| ChilliVanill | 11.03.2015 15:49 |
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Paul (administrator) on CHILL-PC on 11-03-2015 15:41:03
Running from C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0F96RBX8
Loaded Profiles: Paul (Available profiles: Paul)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Hama\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Hama\Common\RaRegistry64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Paltiosoft Inc.) C:\Program Files (x86)\SoftDenchi\UCManSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe
(BioWare) C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-11] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10396440 2014-04-15] (Logitech Inc.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [185896 2013-10-28] (Geek Software GmbH)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2993463927-1781826304-4144001986-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-02-15] (Electronic Arts)
HKU\S-1-5-21-2993463927-1781826304-4144001986-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2874048 2015-02-19] (Valve Corporation)
HKU\S-1-5-21-2993463927-1781826304-4144001986-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31090792 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-2993463927-1781826304-4144001986-1001\...\Run: [NVIDIA nTune] => C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe [98304 2007-09-04] (NVIDIA)
HKU\S-1-5-21-2993463927-1781826304-4144001986-1001\...\MountPoints2: {41e2b908-4477-11e1-aa0b-386077b0dfdf} - K:\LaunchU3.exe -a
HKU\S-1-5-21-2993463927-1781826304-4144001986-1001\...\MountPoints2: {41e2b96c-4477-11e1-aa0b-386077b0dfdf} - M:\autorun.exe
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk
ShortcutTarget: Hama Wireless LAN Utility.lnk -> C:\Program Files (x86)\Hama\Common\RaUI.exe (Hama GmbH & Co KG)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = delta-homes
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = delta-homes
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1409899705&from=cor&uid=WDCXWD20EARX-22PASB0_WD-WCAZAA71457514575&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1409899705&from=cor&uid=WDCXWD20EARX-22PASB0_WD-WCAZAA71457514575&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = delta-homes
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = delta-homes
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1409899705&from=cor&uid=WDCXWD20EARX-22PASB0_WD-WCAZAA71457514575&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1409899705&from=cor&uid=WDCXWD20EARX-22PASB0_WD-WCAZAA71457514575&q={searchTerms}
HKU\S-1-5-21-2993463927-1781826304-4144001986-1001\Software\Microsoft\Internet Explorer\Main,Start Page = delta-homes
HKU\S-1-5-21-2993463927-1781826304-4144001986-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=6e7573cb-36b9-478f-a635-13fb0c09720c&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/01/1970&type=hp1000
HKU\S-1-5-21-2993463927-1781826304-4144001986-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=6e7573cb-36b9-478f-a635-13fb0c09720c&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/01/1970&type=hp1000
HKU\S-1-5-21-2993463927-1781826304-4144001986-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = delta-homes
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=6e7573cb-36b9-478f-a635-13fb0c09720c&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/01/1970&type=hp1000
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2993463927-1781826304-4144001986-1001 -> DefaultScope {006EE092-9658-4FD6-BD8E-A21A348E59F5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=6e7573cb-36b9-478f-a635-13fb0c09720c&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/01/1970&type=hp1000
SearchScopes: HKU\S-1-5-21-2993463927-1781826304-4144001986-1001 -> BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-2993463927-1781826304-4144001986-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=6e7573cb-36b9-478f-a635-13fb0c09720c&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/01/1970&type=hp1000
SearchScopes: HKU\S-1-5-21-2993463927-1781826304-4144001986-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=3A4E386077B0DFDF&affID=123884&tsp=4958
SearchScopes: HKU\S-1-5-21-2993463927-1781826304-4144001986-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1418823328&from=wpm12173&uid=WDCXWD20EARX-22PASB0_WD-WCAZAA71457514575&q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Complitly -> {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} -> C:\Users\Paul\AppData\Roaming\Complitly\64\Complitly64.dll [2011-07-20] (SimplyGen)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> No File
BHO-x32: Babylon toolbar helper -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll No File
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-06-22] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Complitly -> {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} -> C:\Users\Paul\AppData\Roaming\Complitly\Complitly.dll [2011-07-20] (SimplyGen)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-06-22] (Oracle Corporation)
BHO-x32: SweetPacks Browser Helper -> {EEE6C35C-6118-11DC-9C72-001320C79847} -> C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll No File
BHO-x32: smartdownloader Class -> {F1AF26F8-1828-4279-ABCE-074EF3235BD7} -> C:\Program Files (x86)\PutLockerDownloader\smarterdownloader.dll [2012-11-06] (TODO: <Company name>)
BHO-x32: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll No File
BHO-x32: Yontoo -> {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -> C:\Program Files (x86)\Yontoo\YontooIEClient.dll No File
Toolbar: HKLM - No Name - !{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No File
Toolbar: HKLM - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
Toolbar: HKLM-x32 - No Name - !{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No File
Toolbar: HKLM-x32 - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll [2013-04-08] (pdfforge GmbH)
Toolbar: HKU\S-1-5-21-2993463927-1781826304-4144001986-1001 -> No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No File
Toolbar: HKU\S-1-5-21-2993463927-1781826304-4144001986-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe delta-homes
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-06-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-06-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-11-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-11-12] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2012-08-29] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2993463927-1781826304-4144001986-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-05-27] ()
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2013-04-04]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-02-24]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.delta-homes.com/?type=hp&ts=1418823328&from=wpm12173&uid=WDCXWD20EARX-22PASB0_WD-WCAZAA71457514575
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSearchKeyword: Default -> google.com_
CHR DefaultSuggestURL: Default -> https://www.google.com/complete/search?q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Profile: C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-18]
CHR Extension: (Google Drive) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-18]
CHR Extension: (PutLockerDownloader) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfdadfinodckpcehhdhjlgiphgnbfci [2013-10-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-18]
CHR Extension: (Google Search) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-18]
CHR Extension: (Complitly plugin for chrome) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk [2013-10-02]
CHR Extension: (New Tab Website) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkogmmlmfijkljjnhalncbabkljhceo [2013-10-02]
CHR Extension: (PDF Compressor - Smallpdf.com) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gealeehfjeflamgnohlhabaefbfjfjgc [2014-02-27]
CHR Extension: (AdBlock) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-02]
CHR Extension: (New Tab Redirect) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2014-10-12]
CHR Extension: (SweetIM for Facebook) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn [2013-08-18]
CHR Extension: (Zelda Dark) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\lilddpnkkhkcjkdaaglfminjopbijomp [2014-09-05]
CHR Extension: (Google Wallet) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Security Protection) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh [2014-12-17]
CHR Extension: (SweetPacks Chrome Extension) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj [2013-08-18]
CHR Extension: (GoPhoto.it) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk [2013-08-18]
CHR Extension: (Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-18]
CHR HKLM\...\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx [2014-12-17]
CHR HKLM-x32\...\Chrome\Extension: [apfdadfinodckpcehhdhjlgiphgnbfci] - C:\Program Files (x86)\PutLockerDownloader\putlockerdownloader10.crx [2012-11-06]
CHR HKLM-x32\...\Chrome\Extension: [defdhglnppeioeflggkmglipcecffkhk] - C:\Program Files (x86)\Complitly\chrome\ComplitlyChrome.crx [2012-02-13]
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-11-22]
CHR HKLM-x32\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [mmiopbgcekanlhpjkonogoljpfmhpkhf] - C:\Program Files (x86)\LyricsPal\125.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx [2014-12-17]
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [2012-11-22]
CHR HKLM-x32\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files (x86)\Gophoto.it\gophotoit14.crx [2012-07-31]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [40999448 2008-07-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4722728 2013-03-14] (INCA Internet Co., Ltd.) [File not signed]
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [180224 2007-09-04] (NVIDIA) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-15] (Electronic Arts)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-07-10] ()
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 RalinkRegistryWriter; C:\Program Files (x86)\Hama\Common\RaRegistry.exe [185632 2009-12-10] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Hama\Common\RaRegistry64.exe [212256 2009-12-10] (Ralink Technology, Corp.)
S4 SQLAgent$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [369688 2008-07-10] (Microsoft Corporation)
R2 UCManSvc; C:\Program Files (x86)\SoftDenchi\UCManSvc.exe [241808 2010-03-12] (Paltiosoft Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424624 2015-01-12] (Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66328 2011-10-24] (Logitech Inc.)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R3 NVR0Dev; C:\Windows\nvoclk64.sys [39968 2007-09-04] (NVidia Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 PlantronicsGC; C:\Windows\System32\drivers\PLTGC.sys [1327104 2011-11-05] (C-Media Electronics Inc)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
S3 ALSysIO; \??\C:\Users\Paul\AppData\Local\Temp\ALSysIO64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va005; \??\C:\Users\Paul\AppData\Local\Temp\0053BBF.tmp [X]
S3 X6va006; \??\C:\Users\Paul\AppData\Local\Temp\0061DE1.tmp [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-11 15:40 - 2015-03-11 15:41 - 00000000 ____D () C:\FRST
2015-03-11 14:54 - 2015-03-11 14:54 - 00781120 _____ (Reimage®) C:\Users\Paul\Downloads\ReimageRepair.exe
2015-02-27 14:12 - 2015-02-27 14:12 - 00000000 ____D () C:\Users\Paul\AppData\Local\Steam
2015-02-26 18:36 - 2015-02-26 18:36 - 00000000 ____D () C:\Users\Paul\Documents\Larian Studios
2015-02-26 18:19 - 2015-02-26 18:19 - 00066689 _____ () C:\Users\Paul\Downloads\Bullet For My Valentine - Tears Dont Fall (Pro).gp4
2015-02-26 15:18 - 2015-02-26 15:18 - 00000222 _____ () C:\Users\Paul\Desktop\Divinity Original Sin.url
2015-02-20 15:03 - 2015-02-20 15:03 - 00015685 _____ () C:\Users\Paul\Downloads\Beatles - Yesterday (Pro).gp5
2015-02-14 15:52 - 2015-02-14 15:52 - 09929381 _____ () C:\Users\Paul\Downloads\Fire Emblem - The Sacred Stones (E).zip
2015-02-12 18:01 - 2015-02-12 18:01 - 11278409 _____ () C:\Users\Paul\Downloads\Reflections.themepack
2015-02-12 17:35 - 2015-02-14 15:52 - 00000000 ____D () C:\Users\Paul\Desktop\Emulator Spiele
2015-02-12 17:34 - 2015-02-12 17:35 - 36615527 _____ () C:\Users\Paul\Downloads\Phoenix Wright - Ace Attorney.7z
2015-02-12 17:31 - 2015-02-12 17:36 - 00000000 ____D () C:\Users\Paul\Desktop\Emulator
2015-02-12 17:30 - 2015-02-12 17:31 - 01096820 _____ () C:\Users\Paul\Downloads\desmume-0.9.10-win32 (1).zip
2015-02-12 17:29 - 2015-02-12 17:29 - 01096820 _____ () C:\Users\Paul\Downloads\Nicht bestätigt 12530.crdownload
2015-02-12 17:27 - 2015-02-12 17:27 - 00739336 _____ (Installer ) C:\Users\Paul\Downloads\Nicht bestätigt 107115.crdownload
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-11 15:28 - 2011-11-19 10:12 - 01826472 _____ () C:\Windows\WindowsUpdate.log
2015-03-11 15:20 - 2012-01-14 22:45 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Skype
2015-03-11 15:19 - 2013-08-18 16:45 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-11 15:16 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-11 15:16 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-11 15:14 - 2011-11-18 03:23 - 00769022 _____ () C:\Windows\system32\perfh007.dat
2015-03-11 15:14 - 2011-11-18 03:23 - 00176646 _____ () C:\Windows\system32\perfc007.dat
2015-03-11 15:14 - 2009-07-14 06:13 - 01818268 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-11 15:09 - 2014-10-21 17:06 - 00012118 _____ () C:\Windows\setupact.log
2015-03-11 15:09 - 2013-08-18 16:45 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-11 15:09 - 2012-01-14 22:45 - 00000000 ____D () C:\ProgramData\clear.fi
2015-03-11 15:08 - 2011-11-19 10:16 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-11 15:08 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-11 15:06 - 2012-04-17 07:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-11 14:56 - 2013-11-06 14:53 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-03-11 14:56 - 2012-01-22 14:07 - 00000000 ____D () C:\ProgramData\Panda Security
2015-03-11 13:58 - 2014-10-21 17:06 - 00163444 _____ () C:\Windows\PFRO.log
2015-03-11 13:27 - 2014-12-17 14:36 - 00000000 ____D () C:\Program Files (x86)\WinZipper
2015-03-10 22:06 - 2012-03-06 17:03 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\TS3Client
2015-03-10 21:57 - 2013-05-30 12:53 - 00749568 ___SH () C:\Users\Paul\Downloads\Thumbs.db
2015-03-10 21:08 - 2014-09-05 07:49 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-03-09 19:51 - 2013-04-17 14:40 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-08 12:05 - 2012-04-15 16:10 - 00000394 _____ () C:\Windows\Tasks\RegAce Scheduled Scan - Paul.job
2015-03-08 12:05 - 2012-04-15 16:10 - 00000000 ____D () C:\ProgramData\RegAce
2015-03-04 07:40 - 2013-08-18 16:45 - 00002399 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-03 21:06 - 2012-02-04 21:37 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\.minecraft
2015-02-26 18:19 - 2012-02-11 18:01 - 00000000 ____D () C:\Users\Paul\Desktop\Gitarre
2015-02-26 15:15 - 2012-02-10 11:03 - 00000000 ____D () C:\ProgramData\Origin
2015-02-25 15:31 - 2012-12-14 10:55 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-25 15:31 - 2011-07-11 08:36 - 00000000 ____D () C:\ProgramData\Skype
2015-02-20 14:11 - 2012-02-10 11:02 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-19 19:13 - 2012-02-02 23:52 - 00000000 ____D () C:\Users\Paul\AppData\Local\Windows Live
2015-02-19 15:37 - 2014-12-21 22:06 - 00000894 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2015-02-19 15:37 - 2014-12-21 22:06 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
2015-02-15 17:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
==================== Files in the root of some directories =======
2013-10-02 00:39 - 2013-10-02 00:39 - 0000000 _____ () C:\Users\Paul\AppData\Roaming\.NANotifyHere
2012-04-17 20:23 - 2012-04-17 20:23 - 0000022 ___SH () C:\Users\Paul\AppData\Roaming\Windows1569_SettingsRepository.bin
2012-04-17 20:23 - 2012-04-17 20:23 - 0000000 _____ () C:\Users\Paul\AppData\Local\jv16PT_temp.tmp
2015-01-18 20:38 - 2015-01-18 20:38 - 0002612 _____ () C:\Users\Paul\AppData\Local\recently-used.xbel
2013-06-01 14:47 - 2013-06-01 14:47 - 0000017 _____ () C:\Users\Paul\AppData\Local\resmon.resmoncfg
2013-12-21 15:42 - 2013-12-21 15:42 - 0000000 _____ () C:\ProgramData\0x0304A000.sfl
2011-11-19 10:31 - 2011-11-19 10:32 - 0002640 _____ () C:\ProgramData\ArcadeDeluxe5.log
Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.1812.dll
Some content of TEMP:
====================
C:\Users\Paul\AppData\Local\Temp\Nexus Mod Manager-0.53.2.exe
C:\Users\Paul\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-06 18:59
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- ---
FRST Additions Logfile: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Paul at 2015-03-11 15:42:19
Running from C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0F96RBX8
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Panda Free Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Free Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Age of Empires III - The Asian Dynasties (HKLM-x32\...\InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The Asian Dynasties (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III - The WarChiefs (HKLM-x32\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
AIDA64 Extreme v5.00 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.00 - FinalWire Ltd.)
Amara - Photo Animation Software (HKLM-x32\...\Amara - Photo Animation Software) (Version: - )
Amazon Browser Settings (HKLM-x32\...\Amazon Browser Settings) (Version: 3.0 - Amazon)
ArtMoney SE v7.40.5 (HKLM-x32\...\ArtMoney SE_is1) (Version: 7.40.5 - System SoftLab)
Assassin's Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version: - Ubisoft)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Aufstieg des Hexenkönigs™ (HKLM-x32\...\{B931FB80-537A-4600-00AD-AC5DEDB6C25B}) (Version: - )
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
Blitzkrieg Mod (HKLM-x32\...\Blitzkrieg) (Version: 4.7.0.0 - Blitzkrieg Mod Team)
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
Company of Heroes - FAKEMSI (x32 Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes (HKLM-x32\...\Company of Heroes) (Version: 2.602.0 - THQ Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version: - Eidos Montreal)
Die Schlacht um Mittelerde(tm) (HKLM-x32\...\{3F290582-3F4E-4B96-009C-E0BABAA40C42}) (Version: - )
Die Schlacht um Mittelerde™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version: - )
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Divinity: Original Sin (HKLM-x32\...\Steam App 230230) (Version: - Larian Studios)
Dragon Age Redesigned© (HKU\S-1-5-21-2993463927-1781826304-4144001986-1001\...\Dragon Age Redesigned©) (Version: - )
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.5 - Electronic Arts)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft)
Free M4a to MP3 Converter 8.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Free YouTube Download version 3.2.49.1022 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1022 - DVDVideoSoft Ltd.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.76 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
League of Legends (HKLM-x32\...\{918A9082-6287-4D25-9002-5E5D5E4971CB}) (Version: 1.02.0000 - Riot Games)
Logitech Gaming Software 8.53 (HKLM\...\Logitech Gaming Software) (Version: 8.53.154 - Logitech Inc.)
MAGIX Goya burnR 1.3.1.3 (D) (HKLM-x32\...\MAGIX Goya burnR D) (Version: 1.3.1.3 - MAGIX AG)
MAGIX Music Maker 15 15.0.1.6 (D) (HKLM-x32\...\MAGIX Music Maker 15 D) (Version: 15.0.1.6 - MAGIX AG)
MAGIX Screenshare 4.3.6.1987 (D) (HKLM-x32\...\MAGIX Screenshare D) (Version: 4.3.6.1987 - MAGIX AG)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Management Objects (HKLM-x32\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (English) (HKLM-x32\...\{9D6D76A6-4328-49E8-97A7-531A74841DA5}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM-x32\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft Visual C# 2008 Express Edition with SP1 - ENU (HKLM-x32\...\Microsoft Visual C# 2008 Express Edition with SP1 - ENU) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052B-02A4-4627-81F2-1818DA5D550D}) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837B34E3-7C30-493C-8F6A-2B0F04E2912C}) (Version: - )
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: - )
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: - )
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: - )
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: - )
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{90A80D89-A0E4-33C1-B13D-B93CB3496867}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (HKLM\...\{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}) (Version: 3.5.30729 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (HKLM\...\{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}) (Version: 6.1.5295.17011 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: - )
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version: - Monolith Productions, Inc.)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
MyWinLocker (Version: 4.0.14.25 - Egis Technology Inc.) Hidden
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.53.2 - Black Tree Gaming)
NVIDIA 3D Vision Controller-Treiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA nTune (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 1.00.0000 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.6.4639 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{7b12fcf4-5a6f-4606-b89d-1680e0b1615d}) (Version: latest - ppy Pty Ltd)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
PC Wizard 2013.2.12 (HKLM-x32\...\PC Wizard 2013_is1) (Version: - CPUID)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 6.0.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
S4 League_EU (HKLM-x32\...\{55EBFE35-7471-4BD3-B555-6BC33ED31DE1}) (Version: 1.00.0000 - )
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Sins of a Solar Empire: Rebellion (HKLM-x32\...\Steam App 204880) (Version: - Ironclad Games)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Sql Server Customer Experience Improvement Program (x32 Version: 10.0.1600.22 - Microsoft Corporation) Hidden
SQL Server System CLR Types (HKLM-x32\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)
Star Wars Empire at War Forces of Corruption (HKLM-x32\...\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}) (Version: 1.0 - LucasArts)
Star Wars(TM): Knights of the Old Republic (TM) (HKLM-x32\...\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}) (Version: - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version: - Team Meat)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore)
Titan Quest Immortal Throne (HKLM-x32\...\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}) (Version: 1.00.0000 - Iron Lore)
Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version: - Creative Assembly)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version: - The Creative Assembly)
TSLRCM 1.8.1 (HKLM-x32\...\The Sith Lords Restored Content Mod_is1) (Version: - )
Uplay (HKLM-x32\...\Uplay) (Version: 4.0 - Ubisoft)
Warframe (HKLM-x32\...\{EAF4385F-5D8A-41F2-9A7C-DD8DA00AB8C0}) (Version: 1.0.0 - Digital Extremes)
WinZipper (HKLM-x32\...\WinZipper) (Version: 1.5.83 - Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {08245605-D44D-4FF5-AB73-148EC136AFD8} - \{9DC08462-086D-49C0-9191-1308E661B9EE} No Task File <==== ATTENTION
Task: {09D44958-CE5C-4D16-A4EE-031C8F47A0D8} - \{A89AB244-B701-4CE2-8B50-3E71333478FF} No Task File <==== ATTENTION
Task: {0DC4ABE1-368B-4BCF-A381-004C1104653E} - \{573A0494-5633-454E-812A-EFA91F2156A3} No Task File <==== ATTENTION
Task: {0FEBACF1-93E3-4148-B9CB-285C2142B867} - \{C72D3CCB-C3DF-4010-95D1-77AE627C9D93} No Task File <==== ATTENTION
Task: {12236276-A484-4F6A-9B27-21EFC6C57BCF} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Task: {1653ABAE-4939-45D6-BA7B-5FAB5AD61366} - \{D1F40123-4D1A-4F2A-950D-DD9CA540D7D0} No Task File <==== ATTENTION
Task: {1EBCDD8D-E50D-474E-90DF-31E62F9D2D2B} - \{9C9566FD-C0F0-49B2-8123-48EE893731D6} No Task File <==== ATTENTION
Task: {25A337BD-73F1-4F2E-AC10-A3C5F6E76ABC} - \{549EA82A-5202-4C01-A8C8-DE7D1584F6C2} No Task File <==== ATTENTION
Task: {2879C035-8E16-4FBC-991A-7BD56D9F260C} - \{42F5051B-95BD-4956-B897-3C3D68AD164F} No Task File <==== ATTENTION
Task: {32450A35-7BE5-4FD6-9E2F-BAA44EFC7D33} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {32730216-EBAA-43F2-A441-A5873BC87D6A} - \{37973BCB-C422-45EA-BD8A-FF4D23C14875} No Task File <==== ATTENTION
Task: {35E724D1-760A-4EDA-9145-9605A1A3E50E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {3B281659-5A60-42FB-B61E-2E94B9E09192} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2993463927-1781826304-4144001986-1001
Task: {46AB4616-B1FC-4C8F-BD6C-538E47B13D27} - \{2DEAE797-8CAC-475A-9443-710EEBC73897} No Task File <==== ATTENTION
Task: {485A5C6F-327D-46DD-B8FE-F74D54973D9B} - \{82AE8DF0-099F-4A6E-9A9D-8ECC3B9779AE} No Task File <==== ATTENTION
Task: {53F6F04F-805F-479F-BB9B-C7AF17A520B0} - \{92463C45-E049-402D-BD00-C3A205BEEF76} No Task File <==== ATTENTION
Task: {5488F077-7802-4525-BC76-804B2AF7974B} - \{CCBD6483-F535-4AE7-87C3-BCFE12F59505} No Task File <==== ATTENTION
Task: {5492C731-2604-4735-BE05-A3C1098239AE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5ABCAC86-1F75-40D4-B23A-039B3CA83334} - \{C14A622D-266F-4300-AA6E-51CBA645C022} No Task File <==== ATTENTION
Task: {5DE0BE54-C622-4819-8E4C-08E979753C8B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {5EDD4F4C-0FD4-4014-B07D-3BE7AF92168C} - System32\Tasks\{02605413-4038-421F-AF8C-B500319BEC4C} => C:\Program Files (x86)\The Witcher 2\Launcher.exe [2013-05-06] (CD Projekt RED)
Task: {5F1DEC77-CE3F-481D-ABC5-0775A9333FE4} - \{E995DB47-B33A-4990-BE99-1FBCB9BD573A} No Task File <==== ATTENTION
Task: {5FF41782-A02D-43B4-B211-53A84FE502E9} - System32\Tasks\{1194F84A-B89C-4268-87E2-333CD67A376C} => C:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\EAWXLauncher.exe [2006-10-04] (LucasArts LLC)
Task: {60946056-441A-474D-8EBC-939586607E2A} - \{A6446934-5459-4637-8D04-5E945D3DEA68} No Task File <==== ATTENTION
Task: {60ADADC3-D29E-4E43-8E61-DD834DEB6F08} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-10-12] (CyberLink Corp.)
Task: {651D5E12-5D20-4091-861E-BB21F936494F} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2014-12-03] (Adobe Systems Incorporated)
Task: {6701B9D2-6A43-40FB-96AE-457F455C76F7} - \{FDDC1474-061D-4AE7-B267-A443FB16E47D} No Task File <==== ATTENTION
Task: {6A355279-CC38-4619-9055-F57D4241194D} - \{7C26DF32-84E8-45A2-A893-90D1DF72D589} No Task File <==== ATTENTION
Task: {7F06AB36-382D-426E-8AC6-D79E24CA7750} - System32\Tasks\{184ED9A0-F665-41E7-A442-F5DDEC3C9289} => C:\Program Files\LucasArts\SWKotOR\launcher.exe [2003-11-04] (BioWare Corp.)
Task: {81BD7753-1959-43C2-8CE4-8C13DFEC26AB} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {861B7788-183D-4236-850E-69ABA49E3855} - \{4F985640-50C6-408D-A5AC-2BBE284797F8} No Task File <==== ATTENTION
Task: {8AAE81BA-812C-417D-BC84-655A53E36EC3} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {911B9F7F-104D-45EF-B97C-921E9CB78880} - System32\Tasks\{3E34EE38-2CD0-447B-8191-4177BB44E6E8} => E:\setup.exe [2005-11-14] (Macrovision Corporation)
Task: {99A0D460-734F-4A1B-92BE-6B0702FC3F95} - \{CC48B4CC-070F-487D-8E2A-DFE9B9B2E65F} No Task File <==== ATTENTION
Task: {9D247F4F-A9CD-40CC-BA76-F8230AF5842F} - \{7E7D4FF5-D8E9-40AC-B222-687AD70F27AD} No Task File <==== ATTENTION
Task: {9F53824E-8FE7-4AC4-BCDB-3CAC9AE93122} - \{E49C183A-95DE-4023-ADCB-F6DF6DA78580} No Task File <==== ATTENTION
Task: {A0397FCC-9BF5-4FAC-AFFF-95784F03EE7E} - System32\Tasks\{1F5594CF-161A-41A2-9310-A6EC979C887A} => C:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\EAWXLauncher.exe [2006-10-04] (LucasArts LLC)
Task: {A175A649-344B-4086-8A2F-1A0649D7B1A0} - \{F9C3DE24-C183-4CD1-B95C-DDDF8740DEA6} No Task File <==== ATTENTION
Task: {AC2C5B46-E1EE-4A5F-9335-324CD9196D53} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-18] (Google Inc.)
Task: {AD2D2044-4133-4B80-82F8-B70B3EC44DE5} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-10-12] (CyberLink)
Task: {B02B750E-8B92-4968-9A44-719713E1057F} - System32\Tasks\{1E825E46-9938-405A-9AA0-5672DF31F7D1} => C:\Program Files\LucasArts\SWKotOR\launcher.exe [2003-11-04] (BioWare Corp.)
Task: {B29AB1CB-3D96-4E14-8DAB-6C39B8E2322B} - \{23095BAD-88B9-431B-99D0-3533E8E3A82A} No Task File <==== ATTENTION
Task: {B75093B1-53F8-492D-8EBA-DB9BB2C6DA30} - \{467AD9AF-CFFF-4A70-A55E-C975AC20F19E} No Task File <==== ATTENTION
Task: {B90B67A6-03B8-4587-97E6-102384FDA755} - \{55041CF6-7155-47EB-BCC7-A05C0E869E1D} No Task File <==== ATTENTION
Task: {BED3E09C-005C-4A55-A1F3-1C4DB6F76660} - \{A0EF3718-6266-4264-B6B7-6E1FF3533AD2} No Task File <==== ATTENTION
Task: {C94FA6F5-0A70-4B24-AF26-5DCA8504EA22} - System32\Tasks\{2052CD19-6A74-42F3-8D46-D75F8A769D8D} => C:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\EAWXLauncher.exe [2006-10-04] (LucasArts LLC)
Task: {C9CB64BF-CD7E-4F47-9444-2308D897A317} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-18] (Google Inc.)
Task: {CF9A5AEA-1C43-4977-944C-0963ED1E3BB2} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {DDB8BF1C-6579-436F-8269-081BC6422D53} - \{459F26C3-AF39-4CEE-81CB-B3F9BC5DF672} No Task File <==== ATTENTION
Task: {DF497F16-909B-41BE-A10F-2D4BC4717B94} - System32\Tasks\{100AF72E-3B74-4C9C-B445-930028D62E91} => C:\Program Files (x86)\LucasArts\SWKotOR2\launcher.exe [2005-01-13] (Obsidian Entertainment, Inc.)
Task: {E329BCDE-9966-46C3-B9E9-2E4D93FE822E} - \{EE846EE9-59FF-41D2-BA0A-694AD54DCBF5} No Task File <==== ATTENTION
Task: {E481A037-7FD6-4BA9-9C8B-7691E35C33E8} - \{91F88122-0F4E-4EA6-9304-868B7DABA700} No Task File <==== ATTENTION
Task: {E5B248BC-A925-4B4A-A7B6-59CB6906036C} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-10-12] (Acer Incorporated)
Task: {E7309688-FB1E-4EED-9FA7-55B26408CCE4} - \{E2790343-9B51-4247-8F36-26AFB398FF03} No Task File <==== ATTENTION
Task: {F15E76E9-1B87-4F2A-85FB-7FB0A56F549C} - \{AD019CFF-F29D-4259-A5C1-01B7BEC60321} No Task File <==== ATTENTION
Task: {F8A67C80-FD88-49A9-9174-0836F48DDFE1} - System32\Tasks\RegAce Scheduled Scan - Paul => C:\Program Files (x86)\RegAce System Suite\RegAce.exe [2012-03-14] (WebMinds, Inc)
Task: {FAF20E2A-9B98-4EFC-92B5-4DFA9F5EF951} - \{7FA924FE-8D99-40FE-BCCD-18E015A7AB2A} No Task File <==== ATTENTION
Task: {FE44B850-9A91-4488-80A7-EA95D3B22FB8} - System32\Tasks\{0FB5E5CD-337A-494D-847F-26E258F02BF8} => C:\Games\Mass Effect\MassEffectLauncher.exe [2008-05-30] (BioWare)
Task: {FF7A2DA1-0A23-4D47-B612-0F746C1D293C} - \{FB5F1F88-3337-47E9-9202-FC9CA43A35C8} No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RegAce Scheduled Scan - Paul.job => C:\Program Files (x86)\RegAce System Suite\RegAce.exe
==================== Loaded Modules (whitelisted) ==============
2012-01-14 23:50 - 2014-11-12 22:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-01-11 15:36 - 2014-07-10 22:19 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-02-11 19:21 - 2014-02-11 19:21 - 00860160 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-02-11 19:22 - 2014-02-11 19:22 - 01043968 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-02-11 19:21 - 2014-02-11 19:21 - 00052736 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-02-11 19:22 - 2014-02-11 19:22 - 00236032 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\SQLite3.dll
2011-11-19 10:32 - 2011-10-12 11:22 - 00370984 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2993463927-1781826304-4144001986-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: DAUpdaterSvc => 3
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: GREGService => 2
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: Live Updater Service => 2
MSCONFIG\Services: lmhosts => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\startupfolder: C:^Users^Paul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Paul\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: Anti-phishing Domain Advisor => "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
MSCONFIG\startupreg: DATAMNGR => C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: GamecomSound => C:\Program Files\Plantronics\GameCom780\GameCom780.exe
MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MSCONFIG\startupreg: MP3 Skype Recorder => C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: VeohPlugin => "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
==================== Accounts: =============================
Administrator (S-1-5-21-2993463927-1781826304-4144001986-500 - Administrator - Disabled)
Gast (S-1-5-21-2993463927-1781826304-4144001986-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2993463927-1781826304-4144001986-1002 - Limited - Enabled)
Paul (S-1-5-21-2993463927-1781826304-4144001986-1001 - Administrator - Enabled) => C:\Users\Paul
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/11/2015 03:42:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {29d71dcc-70e6-4957-8d75-a76a237a19a4}
Error: (03/11/2015 03:42:20 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {29d71dcc-70e6-4957-8d75-a76a237a19a4}
Error: (03/11/2015 03:42:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {738cd818-3a8b-4d3b-98a5-69e63451d0ef}
Error: (03/11/2015 03:42:20 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {738cd818-3a8b-4d3b-98a5-69e63451d0ef}
Error: (03/11/2015 03:42:20 PM) (Source: VSS) (EventID: 12346) (User: )
Description: Volumeschattenkopie-Fehler: Beim Initialisieren des Registrierungs-Generators ist ein Fehler "0x80042302, Unerwarteter Fehler bei einer Komponente des Volumeschattenkopie-Diensts.
Weitere Informationen finden Sie im Anwendungsereignisprotokoll.
"
aufgetreten. Dies kann dazu führen, dass keine Schattenkopien mehr erstellt werden können.
Error: (03/11/2015 03:42:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Generatorname: COM+ REGDB Writer
Generatorinstanz-ID: {85584b43-30e8-4fdc-8d87-70adfff2abcb}
Error: (03/11/2015 03:42:20 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Generatorname: COM+ REGDB Writer
Generatorinstanz-ID: {85584b43-30e8-4fdc-8d87-70adfff2abcb}
Error: (03/11/2015 03:42:20 PM) (Source: VSS) (EventID: 12342) (User: )
Description: Volumeschattenkopie-Fehler: Beim Initialisieren des Registrierungs-Generators ist ein Fehler "0x80042302, Unerwarteter Fehler bei einer Komponente des Volumeschattenkopie-Diensts.
Weitere Informationen finden Sie im Anwendungsereignisprotokoll.
"
aufgetreten. Dies kann dazu führen, dass keine Schattenkopien mehr erstellt werden können.
Error: (03/11/2015 03:42:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Subscribing the Registry server writer failed. hr = 8004230208lx" ist ein unerwarteter Fehler aufgetreten. hr = 0x80042302, Unerwarteter Fehler bei einer Komponente des Volumeschattenkopie-Diensts.
Weitere Informationen finden Sie im Anwendungsereignisprotokoll.
.
Error: (03/11/2015 03:42:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Generatorname: Registry Writer
Generatorinstanz-ID: {b4a51b63-38e3-423a-b6ef-56fd4f505d97}
System errors:
=============
Error: (03/11/2015 03:11:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/11/2015 03:11:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst "COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (03/11/2015 03:09:06 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (03/11/2015 03:09:01 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "SQL Server (SQLEXPRESS)" wurde mit folgendem dienstspezifischem Fehler beendet: %%3417.
Error: (03/11/2015 03:08:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinZiper service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (03/11/2015 03:08:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst WinZiper service erreicht.
Error: (03/11/2015 03:08:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Benachrichtigungsdienst für Systemereignisse" ist vom Dienst "COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (03/11/2015 02:53:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/11/2015 02:53:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%87
Error: (03/11/2015 02:53:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst "COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Microsoft Office Sessions:
=========================
Error: (03/11/2015 03:42:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {29d71dcc-70e6-4957-8d75-a76a237a19a4}
Error: (03/11/2015 03:42:20 PM) (Source: VSS) (EventID: 13) (User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {29d71dcc-70e6-4957-8d75-a76a237a19a4}
Error: (03/11/2015 03:42:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {738cd818-3a8b-4d3b-98a5-69e63451d0ef}
Error: (03/11/2015 03:42:20 PM) (Source: VSS) (EventID: 13) (User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {738cd818-3a8b-4d3b-98a5-69e63451d0ef}
Error: (03/11/2015 03:42:20 PM) (Source: VSS) (EventID: 12346) (User: )
Description: 0x80042302, Unerwarteter Fehler bei einer Komponente des Volumeschattenkopie-Diensts.
Weitere Informationen finden Sie im Anwendungsereignisprotokoll.
Error: (03/11/2015 03:42:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Generatorname: COM+ REGDB Writer
Generatorinstanz-ID: {85584b43-30e8-4fdc-8d87-70adfff2abcb}
Error: (03/11/2015 03:42:20 PM) (Source: VSS) (EventID: 13) (User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Generatorname: COM+ REGDB Writer
Generatorinstanz-ID: {85584b43-30e8-4fdc-8d87-70adfff2abcb}
Error: (03/11/2015 03:42:20 PM) (Source: VSS) (EventID: 12342) (User: )
Description: 0x80042302, Unerwarteter Fehler bei einer Komponente des Volumeschattenkopie-Diensts.
Weitere Informationen finden Sie im Anwendungsereignisprotokoll.
Error: (03/11/2015 03:42:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Subscribing the Registry server writer failed. hr = 8004230208lx0x80042302, Unerwarteter Fehler bei einer Komponente des Volumeschattenkopie-Diensts.
Weitere Informationen finden Sie im Anwendungsereignisprotokoll.
Error: (03/11/2015 03:42:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Generatorname: Registry Writer
Generatorinstanz-ID: {b4a51b63-38e3-423a-b6ef-56fd4f505d97}
CodeIntegrity Errors:
===================================
Date: 2013-11-17 19:35:27.053
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-17 19:35:27.050
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-17 19:35:27.047
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-17 19:35:26.990
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-17 19:35:26.989
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-17 19:35:26.987
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-16 13:26:03.159
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-16 13:26:03.158
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-16 13:26:03.156
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-16 13:26:03.136
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 21%
Total physical RAM: 12268.25 MB
Available physical RAM: 9577.61 MB
Total Pagefile: 30668.43 MB
Available Pagefile: 27723.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:921.45 GB) (Free:203.79 GB) NTFS
Drive d: (DATA) (Fixed) (Total:921.47 GB) (Free:921.35 GB) NTFS
Drive e: (TQIT) (CDROM) (Total:2.3 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: A89B2F93)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=921.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=921.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
--- --- ---
Ist das so richtig ? |
FRST 32-Bit | FRST 64-Bit