVIDIA Corporation) C:\Users\Pfälzer_2\Desktop\GeForce_Experience_v2.1.4.0.exe
2014-12-10 05:02 - 2014-11-07 02:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 05:02 - 2014-11-07 02:28 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 05:02 - 2014-11-04 01:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 05:02 - 2014-11-04 01:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 05:00 - 2014-12-03 03:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-10 05:00 - 2014-12-03 02:51 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-10 04:50 - 2014-11-24 23:12 - 17874432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 04:50 - 2014-11-24 22:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 04:50 - 2014-11-24 22:54 - 10921984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 04:50 - 2014-11-24 22:53 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 04:50 - 2014-11-24 22:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 04:50 - 2014-11-24 22:47 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 04:50 - 2014-11-24 22:45 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 04:50 - 2014-11-24 22:45 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-10 04:50 - 2014-11-24 22:45 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 04:50 - 2014-11-24 22:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-10 04:50 - 2014-11-24 22:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 04:50 - 2014-11-24 22:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 04:50 - 2014-11-24 22:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-10 04:50 - 2014-11-24 22:42 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 04:50 - 2014-11-24 21:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-10 04:50 - 2014-11-24 21:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 04:50 - 2014-11-24 21:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 04:50 - 2014-11-24 21:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 04:50 - 2014-11-24 21:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 04:50 - 2014-11-24 21:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 04:50 - 2014-11-24 21:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 04:50 - 2014-11-24 21:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-10 04:50 - 2014-11-24 21:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 04:50 - 2014-11-24 21:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-10 04:50 - 2014-11-24 21:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 04:50 - 2014-11-24 21:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 04:50 - 2014-11-24 21:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-10 04:50 - 2014-11-24 21:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 04:50 - 2014-11-24 21:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-10 04:50 - 2014-11-24 21:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 04:50 - 2014-11-24 21:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 04:50 - 2014-11-24 21:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 04:50 - 2014-11-24 21:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 04:50 - 2014-11-24 21:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 04:50 - 2014-11-24 21:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-10 04:50 - 2014-11-24 21:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-12-09 07:26 - 2014-12-25 04:11 - 00000126 _____ () C:\Users\Pfälzer_2\Desktop\link.txt
2014-12-06 17:11 - 2014-12-06 17:11 - 00001691 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-06 17:10 - 2014-12-06 17:10 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-06 17:10 - 2014-12-06 17:10 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-05 10:51 - 2014-09-15 15:26 - 00000000 ____D () C:\FRST
2015-01-05 10:47 - 2012-01-14 15:27 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-05 10:47 - 2008-10-31 20:05 - 00747400 _____ () C:\Users\Public\eDSMSNLoader32.log
2015-01-05 10:39 - 2012-01-13 17:03 - 02061413 _____ () C:\Windows\WindowsUpdate.log
2015-01-05 10:37 - 2012-01-19 05:59 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-01-05 10:37 - 2008-10-31 19:48 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-05 10:35 - 2012-10-31 16:08 - 89972701 _____ () C:\Windows\SysWOW64\http_ss.log
2015-01-05 10:35 - 2012-01-13 17:25 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2015-01-05 10:35 - 2008-10-31 20:00 - 00000147 _____ () C:\Windows\SysWOW64\agent.log
2015-01-05 10:34 - 2006-11-02 16:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-05 10:34 - 2006-11-02 16:22 - 00005264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-05 10:34 - 2006-11-02 16:22 - 00005264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-05 10:22 - 2006-11-02 16:42 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-05 10:19 - 2012-10-17 10:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-05 10:11 - 2012-01-14 15:27 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-05 08:08 - 2012-07-06 10:07 - 00000000 ____D () C:\Windows\pss
2015-01-05 07:24 - 2012-01-15 04:25 - 00018426 _____ () C:\Users\Pfälzer_2\AppData\Roaming\wklnhst.dat
2015-01-05 06:12 - 2013-03-19 15:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-03 12:04 - 2012-01-13 17:16 - 00000000 ____D () C:\Users\Pfälzer
2015-01-03 09:01 - 2012-01-14 18:16 - 00000000 ___RD () C:\Users\Pfälzer_2\Desktop\Haushaltsführung
2015-01-03 07:46 - 2012-01-14 05:21 - 00055592 _____ () C:\Windows\system32\spsys.log
2014-12-30 08:28 - 2008-01-21 12:10 - 01598440 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-30 08:28 - 2008-01-21 12:09 - 00684500 _____ () C:\Windows\system32\perfh007.dat
2014-12-30 08:28 - 2008-01-21 12:09 - 00150808 _____ () C:\Windows\system32\perfc007.dat
2014-12-29 14:13 - 2013-03-20 17:26 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-12-29 12:16 - 2014-11-11 08:14 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-29 11:16 - 2012-10-17 10:30 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-29 11:16 - 2012-05-07 15:45 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-29 11:16 - 2012-01-14 17:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-29 11:15 - 2014-10-18 08:52 - 00000000 ____D () C:\Users\Pfälzer\AppData\Local\Adobe
2014-12-29 07:43 - 2012-01-28 09:27 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\vlc
2014-12-26 14:41 - 2012-01-24 07:25 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\Corel
2014-12-26 14:41 - 2012-01-14 18:21 - 00000000 ___RD () C:\Users\Pfälzer_2\Desktop\Privat
2014-12-26 14:34 - 2012-01-24 07:25 - 00000848 ___SH () C:\Windows\SysWOW64\KGyGaAvL.sys
2014-12-26 14:34 - 2012-01-24 07:25 - 00000000 ____D () C:\Users\Pfälzer_2\Documents\My PSP Files
2014-12-26 10:43 - 2013-11-07 07:41 - 00000000 ___RD () C:\Users\Pfälzer_2\Desktop\M F&R
2014-12-26 10:36 - 2012-11-02 17:16 - 00000000 ___RD () C:\Users\Pfälzer_2\Desktop\mf-online
2014-12-26 10:35 - 2013-01-05 09:37 - 00000000 ___RD () C:\Users\Pfälzer_2\Desktop\Steffi Arbeit
2014-12-26 10:35 - 2012-01-14 18:14 - 00000000 ___RD () C:\Users\Pfälzer_2\Desktop\Arbeit
2014-12-26 10:18 - 2012-01-16 04:16 - 00000000 ___RD () C:\Users\Pfälzer_2\Dropbox
2014-12-26 10:18 - 2012-01-16 04:14 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\Dropbox
2014-12-25 04:11 - 2012-01-17 18:06 - 00073728 _____ () C:\Users\Pfälzer_2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-19 10:50 - 2012-05-08 04:04 - 00000000 ____D () C:\Users\Pfälzer_2\Documents\My Games
2014-12-19 10:33 - 2008-10-31 19:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-18 06:41 - 2012-01-13 19:53 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-12-16 05:53 - 2013-10-13 12:28 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\NVIDIA
2014-12-14 08:56 - 2014-07-27 11:00 - 00000000 ____D () C:\Users\Pfälzer_2\Desktop\Neue Bib
2014-12-14 08:47 - 2008-10-31 20:05 - 00000000 ____D () C:\Program Files (x86)\Acer GameZone
2014-12-14 08:46 - 2008-10-31 20:17 - 00000000 ____D () C:\Program Files (x86)\eSobi
2014-12-14 08:17 - 2012-01-14 05:14 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-12-14 08:17 - 2012-01-14 05:11 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-13 09:17 - 2012-01-14 04:32 - 00000000 ____D () C:\Program Files (x86)\Corel
2014-12-13 06:22 - 2012-01-16 04:16 - 00000976 _____ () C:\Users\Pfälzer_2\Desktop\Dropbox.lnk
2014-12-13 06:22 - 2012-01-16 04:15 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-12 08:32 - 2014-06-17 06:17 - 00002021 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 05:54 - 2012-01-13 20:09 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-10 07:16 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\rescache
2014-12-10 05:10 - 2013-08-14 04:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 05:03 - 2006-11-02 13:35 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-09 07:27 - 2012-01-13 20:20 - 00000000 ____D () C:\Users\Pfälzer_2
2014-12-06 17:10 - 2014-05-18 03:01 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys
Files to move or delete:
====================
C:\ProgramData\pswi_preloaded.exe
Some content of TEMP:
====================
C:\Users\Pfälzer\AppData\Local\Temp\Medal of Honor_uninst.exe
C:\Users\Pfälzer\AppData\Local\Temp\Quarantine.exe
C:\Users\Pfälzer\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-05 10:41
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2015
Ran by Pfälzer at 2015-01-05 10:52:15
Running from C:\Users\Pfälzer_2\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acer Arcade Live Main Page (HKLM-x32\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.1.1819 - Acer Inc.)
Acer DV Magician (HKLM-x32\...\{F6EFFB76-4A07-11DA-9D78-000129760D75}) (Version: 1.5.1730 - Acer Inc.)
Acer DVDivine (HKLM-x32\...\{B145EC69-66F5-11D8-9D75-000129760D75}) (Version: 3.2.1730 - Acer Inc.)
Acer eDataSecurity Management (HKLM-x32\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 3.0.3065 - Egis Inc.)
Acer Empowering Technology (HKLM-x32\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3010 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.0.3014 - Acer Incorporated)
Acer eSettings Management (HKLM-x32\...\{13D85C14-2B85-419F-AC41-C7F21E68B25D}) (Version: 3.0.3007 - Acer Incorporated)
Acer GameZone Console DTV 2.0.1.1 (HKLM-x32\...\Acer GameZone Console_is1) (Version: - Oberon Media, Inc.)
Acer HomeMedia (HKLM-x32\...\{AA4BF92B-2AAF-11DA-9D78-000129760D75}) (Version: 1.5.0530 - Acer Inc.)
Acer HomeMedia Connect (HKLM-x32\...\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}) (Version: 1.4.5330 - Acer Inc.)
Acer HomeMedia Trial Creator (HKLM-x32\...\{B580C409-E16F-44FF-904D-3AE94E113BE0}) (Version: 1.5.0530 - Acer Inc.)
Acer Product Registration (HKLM-x32\...\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}) (Version: 3.0.0.8 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 4.01.0718 - Acer Incorporated)
Acer SlideShow DVD (HKLM-x32\...\{41581EF5-45A7-11DA-9D78-000129760D75}) (Version: 1.5.1730 - Acer Inc.)
Acer VideoMagician (HKLM-x32\...\{F79A208D-D929-11D9-9D77-000129760D75}) (Version: 1.4.2203 - Acer Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Agatha Christie Death on the Nile (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}) (Version: - Oberon Media)
Akamai NetSession Interface (HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version: - Oberon Media)
ANNO 1404 - Königsedition (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Any Video Converter 5.0.9 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Azada (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}) (Version: - Oberon Media)
Big Kahuna Reef (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}) (Version: - Oberon Media)
Bricks of Egypt (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}) (Version: - Oberon Media)
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
calibre 64bit (HKLM\...\{1266D026-FDCA-458F-8849-BF23EF0766D8}) (Version: 1.28.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 3.10 - Piriform)
Chicken Invaders 3 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}) (Version: - Oberon Media)
Content Manager 2 (HKLM-x32\...\Content Manager 2) (Version: 3.18.0.342250 - NNG Llc.)
Corel Paint Shop Pro Photo XI (HKLM-x32\...\{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}) (Version: 11.20.0000 - Corel Corporation)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version: - Valve)
Counter-Strike: Condition Zero Deleted Scenes (HKLM-x32\...\Steam App 100) (Version: - Valve)
Diner Dash Flo on the Go (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}) (Version: - Oberon Media)
Dropbox (HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
EPSON Easy Photo Print (HKLM-x32\...\{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}) (Version: 1.5.1.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EPSON Stylus SX200 Series Printer Uninstall (HKLM\...\EPSON Stylus SX200 Series) (Version: - SEIKO EPSON Corporation)
EPSON Stylus SX200_SX400_TX200_TX400 Handbuch (HKLM-x32\...\EPSON Stylus SX200_SX400_TX200_TX400 Benutzerhandbuch) (Version: - )
Fotosizer 2.05 (HKLM-x32\...\Fotosizer) (Version: 2.05.0.536 - Fotosizer.com)
Free M4a to MP3 Converter 8.2 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Free Video Converter V 3.1 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.1.0.0 - Koyote Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hamster Free Video Converter (HKLM-x32\...\{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1) (Version: 2.5.2.33 - Hamster Soft)
i-Menu 3.9 (HKLM-x32\...\i-Menu_is1) (Version: - AOC)
IPTInstaller (HKLM-x32\...\{6965F2F4-1CD2-4F42-A8EF-9EF433F9AA72}) (Version: 4.0.4 - HTC)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Jewel Quest Solitaire (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}) (Version: - Oberon Media)
Kick N Rush (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}) (Version: - Oberon Media)
Kobo (HKLM-x32\...\Kobo) (Version: 3.5.0 - Kobo Inc.)
LightScribe 1.4.142.1 (x32 Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
MAGIX Filme auf CD & DVD 6 (D) (HKLM-x32\...\MAGIX Filme auf CD & DVD 6 D) (Version: 6.0.0.29 - MAGIX AG)
MAGIX Goya burnR (D) (HKLM-x32\...\MAGIX Goya burnR D) (Version: 1.3.0.7 - MAGIX AG)
MAGIX Online Druck Service (D) (HKLM-x32\...\MAGIX Online Druck Service D) (Version: 2.3.2.0 - MAGIX AG)
Mahjong Escape Ancient China (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version: - Oberon Media)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.0.163 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft FrontPage 2000 (HKLM-x32\...\{00120407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft GIF Animator (HKLM-x32\...\GIF Animator) (Version: - )
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
MixPad (HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\MixPad) (Version: - NCH Software)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery Case Files - Huntsville (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}) (Version: - Oberon Media)
Mystery Solitaire - Secret Island (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}) (Version: - Oberon Media)
Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - Nav N Go Ltd.)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI JewelCase Maker Hot Fix (HKLM-x32\...\InstallShield_{DDA223A7-627F-4173-9CA4-A9C531BCBB62}) (Version: 5.5.0.5202 - NewTech Infosystems)
NTI JewelCase Maker Hot Fix (x32 Version: 5.5.0.5202 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.2.6329 - NewTech Infosystems) Hidden
NTI Photo Maker Hot Fix (HKLM-x32\...\InstallShield_{B9B02A9E-8074-4C3F-AAE5-311528F34FED}) (Version: 2.0.0.16 - NewTech Infosystems)
NTI Photo Maker Hot Fix (x32 Version: 2.0.0.16 - NewTech Infosystems) Hidden
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Opera Stable 26.0.1656.60 (HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Opera 26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA)
PE585QAEncoder-64 (HKLM\...\{D8B2C435-8737-431E-8784-24CD13B0B821}) (Version: 6.00.1918 - YUAN)
Pflanzen gegen Zombies (HKLM-x32\...\Pflanzen gegen Zombies) (Version: - PopCap Games)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5688 - Realtek Semiconductor Corp.)
Remote Camera Control (HKLM-x32\...\{9EF84A20-DCF9-4946-9318-69995258AF00}) (Version: 3.2.10170 - Sony Corporation)
Rossmann Fotowelt Software 4.12.1 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.12.1 - ORWO Net)
SAMSUNG PC Share Manager (HKLM-x32\...\InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}) (Version: 2.3.0 - SAMSUNG)
SAMSUNG PC Share Manager (x32 Version: 2.3.0 - SAMSUNG) Hidden
Sniper: Ghost Warrior (HKLM-x32\...\Steam App 34830) (Version: - City Interactive)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Switch Sound File Converter (HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Switch) (Version: - NCH Software)
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version: - (c) 2006-2011, Tom Thielicke IT Solutions)
TriDef 3D (AOC Monitor) 1.2.1 (HKLM-x32\...\experience-aoc-mon-bundle) (Version: 1.2.1 - Dynamic Digital Depth Australia Pty Ltd)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Turbo Pizza (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}) (Version: - Oberon Media)
Ulead GIF Animator 5 Test (HKLM-x32\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version: - )
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WavePad Sound Editor (HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\WavePad) (Version: - NCH Software)
Windows 7 Upgrade Advisor (HKLM-x32\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Zuma Deluxe (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}) (Version: - Oberon Media)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
13-12-2014 06:25:03 Windows Update
14-12-2014 07:27:47 Gerätetreiber-Paketinstallation: NVIDIA Mäuse und andere Zeigegeräte
14-12-2014 08:22:06 Windows 7 Upgrade Advisor wird installiert
14-12-2014 08:45:53 Entfernt eSobi v2
15-12-2014 09:33:24 Geplanter Prüfpunkt
16-12-2014 05:50:09 Installiert Prey
17-12-2014 06:25:06 Windows Update
18-12-2014 14:57:17 Geplanter Prüfpunkt
19-12-2014 10:33:23 Entfernt Prey
19-12-2014 10:38:21 Installed ProductName from default.wxl
19-12-2014 10:48:50 Installed ProductName from default.wxl
19-12-2014 10:57:48 DirectX wurde installiert
19-12-2014 11:01:05 Steam wird installiert
19-12-2014 11:09:17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 wurde entfernt.
19-12-2014 11:11:19 Microsoft Visual C++ 2005 Redistributable wird entfernt
19-12-2014 11:15:51 Steam wird entfernt
21-12-2014 15:05:39 DirectX wurde installiert
21-12-2014 15:09:36 Microsoft Visual C++ 2005 Redistributable wird installiert
21-12-2014 15:10:39 Steam wird installiert
23-12-2014 07:03:33 Windows Update
24-12-2014 15:33:15 Geplanter Prüfpunkt
26-12-2014 08:32:07 Windows Update
28-12-2014 22:54:41 Geplanter Prüfpunkt
29-12-2014 12:13:34 DirectX wurde installiert
30-12-2014 08:26:13 Geplanter Prüfpunkt
03-01-2015 07:52:53 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 13:34 - 2006-09-18 22:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0292117E-2CF8-45E7-BA12-701BB8CB6FE5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {16FA7BEE-227F-4A8A-AE4F-C83FEBA47D10} - System32\Tasks\NCH Software\SwitchDowngrade => C:\Users\Pfälzer_2\AppData\Roaming\NCH Software\Program Files\Switch\switch.exe
Task: {482C9865-53C6-45A3-B2EC-2F9EC33A00AD} - \Dealply No Task File <==== ATTENTION
Task: {8A7FA9ED-7D45-4E47-9033-F48293D7D996} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A3C2AB1E-1E15-4A8B-BE21-2BC494FDED4C} - System32\Tasks\NCH Software\ExpressBurnSevenDays => C:\Users\Pfälzer_2\AppData\Roaming\NCH Software\Program Files\ExpressBurn\ExpressBurn.exe
Task: {BE0EEC95-3C23-43D9-B1E9-E024930BD7D9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-06] (AVAST Software)
Task: {CCA1999C-1D26-46F8-A946-60A5EEAF7D41} - System32\Tasks\NCH Software\WavePadReminder => C:\Users\Pfälzer_2\AppData\Roaming\NCH Software\Program Files\WavePad\WavePad.exe
Task: {D789873F-F862-494B-A61C-6477CB850021} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {D9D602A6-8FE0-4B12-81AF-618FA8610586} - System32\Tasks\NCH Software\SwitchReminder => C:\Users\Pfälzer_2\AppData\Roaming\NCH Software\Program Files\Switch\Switch.exe
Task: {E171B78F-1EB5-4B63-8FF3-AF5371D1389B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-29] (Adobe Systems Incorporated)
Task: {F8720D1C-BFE2-4593-A9EA-16FD63543C33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2008-10-31 19:31 - 2008-08-19 14:27 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2008-10-31 19:31 - 2008-10-31 19:31 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3010.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2008-10-31 19:31 - 2008-10-31 19:31 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3010.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2008-10-31 19:31 - 2008-10-31 19:31 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3010.0__3036420f80dd6947\Framework.Library.dll
2008-10-31 19:31 - 2008-10-31 19:31 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3010.0__672b450de5a7e94a\Framework.Host.dll
2008-10-31 19:31 - 2008-10-31 19:31 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3010.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2008-10-31 19:31 - 2008-10-31 19:31 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3010.0__4df5dcab8860d239\Framework.Utility.dll
2008-10-31 19:31 - 2008-08-19 14:27 - 00585216 _____ () C:\Windows\system32\INT15_64.dll
2012-01-13 17:27 - 2008-05-26 14:40 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.ServicePlugin.dll
2012-01-13 17:27 - 2008-05-26 14:37 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Logger.dll
2012-01-13 17:27 - 2008-05-26 14:39 - 00143360 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Model.Computer.dll
2012-01-13 17:27 - 2008-05-26 14:37 - 00036864 _____ () C:\Program Files\Acer\Empowering Technology\Service\eSettings.Model.ComputerInterface.dll
2008-04-25 21:36 - 2008-04-25 21:36 - 00131072 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2012-10-08 16:04 - 2012-10-08 16:04 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2006-11-02 20:40 - 2006-11-02 20:40 - 00174656 _____ () C:\Windows\SysWOW64\PSIService.exe
2008-10-31 19:55 - 2008-06-13 05:17 - 00241734 _____ () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
2008-10-31 19:50 - 2008-10-31 19:50 - 00341280 _____ () C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe
2010-02-17 17:19 - 2010-02-17 17:19 - 03007488 _____ () C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
2009-02-13 13:29 - 2009-02-13 13:29 - 00409727 _____ () C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-01-14 04:09 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2007-12-13 03:08 - 2007-12-13 03:08 - 01401856 _____ () C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\LIBEAY32.dll
2008-07-29 17:53 - 2008-07-29 17:53 - 00382000 _____ () C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ShowErrMsg.dll
2008-04-25 21:36 - 2008-04-25 21:36 - 00028672 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
2008-10-31 19:57 - 2008-05-20 17:50 - 00204908 _____ () C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
2015-01-05 06:11 - 2015-01-05 06:11 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010401\algo.dll
2015-01-05 10:35 - 2015-01-05 10:35 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010500\algo.dll
2007-06-24 19:09 - 2007-06-24 19:09 - 01024000 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2007-06-24 19:09 - 2007-06-24 19:09 - 00098304 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2007-06-24 19:09 - 2007-06-24 19:09 - 00061440 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2008-10-31 19:50 - 2008-10-31 19:50 - 00111904 _____ () C:\Program Files (x86)\SiteAdvisor\6172\APEngine.dll
2008-10-31 19:50 - 2008-10-31 19:50 - 00070432 _____ () C:\Program Files (x86)\SiteAdvisor\6172\McFrmWk.dll
2008-10-31 19:50 - 2008-10-31 19:50 - 00116000 _____ () C:\Program Files (x86)\SiteAdvisor\6172\CntScan.dll
2008-10-31 19:50 - 2008-10-31 19:50 - 00271648 _____ () C:\Program Files (x86)\SiteAdvisor\6172\Upsell.dll
2009-01-07 20:01 - 2009-01-07 20:01 - 00649019 _____ () C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avformat-52.dll
2009-01-07 19:58 - 2009-01-07 19:58 - 00074795 _____ () C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avutil-49.dll
2009-01-07 20:01 - 2009-01-07 20:01 - 03989516 _____ () C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll
2009-04-15 10:40 - 2009-04-15 10:40 - 00057856 _____ () C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\lang.dll
2008-04-28 09:49 - 2008-04-28 09:49 - 00003072 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
2014-01-21 19:39 - 2014-12-06 17:10 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2008-10-31 19:50 - 2008-10-31 19:50 - 00011552 _____ () C:\Program Files (x86)\SiteAdvisor\6172\saHook.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:4F636E25
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: dealplylive => 2
MSCONFIG\Services: dealplylivem => 3
MSCONFIG\Services: Google MediaServer => 2
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: Partner Service => 3
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\Services: WTabletServiceCon => 2
MSCONFIG\startupreg: Acer Empowering Technology Monitor => C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
MSCONFIG\startupreg: EmpoweringTechnology => C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
MSCONFIG\startupreg: Google Media Scanner => "C:\Program Files (x86)\Google\Google Media Server\GoogleMediaScanner.exe"
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
========================= Accounts: ==========================
Administrator (S-1-5-21-2771533323-571298105-790965156-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2771533323-571298105-790965156-1010 - Limited - Enabled)
Gast (S-1-5-21-2771533323-571298105-790965156-501 - Limited - Disabled)
Pfälzer (S-1-5-21-2771533323-571298105-790965156-1000 - Administrator - Enabled) => C:\Users\Pfälzer
Pfälzer_2 (S-1-5-21-2771533323-571298105-790965156-1001 - Limited - Enabled) => C:\Users\Pfälzer_2
==================== Faulty Device Manager Devices =============
Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/05/2015 10:47:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/05/2015 10:47:45 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/05/2015 10:46:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/05/2015 10:46:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/05/2015 10:45:36 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/05/2015 10:45:35 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Microsoft Office Sessions:
=========================
Error: (01/05/2015 10:47:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL
Error: (01/05/2015 10:47:45 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL
Error: (01/05/2015 10:46:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL
Error: (01/05/2015 10:46:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL
Error: (01/05/2015 10:45:36 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL
Error: (01/05/2015 10:45:35 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL
CodeIntegrity Errors:
===================================
Date: 2015-01-05 10:46:55.955
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-05 10:46:55.740
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-05 10:46:55.495
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-05 10:46:55.257
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-05 10:46:54.651
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-05 10:46:54.177
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-05 10:46:53.556
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-05 10:46:52.928
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-13 18:33:28.746
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-13 18:33:28.557
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 45%
Total physical RAM: 4094.32 MB
Available physical RAM: 2236.49 MB
Total Pagefile: 8395.91 MB
Available Pagefile: 6556.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:457.94 GB) (Free:138.85 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:458.57 GB) (Free:356.13 GB) NTFS
Drive e: (Sniper_GW) (CDROM) (Total:4.46 GB) (Free:0 GB) CDFS
Drive i: (Feschdblood) (Fixed) (Total:298.09 GB) (Free:115.18 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7BEC2B93)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=457.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=458.6 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 55F17C2F)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
05.01.2015, 11:12
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | tbhcn im Autostart - Systemstart sehr langsam Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Task: {482C9865-53C6-45A3-B2EC-2F9EC33A00AD} - \Dealply No Task File <==== ATTENTION
EmptyTemp:
Hosts:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.01.2015, 11:18
| #5 |
| | tbhcn im Autostart - Systemstart sehr langsamCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2015
Ran by Pfälzer at 2015-01-05 11:18:00 Run:1
Running from C:\Users\Pfälzer_2\Desktop
Loaded Profiles: Pfälzer & Pfälzer_2 (Available profiles: Pfälzer & Pfälzer_2)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Task: {482C9865-53C6-45A3-B2EC-2F9EC33A00AD} - \Dealply No Task File <==== ATTENTION
EmptyTemp:
Hosts:
*****************
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{482C9865-53C6-45A3-B2EC-2F9EC33A00AD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{482C9865-53C6-45A3-B2EC-2F9EC33A00AD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 251.8 MB temporary data.
The system needed a reboot.
==== End of Fixlog 11:18:34 ====
|
|
05.01.2015, 11:33
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | tbhcn im Autostart - Systemstart sehr langsam Okay, dann Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte  Malwarebytes Anti-Malware
ESET Online Scanner
__________________ --> tbhcn im Autostart - Systemstart sehr langsam |
|
05.01.2015, 19:48
| #7 |
| | tbhcn im Autostart - Systemstart sehr langsam Mbam läuft und ESET ist runtergeladen. Ich muss noch mal schnell auf Arbeit und meld mich dann heut Nachmittag noch mal mit den Logs. Danke schon mal und bis später! Hier die Log-Files Mbam Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 05.01.2015 Suchlauf-Zeit: 11:45:19 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.01.05.04 Rootkit Datenbank: v2014.12.30.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x64 Dateisystem: NTFS Benutzer: Pfälzer Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 487360 Verstrichene Zeit: 21 Min, 14 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d022ac231bc1174d876c0c4e0648f36f
# engine=21824
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-05 06:46:12
# local_time=2015-01-05 07:46:12 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=779 16777213 85 72 2035785 184904062 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 215484 258007478 0 0
# scanned=359465
# found=9
# cleaned=0
# scan_time=9902
sh=675C34C8A8C68779B03E89746D58630859292CD7 ft=1 fh=53e56eab4fdbd274 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pfälzer_2\AppData\Roaming\NCH Software\Program Files\MixPad\mixpad.exe.vir"
sh=B55D7DFBE21B261A67842A761AD5F43EE9FFDA44 ft=1 fh=b2ac4ea04bee6e54 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pfälzer_2\AppData\Roaming\NCH Software\Program Files\MixPad\mixpadsetup_v3.29.exe.vir"
sh=BB8686699C972AD8542D385290C465C084264CD0 ft=1 fh=d9f9f7a925310911 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pfälzer_2\AppData\Roaming\NCH Software\Program Files\Switch\switch.exe.vir"
sh=41BD1925F37D38233BDB1074DA28FCD075416493 ft=1 fh=c8952d6f0aeed392 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pfälzer_2\AppData\Roaming\NCH Software\Program Files\Switch\switchsetup_v4.43.exe.vir"
sh=9063784AA52C5DA8888A8AFFCCBA9FE8E24802F5 ft=1 fh=b7acc83d2d36dde3 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pfälzer_2\AppData\Roaming\NCH Software\Program Files\WavePad\wavepad.exe.vir"
sh=4191BEFF5D8A2ADA4A8C1765F1905FFE312ACB94 ft=1 fh=3afba7ed4b49b7cd vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pfälzer_2\AppData\Roaming\NCH Software\Program Files\WavePad\wavepadsetup_v5.40.exe.vir"
sh=81E4D6C73D512607C41C1A558BFEDC122014254D ft=0 fh=0000000000000000 vn="INF/Autorun.gen Wurm" ac=I fn="C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Trial Creator\Export\SoftDMA_Trial\Autorun.inf"
sh=E48BF924ACC6431B44CB57BB9ED6C13DB79065C5 ft=1 fh=714d0ca1a09182e7 vn="Win32/Somoto.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Pfälzer\Downloads\m4a-to-mp3-converter_CB-DL-Manager [1].exe"
sh=D01F9F59BF6CA6E3FE60231CC8808C1A4FEA4530 ft=1 fh=e23161741f42185f vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Pfälzer_2\Downloads\Setup_31FreeVideoConverter.exe"
|
|
06.01.2015, 09:17
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | tbhcn im Autostart - Systemstart sehr langsam Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Pfälzer\Downloads\m4a-to-mp3-converter_CB-DL-Manager [1].exe
C:\Users\Pfälzer_2\Downloads\Setup_31FreeVideoConverter.exe
EmptyTemp:
Hosts:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.01.2015, 15:11
| #9 |
| | tbhcn im Autostart - Systemstart sehr langsamCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2015
Ran by Pfälzer_2 at 2015-01-06 15:09:05 Run:2
Running from C:\Users\Pfälzer_2\Desktop
Loaded Profile: Pfälzer_2 (Available profiles: Pfälzer & Pfälzer_2)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\Pfälzer\Downloads\m4a-to-mp3-converter_CB-DL-Manager [1].exe
C:\Users\Pfälzer_2\Downloads\Setup_31FreeVideoConverter.exe
EmptyTemp:
Hosts:
*****************
"C:\Users\Pfälzer\Downloads\m4a-to-mp3-converter_CB-DL-Manager [1].exe" => File/Directory not found.
C:\Users\Pfälzer_2\Downloads\Setup_31FreeVideoConverter.exe => Moved successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 157.1 MB temporary data.
The system needed a reboot.
==== End of Fixlog 15:11:39 ====
|
|
06.01.2015, 15:37
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | tbhcn im Autostart - Systemstart sehr langsam Virenscanner deaktivieren, Fix wiederholen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.01.2015, 15:44
| #11 |
| | tbhcn im Autostart - Systemstart sehr langsam Neuer Fix Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2015
Ran by Pfälzer at 2015-01-06 15:42:43 Run:3
Running from C:\Users\Pfälzer_2\Desktop
Loaded Profiles: Pfälzer & Pfälzer_2 (Available profiles: Pfälzer & Pfälzer_2)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\Pfälzer\Downloads\m4a-to-mp3-converter_CB-DL-Manager [1].exe
C:\Users\Pfälzer_2\Downloads\Setup_31FreeVideoConverter.exe
EmptyTemp:
Hosts:
*****************
C:\Users\Pfälzer\Downloads\m4a-to-mp3-converter_CB-DL-Manager [1].exe => Moved successfully.
"C:\Users\Pfälzer_2\Downloads\Setup_31FreeVideoConverter.exe" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 536 KB temporary data.
The system needed a reboot.
==== End of Fixlog 15:42:57 ====
|
|
06.01.2015, 15:50
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | tbhcn im Autostart - Systemstart sehr langsam Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) empfehle ich die Erweiterung Ghostery, diese verhindert weitgehend Usertracking bzw. das Anzeigen von Werbebannern. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.01.2015, 16:00
| #13 |
| | tbhcn im Autostart - Systemstart sehr langsam Danke für den Tipp mit den Cookies, werd ich mir auf jeden Fall noch runterladen! Nee... im Moment scheint alles soweit in Ordnung zu sein! Vielen Dank für Deine Hilfe!!   |
|
06.01.2015, 16:06
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | tbhcn im Autostart - Systemstart sehr langsam Dann wären wir durch! Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. Es empfiehlt sich Malwarebytes Anti-Malware zu behalten und damit wöchentlich nach Malware zu scannen. Helfen kann dir dabei delfix: Die Reihenfolge ist hier entscheidend.
Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu tbhcn im Autostart - Systemstart sehr langsam |
| adware, akamai, antivirus, auftrag, browser, converter, error, flash player, google, home, iexplore.exe, installation, langsam, logfile, mp3, popup, programm, realtek, registry, rundll, scan, siteadvisor, software, svchost.exe, windows, windows xp |
Linear-Darstellung
