FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2014
Ran by sabrina (administrator) on FELIBOX on 30-07-2014 21:48:39
Running from C:\Users\sabrina\Desktop
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(CyberLink) C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
(Egis Incorporated) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(NewTech InfoSystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
() C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
(Egis Incorporated) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
() C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Egis inc.) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Acer Empowering Technology Monitor] => C:\Program Files\Acer\Empowering Technology\SysMonitor.exe [319488 2008-08-19] ()
HKLM\...\Run: [EmpoweringTechnology] => C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe [323584 2008-08-19] ()
HKLM\...\Run: [eDataSecurity Loader] => C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe [561200 2008-07-29] (Egis Incorporated)
HKLM\...\Run: [RtHDVCpl] => RAVCpl64.exe
HKLM\...\Run: [Skytel] => Skytel.exe
HKLM\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [6144 2008-10-14] (Acer)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => KHALMNPR.EXE
HKLM-x32\...\Run: [PCMMediaSharing] => C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [204908 2008-05-20] ()
HKLM-x32\...\Run: [BkupTray] => C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-25] ()
HKLM-x32\...\Run: [eRecoveryService] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282632 2013-04-02] (CANON INC.)
HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [76800 2013-09-05] (Vodafone)
HKLM-x32\...\Run: [VmbNotifier] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe [1893376 2013-09-05] (Vodafone)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4028198811-1897207706-3765303186-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-4028198811-1897207706-3765303186-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll (Egis Inc.)
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x1700
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x1700
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x1700
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x1700
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x1700
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x1700
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {6EE4B2BE-F9FD-43D9-8661-93BB22B85294} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=C39AAD56-B3DD-42D1-916B-6045DA96CD83&apn_sauid=05414BD7-ACF1-42FF-A037-7DC6AFD9A223
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKLM-x32 - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.9.1 192.168.9.1
FireFox:
========
FF ProfilePath: C:\Users\sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\ior1uqtu.default
FF SearchEngineOrder.1: Ask.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\ior1uqtu.default\searchplugins\benefind.xml
FF SearchPlugin: C:\Users\sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\ior1uqtu.default\searchplugins\myvideo-suche-.xml
FF SearchPlugin: C:\Users\sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\ior1uqtu.default\searchplugins\wiktionary-de.xml
FF SearchPlugin: C:\Users\sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\ior1uqtu.default\searchplugins\youtube-video-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Move Media Player - C:\Users\sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\ior1uqtu.default\Extensions\moveplayer@movenetworks.com [2009-05-06]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\ior1uqtu.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-07-26]
FF Extension: WOT - C:\Users\sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\ior1uqtu.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-24]
FF Extension: Personas Plus - C:\Users\sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\ior1uqtu.default\Extensions\personas@christopher.beard.xpi [2013-03-01]
FF Extension: NoScript - C:\Users\sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\ior1uqtu.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-08-20]
FF Extension: Adblock Plus - C:\Users\sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\ior1uqtu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-30]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-07-30]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-07-30]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-07-30]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-21]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Acer HomeMedia Connect Service; C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [269448 2008-05-20] (CyberLink) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1028688 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 BUNAgentSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 eDataSecurity Service; C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [500784 2008-07-29] (Egis Incorporated)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-08-19] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 NTIBackupSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-07-20] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [241734 2008-06-13] () [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2013-09-05] (Vodafone) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2009-05-28] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 ITEIO.SYS; c:\Windows\System32\drivers\ITEIO.sys [13144 2008-02-25] (Windows (R) Codename Longhorn DDK provider) [File not signed]
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2009-05-28] ()
R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [22064 2008-07-29] (Egis Incorporated)
R2 PSDNServ; C:\Windows\System32\DRIVERS\PSDNServ.sys [21040 2008-07-29] (Egis Incorporated)
R2 psdvdisk; C:\Windows\System32\DRIVERS\PSDVdisk.sys [60976 2008-07-29] (Egis Incorporated)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 vflt; system32\DRIVERS\vfilter.sys [X]
S3 vnet; system32\DRIVERS\virtualnet.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-30 21:48 - 2014-07-30 21:49 - 00020442 _____ () C:\Users\sabrina\Desktop\FRST.txt
2014-07-30 21:48 - 2014-07-30 21:48 - 00000000 ____D () C:\FRST
2014-07-30 21:46 - 2014-07-30 21:46 - 02093568 _____ (Farbar) C:\Users\sabrina\Desktop\FRST64.exe
2014-07-30 21:29 - 2014-07-30 21:29 - 00059278 _____ () C:\Users\sabrina\Documents\AVSCAN-20140730-190033-DE144698.LOG
2014-07-30 15:54 - 2014-07-30 15:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-24 20:41 - 2014-07-24 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-24 20:41 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-24 20:41 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-24 20:41 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-24 20:41 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-24 20:40 - 2014-07-24 20:41 - 00004715 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-24 16:42 - 2014-07-24 17:23 - 00028607 _____ () C:\Users\sabrina\Desktop\OpenDocument Text (neu).odt
2014-07-22 15:50 - 2014-07-22 16:13 - 00012121 _____ () C:\Users\sabrina\Documents\OpenDocument Text (neu).odt
2014-07-22 12:28 - 2014-07-22 12:28 - 00006428 _____ () C:\Users\sabrina\AppData\Local\recently-used.xbel
2014-07-16 18:55 - 2014-07-24 16:03 - 00962047 _____ () C:\Users\sabrina\Documents\Bewerbung2.odt
2014-07-16 16:51 - 2014-07-16 17:10 - 00019304 _____ () C:\Users\sabrina\Documents\Bewerbung.odt
2014-07-10 16:15 - 2014-07-11 14:59 - 00013598 _____ () C:\Users\sabrina\Documents\mahnung.odt
2014-07-09 10:59 - 2014-06-07 06:02 - 17854464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 10:59 - 2014-06-07 05:13 - 10890752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 10:59 - 2014-06-07 04:59 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 10:59 - 2014-06-07 04:52 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 10:59 - 2014-06-07 04:51 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 10:59 - 2014-06-07 04:51 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 10:59 - 2014-06-07 04:50 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-09 10:59 - 2014-06-07 04:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 10:59 - 2014-06-07 04:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 10:59 - 2014-06-07 04:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 10:59 - 2014-06-07 04:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 10:59 - 2014-06-07 04:42 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 10:59 - 2014-06-07 04:42 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 10:59 - 2014-06-07 04:42 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 10:59 - 2014-06-07 04:42 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 10:59 - 2014-06-07 04:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 10:59 - 2014-06-07 04:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-09 10:59 - 2014-06-07 04:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-09 10:59 - 2014-06-07 04:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 10:59 - 2014-06-07 04:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-09 10:59 - 2014-06-07 04:35 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 10:59 - 2014-06-07 02:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 10:59 - 2014-06-07 01:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 10:59 - 2014-06-07 01:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 10:59 - 2014-06-07 01:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 10:59 - 2014-06-07 01:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 10:59 - 2014-06-07 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 10:59 - 2014-06-07 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-09 10:59 - 2014-06-07 00:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 10:59 - 2014-06-07 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 10:59 - 2014-06-07 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-09 10:59 - 2014-06-07 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 10:59 - 2014-06-07 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 10:59 - 2014-06-07 00:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 10:59 - 2014-06-07 00:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 10:59 - 2014-06-07 00:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-09 10:59 - 2014-06-07 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 10:59 - 2014-06-07 00:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 10:59 - 2014-06-07 00:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-09 10:59 - 2014-06-07 00:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 10:59 - 2014-06-07 00:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-09 10:59 - 2014-06-07 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 10:59 - 2014-05-30 09:10 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 10:58 - 2014-06-07 02:33 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 10:58 - 2014-06-06 10:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 10:58 - 2014-06-06 09:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-06 19:19 - 2014-07-11 12:33 - 00000000 ____D () C:\Users\sabrina\AppData\Local\Runic Games
2014-07-06 19:18 - 2014-07-06 19:19 - 00368440 _____ () C:\Users\sabrina\AppData\Local\dd_vcredistMSI5B54.txt
2014-07-06 19:18 - 2014-07-06 19:19 - 00012006 _____ () C:\Users\sabrina\AppData\Local\dd_vcredistUI5B54.txt
2014-07-06 19:16 - 2014-07-06 19:16 - 00002013 _____ () C:\Users\Public\Desktop\Torchlight II.lnk
2014-07-06 19:15 - 2014-07-06 19:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Torchlight II
2014-07-06 19:12 - 2014-07-06 19:12 - 00000000 ____D () C:\Program Files (x86)\Runic Games
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-30 21:49 - 2014-07-30 21:48 - 00020442 _____ () C:\Users\sabrina\Desktop\FRST.txt
2014-07-30 21:48 - 2014-07-30 21:48 - 00000000 ____D () C:\FRST
2014-07-30 21:46 - 2014-07-30 21:46 - 02093568 _____ (Farbar) C:\Users\sabrina\Desktop\FRST64.exe
2014-07-30 21:45 - 2006-11-02 17:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-30 21:45 - 2006-11-02 17:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-30 21:29 - 2014-07-30 21:29 - 00059278 _____ () C:\Users\sabrina\Documents\AVSCAN-20140730-190033-DE144698.LOG
2014-07-30 21:01 - 2012-04-24 20:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-30 18:35 - 2008-01-21 13:10 - 01445310 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-30 18:35 - 2008-01-21 13:09 - 00628504 _____ () C:\Windows\system32\perfh007.dat
2014-07-30 18:35 - 2008-01-21 13:09 - 00126248 _____ () C:\Windows\system32\perfc007.dat
2014-07-30 18:34 - 2006-10-11 01:31 - 01168708 _____ () C:\Windows\WindowsUpdate.log
2014-07-30 18:31 - 2012-05-03 09:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 18:30 - 2008-10-31 21:05 - 01117400 _____ () C:\Users\Public\eDSMSNLoader32.log
2014-07-30 18:29 - 2008-10-31 21:00 - 00000147 _____ () C:\Windows\SysWOW64\agent.log
2014-07-30 18:29 - 2008-10-31 20:20 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-30 18:29 - 2008-01-21 05:26 - 19364500 _____ () C:\Windows\PFRO.log
2014-07-30 18:29 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-30 18:29 - 2006-10-11 01:37 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2014-07-30 16:41 - 2006-11-02 17:42 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-30 15:55 - 2014-07-30 15:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 17:33 - 2010-08-10 18:09 - 00000000 ____D () C:\Users\sabrina\AppData\Roaming\Bioshock
2014-07-25 14:28 - 2006-11-02 17:21 - 00314032 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-25 14:25 - 2006-11-02 17:07 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-25 11:50 - 2013-12-13 18:36 - 00000000 ____D () C:\Users\sabrina\Desktop\LG
2014-07-24 20:46 - 2013-10-21 16:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-24 20:41 - 2014-07-24 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-24 20:41 - 2014-07-24 20:40 - 00004715 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-24 20:41 - 2013-07-09 11:55 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-24 17:23 - 2014-07-24 16:42 - 00028607 _____ () C:\Users\sabrina\Desktop\OpenDocument Text (neu).odt
2014-07-24 16:03 - 2014-07-16 18:55 - 00962047 _____ () C:\Users\sabrina\Documents\Bewerbung2.odt
2014-07-22 16:13 - 2014-07-22 15:50 - 00012121 _____ () C:\Users\sabrina\Documents\OpenDocument Text (neu).odt
2014-07-22 12:28 - 2014-07-22 12:28 - 00006428 _____ () C:\Users\sabrina\AppData\Local\recently-used.xbel
2014-07-22 12:28 - 2013-06-02 19:36 - 00000000 ____D () C:\Users\sabrina\.gimp-2.8
2014-07-17 22:43 - 2006-11-02 17:27 - 00119807 _____ () C:\Windows\setupact.log
2014-07-16 17:10 - 2014-07-16 16:51 - 00019304 _____ () C:\Users\sabrina\Documents\Bewerbung.odt
2014-07-11 14:59 - 2014-07-10 16:15 - 00013598 _____ () C:\Users\sabrina\Documents\mahnung.odt
2014-07-11 12:33 - 2014-07-06 19:19 - 00000000 ____D () C:\Users\sabrina\AppData\Local\Runic Games
2014-07-11 03:02 - 2014-07-24 20:41 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-07-24 20:41 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-07-24 20:41 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-07-24 20:41 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-09 20:01 - 2012-04-24 20:55 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 20:01 - 2012-04-24 20:55 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 20:01 - 2011-06-13 10:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-06 19:20 - 2009-04-28 16:15 - 00000000 ____D () C:\Users\sabrina\Documents\My Games
2014-07-06 19:20 - 2009-04-19 10:28 - 00000000 ____D () C:\Users\sabrina
2014-07-06 19:19 - 2014-07-06 19:18 - 00368440 _____ () C:\Users\sabrina\AppData\Local\dd_vcredistMSI5B54.txt
2014-07-06 19:19 - 2014-07-06 19:18 - 00012006 _____ () C:\Users\sabrina\AppData\Local\dd_vcredistUI5B54.txt
2014-07-06 19:18 - 2009-04-19 15:28 - 00581411 _____ () C:\Windows\DirectX.log
2014-07-06 19:16 - 2014-07-06 19:16 - 00002013 _____ () C:\Users\Public\Desktop\Torchlight II.lnk
2014-07-06 19:15 - 2014-07-06 19:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Torchlight II
2014-07-06 19:12 - 2014-07-06 19:12 - 00000000 ____D () C:\Program Files (x86)\Runic Games
Some content of TEMP:
====================
C:\Users\sabrina\AppData\Local\Temp\AdobeUpdater12345.exe
C:\Users\sabrina\AppData\Local\Temp\avgnt.exe
C:\Users\sabrina\AppData\Local\Temp\DLMobile.413.dll
C:\Users\sabrina\AppData\Local\Temp\drm_dyndata_7340007.dll
C:\Users\sabrina\AppData\Local\Temp\drm_dyndata_7390005.dll
C:\Users\sabrina\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\sabrina\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\sabrina\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\sabrina\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\sabrina\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\sabrina\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\sabrina\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\sabrina\AppData\Local\Temp\MSETUP4.EXE
C:\Users\sabrina\AppData\Local\Temp\rtdrvmon.exe
C:\Users\sabrina\AppData\Local\Temp\_is7EEF.exe
C:\Users\sabrina\AppData\Local\Temp\_isA3AE.exe
C:\Users\sabrina\AppData\Local\Temp\_isB77C.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-30 18:35
==================== End Of Log ============================ --- --- ---
--- --- ---
--- --- ---
--- --- ---
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-07-2014
Ran by sabrina at 2014-07-30 21:50:00
Running from C:\Users\sabrina\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Acer Arcade Live Main Page (HKLM-x32\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.1.1819 - Acer Inc.)
Acer DV Magician (HKLM-x32\...\{F6EFFB76-4A07-11DA-9D78-000129760D75}) (Version: 1.5.1730 - Acer Inc.)
Acer DVDivine (HKLM-x32\...\{B145EC69-66F5-11D8-9D75-000129760D75}) (Version: 3.2.1730 - Acer Inc.)
Acer eDataSecurity Management (HKLM-x32\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 3.0.3065 - Egis Inc.)
Acer Empowering Technology (HKLM-x32\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3010 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.0.3014 - Acer Incorporated)
Acer eSettings Management (HKLM-x32\...\{13D85C14-2B85-419F-AC41-C7F21E68B25D}) (Version: 3.0.3007 - Acer Incorporated)
Acer GameZone Console DTV 2.0.1.1 (HKLM-x32\...\Acer GameZone Console_is1) (Version: - Oberon Media, Inc.)
Acer HomeMedia (HKLM-x32\...\{AA4BF92B-2AAF-11DA-9D78-000129760D75}) (Version: 1.5.0530 - Acer Inc.)
Acer HomeMedia Connect (HKLM-x32\...\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}) (Version: 1.4.5330 - Acer Inc.)
Acer HomeMedia Trial Creator (HKLM-x32\...\{B580C409-E16F-44FF-904D-3AE94E113BE0}) (Version: 1.5.0530 - Acer Inc.)
Acer Product Registration (HKLM-x32\...\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}) (Version: 3.0.0.8 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 4.01.0718 - Acer Incorporated)
Acer SlideShow DVD (HKLM-x32\...\{41581EF5-45A7-11DA-9D78-000129760D75}) (Version: 1.5.1730 - Acer Inc.)
Acer VideoMagician (HKLM-x32\...\{F79A208D-D929-11D9-9D77-000129760D75}) (Version: 1.4.2203 - Acer Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Alice Madness Returns (HKLM-x32\...\{93A3AB24-36E8-41BA-80C6-CCEC237836DC}) (Version: 1.0.0.0 - Electronic Arts)
Assassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.03 - Ubisoft)
Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
Assassin's Creed Revelations 1.03 (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.03 - Ubisoft)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
BioShock (HKLM-x32\...\{E280923D-C5D9-4728-8C79-AC9A0DC75875}) (Version: 2.62.0000 - 2K Games)
BioShock 2 (HKLM-x32\...\{4A8B461A-9336-4CF9-98F4-14DD38E673F0}) (Version: 1.00.0000 - 2K Games)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG2500 series Benutzerregistrierung (HKLM-x32\...\Canon MG2500 series Benutzerregistrierung) (Version: - *Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.00 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.0 - Canon Inc.)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Command & Conquer™ Alarmstufe Rot 3 (HKLM-x32\...\{296D8550-CB06-48E4-9A8B-E5034FB64715}) (Version: 1.0.1.0 - Electronic Arts)
Command & Conquer™ Alarmstufe Rot 3 Der Aufstand (HKLM-x32\...\{DDE59617-F59A-473B-BC4E-C2B81F6CD38D}) (Version: 1.0.1.0 - Electronic Arts)
DIE SIEDLER - Aufstieg eines Königreichs (HKLM-x32\...\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}) (Version: 1.00.0000 - Ubisoft)
Die Siedler 7 (HKLM-x32\...\{9C916142-C18C-429D-BFED-40094A7E0BEB}) (Version: 1.12.1396 - Ubisoft)
EA Download Manager (x32 Version: 4.0.0.462 - Electronic Arts) Hidden
Emperor - Schlacht um Dune (HKLM-x32\...\Emperor) (Version: - )
erLT (x32 Version: 1.12.0117 - Logitech, Inc.) Hidden
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
GTK+ Runtime 2.14.7 rev a (nur entfernen) (HKLM-x32\...\GTK 2.0) (Version: - )
Heroes of Might & Magic V: Hammers of Fate (HKLM-x32\...\{66FF4C48-0083-4E60-8556-B883AB200091}) (Version: - )
Heroes of Might and Magic V - Tribes of the East (HKLM-x32\...\{66FF4C48-0083-4E60-8556-B883AB200092}) (Version: - )
Heroes of Might and Magic V (HKLM-x32\...\{20071984-5EB1-4881-8EDB-082532ACEC6D}) (Version: - )
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
KhalInstallWrapper (Version: 4.60.122 - Logitech) Hidden
Kick N Rush (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}) (Version: - Oberon Media)
LightScribe 1.4.142.1 (x32 Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.60 - Logitech)
Mahjong Escape Ancient China (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version: - Oberon Media)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Mount&Blade (HKLM-x32\...\Mount&Blade) (Version: - )
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI JewelCase Maker Hot Fix (HKLM-x32\...\InstallShield_{DDA223A7-627F-4173-9CA4-A9C531BCBB62}) (Version: 5.5.0.5202 - NewTech Infosystems)
NTI JewelCase Maker Hot Fix (x32 Version: 5.5.0.5202 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.2.6329 - NewTech Infosystems) Hidden
NTI Photo Maker Hot Fix (HKLM-x32\...\InstallShield_{B9B02A9E-8074-4C3F-AAE5-311528F34FED}) (Version: 2.0.0.16 - NewTech Infosystems)
NTI Photo Maker Hot Fix (x32 Version: 2.0.0.16 - NewTech Infosystems) Hidden
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenOffice.org 3.0 (HKLM-x32\...\{04B45310-A5FE-4425-BFCA-1A6D8920DE74}) (Version: 3.0.9379 - OpenOffice.org)
PE585QAEncoder-64 (HKLM\...\{D8B2C435-8737-431E-8784-24CD13B0B821}) (Version: 6.00.1918 - YUAN)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
QIP 2005 8092 (HKCU\...\QIP 2005) (Version: 8092 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5688 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Torchlight (HKLM-x32\...\{4F64A46D-67F7-4497-AEA2-313D4305A5F6}) (Version: 1.0.0 - JoWooD)
Torchlight II (HKLM-x32\...\{55F7D521-17CA-454D-9D4D-975EF2E10708}_is1) (Version: - White Rabbit Interactive)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Vodafone Mobile Broadband (HKLM-x32\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.3.408.46426 - Vodafone)
Winamp (HKLM-x32\...\Winamp) (Version: 5.552 - Nullsoft, Inc)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Ralink (netr28ux) Net (10/29/2008 2.02.04.0000) (HKLM\...\8BB5DA3C36385C31E93B2F21A5A1E38F22BEC20A) (Version: 10/29/2008 2.02.04.0000 - Ralink)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
04-05-2014 16:31:14 Geplanter Prüfpunkt
07-05-2014 22:58:05 Geplanter Prüfpunkt
08-05-2014 21:42:10 Geplanter Prüfpunkt
09-05-2014 21:48:11 Geplanter Prüfpunkt
12-05-2014 14:47:50 Geplanter Prüfpunkt
22-05-2014 14:52:25 Geplanter Prüfpunkt
24-05-2014 17:18:00 Geplanter Prüfpunkt
28-05-2014 12:52:28 Geplanter Prüfpunkt
01-06-2014 15:55:57 Geplanter Prüfpunkt
04-06-2014 14:26:05 Installiert Heroes of Might & Magic V: Hammers of Fate
08-06-2014 10:41:37 Geplanter Prüfpunkt
10-06-2014 16:21:29 Installiert Heroes of Might and Magic V - Tribes of the East
19-06-2014 16:00:13 Installed Vodafone Mobile Broadband.
24-06-2014 18:10:40 Geplanter Prüfpunkt
06-07-2014 17:16:02 DirectX wurde installiert
12-07-2014 13:55:35 Geplanter Prüfpunkt
21-07-2014 19:24:27 Geplanter Prüfpunkt
23-07-2014 10:05:40 Geplanter Prüfpunkt
24-07-2014 18:39:44 Installed Java 7 Update 65
25-07-2014 10:28:30 Windows Update
26-07-2014 10:39:20 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 14:34 - 2010-05-08 14:45 - 00393089 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {7DCB1A2F-DAA6-4ABF-81DF-D08C28D66BB4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {A5AE7D41-C353-4046-884C-E77D9CDAC33A} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {CEEC2F1E-EAA0-4C0A-AC14-EDB19AAA7D41} - System32\Tasks\{DC36270C-DCFF-4892-B360-710250AB6B73} => C:\Program Files (x86)\Skype\Phone\Skype.exe
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2008-10-31 20:31 - 2008-08-19 15:27 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2008-10-31 20:31 - 2008-10-31 20:31 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3010.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2008-10-31 20:31 - 2008-10-31 20:31 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3010.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2008-10-31 20:31 - 2008-10-31 20:31 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3010.0__3036420f80dd6947\Framework.Library.dll
2008-10-31 20:31 - 2008-10-31 20:31 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3010.0__672b450de5a7e94a\Framework.Host.dll
2008-10-31 20:31 - 2008-10-31 20:31 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3010.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2008-10-31 20:31 - 2008-10-31 20:31 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3010.0__4df5dcab8860d239\Framework.Utility.dll
2008-10-31 20:31 - 2008-08-19 15:27 - 00585216 _____ () C:\Windows\system32\INT15_64.dll
2006-10-11 01:39 - 2008-05-26 14:40 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.ServicePlugin.dll
2006-10-11 01:39 - 2008-05-26 14:37 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Logger.dll
2006-10-11 01:39 - 2008-05-26 14:39 - 00143360 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Model.Computer.dll
2006-10-11 01:39 - 2008-05-26 14:37 - 00036864 _____ () C:\Program Files\Acer\Empowering Technology\Service\eSettings.Model.ComputerInterface.dll
2008-04-25 22:36 - 2008-04-25 22:36 - 00131072 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2013-07-20 21:09 - 2013-07-20 21:09 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2008-10-31 20:55 - 2008-06-13 06:17 - 00241734 _____ () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
2008-10-31 20:31 - 2008-08-19 15:28 - 00319488 _____ () C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
2008-10-31 20:31 - 2008-08-19 15:28 - 00323584 _____ () C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
2008-10-31 20:31 - 2008-08-19 15:26 - 01822720 _____ () C:\Program Files\Acer\Empowering Technology\Framework.AppBar.dll
2008-10-31 20:31 - 2008-08-19 15:27 - 00013824 _____ () C:\Program Files\Acer\Empowering Technology\Framework.Presenter.dll
2008-10-31 20:31 - 2008-08-19 15:26 - 00005120 _____ () C:\Program Files\Acer\Empowering Technology\de\Framework.AppBar.resources.dll
2006-10-11 01:39 - 2008-05-26 14:39 - 00020480 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.QuickMenu.dll
2007-12-13 04:08 - 2007-12-13 04:08 - 01401856 _____ () C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\LIBEAY32.dll
2008-07-29 18:53 - 2008-07-29 18:53 - 00382000 _____ () C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ShowErrMsg.dll
2008-04-25 22:36 - 2008-04-25 22:36 - 00028672 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
2009-04-19 10:46 - 2008-05-02 04:00 - 00077824 _____ () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
2008-10-31 20:57 - 2008-05-20 18:50 - 00098304 _____ () C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLSchRecordMonitor.dll
2008-10-31 20:57 - 2008-05-20 18:50 - 00260096 _____ () C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\sqlite3.dll
2007-06-24 20:09 - 2007-06-24 20:09 - 01024000 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2007-06-24 20:09 - 2007-06-24 20:09 - 00098304 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2007-06-24 20:09 - 2007-06-24 20:09 - 00061440 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2008-04-28 10:49 - 2008-04-28 10:49 - 00003072 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
2010-07-13 16:37 - 2009-04-10 23:28 - 00368640 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2008-07-29 13:55 - 2008-07-29 13:55 - 00969728 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-07-30 15:54 - 2014-07-30 15:55 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-09 20:01 - 2014-07-09 20:01 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\sabrina:gs5sys
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\sabrina\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\sabrina\Cookies:gs5sys
AlternateDataStreams: C:\Users\sabrina\Lokale Einstellungen:gs5sys
AlternateDataStreams: C:\Users\sabrina\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\sabrina\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\sabrina\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\sabrina\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\sabrina\AppData\Local\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\sabrina\AppData\Local\Verlauf:gs5sys
AlternateDataStreams: C:\Users\sabrina\Documents\desktop.ini:gs5sys
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
HKU\S-1-5-21-4028198811-1897207706-3765303186-1000\Software\Classes\.exe: => <===== ATTENTION!
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun-Miniportadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/30/2014 06:55:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung UplayCrashReporter.exe, Version 0.0.0.0, Zeitstempel 0x53b418d6, fehlerhaftes Modul KERNELBASE.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e00, Ausnahmecode 0xc0000135, Fehleroffset 0x0006f52f,
Prozess-ID 0x1184, Anwendungsstartzeit UplayCrashReporter.exe0.
Error: (07/30/2014 06:53:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung UplayCrashReporter.exe, Version 0.0.0.0, Zeitstempel 0x53b418d6, fehlerhaftes Modul KERNELBASE.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e00, Ausnahmecode 0xc0000135, Fehleroffset 0x0006f52f,
Prozess-ID 0xbe0, Anwendungsstartzeit UplayCrashReporter.exe0.
Error: (07/30/2014 06:52:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung UplayCrashReporter.exe, Version 0.0.0.0, Zeitstempel 0x53b418d6, fehlerhaftes Modul KERNELBASE.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e00, Ausnahmecode 0xc0000135, Fehleroffset 0x0006f52f,
Prozess-ID 0x884, Anwendungsstartzeit UplayCrashReporter.exe0.
Error: (07/30/2014 06:30:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/30/2014 06:30:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/30/2014 06:30:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/30/2014 06:30:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/30/2014 06:29:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/30/2014 03:42:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/30/2014 03:42:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (07/30/2014 06:32:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069
Error: (07/30/2014 06:32:20 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330
Error: (07/30/2014 06:30:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: vflt
Error: (07/30/2014 06:29:51 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 192.168.9.100 für die Netzwerkkarte mit der Netzwerkadresse 344B50B7EF51 wurde durch den DHCP-Server 192.168.9.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).
Error: (07/30/2014 03:42:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069
Error: (07/30/2014 03:42:22 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330
Error: (07/30/2014 03:40:16 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: vflt
Error: (07/30/2014 03:39:57 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 192.168.9.100 für die Netzwerkkarte mit der Netzwerkadresse 344B50B7EF51 wurde durch den DHCP-Server 192.168.9.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).
Error: (07/30/2014 00:26:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069
Error: (07/30/2014 00:26:47 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330
Microsoft Office Sessions:
=========================
Error: (07/30/2014 06:55:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UplayCrashReporter.exe0.0.0.053b418d6KERNELBASE.dll6.0.6002.1888151da3e00c00001350006f52f118401cfac170183fa67
Error: (07/30/2014 06:53:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UplayCrashReporter.exe0.0.0.053b418d6KERNELBASE.dll6.0.6002.1888151da3e00c00001350006f52fbe001cfac16c0c8b837
Error: (07/30/2014 06:52:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UplayCrashReporter.exe0.0.0.053b418d6KERNELBASE.dll6.0.6002.1888151da3e00c00001350006f52f88401cfac16a17af4c7
Error: (07/30/2014 06:30:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL
Error: (07/30/2014 06:30:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL
Error: (07/30/2014 06:30:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL
Error: (07/30/2014 06:30:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL
Error: (07/30/2014 06:29:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/30/2014 03:42:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL
Error: (07/30/2014 03:42:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL
CodeIntegrity Errors:
===================================
Date: 2009-05-28 10:37:48.782
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2009-05-28 10:37:48.766
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2009-05-28 10:37:48.173
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2009-05-28 10:37:48.173
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2009-05-28 10:35:01.568
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2009-05-28 10:35:01.553
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2009-05-28 10:35:01.506
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2009-05-28 10:35:01.490
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 64%
Total physical RAM: 4094.32 MB
Available physical RAM: 1456.68 MB
Total Pagefile: 8401.93 MB
Available Pagefile: 5542.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:456.4 GB) (Free:240.26 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:457.11 GB) (Free:457.01 GB) NTFS
Drive f: (HOW_I_MET_YOUR_MOTHER_SE_S2_D2) (CDROM) (Total:6.9 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 2A2D5EE7)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=456 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=457 GB) - (Type=07 NTFS)
==================== End Of Log ============================ Ich habe gerade noch einen Durchlauf mit Spybot gemacht, der ebenfalls ergebnislos verlief..
[Edit: Doppelpost entfernt - sorry, hab gedacht beim ersten Mal hätte irgendwas nicht geklappt, weil ich es nicht gesehen habe.. ] |