Bosima2209 | 25.03.2015 18:41 | FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Kristin (administrator) on KRISTIN-PC on 25-03-2015 18:34:04
Running from C:\Users\Kristin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K1SVR8IO
Loaded Profiles: Kristin (Available profiles: Kristin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(CartCrunch Israel Ltd.) C:\ProgramData\SecurityUtility\ColorMedia.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
() C:\Program Files (x86)\WaInterEnhance\WaInterEnhance Internet Enhancer\InternetEnhancerService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
() C:\ProgramData\SecurityUtility\SecurityUtilitySrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Users\Kristin\AppData\Roaming\InetStat\inetstat.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
() C:\Program Files (x86)\WaInterEnhance\WaInterEnhance Internet Enhancer\InternetEnhancer.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2010-10-29] (Acer Incorporated)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [EPSON Stylus DX3800 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIACE.EXE /F "C:\Windows\TEMP\E_SF778.tmp" /EF "HKLM"
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296768 2010-11-12] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1029200 2010-12-31] (Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2010-12-09] (CyberLink Corp.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [220552 2011-06-27] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1557160 2012-04-09] (Ask)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2491477997-3247345139-1859624466-1000\...\Run: [InetStat] => C:\Users\Kristin\AppData\Roaming\InetStat\inetstat.exe [777230 2015-03-05] ()
HKU\S-1-5-21-2491477997-3247345139-1859624466-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-2491477997-3247345139-1859624466-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-2491477997-3247345139-1859624466-1000\...\MountPoints2: {59cfacb1-8c78-11e1-bc0c-18f46aa4c22d} - F:\AutoRun.exe
HKU\S-1-5-21-2491477997-3247345139-1859624466-1000\...\MountPoints2: {a5e0241a-188f-11e2-87d9-18f46aa4c22d} - E:\AutoRun.exe
HKU\S-1-5-21-2491477997-3247345139-1859624466-1000\...\MountPoints2: {d7f80b7a-af71-11e4-bbc5-18f46aa4c22d} - E:\AutoRun.exe
HKU\S-1-5-21-2491477997-3247345139-1859624466-1000\...\MountPoints2: {f3067159-87f0-11e1-8fdf-18f46aa4c22d} - E:\AutoRun.exe
HKU\S-1-5-21-2491477997-3247345139-1859624466-1000\...\MountPoints2: {f306716c-87f0-11e1-8fdf-18f46aa4c22d} - E:\AutoRun.exe
HKU\S-1-5-21-2491477997-3247345139-1859624466-1000\...\MountPoints2: {fae12b63-aed1-11e4-a596-001e101f3315} - E:\AutoRun.exe
HKU\S-1-5-21-2491477997-3247345139-1859624466-1000\...\MountPoints2: {fae12b70-aed1-11e4-a596-001e101f3315} - E:\AutoRun.exe
HKU\S-1-5-21-2491477997-3247345139-1859624466-1000\...\MountPoints2: {fae12b7e-aed1-11e4-a596-001e101f3315} - E:\AutoRun.exe
HKU\S-1-5-21-2491477997-3247345139-1859624466-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [453152 2009-12-24] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51641;https=127.0.0.1:51641
ProxyEnable: [S-1-5-21-2491477997-3247345139-1859624466-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2491477997-3247345139-1859624466-1000] => http=127.0.0.1:51641;https=127.0.0.1:51641
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.<!doctype html><html lang="de-DE"><head><meta http-equiv="X-UA-Compatible" content="IE=Edge"/><meta http-equiv="content-type" content="text/html; charset=UTF-8"><link rel="apple-touch-icon" sizes="72x72" href="hxxp://l.yimg.com/pv/static/img/yahoo_purple_i??<5\??.com/?type=hppp&ts=1420793548&from=cvs&uid=HitachiXHTS545050B9A300_110115PBN403M7E4LYPEX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.<!doctype html><html lang="de-DE"><head><meta http-equiv="X-UA-Compatible" content="IE=Edge"/><meta http-equiv="content-type" content="text/html; charset=UTF-8"><link rel="apple-touch-icon" sizes="72x72" href="hxxp://l.yimg.com/pv/static/img/yahoo_purple_i??<5\??.com/?type=hppp&ts=1420793548&from=cvs&uid=HitachiXHTS545050B9A300_110115PBN403M7E4LYPEX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1420793488&from=cvs&uid=HitachiXHTS545050B9A300_110115PBN403M7E4LYPEX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1420793488&from=cvs&uid=HitachiXHTS545050B9A300_110115PBN403M7E4LYPEX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.<!doctype html><html lang="de-DE"><head><meta http-equiv="X-UA-Compatible" content="IE=Edge"/><meta http-equiv="content-type" content="text/html; charset=UTF-8"><link rel="apple-touch-icon" sizes="72x72" href="hxxp://l.yimg.com/pv/static/img/yahoo_purple_i??<5\??.com/?type=hppp&ts=1420793548&from=cvs&uid=HitachiXHTS545050B9A300_110115PBN403M7E4LYPEX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.<!doctype html><html lang="de-DE"><head><meta http-equiv="X-UA-Compatible" content="IE=Edge"/><meta http-equiv="content-type" content="text/html; charset=UTF-8"><link rel="apple-touch-icon" sizes="72x72" href="hxxp://l.yimg.com/pv/static/img/yahoo_purple_i??<5\??.com/?type=hppp&ts=1420793548&from=cvs&uid=HitachiXHTS545050B9A300_110115PBN403M7E4LYPEX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420793488&from=cvs&uid=HitachiXHTS545050B9A300_110115PBN403M7E4LYPEX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420793488&from=cvs&uid=HitachiXHTS545050B9A300_110115PBN403M7E4LYPEX&q={searchTerms}
HKU\S-1-5-21-2491477997-3247345139-1859624466-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gws_rd=ssl
HKU\S-1-5-21-2491477997-3247345139-1859624466-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.<!doctype html><html lang="de-DE"><head><meta http-equiv="X-UA-Compatible" content="IE=Edge"/><meta http-equiv="content-type" content="text/html; charset=UTF-8"><link rel="apple-touch-icon" sizes="72x72" href="hxxp://l.yimg.com/pv/static/img/yahoo_purple_i??<5\??.com/?type=hppp&ts=1420793548&from=cvs&uid=HitachiXHTS545050B9A300_110115PBN403M7E4LYPEX
HKU\S-1-5-21-2491477997-3247345139-1859624466-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=dspp&ts=1420793548&from=cvs&uid=HitachiXHTS545050B9A300_110115PBN403M7E4LYPEX&q={searchTerms}
HKU\S-1-5-21-2491477997-3247345139-1859624466-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=dspp&ts=1420793548&from=cvs&uid=HitachiXHTS545050B9A300_110115PBN403M7E4LYPEX&q={searchTerms}
URLSearchHook: HKU\S-1-5-21-2491477997-3247345139-1859624466-1000 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKU\S-1-5-21-2491477997-3247345139-1859624466-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-2491477997-3247345139-1859624466-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420793488&from=cvs&uid=HitachiXHTS545050B9A300_110115PBN403M7E4LYPEX&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420793488&from=cvs&uid=HitachiXHTS545050B9A300_110115PBN403M7E4LYPEX&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420793488&from=cvs&uid=HitachiXHTS545050B9A300_110115PBN403M7E4LYPEX&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420793488&from=cvs&uid=HitachiXHTS545050B9A300_110115PBN403M7E4LYPEX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2491477997-3247345139-1859624466-1000 -> DefaultScope {27599330-2733-474E-8C16-FB278367C0B5} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B010DE662D20110918&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2491477997-3247345139-1859624466-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2491477997-3247345139-1859624466-1000 -> {27599330-2733-474E-8C16-FB278367C0B5} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B010DE662D20110918&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2491477997-3247345139-1859624466-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.<!doctype html><html lang="de-DE"><head><meta http-equiv="X-UA-Compatible" content="IE=Edge"/><meta http-equiv="content-type" content="text/html; charset=UTF-8"><link rel="apple-touch-icon" sizes="72x72" href="hxxp://l.yimg.com/pv/static/img/yahoo_purple_i??<5\??.com/web/?type=dspp&ts=1420793548&from=cvs&uid=HitachiXHTS545050B9A300_110115PBN403M7E4LYPEX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2491477997-3247345139-1859624466-1000 -> {71533864-6FB0-4F1A-9733-48EDE4A25BD7} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=9E48706F-0B3C-4BC2-95CB-669797188106&apn_sauid=436E67BA-BC20-416C-BAB5-A9D6B3FCBDBA
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll [2014-12-29] (Thinknice Co. Limited)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-09-15] (Microsoft Corporation.)
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-04-09] (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-11-24] (Sun Microsystems, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-04-09] (Ask)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-09-15] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-2491477997-3247345139-1859624466-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {28B66320-9687-4B13-8757-36F901887AB5} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/canvasx.cab
DPF: HKLM-x32 {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll [2015-01-12] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 15 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe webssearches
FireFox:
========
FF ProfilePath: C:\Users\Kristin\AppData\Roaming\Mozilla\Firefox\Profiles\uilchnti.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000027&locale=de_DE&apn_uid=9E48706F-0B3C-4BC2-95CB-669797188106&apn_ptnrs=U3&apn_sauid=436E67BA-BC20-416C-BAB5-A9D6B3FCBDBA&apn_dtid=OSJ000YYDE&&q=
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2011-09-09] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2012-11-02] (GARMIN Corp.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-11-24] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2011-09-18]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-03-02]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-03-02]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ColorMedia; C:\ProgramData\SecurityUtility\ColorMedia.exe [1398304 2015-01-07] (CartCrunch Israel Ltd.) [File not signed]
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158864 2014-12-29] (XTab system)
R2 Internet Enhancer Service; C:\Program Files (x86)\WaInterEnhance\WaInterEnhance Internet Enhancer\InternetEnhancerService.exe [312320 2015-01-05] () [File not signed]
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-02-19] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2010-11-12] (NTI Corporation)
R2 SecurityUtility Service; C:\ProgramData\SecurityUtility\SecurityUtilitySrv.exe [539648 2015-01-07] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [473088 2015-01-09] (Fuyu LIMITED) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-25 18:33 - 2015-03-25 18:34 - 00000000 ____D () C:\FRST
2015-03-25 17:36 - 2015-03-25 17:37 - 00000000 ____D () C:\Users\Kristin\AppData\Roaming\Mozilla
2015-03-25 17:36 - 2015-03-25 17:37 - 00000000 ____D () C:\Users\Kristin\AppData\Local\Mozilla
2015-03-25 17:36 - 2015-03-25 17:36 - 00000000 ____D () C:\ProgramData\Mozilla
2015-03-04 09:54 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-04 09:54 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-04 09:54 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-04 09:54 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-03-04 09:14 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-04 09:14 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-04 09:14 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-04 09:14 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-04 09:14 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-04 09:14 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-04 09:14 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-04 09:14 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-04 09:14 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-04 09:14 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-04 09:14 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-04 09:14 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-04 09:14 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-04 09:14 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-04 09:14 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-04 09:14 - 2015-01-12 03:33 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-04 09:14 - 2015-01-12 03:32 - 06041088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-04 09:14 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-04 09:14 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-04 09:14 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-04 09:14 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-04 09:14 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-04 09:14 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-04 09:14 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-04 09:14 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-04 09:14 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-04 09:14 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-04 09:14 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-04 09:14 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-04 09:14 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-04 09:14 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-04 09:14 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-04 09:14 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-04 09:14 - 2015-01-12 02:55 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-04 09:14 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-04 09:14 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-04 09:14 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-04 09:14 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-04 09:14 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-04 09:14 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-04 09:14 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-04 09:14 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-04 09:14 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-04 09:14 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-04 09:14 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-04 09:14 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-04 09:14 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-04 09:14 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-04 09:14 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-04 09:14 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-04 09:14 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-04 09:14 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-04 09:14 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-04 09:14 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-04 09:14 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-04 09:14 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-04 08:25 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-03-04 08:25 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-25 18:15 - 2012-04-16 19:24 - 00000000 ____D () C:\ProgramData\DatacardService
2015-03-25 17:28 - 2011-02-18 04:33 - 01545749 _____ () C:\Windows\WindowsUpdate.log
2015-03-25 17:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-25 16:45 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-25 16:45 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-25 16:40 - 2011-06-05 21:15 - 00000000 ____D () C:\ProgramData\clear.fi
2015-03-25 16:38 - 2015-01-09 10:05 - 00005312 _____ () C:\Windows\SysWOW64\ColorMedia.ini
2015-03-25 16:38 - 2015-01-09 10:05 - 00002912 _____ () C:\Windows\SysWOW64\ColorMediaOff.ini
2015-03-25 16:38 - 2015-01-09 10:05 - 00002912 _____ () C:\Windows\system32\ColorMediaOff.ini
2015-03-25 16:38 - 2011-02-18 04:48 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-03-25 16:38 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-25 16:38 - 2009-07-14 05:51 - 00097796 _____ () C:\Windows\setupact.log
2015-03-24 16:03 - 2011-02-18 13:21 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2015-03-24 16:03 - 2011-02-18 13:21 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2015-03-24 16:03 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-05 11:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-03-05 10:23 - 2015-01-09 10:06 - 00000000 ____D () C:\Users\Kristin\AppData\Roaming\InetStat
2015-03-04 14:21 - 2011-06-10 21:07 - 00000000 ____D () C:\Users\Kristin\Documents\1. KRISTIN
2015-03-04 08:19 - 2011-02-18 04:29 - 00205302 _____ () C:\Windows\PFRO.log
2015-02-25 09:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-24 04:17 - 2011-09-18 10:25 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-23 20:15 - 2013-07-26 13:41 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-23 20:08 - 2012-01-14 22:21 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2011-08-13 20:32 - 2011-08-30 21:20 - 0005566 _____ () C:\Users\Kristin\AppData\Roaming\mdbu.bin
2012-12-21 20:30 - 2012-12-21 20:30 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-02-18 04:59 - 2011-02-18 05:07 - 0016243 _____ () C:\ProgramData\ArcadeDeluxe5.log
2011-01-17 18:10 - 2010-03-03 00:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe
Some content of TEMP:
====================
C:\Users\Kristin\AppData\Local\Temp\ApnStub.exe
C:\Users\Kristin\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE
C:\Users\Kristin\AppData\Local\Temp\MSN2BA4.exe
C:\Users\Kristin\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\Kristin\AppData\Local\Temp\setup.exe
C:\Users\Kristin\AppData\Local\Temp\SpOrder.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-25 08:45
==================== End Of Log ============================ --- --- ---
--- --- ---
FRST Additions Logfile: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Kristin at 2015-03-25 18:35:48
Running from C:\Users\Kristin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K1SVR8IO
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.69 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1306 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1306 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3000 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3001 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.2.153.1 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.1.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKU\S-1-5-21-2491477997-3247345139-1859624466-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.1.22229 - Ask.com) <==== ATTENTION
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{4292776A-4F23-E108-83B2-2C27398E8BCF}) (Version: 3.0.804.0 - ATI Technologies, Inc.)
Backup Manager V3 (x32 Version: 3.0.0.69 - NTI Corporation) Hidden
Bing Bar (HKLM-x32\...\{A7E8CB11-B09E-46F8-9BAE-B2E01EBF7E51}) (Version: 7.0.831.0 - Microsoft Corporation)
ccc-core-static (x32 Version: 2011.0111.1350.24756 - Ihr Firmenname) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1223.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1223.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.7209 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3008 - Acer Incorporated)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.41.1.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
EPSON Attach To Email (HKLM-x32\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Attach To Email (x32 Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Easy Photo Print (HKLM-x32\...\{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}) (Version: 1.1.0.0 - )
EPSON File Manager (HKLM-x32\...\{E86BC406-944E-41F6-ADE6-2C136734C96B}) (Version: 1.1.0.0 - )
EPSON Image Clip Palette (HKLM-x32\...\{314F6D08-A8B7-11D8-8446-0050BA1D384D}) (Version: 1.02.00 - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EPSON Scan Assistant (HKLM-x32\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.02.00 - )
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
EPSON-Drucker-Software (HKLM-x32\...\EPSON Printer and Utilities) (Version: - )
ESDX3800 Benutzerhandbuch (HKLM-x32\...\ESDX3800 Benutzerhandbuch) (Version: - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
ETDWare PS/2-X64 8.0.6.0_WHQL (HKLM\...\Elantech) (Version: 8.0.6.0 - ELAN Microelectronic Corp.)
Garmin Communicator Plugin (HKLM-x32\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{237D687E-9E50-4A30-B810-262764CC491B}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
HP Deskjet 2510 series - Grundlegende Software für das Gerät (HKLM\...\{AB38332B-A2C0-4FE7-9A5E-454BCF6B7031}) (Version: 27.0.847.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Hilfe (HKLM-x32\...\{07B48D2C-E60D-41E6-B546-11D128F633EC}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 2510 series Setup Guide (HKLM-x32\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
InetStat (HKU\S-1-5-21-2491477997-3247345139-1859624466-1000\...\InetStat) (Version: 0.5b - InetStat) <==== ATTENTION!
Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.0.5 - Acer Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.194 - McAfee, Inc.)
MediaEspresso (x32 Version: 1.0.1210_33255 - CyberLink Corp.) Hidden
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PDF24 Creator 3.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PIF DESIGNER (HKLM-x32\...\{B90450DF-E781-46FD-B1F1-0C86DA40E443}) (Version: - )
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
SecurityUtility (HKLM-x32\...\SecurityUtility) (Version: 1.0.0.1600 - )
Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Studie zur Verbesserung von HP Deskjet 2510 series Produkten (HKLM\...\{48CEEC7F-1D7D-4906-9F5D-B80A55163B49}) (Version: 27.0.847.0 - Hewlett-Packard Co.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wajam (HKLM-x32\...\WaInterEnhance) (Version: 2.21.2.32 (i2.6) - WaInterEnhance) <==== ATTENTION
webssearches uninstall (HKLM-x32\...\webssearches uninstall) (Version: - webssearches) <==== ATTENTION
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3005 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
28-01-2015 13:36:39 Geplanter Prüfpunkt
30-01-2015 12:20:29 Wiederherstellungsvorgang
08-02-2015 15:30:29 Geplanter Prüfpunkt
20-02-2015 08:32:40 Windows Update
23-02-2015 20:05:39 Windows Update
04-03-2015 08:23:52 Windows Update
05-03-2015 10:15:38 Windows Update
25-03-2015 17:12:29 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05DF2192-C6BA-4000-A3E0-C8D9160CEE0F} - System32\Tasks\{F4732379-AE3C-4C42-B3DF-13CD07928249} => Iexplore.exe Skype für den Desktop herunterladen
Task: {5034949D-37BC-4E5A-9B13-5EE7A0F2BF37} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2010-12-23] (Acer Incorporated)
Task: {53C97489-9DF5-4241-8497-D4711E966DEF} - System32\Tasks\HPCustParticipation HP Deskjet 2510 series => C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe [2012-01-31] (Hewlett-Packard Co.)
Task: {5C5C4C81-9478-434F-8833-B8775F5CE14E} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2010-12-23] (CyberLink)
Task: {5FE7FAC5-80B3-4371-9FE0-0677340E9DB7} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {8F658466-4B18-4A40-9716-80996DB91780} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2010-12-23] (CyberLink Corp.)
Task: {B70EAB6A-029B-41B8-8069-A9A3A8A14AED} - System32\Tasks\{B440B070-2C54-4611-9429-A886FE73CF9E} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE
Task: {DA66916E-4080-43D7-A620-0B05A2F74A83} - System32\Tasks\{99D1FB47-6F5D-4A2D-BA3D-FF08676045F1} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE
Task: {DFA48BB7-69F2-4500-8974-05F32F3483BA} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-04-09] () <==== ATTENTION
Task: {FA92020D-950D-416A-AEC7-21DCE3E4C86F} - System32\Tasks\{7486A3E8-1B77-4A06-81B7-57FEE3CBAE48} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE
==================== Loaded Modules (whitelisted) ==============
2015-01-05 17:14 - 2015-01-05 17:14 - 00312320 _____ () C:\Program Files (x86)\WaInterEnhance\WaInterEnhance Internet Enhancer\InternetEnhancerService.exe
2015-01-09 10:05 - 2015-01-07 21:20 - 00539648 _____ () C:\ProgramData\SecurityUtility\SecurityUtilitySrv.exe
2009-01-22 01:45 - 2009-01-22 01:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2015-01-09 10:06 - 2015-03-05 10:17 - 00777230 _____ () C:\Users\Kristin\AppData\Roaming\InetStat\inetstat.exe
2015-01-05 17:14 - 2015-01-05 17:14 - 00083456 _____ () C:\Program Files (x86)\WaInterEnhance\WaInterEnhance Internet Enhancer\InternetEnhancer.exe
2010-11-12 02:22 - 2010-11-12 02:22 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2010-11-12 02:22 - 2010-11-12 02:22 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2010-11-12 02:22 - 2010-11-12 02:22 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2010-12-23 14:46 - 2010-12-23 14:46 - 00210312 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:93EB7685
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57
AlternateDataStreams: C:\ProgramData\Temp:E3C56885
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2491477997-3247345139-1859624466-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kristin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-2491477997-3247345139-1859624466-500 - Administrator - Disabled)
Gast (S-1-5-21-2491477997-3247345139-1859624466-501 - Limited - Disabled)
Kristin (S-1-5-21-2491477997-3247345139-1859624466-1000 - Administrator - Enabled) => C:\Users\Kristin
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/25/2015 04:38:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: cmdshell.exe, Version: 4.0.1.1615, Zeitstempel: 0x54a0adf1
Name des fehlerhaften Moduls: cmdshell.exe, Version: 4.0.1.1615, Zeitstempel: 0x54a0adf1
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000054cf
ID des fehlerhaften Prozesses: 0x350
Startzeit der fehlerhaften Anwendung: 0xcmdshell.exe0
Pfad der fehlerhaften Anwendung: cmdshell.exe1
Pfad des fehlerhaften Moduls: cmdshell.exe2
Berichtskennung: cmdshell.exe3
Error: (03/24/2015 03:41:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: cmdshell.exe, Version: 4.0.1.1615, Zeitstempel: 0x54a0adf1
Name des fehlerhaften Moduls: cmdshell.exe, Version: 4.0.1.1615, Zeitstempel: 0x54a0adf1
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000054cf
ID des fehlerhaften Prozesses: 0x120c
Startzeit der fehlerhaften Anwendung: 0xcmdshell.exe0
Pfad der fehlerhaften Anwendung: cmdshell.exe1
Pfad des fehlerhaften Moduls: cmdshell.exe2
Berichtskennung: cmdshell.exe3
Error: (03/16/2015 07:44:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: cmdshell.exe, Version: 4.0.1.1615, Zeitstempel: 0x54a0adf1
Name des fehlerhaften Moduls: cmdshell.exe, Version: 4.0.1.1615, Zeitstempel: 0x54a0adf1
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000054cf
ID des fehlerhaften Prozesses: 0x1068
Startzeit der fehlerhaften Anwendung: 0xcmdshell.exe0
Pfad der fehlerhaften Anwendung: cmdshell.exe1
Pfad des fehlerhaften Moduls: cmdshell.exe2
Berichtskennung: cmdshell.exe3
Error: (03/05/2015 10:12:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: cmdshell.exe, Version: 4.0.1.1615, Zeitstempel: 0x54a0adf1
Name des fehlerhaften Moduls: cmdshell.exe, Version: 4.0.1.1615, Zeitstempel: 0x54a0adf1
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000054cf
ID des fehlerhaften Prozesses: 0xe98
Startzeit der fehlerhaften Anwendung: 0xcmdshell.exe0
Pfad der fehlerhaften Anwendung: cmdshell.exe1
Pfad des fehlerhaften Moduls: cmdshell.exe2
Berichtskennung: cmdshell.exe3
Error: (03/04/2015 02:23:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: inetstat.exe, Version: 0.0.0.0, Zeitstempel: 0x54a17008
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002fb8c
ID des fehlerhaften Prozesses: 0x424
Startzeit der fehlerhaften Anwendung: 0xinetstat.exe0
Pfad der fehlerhaften Anwendung: inetstat.exe1
Pfad des fehlerhaften Moduls: inetstat.exe2
Berichtskennung: inetstat.exe3
Error: (03/04/2015 02:18:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: cmdshell.exe, Version: 4.0.1.1615, Zeitstempel: 0x54a0adf1
Name des fehlerhaften Moduls: cmdshell.exe, Version: 4.0.1.1615, Zeitstempel: 0x54a0adf1
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000054cf
ID des fehlerhaften Prozesses: 0x12ec
Startzeit der fehlerhaften Anwendung: 0xcmdshell.exe0
Pfad der fehlerhaften Anwendung: cmdshell.exe1
Pfad des fehlerhaften Moduls: cmdshell.exe2
Berichtskennung: cmdshell.exe3
Error: (03/04/2015 01:46:39 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (03/04/2015 08:25:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: inetstat.exe, Version: 0.0.0.0, Zeitstempel: 0x54a17008
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002fb8c
ID des fehlerhaften Prozesses: 0xd14
Startzeit der fehlerhaften Anwendung: 0xinetstat.exe0
Pfad der fehlerhaften Anwendung: inetstat.exe1
Pfad des fehlerhaften Moduls: inetstat.exe2
Berichtskennung: inetstat.exe3
Error: (03/04/2015 08:20:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: cmdshell.exe, Version: 4.0.1.1615, Zeitstempel: 0x54a0adf1
Name des fehlerhaften Moduls: cmdshell.exe, Version: 4.0.1.1615, Zeitstempel: 0x54a0adf1
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000054cf
ID des fehlerhaften Prozesses: 0xe2c
Startzeit der fehlerhaften Anwendung: 0xcmdshell.exe0
Pfad der fehlerhaften Anwendung: cmdshell.exe1
Pfad des fehlerhaften Moduls: cmdshell.exe2
Berichtskennung: cmdshell.exe3
Error: (02/26/2015 00:10:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: inetstat.exe, Version: 0.0.0.0, Zeitstempel: 0x54a17008
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002fb8c
ID des fehlerhaften Prozesses: 0xeb0
Startzeit der fehlerhaften Anwendung: 0xinetstat.exe0
Pfad der fehlerhaften Anwendung: inetstat.exe1
Pfad des fehlerhaften Moduls: inetstat.exe2
Berichtskennung: inetstat.exe3
System errors:
=============
Error: (03/25/2015 04:38:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (03/25/2015 04:38:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Error: (03/21/2015 11:46:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (03/21/2015 11:46:06 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Error: (03/16/2015 07:42:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (03/16/2015 07:42:59 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Error: (03/05/2015 10:10:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (03/05/2015 10:10:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Error: (03/04/2015 01:16:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (03/04/2015 01:16:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Microsoft Office Sessions:
=========================
Error: (03/25/2015 04:38:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: cmdshell.exe4.0.1.161554a0adf1cmdshell.exe4.0.1.161554a0adf1c0000409000054cf35001d06711b923ecf7C:\Program Files (x86)\XTab\cmdshell.exeC:\Program Files (x86)\XTab\cmdshell.exef85b9c44-d304-11e4-9ec0-18f46aa4c22d
Error: (03/24/2015 03:41:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: cmdshell.exe4.0.1.161554a0adf1cmdshell.exe4.0.1.161554a0adf1c0000409000054cf120c01d06640a7901e82C:\Program Files (x86)\XTab\cmdshell.exeC:\Program Files (x86)\XTab\cmdshell.exee7ceed4b-d233-11e4-bfaa-18f46aa4c22d
Error: (03/16/2015 07:44:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: cmdshell.exe4.0.1.161554a0adf1cmdshell.exe4.0.1.161554a0adf1c0000409000054cf106801d05fb49410608dC:\Program Files (x86)\XTab\cmdshell.exeC:\Program Files (x86)\XTab\cmdshell.exed48bcaff-cba7-11e4-a0ff-18f46aa4c22d
Error: (03/05/2015 10:12:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: cmdshell.exe4.0.1.161554a0adf1cmdshell.exe4.0.1.161554a0adf1c0000409000054cfe9801d057247cc0ed6aC:\Program Files (x86)\XTab\cmdshell.exeC:\Program Files (x86)\XTab\cmdshell.exebc25d6dd-c317-11e4-8211-18f46aa4c22d
Error: (03/04/2015 02:23:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: inetstat.exe0.0.0.054a17008ntdll.dll6.1.7601.18247521ea8e7c00000050002fb8c42401d0567da52d4e7dC:\Users\Kristin\AppData\Roaming\InetStat\inetstat.exeC:\Windows\SysWOW64\ntdll.dll979777c7-c271-11e4-b94c-001e101f79c9
Error: (03/04/2015 02:18:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: cmdshell.exe4.0.1.161554a0adf1cmdshell.exe4.0.1.161554a0adf1c0000409000054cf12ec01d0567da7937308C:\Program Files (x86)\XTab\cmdshell.exeC:\Program Files (x86)\XTab\cmdshell.exee61fbf42-c270-11e4-b94c-001e101f79c9
Error: (03/04/2015 01:46:39 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (03/04/2015 08:25:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: inetstat.exe0.0.0.054a17008ntdll.dll6.1.7601.18247521ea8e7c00000050002fb8cd1401d0564bb69e2193C:\Users\Kristin\AppData\Roaming\InetStat\inetstat.exeC:\Windows\SysWOW64\ntdll.dlla9ebe471-c23f-11e4-afa5-18f46aa4c22d
Error: (03/04/2015 08:20:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: cmdshell.exe4.0.1.161554a0adf1cmdshell.exe4.0.1.161554a0adf1c0000409000054cfe2c01d0564bb49996f8C:\Program Files (x86)\XTab\cmdshell.exeC:\Program Files (x86)\XTab\cmdshell.exef3153990-c23e-11e4-afa5-18f46aa4c22d
Error: (02/26/2015 00:10:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: inetstat.exe0.0.0.054a17008ntdll.dll6.1.7601.18247521ea8e7c00000050002fb8ceb001d051b4243a4fe9C:\Users\Kristin\AppData\Roaming\InetStat\inetstat.exeC:\Windows\SysWOW64\ntdll.dll178544ba-bda8-11e4-aef1-18f46aa4c22d
==================== Memory info ===========================
Processor: AMD E-350 Processor
Percentage of memory in use: 51%
Total physical RAM: 3818.9 MB
Available physical RAM: 1870.48 MB
Total Pagefile: 7635.99 MB
Available Pagefile: 5442.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:450.66 GB) (Free:347.87 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 41CAF08F)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================ --- --- --- |