| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Welcome to nginx Virus beseitigenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.06.2013, 21:44
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Welcome to nginx Virus beseitigen aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.06.2013, 08:37
| #17 |
 | Welcome to nginx Virus beseitigen Guten Morgen,
__________________habe aswMBR.exe geöffnet. Jedoch fragt er nicht nach avast! und auch nicht nach der Firewall. Habe dann auf Scan geklickt und das Programm reagiert nicht mehr und schließt sich. Habe darauf AV scan auf none gesetzt und nochmals auf Scan geklickt: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-14 09:33:52
-----------------------------
09:33:52.118 OS Version: Windows x64 6.2.9200
09:33:52.118 Number of processors: 2 586 0x2A07
09:33:52.119 ComputerName: MALTE UserName:
09:33:52.122 Initialze error 1
09:33:52.199 AVAST engine defs: 13061301
09:33:58.047 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000038
09:33:58.049 Disk 0 Vendor: WDC_WD5000LPVT-22G33T0 01.01A01 Size: 476940MB BusType: 11
09:33:58.062 Disk 0 MBR read successfully
09:33:58.064 Disk 0 MBR scan
09:33:58.066 Disk 0 unknown MBR code
09:33:58.071 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
09:33:58.076 Disk 0 scanning C:\Windows\system32\drivers
09:33:58.079 Service scanning
09:33:58.726 Modules scanning
09:33:58.736 Disk 0 trace - called modules:
09:33:58.748 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys
09:33:58.759 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049d7060]
09:33:58.766 3 CLASSPNP.SYS[fffff88000dacfea] -> nt!IofCallDriver -> \Device\00000038[0xfffffa800434b7f0]
09:33:58.781 Scan finished successfully
09:36:09.019 Disk 0 MBR has been saved successfully to "C:\Users\malte brz\Desktop\MBR.dat"
09:36:09.024 The log file has been saved successfully to "C:\Users\malte brz\Desktop\aswMBR.txt"
Code:
ATTFilter 09:37:43.0796 3256 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:37:43.0796 3256 UEFI system
09:37:45.0017 3256 ============================================================
09:37:45.0017 3256 Current date / time: 2013/06/14 09:37:45.0017
09:37:45.0017 3256 SystemInfo:
09:37:45.0018 3256
09:37:45.0018 3256 OS Version: 6.2.9200 ServicePack: 0.0
09:37:45.0018 3256 Product type: Workstation
09:37:45.0018 3256 ComputerName: MALTE
09:37:45.0018 3256 UserName: malte brz
09:37:45.0018 3256 Windows directory: C:\Windows
09:37:45.0018 3256 System windows directory: C:\Windows
09:37:45.0018 3256 Running under WOW64
09:37:45.0018 3256 Processor architecture: Intel x64
09:37:45.0018 3256 Number of processors: 2
09:37:45.0018 3256 Page size: 0x1000
09:37:45.0018 3256 Boot type: Normal boot
09:37:45.0018 3256 ============================================================
09:37:45.0764 3256 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:37:45.0769 3256 ============================================================
09:37:45.0769 3256 \Device\Harddisk0\DR0:
09:37:45.0769 3256 GPT partitions:
09:37:45.0769 3256 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {3E0E8589-AFCD-4016-B9EF-FE93EA2C3977}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
09:37:45.0769 3256 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {CEA6F466-59D4-4120-A45D-AEBF8461D0F3}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x96000
09:37:45.0769 3256 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {15F4A353-EEFF-4E58-B01F-9F1505540E2F}, Name: Microsoft reserved partition, StartLBA 0x15E800, BlocksNum 0x40000
09:37:45.0769 3256 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {BE5357F0-3D00-484D-85E9-3BB8F0DC7FC0}, Name: Basic data partition, StartLBA 0x19E800, BlocksNum 0x3868E800
09:37:45.0770 3256 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {4BDE6539-8616-4F8F-9B83-7093EF2C73B6}, Name: Basic data partition, StartLBA 0x3882D000, BlocksNum 0x1B59000
09:37:45.0770 3256 MBR partitions:
09:37:45.0770 3256 ============================================================
09:37:45.0788 3256 C: <-> \Device\Harddisk0\DR0\Partition4
09:37:45.0788 3256 ============================================================
09:37:45.0789 3256 Initialize success
09:37:45.0789 3256 ============================================================
09:39:21.0524 1972 ============================================================
09:39:21.0524 1972 Scan started
09:39:21.0524 1972 Mode: Manual; SigCheck; TDLFS;
09:39:21.0524 1972 ============================================================
09:39:22.0196 1972 ================ Scan system memory ========================
09:39:22.0196 1972 System memory - ok
09:39:22.0196 1972 ================ Scan services =============================
09:39:22.0368 1972 [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
09:39:22.0431 1972 1394ohci - ok
09:39:22.0477 1972 [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware C:\Windows\system32\drivers\3ware.sys
09:39:22.0509 1972 3ware - ok
09:39:22.0540 1972 [ 975AABEB243B800C23626D6B652C5A9C ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:39:22.0571 1972 ACPI - ok
09:39:22.0587 1972 [ DC968C37822117E576B933F34A2D130C ] acpiex C:\Windows\system32\Drivers\acpiex.sys
09:39:22.0602 1972 acpiex - ok
09:39:22.0618 1972 [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
09:39:22.0649 1972 acpipagr - ok
09:39:22.0665 1972 [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
09:39:22.0696 1972 AcpiPmi - ok
09:39:22.0696 1972 [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime C:\Windows\System32\drivers\acpitime.sys
09:39:22.0712 1972 acpitime - ok
09:39:22.0790 1972 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:39:22.0821 1972 AdobeARMservice - ok
09:39:22.0915 1972 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:39:22.0946 1972 AdobeFlashPlayerUpdateSvc - ok
09:39:22.0978 1972 [ 93C6388592B99925C1D1576E465BC80F ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:39:23.0009 1972 adp94xx - ok
09:39:23.0024 1972 [ D27763E0247292654E7F7D16444C7C72 ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:39:23.0040 1972 adpahci - ok
09:39:23.0056 1972 [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:39:23.0071 1972 adpu320 - ok
09:39:23.0134 1972 [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:39:23.0196 1972 AeLookupSvc - ok
09:39:23.0228 1972 [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD C:\Windows\system32\drivers\afd.sys
09:39:23.0290 1972 AFD - ok
09:39:23.0321 1972 [ 01590377A5AB19E792528C628A2A68F9 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:39:23.0337 1972 agp440 - ok
09:39:23.0352 1972 [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG C:\Windows\System32\alg.exe
09:39:23.0384 1972 ALG - ok
09:39:23.0431 1972 [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
09:39:23.0462 1972 AllUserInstallAgent - ok
09:39:23.0493 1972 [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
09:39:23.0587 1972 AmdK8 - ok
09:39:23.0602 1972 [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
09:39:23.0649 1972 AmdPPM - ok
09:39:23.0681 1972 [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:39:23.0696 1972 amdsata - ok
09:39:23.0712 1972 [ 00452671904F5EE94B50BF0219C97164 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
09:39:23.0728 1972 amdsbs - ok
09:39:23.0743 1972 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:39:23.0759 1972 amdxata - ok
09:39:23.0790 1972 [ 83B3682CE922FB0F415734B26D9D6233 ] AppID C:\Windows\system32\drivers\appid.sys
09:39:23.0821 1972 AppID - ok
09:39:23.0837 1972 [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:39:23.0868 1972 AppIDSvc - ok
09:39:23.0915 1972 [ 4F750B7EFCB6520AE01E01D082D7D476 ] Appinfo C:\Windows\System32\appinfo.dll
09:39:23.0946 1972 Appinfo - ok
09:39:24.0040 1972 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:39:24.0056 1972 Apple Mobile Device - ok
09:39:24.0071 1972 [ E933401B392387F4BE34DE8BAF1722A7 ] arc C:\Windows\system32\drivers\arc.sys
09:39:24.0087 1972 arc - ok
09:39:24.0103 1972 [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:39:24.0118 1972 arcsas - ok
09:39:24.0165 1972 [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
09:39:24.0181 1972 aswFsBlk - ok
09:39:24.0196 1972 [ 36949EB7E71C5779C5163AF6AFB2A161 ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
09:39:24.0196 1972 aswKbd - ok
09:39:24.0243 1972 [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
09:39:24.0259 1972 aswMonFlt - ok
09:39:24.0290 1972 [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
09:39:24.0290 1972 aswRdr - ok
09:39:24.0337 1972 [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
09:39:24.0337 1972 aswRvrt - ok
09:39:24.0368 1972 [ 10ED1CAB84AA65983C41A11F60294C9B ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
09:39:24.0415 1972 aswSnx - ok
09:39:24.0431 1972 [ 00E5253353717D3CA12A0F5A6F9991EC ] aswSP C:\Windows\system32\drivers\aswSP.sys
09:39:24.0446 1972 aswSP - ok
09:39:24.0478 1972 [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
09:39:24.0493 1972 aswTdi - ok
09:39:24.0509 1972 [ 6359B99C955DB9F40B653159A0EED261 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
09:39:24.0524 1972 aswVmm - ok
09:39:24.0540 1972 [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:39:24.0571 1972 AsyncMac - ok
09:39:24.0587 1972 [ A721FF570C2387E383BDDEA9632863C9 ] atapi C:\Windows\system32\drivers\atapi.sys
09:39:24.0603 1972 atapi - ok
09:39:24.0618 1972 [ 8AEDB0F8258EBE71B5E8E0900E901295 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
09:39:24.0634 1972 AthBTPort - ok
09:39:24.0665 1972 [ CAE43CF6BB56DF7E67FBF40B837514DF ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
09:39:24.0681 1972 AtherosSvc - ok
09:39:24.0759 1972 [ F17ABC4AA1FE4989E812858261414FE5 ] athr C:\Windows\system32\DRIVERS\athw8x.sys
09:39:24.0884 1972 athr - ok
09:39:24.0915 1972 [ BCD7A47EF587DC00DD61D12D9C2D1E44 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
09:39:24.0946 1972 AudioEndpointBuilder - ok
09:39:24.0994 1972 [ 810F30FF8490ED5ED510621DF10DE320 ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:39:25.0057 1972 Audiosrv - ok
09:39:25.0119 1972 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
09:39:25.0135 1972 avast! Antivirus - ok
09:39:25.0182 1972 [ 89491EF71D5EA011127832C588002853 ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:39:25.0213 1972 AxInstSV - ok
09:39:25.0260 1972 [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
09:39:25.0291 1972 b06bdrv - ok
09:39:25.0322 1972 [ 1D55E5313E44FB7968AB2D8758E74D68 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:39:25.0354 1972 b57nd60a - ok
09:39:25.0354 1972 [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
09:39:25.0385 1972 BasicDisplay - ok
09:39:25.0385 1972 [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
09:39:25.0401 1972 BasicRender - ok
09:39:25.0526 1972 [ 2FE2E0EBCDF1EF22A34B44CED1E59893 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl63a.sys
09:39:25.0698 1972 BCM43XX - ok
09:39:25.0729 1972 [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC C:\Windows\System32\bdesvc.dll
09:39:25.0760 1972 BDESVC - ok
09:39:25.0776 1972 [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep C:\Windows\system32\drivers\Beep.sys
09:39:25.0807 1972 Beep - ok
09:39:25.0854 1972 [ 9E6A544F465C582AB42444A217CF04DC ] BFE C:\Windows\System32\bfe.dll
09:39:25.0901 1972 BFE - ok
09:39:25.0932 1972 [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS C:\Windows\System32\qmgr.dll
09:39:25.0994 1972 BITS - ok
09:39:26.0057 1972 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:39:26.0088 1972 Bonjour Service - ok
09:39:26.0119 1972 [ B17AC10B47C7FCB44D22A1F06415840E ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:39:26.0151 1972 bowser - ok
09:39:26.0182 1972 [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
09:39:26.0198 1972 BrokerInfrastructure - ok
09:39:26.0229 1972 [ 310068BDA80B1D55C36580FD8A873FAF ] Browser C:\Windows\System32\browser.dll
09:39:26.0260 1972 Browser - ok
09:39:26.0307 1972 [ 942F3F6286056D6BBB5B02ED2B7088BD ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
09:39:26.0338 1972 BTATH_A2DP - ok
09:39:26.0338 1972 [ 43C965027229D9FF6E52E4C71C03B09E ] btath_avdt C:\Windows\system32\drivers\btath_avdt.sys
09:39:26.0354 1972 btath_avdt - ok
09:39:26.0370 1972 [ 23CEDCD7527A26B222732A158F76EB24 ] BTATH_BUS C:\Windows\System32\drivers\btath_bus.sys
09:39:26.0385 1972 BTATH_BUS - ok
09:39:26.0385 1972 [ 3DD64966A764BCAFF07C9DC064BD410E ] BTATH_HCRP C:\Windows\System32\drivers\btath_hcrp.sys
09:39:26.0401 1972 BTATH_HCRP - ok
09:39:26.0416 1972 [ B68EE0721EAC305AB1C9C989CDF1AEFF ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
09:39:26.0432 1972 BTATH_LWFLT - ok
09:39:26.0432 1972 [ EC7BB341229E9E6B04349580F55218B2 ] BTATH_RCP C:\Windows\System32\drivers\btath_rcp.sys
09:39:26.0448 1972 BTATH_RCP - ok
09:39:26.0510 1972 [ B0AE297D5BFDEAA5D0671B4483AA19C4 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
09:39:26.0541 1972 BtFilter - ok
09:39:26.0573 1972 [ F17DEEAC7D51D44CF1BFF8DD4F0A2B6D ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
09:39:26.0588 1972 BthAvrcpTg - ok
09:39:26.0635 1972 [ A8B20D852B07AE19A13B5D47EC4E4C3B ] BthEnum C:\Windows\System32\drivers\BthEnum.sys
09:39:26.0682 1972 BthEnum - ok
09:39:26.0713 1972 [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
09:39:26.0760 1972 BthHFEnum - ok
09:39:26.0791 1972 [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
09:39:26.0823 1972 bthhfhid - ok
09:39:26.0854 1972 [ 42201C346F0B8C458E1E9CDE04D68A2C ] BthLEEnum C:\Windows\system32\DRIVERS\BthLEEnum.sys
09:39:26.0901 1972 BthLEEnum - ok
09:39:26.0916 1972 [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
09:39:26.0963 1972 BTHMODEM - ok
09:39:26.0979 1972 [ 091BB978E9504D0AD14586929431A957 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
09:39:27.0010 1972 BthPan - ok
09:39:27.0057 1972 [ 13795CAA34239D97A7211E7F9D96E012 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
09:39:27.0120 1972 BTHPORT - ok
09:39:27.0151 1972 [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv C:\Windows\system32\bthserv.dll
09:39:27.0182 1972 bthserv - ok
09:39:27.0213 1972 [ 1F715957F5236D30B6020A19A4271F6A ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
09:39:27.0229 1972 BTHUSB - ok
09:39:27.0338 1972 [ F9709CC185D19D73F036CF2E47B6DEA5 ] CCDMonitorService C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
09:39:27.0448 1972 CCDMonitorService - ok
09:39:27.0479 1972 [ E41F70406C34F1CB667B4B27D81AD162 ] ccSet_NARA C:\Windows\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys
09:39:27.0495 1972 ccSet_NARA - ok
09:39:27.0526 1972 [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:39:27.0573 1972 cdfs - ok
09:39:27.0588 1972 [ 339BFF85D788268752DA8C9644B188EE ] cdrom C:\Windows\System32\drivers\cdrom.sys
09:39:27.0620 1972 cdrom - ok
09:39:27.0651 1972 [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc C:\Windows\System32\certprop.dll
09:39:27.0666 1972 CertPropSvc - ok
09:39:27.0713 1972 [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass C:\Windows\System32\drivers\circlass.sys
09:39:27.0745 1972 circlass - ok
09:39:27.0760 1972 [ 9905168708DB68849B879B5548F68AB3 ] CLFS C:\Windows\system32\drivers\CLFS.sys
09:39:27.0776 1972 CLFS - ok
09:39:27.0791 1972 [ 2DC8538A2260647484A6C921CA837313 ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
09:39:27.0823 1972 CmBatt - ok
09:39:27.0854 1972 [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG C:\Windows\system32\Drivers\cng.sys
09:39:27.0901 1972 CNG - ok
09:39:27.0901 1972 [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys
09:39:27.0935 1972 CompositeBus - ok
09:39:27.0950 1972 COMSysApp - ok
09:39:27.0950 1972 [ D9CB0782AF819548072AA45B70F8B22D ] condrv C:\Windows\system32\drivers\condrv.sys
09:39:27.0982 1972 condrv - ok
09:39:28.0060 1972 [ 163D27BA7726237F0E320438F0ECB612 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
09:39:28.0091 1972 cphs - ok
09:39:28.0138 1972 [ AFA426B0E7975CEB21F8B6711EFA8945 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:39:28.0169 1972 CryptSvc - ok
09:39:28.0201 1972 [ C4D01BD86D6B207275FC143EEA951D75 ] dam C:\Windows\system32\drivers\dam.sys
09:39:28.0216 1972 dam - ok
09:39:28.0263 1972 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch C:\Windows\system32\rpcss.dll
09:39:28.0310 1972 DcomLaunch - ok
09:39:28.0341 1972 [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc C:\Windows\System32\defragsvc.dll
09:39:28.0388 1972 defragsvc - ok
09:39:28.0419 1972 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\Windows\system32\das.dll
09:39:28.0451 1972 DeviceAssociationService - ok
09:39:28.0513 1972 [ 6EC5098678F3E8724A9F3E151031FEDE ] DeviceFastLaneService C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe
09:39:28.0544 1972 DeviceFastLaneService - ok
09:39:28.0591 1972 [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
09:39:28.0622 1972 DeviceInstall - ok
09:39:28.0654 1972 [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
09:39:28.0685 1972 Dfsc - ok
09:39:28.0716 1972 [ 421D371E96480DD3A14EA37D0D2757D1 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
09:39:28.0732 1972 dg_ssudbus - ok
09:39:28.0779 1972 [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp C:\Windows\system32\dhcpcore.dll
09:39:28.0810 1972 Dhcp - ok
09:39:28.0810 1972 [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache C:\Windows\system32\drivers\discache.sys
09:39:28.0841 1972 discache - ok
09:39:28.0841 1972 [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk C:\Windows\system32\drivers\disk.sys
09:39:28.0857 1972 disk - ok
09:39:28.0872 1972 [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
09:39:28.0888 1972 dmvsc - ok
09:39:28.0919 1972 [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:39:28.0951 1972 Dnscache - ok
09:39:28.0997 1972 [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc C:\Windows\System32\dot3svc.dll
09:39:29.0044 1972 dot3svc - ok
09:39:29.0060 1972 [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS C:\Windows\system32\dps.dll
09:39:29.0091 1972 DPS - ok
09:39:29.0122 1972 [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:39:29.0169 1972 drmkaud - ok
09:39:29.0201 1972 [ 4E2C9C48316B2156B45B58687C7435AC ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
09:39:29.0232 1972 DsiWMIService - ok
09:39:29.0247 1972 [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
09:39:29.0294 1972 DsmSvc - ok
09:39:29.0326 1972 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\System32\drivers\dtsoftbus01.sys
09:39:29.0341 1972 dtsoftbus01 - ok
09:39:29.0419 1972 [ 6D1B8A9A2C0BD4851D8AF1AB43E67AD9 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:39:29.0529 1972 DXGKrnl - ok
09:39:29.0544 1972 [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost C:\Windows\System32\eapsvc.dll
09:39:29.0576 1972 Eaphost - ok
09:39:29.0654 1972 [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv C:\Windows\system32\drivers\evbda.sys
09:39:29.0810 1972 ebdrv - ok
09:39:29.0857 1972 [ F702AB6181513303AB0FC8D59E52708B ] EFS C:\Windows\System32\lsass.exe
09:39:29.0904 1972 EFS - ok
09:39:29.0951 1972 [ AD23FC5DB336CA89A6FC2DA1F70E421C ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
09:39:29.0982 1972 EgisTec Ticket Service - ok
09:39:30.0013 1972 [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
09:39:30.0029 1972 EhStorClass - ok
09:39:30.0060 1972 [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
09:39:30.0076 1972 EhStorTcgDrv - ok
09:39:30.0123 1972 [ C9455140176A5D1F05FDA44E5F319856 ] ePowerSvc C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
09:39:30.0154 1972 ePowerSvc - ok
09:39:30.0154 1972 [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev C:\Windows\System32\drivers\errdev.sys
09:39:30.0185 1972 ErrDev - ok
09:39:30.0216 1972 [ 2D055FAB756A79F5221ADF56EAE4CB3B ] ETD C:\Windows\system32\DRIVERS\ETD.sys
09:39:30.0232 1972 ETD - ok
09:39:30.0263 1972 [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem C:\Windows\system32\es.dll
09:39:30.0294 1972 EventSystem - ok
09:39:30.0326 1972 [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat C:\Windows\system32\drivers\exfat.sys
09:39:30.0357 1972 exfat - ok
09:39:30.0388 1972 [ 60996602A7111FD2D086E803F33E4282 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:39:30.0404 1972 fastfat - ok
09:39:30.0435 1972 [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax C:\Windows\system32\fxssvc.exe
09:39:30.0466 1972 Fax - ok
09:39:30.0482 1972 [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc C:\Windows\System32\drivers\fdc.sys
09:39:30.0529 1972 fdc - ok
09:39:30.0545 1972 [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost C:\Windows\system32\fdPHost.dll
09:39:30.0576 1972 fdPHost - ok
09:39:30.0576 1972 [ 872506AAB591E8908DF4461475AF92DF ] FDResPub C:\Windows\system32\fdrespub.dll
09:39:30.0607 1972 FDResPub - ok
09:39:30.0639 1972 [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc C:\Windows\system32\fhsvc.dll
09:39:30.0670 1972 fhsvc - ok
09:39:30.0686 1972 [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:39:30.0701 1972 FileInfo - ok
09:39:30.0717 1972 [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:39:30.0748 1972 Filetrace - ok
09:39:30.0795 1972 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:39:30.0811 1972 FLEXnet Licensing Service - ok
09:39:30.0842 1972 [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
09:39:30.0873 1972 flpydisk - ok
09:39:30.0873 1972 [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:39:30.0904 1972 FltMgr - ok
09:39:30.0951 1972 [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache C:\Windows\system32\FntCache.dll
09:39:31.0014 1972 FontCache - ok
09:39:31.0076 1972 [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:39:31.0092 1972 FontCache3.0.0.0 - ok
09:39:31.0123 1972 [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:39:31.0123 1972 FsDepends - ok
09:39:31.0154 1972 [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:39:31.0170 1972 Fs_Rec - ok
09:39:31.0201 1972 [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:39:31.0232 1972 fvevol - ok
09:39:31.0264 1972 [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM C:\Windows\System32\drivers\fxppm.sys
09:39:31.0279 1972 FxPPM - ok
09:39:31.0295 1972 [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:39:31.0311 1972 gagp30kx - ok
09:39:31.0358 1972 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
09:39:31.0373 1972 GamesAppService - ok
09:39:31.0420 1972 [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
09:39:31.0451 1972 gencounter - ok
09:39:31.0483 1972 [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
09:39:31.0498 1972 GPIOClx0101 - ok
09:39:31.0545 1972 [ 5358678C6370F2ADC5291849F6503262 ] gpsvc C:\Windows\System32\gpsvc.dll
09:39:31.0623 1972 gpsvc - ok
09:39:31.0654 1972 [ C2504AA983B5D411F7D31402E8B57725 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:39:31.0670 1972 HdAudAddService - ok
09:39:31.0717 1972 [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
09:39:31.0748 1972 HDAudBus - ok
09:39:31.0764 1972 [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
09:39:31.0795 1972 HidBatt - ok
09:39:31.0826 1972 [ 085F150D002B7F0153D3C06DDF33A143 ] HidBth C:\Windows\System32\drivers\hidbth.sys
09:39:31.0858 1972 HidBth - ok
09:39:31.0889 1972 [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
09:39:31.0904 1972 hidi2c - ok
09:39:31.0904 1972 [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr C:\Windows\System32\drivers\hidir.sys
09:39:31.0951 1972 HidIr - ok
09:39:31.0983 1972 [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv C:\Windows\system32\hidserv.dll
09:39:31.0998 1972 hidserv - ok
09:39:32.0029 1972 [ 9E11EE0F2E117B2D5A835B2B91752827 ] HidUsb C:\Windows\System32\drivers\hidusb.sys
09:39:32.0061 1972 HidUsb - ok
09:39:32.0139 1972 [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:39:32.0201 1972 hkmsvc - ok
09:39:32.0248 1972 [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:39:32.0295 1972 HomeGroupListener - ok
09:39:32.0326 1972 [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:39:32.0358 1972 HomeGroupProvider - ok
09:39:32.0373 1972 [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:39:32.0389 1972 HpSAMD - ok
09:39:32.0451 1972 [ F4A91D985EB9D1D2717D538F3424603C ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:39:32.0514 1972 HTTP - ok
09:39:32.0529 1972 [ 2A98301068801700906C06649860FE94 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:39:32.0545 1972 hwpolicy - ok
09:39:32.0545 1972 [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
09:39:32.0576 1972 hyperkbd - ok
09:39:32.0576 1972 [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys
09:39:32.0595 1972 HyperVideo - ok
09:39:32.0595 1972 [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
09:39:32.0626 1972 i8042prt - ok
09:39:32.0642 1972 [ 0FE66A51D81A25AACEAAE4C26308121D ] iaStorA C:\Windows\system32\drivers\iaStorA.sys
09:39:32.0673 1972 iaStorA - ok
09:39:32.0689 1972 [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:39:32.0720 1972 iaStorV - ok
09:39:32.0893 1972 [ 11A31FC2481BFE69B0507ED8C80215F4 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
09:39:33.0158 1972 igfx - ok
09:39:33.0174 1972 [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:39:33.0190 1972 iirsp - ok
09:39:33.0252 1972 [ AD5DF6F4FBBC798636EDC66BFEC7D0DE ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
09:39:33.0268 1972 IJPLMSVC - ok
09:39:33.0362 1972 [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT C:\Windows\System32\ikeext.dll
09:39:33.0440 1972 IKEEXT - ok
09:39:33.0549 1972 [ 6BDCC85422817FA53CD705ADE312CE6A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:39:33.0690 1972 IntcAzAudAddService - ok
09:39:33.0721 1972 [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
09:39:33.0752 1972 IntcDAud - ok
09:39:33.0799 1972 [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
09:39:33.0815 1972 Intel(R) Capability Licensing Service Interface - ok
09:39:33.0877 1972 [ 9656F8E29F6C3161A3E99BCD3A472FF9 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
09:39:33.0893 1972 Intel(R) ME Service - ok
09:39:33.0924 1972 [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide C:\Windows\system32\drivers\intelide.sys
09:39:33.0940 1972 intelide - ok
09:39:33.0971 1972 [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm C:\Windows\System32\drivers\intelppm.sys
09:39:33.0987 1972 intelppm - ok
09:39:34.0002 1972 [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:39:34.0026 1972 IpFilterDriver - ok
09:39:34.0073 1972 [ C217B8D2E58C57A319B16125C3D4B69C ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:39:34.0120 1972 iphlpsvc - ok
09:39:34.0135 1972 [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
09:39:34.0151 1972 IPMIDRV - ok
09:39:34.0151 1972 [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:39:34.0182 1972 IPNAT - ok
09:39:34.0198 1972 [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:39:34.0213 1972 IRENUM - ok
09:39:34.0213 1972 [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:39:34.0229 1972 isapnp - ok
09:39:34.0260 1972 [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
09:39:34.0292 1972 iScsiPrt - ok
09:39:34.0323 1972 [ 78ABBE558F57144047F10A0F50FE4B2F ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
09:39:34.0338 1972 jhi_service - ok
09:39:34.0338 1972 [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
09:39:34.0354 1972 kbdclass - ok
09:39:34.0354 1972 [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
09:39:34.0370 1972 kbdhid - ok
09:39:34.0385 1972 [ FB6C185092E18011EF49989425C2AA87 ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys
09:39:34.0417 1972 kdnic - ok
09:39:34.0417 1972 [ F702AB6181513303AB0FC8D59E52708B ] KeyIso C:\Windows\system32\lsass.exe
09:39:34.0448 1972 KeyIso - ok
09:39:34.0479 1972 [ DFA480F6DED551464F3A5B959F437800 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:39:34.0495 1972 KSecDD - ok
09:39:34.0526 1972 [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:39:34.0542 1972 KSecPkg - ok
09:39:34.0573 1972 [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:39:34.0604 1972 ksthunk - ok
09:39:34.0651 1972 [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm C:\Windows\system32\msdtckrm.dll
09:39:34.0698 1972 KtmRm - ok
09:39:34.0729 1972 [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer C:\Windows\system32\srvsvc.dll
09:39:34.0776 1972 LanmanServer - ok
09:39:34.0807 1972 [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:39:34.0838 1972 LanmanWorkstation - ok
09:39:34.0870 1972 [ CEEFD29FC551F289810B0B9381B321DC ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:39:34.0901 1972 lltdio - ok
09:39:34.0932 1972 [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:39:34.0963 1972 lltdsvc - ok
09:39:34.0979 1972 [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:39:35.0010 1972 lmhosts - ok
09:39:35.0042 1972 [ 2C24DC448DBE8DB9BE1441B824C57E79 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
09:39:35.0057 1972 LMS - ok
09:39:35.0073 1972 [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:39:35.0088 1972 LSI_SAS - ok
09:39:35.0088 1972 [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
09:39:35.0104 1972 LSI_SAS2 - ok
09:39:35.0120 1972 [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:39:35.0135 1972 LSI_SCSI - ok
09:39:35.0135 1972 [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
09:39:35.0151 1972 LSI_SSS - ok
09:39:35.0182 1972 [ A57BA284F5996FFD32DCDBC41A4657DB ] LSM C:\Windows\System32\lsm.dll
09:39:35.0229 1972 LSM - ok
09:39:35.0245 1972 [ 2BDC5D711FA61307CE6190D47C956368 ] luafv C:\Windows\system32\drivers\luafv.sys
09:39:35.0260 1972 luafv - ok
09:39:35.0276 1972 [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas C:\Windows\system32\drivers\megasas.sys
09:39:35.0292 1972 megasas - ok
09:39:35.0307 1972 [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
09:39:35.0354 1972 MegaSR - ok
09:39:35.0370 1972 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\System32\drivers\HECIx64.sys
09:39:35.0385 1972 MEIx64 - ok
09:39:35.0417 1972 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS C:\Windows\system32\mmcss.dll
09:39:35.0432 1972 MMCSS - ok
09:39:35.0448 1972 [ 780098AD5DA8A4822E2563984C85EF7B ] Modem C:\Windows\system32\drivers\modem.sys
09:39:35.0479 1972 Modem - ok
09:39:35.0510 1972 [ EA8EAD3F5B762F889CC7F3966625B48B ] monitor C:\Windows\System32\drivers\monitor.sys
09:39:35.0526 1972 monitor - ok
09:39:35.0557 1972 [ 618446B98C79776654340CE27C73485E ] mouclass C:\Windows\System32\drivers\mouclass.sys
09:39:35.0573 1972 mouclass - ok
09:39:35.0604 1972 [ C0ADEBED913295803B579ED288936CBB ] mouhid C:\Windows\System32\drivers\mouhid.sys
09:39:35.0651 1972 mouhid - ok
09:39:35.0651 1972 [ 89D263DBF08119CE16273991C120D6DD ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:39:35.0667 1972 mountmgr - ok
09:39:35.0714 1972 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:39:35.0729 1972 MozillaMaintenance - ok
09:39:35.0760 1972 [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:39:35.0792 1972 mpsdrv - ok
09:39:35.0823 1972 [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:39:35.0885 1972 MpsSvc - ok
09:39:35.0917 1972 [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:39:35.0932 1972 MRxDAV - ok
09:39:35.0979 1972 [ 93179D48066918323628CB016D8C94DC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:39:36.0010 1972 mrxsmb - ok
09:39:36.0026 1972 [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:39:36.0042 1972 mrxsmb10 - ok
09:39:36.0089 1972 [ 5C7DD2E5759FFCCD2C7341C1B90F2B26 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:39:36.0104 1972 mrxsmb20 - ok
09:39:36.0135 1972 [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys
09:39:36.0167 1972 MsBridge - ok
09:39:36.0198 1972 [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC C:\Windows\System32\msdtc.exe
09:39:36.0229 1972 MSDTC - ok
09:39:36.0245 1972 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:39:36.0260 1972 Msfs - ok
09:39:36.0307 1972 [ C32A7A39B960A42BA9D4FBE47213CA03 ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys
09:39:36.0323 1972 msgpiowin32 - ok
09:39:36.0323 1972 [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:39:36.0354 1972 mshidkmdf - ok
09:39:36.0370 1972 [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys
09:39:36.0385 1972 mshidumdf - ok
09:39:36.0401 1972 [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:39:36.0417 1972 msisadrv - ok
09:39:36.0448 1972 [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:39:36.0464 1972 MSiSCSI - ok
09:39:36.0479 1972 msiserver - ok
09:39:36.0495 1972 [ 509809566E49F4411055864EA8D437CD ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:39:36.0510 1972 MSKSSRV - ok
09:39:36.0526 1972 [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys
09:39:36.0543 1972 MsLldp - ok
09:39:36.0558 1972 [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:39:36.0574 1972 MSPCLOCK - ok
09:39:36.0574 1972 [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:39:36.0605 1972 MSPQM - ok
09:39:36.0637 1972 [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:39:36.0657 1972 MsRPC - ok
09:39:36.0672 1972 [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios C:\Windows\System32\drivers\mssmbios.sys
09:39:36.0672 1972 mssmbios - ok
09:39:36.0688 1972 [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:39:36.0704 1972 MSTEE - ok
09:39:36.0704 1972 [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig C:\Windows\System32\drivers\MTConfig.sys
09:39:36.0719 1972 MTConfig - ok
09:39:36.0735 1972 [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup C:\Windows\system32\Drivers\mup.sys
09:39:36.0750 1972 Mup - ok
09:39:36.0750 1972 [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis C:\Windows\system32\drivers\mvumis.sys
09:39:36.0766 1972 mvumis - ok
09:39:36.0797 1972 [ C009123B206C56854F4E88596035231D ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
09:39:36.0797 1972 mwlPSDFilter - ok
09:39:36.0813 1972 [ BF3739EEB9F008B1DEBAC115089A53F8 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
09:39:36.0829 1972 mwlPSDNServ - ok
09:39:36.0844 1972 [ 38DD143D95E7A01B86F219DDA9C28779 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
09:39:36.0844 1972 mwlPSDVDisk - ok
09:39:36.0875 1972 [ 4B18840511D720BA118D3017E8165875 ] napagent C:\Windows\system32\qagentRT.dll
09:39:36.0922 1972 napagent - ok
09:39:36.0969 1972 [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:39:37.0000 1972 NativeWifiP - ok
09:39:37.0032 1972 [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc C:\Windows\System32\ncasvc.dll
09:39:37.0063 1972 NcaSvc - ok
09:39:37.0079 1972 [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
09:39:37.0110 1972 NcdAutoSetup - ok
09:39:37.0157 1972 [ 03CFE4108D1DE16D6C59455B5C73319C ] NDIS C:\Windows\system32\drivers\ndis.sys
09:39:37.0204 1972 NDIS - ok
09:39:37.0235 1972 [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:39:37.0266 1972 NdisCap - ok
09:39:37.0282 1972 [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys
09:39:37.0297 1972 NdisImPlatform - ok
09:39:37.0329 1972 [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:39:37.0360 1972 NdisTapi - ok
09:39:37.0375 1972 [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:39:37.0391 1972 Ndisuio - ok
09:39:37.0391 1972 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:39:37.0438 1972 NdisWan - ok
09:39:37.0438 1972 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY C:\Windows\system32\DRIVERS\ndiswan.sys
09:39:37.0469 1972 NDISWANLEGACY - ok
09:39:37.0500 1972 [ 3730942D7DB2F8BB5F84542B7FF6F650 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:39:37.0532 1972 NDProxy - ok
09:39:37.0532 1972 [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu C:\Windows\system32\drivers\Ndu.sys
09:39:37.0547 1972 Ndu - ok
09:39:37.0563 1972 [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:39:37.0579 1972 NetBIOS - ok
09:39:37.0594 1972 [ 7CEC25C682D319D484630B3952C31A11 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:39:37.0610 1972 NetBT - ok
09:39:37.0625 1972 [ F702AB6181513303AB0FC8D59E52708B ] Netlogon C:\Windows\system32\lsass.exe
09:39:37.0657 1972 Netlogon - ok
09:39:37.0719 1972 [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman C:\Windows\System32\netman.dll
09:39:37.0766 1972 Netman - ok
09:39:37.0813 1972 [ 5FF52E13C72838D87DAF228EC9E92C89 ] netprofm C:\Windows\System32\netprofmsvc.dll
09:39:37.0860 1972 netprofm - ok
09:39:37.0907 1972 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:39:37.0922 1972 NetTcpPortSharing - ok
09:39:37.0954 1972 [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
09:39:37.0969 1972 nfrd960 - ok
09:39:38.0016 1972 [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:39:38.0047 1972 NlaSvc - ok
09:39:38.0141 1972 [ EC6B98656770A0441C14BB86FEFC90AE ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
09:39:38.0219 1972 NOBU - ok
09:39:38.0235 1972 [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:39:38.0250 1972 Npfs - ok
09:39:38.0266 1972 [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys
09:39:38.0297 1972 npsvctrig - ok
09:39:38.0329 1972 [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi C:\Windows\system32\nsisvc.dll
09:39:38.0360 1972 nsi - ok
09:39:38.0360 1972 [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:39:38.0391 1972 nsiproxy - ok
09:39:38.0469 1972 [ 76929F4A69E425911A63B407E26C2589 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:39:38.0579 1972 Ntfs - ok
09:39:38.0657 1972 [ FF472A7055E765498AE52564B1503C3F ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
09:39:38.0688 1972 NTI IScheduleSvc - ok
09:39:38.0704 1972 [ 710263B44C1D1AEE07525A53401FBE48 ] NTIDrvr C:\windows\system32\drivers\NTIDrvr.sys
09:39:38.0719 1972 NTIDrvr - ok
09:39:38.0735 1972 [ 4163ADE07DB51843AE31F65B94F5398D ] Null C:\Windows\system32\drivers\Null.sys
09:39:38.0766 1972 Null - ok
09:39:38.0782 1972 [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:39:38.0813 1972 nvraid - ok
09:39:38.0813 1972 [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:39:38.0829 1972 nvstor - ok
09:39:38.0844 1972 [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:39:38.0860 1972 nv_agp - ok
09:39:38.0907 1972 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:39:38.0938 1972 ose - ok
09:39:38.0985 1972 [ B9C125314A025127FE562C116D614AA3 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:39:39.0016 1972 ose64 - ok
09:39:39.0173 1972 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:39:39.0345 1972 osppsvc - ok
09:39:39.0392 1972 [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:39:39.0407 1972 p2pimsvc - ok
09:39:39.0439 1972 [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc C:\Windows\system32\p2psvc.dll
09:39:39.0476 1972 p2psvc - ok
09:39:39.0491 1972 [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport C:\Windows\System32\drivers\parport.sys
09:39:39.0523 1972 Parport - ok
09:39:39.0554 1972 [ D6ACCF9F2EEEEA711C14EFD976E573F3 ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:39:39.0569 1972 partmgr - ok
09:39:39.0616 1972 [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:39:39.0648 1972 PcaSvc - ok
09:39:39.0663 1972 [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci C:\Windows\system32\drivers\pci.sys
09:39:39.0694 1972 pci - ok
09:39:39.0694 1972 [ F9908D274D458220F91E89B54D78D837 ] pciide C:\Windows\system32\drivers\pciide.sys
09:39:39.0710 1972 pciide - ok
09:39:39.0726 1972 [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:39:39.0741 1972 pcmcia - ok
09:39:39.0741 1972 [ CEBBAD5391C2644560C55628A40BFD27 ] pcw C:\Windows\system32\drivers\pcw.sys
09:39:39.0757 1972 pcw - ok
09:39:39.0804 1972 [ 0698DEDEAD6A00AD0D468C687D830FBF ] pdc C:\Windows\system32\drivers\pdc.sys
09:39:39.0804 1972 pdc - ok
09:39:39.0851 1972 [ 61FE70659CD43E07F94DA4DC31DEC493 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:39:39.0898 1972 PEAUTH - ok
09:39:39.0982 1972 [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:39:40.0013 1972 PerfHost - ok
09:39:40.0091 1972 [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla C:\Windows\system32\pla.dll
09:39:40.0200 1972 pla - ok
09:39:40.0232 1972 [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:39:40.0247 1972 PlugPlay - ok
09:39:40.0263 1972 [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:39:40.0294 1972 PNRPAutoReg - ok
09:39:40.0310 1972 [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:39:40.0341 1972 PNRPsvc - ok
09:39:40.0388 1972 [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:39:40.0435 1972 PolicyAgent - ok
09:39:40.0450 1972 [ F1E067F56373F11EA4B785CAE823740A ] Power C:\Windows\system32\umpo.dll
09:39:40.0482 1972 Power - ok
09:39:40.0497 1972 [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:39:40.0528 1972 PptpMiniport - ok
09:39:40.0653 1972 [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
09:39:40.0747 1972 PrintNotify - ok
09:39:40.0778 1972 [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor C:\Windows\System32\drivers\processr.sys
09:39:40.0810 1972 Processor - ok
09:39:40.0825 1972 [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc C:\Windows\system32\profsvc.dll
09:39:40.0872 1972 ProfSvc - ok
09:39:40.0888 1972 [ AF038FA3D3748B7595FE7096AD803696 ] Ps2Kb2Hid C:\Windows\System32\drivers\aPs2Kb2Hid.sys
09:39:40.0903 1972 Ps2Kb2Hid - ok
09:39:40.0919 1972 [ EB8034147D4820CD31BFCB11A2A652DF ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:39:40.0950 1972 Psched - ok
09:39:40.0982 1972 [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE C:\Windows\system32\qwave.dll
09:39:41.0028 1972 QWAVE - ok
09:39:41.0060 1972 [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:39:41.0075 1972 QWAVEdrv - ok
09:39:41.0091 1972 [ 873C60F8178100557740A832FCE10B5F ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:39:41.0122 1972 RasAcd - ok
09:39:41.0153 1972 [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:39:41.0169 1972 RasAgileVpn - ok
09:39:41.0200 1972 [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto C:\Windows\System32\rasauto.dll
09:39:41.0232 1972 RasAuto - ok
09:39:41.0263 1972 [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:39:41.0294 1972 Rasl2tp - ok
09:39:41.0310 1972 [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan C:\Windows\System32\rasmans.dll
09:39:41.0357 1972 RasMan - ok
09:39:41.0357 1972 [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:39:41.0388 1972 RasPppoe - ok
09:39:41.0403 1972 [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:39:41.0435 1972 RasSstp - ok
09:39:41.0482 1972 [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:39:41.0513 1972 rdbss - ok
09:39:41.0528 1972 [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys
09:39:41.0544 1972 rdpbus - ok
09:39:41.0575 1972 [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:39:41.0607 1972 RDPDR - ok
09:39:41.0638 1972 [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:39:41.0653 1972 RdpVideoMiniport - ok
09:39:41.0685 1972 [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:39:41.0700 1972 RDPWD - ok
09:39:41.0700 1972 [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:39:41.0732 1972 rdyboost - ok
09:39:41.0747 1972 [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:39:41.0778 1972 RemoteAccess - ok
09:39:41.0825 1972 [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:39:41.0872 1972 RemoteRegistry - ok
09:39:41.0888 1972 [ CF59781FCB68F859EB6C835ED285211D ] RfButtonDriverService C:\Windows\RfBtnSvc64.exe
09:39:41.0903 1972 RfButtonDriverService - ok
09:39:41.0919 1972 [ CCBFCABDFE2BC22F0645CEAADDB36004 ] RFCOMM C:\Windows\System32\drivers\rfcomm.sys
09:39:41.0950 1972 RFCOMM - ok
09:39:41.0982 1972 [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:39:42.0013 1972 RpcEptMapper - ok
09:39:42.0044 1972 [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator C:\Windows\system32\locator.exe
09:39:42.0075 1972 RpcLocator - ok
09:39:42.0122 1972 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs C:\Windows\system32\rpcss.dll
09:39:42.0169 1972 RpcSs - ok
09:39:42.0200 1972 [ 7B386B880EDAD12C5102B448E2A3127C ] RSBASTOR C:\Windows\system32\DRIVERS\RtsBaStor.sys
09:39:42.0216 1972 RSBASTOR - ok
09:39:42.0232 1972 [ E04E770DD198B9399640717145E79EBF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:39:42.0263 1972 rspndr - ok
09:39:42.0294 1972 [ 7D9DA8EC6784A9EE213C676709D46BE6 ] RTL8168 C:\Windows\system32\DRIVERS\Rt630x64.sys
09:39:42.0325 1972 RTL8168 - ok
09:39:42.0341 1972 [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap C:\Windows\System32\drivers\vms3cap.sys
09:39:42.0372 1972 s3cap - ok
09:39:42.0404 1972 [ F702AB6181513303AB0FC8D59E52708B ] SamSs C:\Windows\system32\lsass.exe
09:39:42.0435 1972 SamSs - ok
09:39:42.0450 1972 [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:39:42.0466 1972 sbp2port - ok
09:39:42.0497 1972 [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:39:42.0528 1972 SCardSvr - ok
09:39:42.0528 1972 [ 5D7733A12756B267FCA021672B26BC9E ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:39:42.0575 1972 scfilter - ok
09:39:42.0622 1972 [ ED40ED9A65F3E79A8C43DD50C5FDADBF ] Schedule C:\Windows\system32\schedsvc.dll
09:39:42.0685 1972 Schedule - ok
09:39:42.0732 1972 [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc C:\Windows\System32\certprop.dll
09:39:42.0779 1972 SCPolicySvc - ok
09:39:42.0810 1972 [ 047315E75392CEA447ACC86257824C16 ] sdbus C:\Windows\System32\drivers\sdbus.sys
09:39:42.0825 1972 sdbus - ok
09:39:42.0857 1972 [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:39:42.0872 1972 SDRSVC - ok
09:39:42.0919 1972 [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor C:\Windows\System32\drivers\sdstor.sys
09:39:42.0935 1972 sdstor - ok
09:39:42.0966 1972 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:39:42.0997 1972 secdrv - ok
09:39:43.0013 1972 [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon C:\Windows\system32\seclogon.dll
09:39:43.0044 1972 seclogon - ok
09:39:43.0060 1972 [ 9C51620998F0763039DFA6BF68E475ED ] SENS C:\Windows\System32\sens.dll
09:39:43.0091 1972 SENS - ok
09:39:43.0107 1972 [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:39:43.0122 1972 SensrSvc - ok
09:39:43.0154 1972 [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx C:\Windows\system32\drivers\SerCx.sys
09:39:43.0169 1972 SerCx - ok
09:39:43.0169 1972 [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum C:\Windows\System32\drivers\serenum.sys
09:39:43.0185 1972 Serenum - ok
09:39:43.0200 1972 [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial C:\Windows\System32\drivers\serial.sys
09:39:43.0216 1972 Serial - ok
09:39:43.0232 1972 [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse C:\Windows\System32\drivers\sermouse.sys
09:39:43.0247 1972 sermouse - ok
09:39:43.0325 1972 [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv C:\Windows\system32\sessenv.dll
09:39:43.0388 1972 SessionEnv - ok
09:39:43.0388 1972 [ 7EE65419B29302C795714FF8073969A1 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys
09:39:43.0419 1972 sfloppy - ok
09:39:43.0450 1972 [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:39:43.0482 1972 SharedAccess - ok
09:39:43.0529 1972 [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:39:43.0575 1972 ShellHWDetection - ok
09:39:43.0575 1972 [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
09:39:43.0591 1972 SiSRaid2 - ok
09:39:43.0591 1972 [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:39:43.0607 1972 SiSRaid4 - ok
09:39:43.0638 1972 [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:39:43.0654 1972 SNMPTRAP - ok
09:39:43.0700 1972 [ 872E937681910E2456A054331C7D5A18 ] spaceport C:\Windows\system32\drivers\spaceport.sys
09:39:43.0716 1972 spaceport - ok
09:39:43.0732 1972 [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx C:\Windows\system32\drivers\SpbCx.sys
09:39:43.0747 1972 SpbCx - ok
09:39:43.0763 1972 [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler C:\Windows\System32\spoolsv.exe
09:39:43.0810 1972 Spooler - ok
09:39:43.0904 1972 [ EC84D961501054F87A6878EC5D53388F ] sppsvc C:\Windows\system32\sppsvc.exe
09:39:44.0060 1972 sppsvc - ok
09:39:44.0091 1972 [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:39:44.0122 1972 srv - ok
09:39:44.0154 1972 [ 56218A571ECF8D55E0CDFF8DF2546CF1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:39:44.0185 1972 srv2 - ok
09:39:44.0216 1972 [ 14FC338B80CFF7E04215133B568D15C4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:39:44.0247 1972 srvnet - ok
09:39:44.0263 1972 [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:39:44.0310 1972 SSDPSRV - ok
09:39:44.0325 1972 [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:39:44.0357 1972 SstpSvc - ok
09:39:44.0404 1972 [ A97BFF59B3B983FDBDCD8AE6CF3C1E2D ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
09:39:44.0419 1972 ssudmdm - ok
09:39:44.0451 1972 [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor C:\Windows\system32\drivers\stexstor.sys
09:39:44.0466 1972 stexstor - ok
09:39:44.0497 1972 [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc C:\Windows\System32\wiaservc.dll
09:39:44.0529 1972 stisvc - ok
09:39:44.0560 1972 [ B240874B2CA0CD02E8CD11E140B14C57 ] storahci C:\Windows\system32\drivers\storahci.sys
09:39:44.0575 1972 storahci - ok
09:39:44.0591 1972 [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
09:39:44.0607 1972 storflt - ok
09:39:44.0622 1972 [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc C:\Windows\system32\storsvc.dll
09:39:44.0638 1972 StorSvc - ok
09:39:44.0654 1972 [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc C:\Windows\system32\drivers\storvsc.sys
09:39:44.0669 1972 storvsc - ok
09:39:44.0700 1972 [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc C:\Windows\system32\svsvc.dll
09:39:44.0747 1972 svsvc - ok
09:39:44.0763 1972 [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum C:\Windows\System32\drivers\swenum.sys
09:39:44.0779 1972 swenum - ok
09:39:44.0794 1972 [ 502F9488540051F3E6C39889ECFA76BB ] swprv C:\Windows\System32\swprv.dll
09:39:44.0841 1972 swprv - ok
09:39:44.0888 1972 [ DC21E1F06343773D7E24362DCEF7944B ] SysMain C:\Windows\system32\sysmain.dll
09:39:44.0966 1972 SysMain - ok
09:39:44.0997 1972 [ 6FB88606C4A71E1BFAF97D63A676C673 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
09:39:45.0013 1972 SystemEventsBroker - ok
09:39:45.0044 1972 [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\Windows\System32\TabSvc.dll
09:39:45.0061 1972 TabletInputService - ok
09:39:45.0092 1972 [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv C:\Windows\System32\tapisrv.dll
09:39:45.0123 1972 TapiSrv - ok
09:39:45.0202 1972 [ D750CE2A52F1B95E654CF2904C88EF1F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:39:45.0342 1972 Tcpip - ok
09:39:45.0420 1972 [ D750CE2A52F1B95E654CF2904C88EF1F ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:39:45.0498 1972 TCPIP6 - ok
09:39:45.0514 1972 [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:39:45.0530 1972 tcpipreg - ok
09:39:45.0545 1972 [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:39:45.0561 1972 tdx - ok
09:39:45.0577 1972 [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt C:\Windows\System32\drivers\terminpt.sys
09:39:45.0592 1972 terminpt - ok
09:39:45.0639 1972 [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService C:\Windows\System32\termsrv.dll
09:39:45.0686 1972 TermService - ok
09:39:45.0702 1972 [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes C:\Windows\system32\themeservice.dll
09:39:45.0733 1972 Themes - ok
09:39:45.0764 1972 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER C:\Windows\system32\mmcss.dll
09:39:45.0780 1972 THREADORDER - ok
09:39:45.0827 1972 [ 4515B9E4140F04FB3907692DF89FCA87 ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll
09:39:45.0858 1972 TimeBroker - ok
09:39:45.0889 1972 [ 6F0BFF80EE2A5BC841286A51F893CBAD ] TPM C:\Windows\system32\drivers\tpm.sys
09:39:45.0936 1972 TPM - ok
09:39:45.0967 1972 [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks C:\Windows\System32\trkwks.dll
09:39:45.0998 1972 TrkWks - ok
09:39:46.0045 1972 [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:39:46.0077 1972 TrustedInstaller - ok
09:39:46.0108 1972 [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:39:46.0123 1972 TsUsbFlt - ok
09:39:46.0123 1972 [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
09:39:46.0139 1972 TsUsbGD - ok
09:39:46.0155 1972 [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:39:46.0186 1972 tunnel - ok
09:39:46.0202 1972 [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:39:46.0217 1972 uagp35 - ok
09:39:46.0217 1972 [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor C:\Windows\System32\drivers\uaspstor.sys
09:39:46.0233 1972 UASPStor - ok
09:39:46.0264 1972 [ 69CC6087483FCE6AEBF1DF5AE791044F ] UBHelper C:\windows\system32\drivers\UBHelper.sys
09:39:46.0264 1972 UBHelper - ok
09:39:46.0295 1972 [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys
09:39:46.0311 1972 UCX01000 - ok
09:39:46.0342 1972 [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:39:46.0373 1972 udfs - ok
09:39:46.0405 1972 [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:39:46.0436 1972 UI0Detect - ok
09:39:46.0452 1972 [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:39:46.0467 1972 uliagpkx - ok
09:39:46.0467 1972 [ 02CEB3FE6152668A7BA420B93B664860 ] umbus C:\Windows\System32\drivers\umbus.sys
09:39:46.0498 1972 umbus - ok
09:39:46.0498 1972 [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass C:\Windows\System32\drivers\umpass.sys
09:39:46.0514 1972 UmPass - ok
09:39:46.0561 1972 [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService C:\Windows\System32\umrdp.dll
09:39:46.0608 1972 UmRdpService - ok
09:39:46.0702 1972 [ E1A119AD21F5AFE22EB516C549306D3D ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
09:39:46.0733 1972 UNS - ok
09:39:46.0764 1972 [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost C:\Windows\System32\upnphost.dll
09:39:46.0811 1972 upnphost - ok
09:39:46.0858 1972 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\System32\Drivers\usbaapl64.sys
09:39:46.0874 1972 USBAAPL64 - ok
09:39:46.0905 1972 [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp C:\Windows\System32\drivers\usbccgp.sys
09:39:46.0920 1972 usbccgp - ok
09:39:46.0936 1972 [ B395B62B62F28106218FA6FB17F4C797 ] usbcir C:\Windows\System32\drivers\usbcir.sys
09:39:46.0967 1972 usbcir - ok
09:39:47.0014 1972 [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci C:\Windows\System32\drivers\usbehci.sys
09:39:47.0045 1972 usbehci - ok
09:39:47.0077 1972 [ ADBF89B8E0BB372FEFE2E4B84E1E20AE ] usbhub C:\Windows\System32\drivers\usbhub.sys
09:39:47.0108 1972 usbhub - ok
09:39:47.0155 1972 [ C5986337DE3BF63ABD9ED4D834D34B89 ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
09:39:47.0186 1972 USBHUB3 - ok
09:39:47.0233 1972 [ 325F6179009B5A7F6118951A5BA422AB ] usbohci C:\Windows\System32\drivers\usbohci.sys
09:39:47.0248 1972 usbohci - ok
09:39:47.0280 1972 [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint C:\Windows\System32\drivers\usbprint.sys
09:39:47.0311 1972 usbprint - ok
09:39:47.0358 1972 [ A9858597B6DB695F78A37F6755A6FF98 ] usbscan C:\Windows\System32\drivers\usbscan.sys
09:39:47.0389 1972 usbscan - ok
09:39:47.0405 1972 [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
09:39:47.0420 1972 USBSTOR - ok
09:39:47.0452 1972 [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci C:\Windows\System32\drivers\usbuhci.sys
09:39:47.0467 1972 usbuhci - ok
09:39:47.0499 1972 [ 09799E701B4327097E9F63D3FE221083 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
09:39:47.0530 1972 usbvideo - ok
09:39:47.0577 1972 [ 11C0CF143D246E2F0E9BDBF17A0CC70B ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
09:39:47.0608 1972 USBXHCI - ok
09:39:47.0624 1972 [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc C:\Windows\system32\lsass.exe
09:39:47.0639 1972 VaultSvc - ok
09:39:47.0670 1972 [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:39:47.0670 1972 vdrvroot - ok
09:39:47.0733 1972 [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds C:\Windows\System32\vds.exe
09:39:47.0780 1972 vds - ok
09:39:47.0780 1972 [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys
09:39:47.0795 1972 VerifierExt - ok
09:39:47.0827 1972 [ 500BE6B2E49883720D0AE8BB859ED7A3 ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
09:39:47.0842 1972 vhdmp - ok
09:39:47.0858 1972 [ F5B4A14B00E89250C50982AC762DDD1D ] viaide C:\Windows\system32\drivers\viaide.sys
09:39:47.0874 1972 viaide - ok
09:39:47.0874 1972 [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus C:\Windows\system32\drivers\vmbus.sys
09:39:47.0905 1972 vmbus - ok
09:39:47.0905 1972 [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys
09:39:47.0920 1972 VMBusHID - ok
09:39:47.0952 1972 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat C:\Windows\System32\ICSvc.dll
09:39:47.0983 1972 vmicheartbeat - ok
09:39:47.0983 1972 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
09:39:48.0014 1972 vmickvpexchange - ok
09:39:48.0014 1972 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv C:\Windows\System32\ICSvc.dll
09:39:48.0030 1972 vmicrdv - ok
09:39:48.0045 1972 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown C:\Windows\System32\ICSvc.dll
09:39:48.0061 1972 vmicshutdown - ok
09:39:48.0077 1972 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync C:\Windows\System32\ICSvc.dll
09:39:48.0092 1972 vmictimesync - ok
09:39:48.0108 1972 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss C:\Windows\System32\ICSvc.dll
09:39:48.0124 1972 vmicvss - ok
09:39:48.0139 1972 [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:39:48.0155 1972 volmgr - ok
09:39:48.0170 1972 [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:39:48.0186 1972 volmgrx - ok
09:39:48.0202 1972 [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:39:48.0217 1972 volsnap - ok
09:39:48.0233 1972 [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci C:\Windows\System32\drivers\vpci.sys
09:39:48.0249 1972 vpci - ok
09:39:48.0264 1972 [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:39:48.0280 1972 vsmraid - ok
09:39:48.0374 1972 [ EA658570314042C914964FC72AB50E6B ] VSS C:\Windows\system32\vssvc.exe
09:39:48.0436 1972 VSS - ok
09:39:48.0452 1972 [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys
09:39:48.0483 1972 VSTXRAID - ok
09:39:48.0483 1972 [ 62460A45435A26A334907E3F2EA45611 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
09:39:48.0514 1972 vwifibus - ok
09:39:48.0514 1972 [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:39:48.0530 1972 vwififlt - ok
09:39:48.0545 1972 [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:39:48.0561 1972 vwifimp - ok
09:39:48.0577 1972 [ F690B6EEAA94576727B24376D7ED3601 ] W32Time C:\Windows\system32\w32time.dll
09:39:48.0624 1972 W32Time - ok
09:39:48.0639 1972 [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen C:\Windows\System32\drivers\wacompen.sys
09:39:48.0670 1972 WacomPen - ok
09:39:48.0717 1972 [ 61F6972FF9AC9A8D0B4D62076DC30051 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
09:39:48.0733 1972 Wanarp - ok
09:39:48.0733 1972 [ 61F6972FF9AC9A8D0B4D62076DC30051 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:39:48.0749 1972 Wanarpv6 - ok
09:39:48.0795 1972 [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine C:\Windows\system32\wbengine.exe
09:39:48.0858 1972 wbengine - ok
09:39:48.0889 1972 [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:39:48.0936 1972 WbioSrvc - ok
09:39:48.0936 1972 [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
09:39:48.0967 1972 Wcmsvc - ok
09:39:49.0014 1972 [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:39:49.0045 1972 wcncsvc - ok
09:39:49.0061 1972 [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:39:49.0092 1972 WcsPlugInService - ok
09:39:49.0108 1972 [ B3A4D918DAB90505B6BC7B70632913CB ] Wd C:\Windows\system32\drivers\wd.sys
09:39:49.0124 1972 Wd - ok
09:39:49.0155 1972 [ 6F4B5DDDC3B86091E94BC47347A78AF7 ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
09:39:49.0170 1972 WdBoot - ok
09:39:49.0249 1972 [ 2ADC985B85A71BD7D99712EC0C24358B ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:39:49.0295 1972 Wdf01000 - ok
09:39:49.0342 1972 [ 99D404A9A0AFC4734E014EBEBAC13F8F ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
09:39:49.0358 1972 WdFilter - ok
09:39:49.0389 1972 [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:39:49.0420 1972 WdiServiceHost - ok
09:39:49.0436 1972 [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:39:49.0467 1972 WdiSystemHost - ok
09:39:49.0499 1972 [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient C:\Windows\System32\webclnt.dll
09:39:49.0530 1972 WebClient - ok
09:39:49.0545 1972 [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:39:49.0577 1972 Wecsvc - ok
09:39:49.0577 1972 [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:39:49.0624 1972 wercplsupport - ok
09:39:49.0655 1972 [ 5F70EBFC1F75B487DE79501E3CCBDB54 ] WerSvc C:\Windows\System32\WerSvc.dll
09:39:49.0702 1972 WerSvc - ok
09:39:49.0717 1972 [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys
09:39:49.0733 1972 WFPLWFS - ok
09:39:49.0764 1972 [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc C:\Windows\System32\wiarpc.dll
09:39:49.0795 1972 WiaRpc - ok
09:39:49.0795 1972 [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:39:49.0811 1972 WIMMount - ok
09:39:49.0842 1972 WinDefend - ok
09:39:49.0889 1972 [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
09:39:49.0952 1972 WinHttpAutoProxySvc - ok
09:39:49.0999 1972 [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:39:50.0030 1972 Winmgmt - ok
09:39:50.0108 1972 [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM C:\Windows\system32\WsmSvc.dll
09:39:50.0217 1972 WinRM - ok
09:39:50.0249 1972 [ BB20956C424531003F7FA6CD36F11D5D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:39:50.0296 1972 WinUsb - ok
09:39:50.0358 1972 [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc C:\Windows\System32\wlansvc.dll
09:39:50.0421 1972 WlanSvc - ok
09:39:50.0483 1972 [ B330CE47FB74A6BE9A3FFFF4B3F64D9B ] wlidsvc C:\Windows\system32\wlidsvc.dll
09:39:50.0592 1972 wlidsvc - ok
09:39:50.0624 1972 [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys
09:39:50.0639 1972 WmiAcpi - ok
09:39:50.0655 1972 [ D113499052C5E541906B727779F0F959 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:39:50.0671 1972 wmiApSrv - ok
09:39:50.0702 1972 WMPNetworkSvc - ok
09:39:50.0717 1972 [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys
09:39:50.0733 1972 wpcfltr - ok
09:39:50.0764 1972 [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:39:50.0780 1972 WPCSvc - ok
09:39:50.0811 1972 [ 3013658A4D327854BEEC4A08D9655194 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:39:50.0842 1972 WPDBusEnum - ok
09:39:50.0858 1972 [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys
09:39:50.0889 1972 WpdUpFltr - ok
09:39:50.0921 1972 [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:39:50.0936 1972 ws2ifsl - ok
09:39:50.0983 1972 [ 012CFE7F0F95266F554EE3B91EE2128A ] wscsvc C:\Windows\System32\wscsvc.dll
09:39:51.0061 1972 wscsvc - ok
09:39:51.0061 1972 WSearch - ok
09:39:51.0155 1972 [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService C:\Windows\System32\WSService.dll
09:39:51.0280 1972 WSService - ok
09:39:51.0389 1972 [ 79F95469604B77296346DE7DB463EA2A ] wuauserv C:\Windows\system32\wuaueng.dll
09:39:51.0499 1972 wuauserv - ok
09:39:51.0530 1972 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:39:51.0561 1972 WudfPf - ok
09:39:51.0577 1972 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
09:39:51.0608 1972 WUDFRd - ok
09:39:51.0608 1972 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFSensorLP C:\Windows\system32\DRIVERS\WUDFRd.sys
09:39:51.0624 1972 WUDFSensorLP - ok
09:39:51.0655 1972 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:39:51.0686 1972 wudfsvc - ok
09:39:51.0686 1972 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs C:\Windows\system32\DRIVERS\WUDFRd.sys
09:39:51.0717 1972 WUDFWpdFs - ok
09:39:51.0717 1972 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdMtp C:\Windows\system32\DRIVERS\WUDFRd.sys
09:39:51.0733 1972 WUDFWpdMtp - ok
09:39:51.0780 1972 [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc C:\Windows\System32\wwansvc.dll
09:39:51.0796 1972 WwanSvc - ok
09:39:51.0842 1972 [ BB1842E3AA602B401F7692718B0D0F9A ] ZAtheros Wlan Agent C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
09:39:51.0858 1972 ZAtheros Wlan Agent - ok
09:39:51.0858 1972 ================ Scan global ===============================
09:39:51.0921 1972 [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\Windows\system32\basesrv.dll
09:39:51.0952 1972 [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\Windows\system32\winsrv.dll
09:39:51.0983 1972 [ BD7C6949984D19AAA609896B675E7357 ] C:\Windows\system32\sxssrv.dll
09:39:52.0030 1972 [ 8F226143046435C75C033B0C52E90FFE ] C:\Windows\system32\services.exe
09:39:52.0030 1972 [Global] - ok
09:39:52.0030 1972 ================ Scan MBR ==================================
09:39:52.0046 1972 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
09:39:52.0155 1972 \Device\Harddisk0\DR0 - ok
09:39:52.0155 1972 ================ Scan VBR ==================================
09:39:52.0155 1972 [ 01D5189F4215CB0EF4A4424225298EF1 ] \Device\Harddisk0\DR0\Partition1
09:39:52.0171 1972 \Device\Harddisk0\DR0\Partition1 - ok
09:39:52.0202 1972 [ 61C96EEEA0A57E8234A1C1FBE0BD487F ] \Device\Harddisk0\DR0\Partition2
09:39:52.0202 1972 \Device\Harddisk0\DR0\Partition2 - ok
09:39:52.0217 1972 [ 1DEC8F6338BF63839C2FEF02B9AD644E ] \Device\Harddisk0\DR0\Partition3
09:39:52.0217 1972 \Device\Harddisk0\DR0\Partition3 - ok
09:39:52.0233 1972 [ E6F59695E3E84A0B4B00498287AA2C06 ] \Device\Harddisk0\DR0\Partition4
09:39:52.0280 1972 \Device\Harddisk0\DR0\Partition4 - ok
09:39:52.0327 1972 [ A95BBE88F413DED6D085BD464DC0B9E9 ] \Device\Harddisk0\DR0\Partition5
09:39:52.0343 1972 \Device\Harddisk0\DR0\Partition5 - ok
09:39:52.0343 1972 ============================================================
09:39:52.0343 1972 Scan finished
09:39:52.0343 1972 ============================================================
09:39:52.0358 3148 Detected object count: 0
09:39:52.0358 3148 Actual detected object count: 0
09:41:25.0240 1504 Deinitialize success
|
|
14.06.2013, 08:59
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Welcome to nginx Virus beseitigen Unauffällig
__________________JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ |
|
14.06.2013, 10:55
| #19 |
| | Welcome to nginx Virus beseitigen JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 8 x64
Ran by malte brz on 14.06.2013 at 11:46:40,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2902786437-1967056483-2516386748-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7DDF9DA1-0D95-4732-86C8-DCD60CED3B9E}
~~~ Files
~~~ Folders
Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
~~~ FireFox
Successfully deleted: [File] C:\Users\malte brz\AppData\Roaming\mozilla\firefox\profiles\qgd1y4n3.default\searchplugins\askcom.xml
Successfully deleted the following from C:\Users\malte brz\AppData\Roaming\mozilla\firefox\profiles\qgd1y4n3.default\prefs.js
user_pref("browser.search.order.1", "Ask.com");
user_pref("browser.search.selectedEngine", "Ask.com");
Emptied folder: C:\Users\malte brz\AppData\Roaming\mozilla\firefox\profiles\qgd1y4n3.default\minidumps [26 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.06.2013 at 11:54:18,47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.303 - Datei am 14/06/2013 um 11:56:59 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzer : malte brz - MALTE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\malte brz\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Gelöscht mit Neustart : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\MALTEB~1\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\MALTEB~1\AppData\Local\Temp\OCS
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\malte brz\AppData\Roaming\Mozilla\Firefox\Profiles\qgd1y4n3.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1574 octets] - [14/06/2013 11:56:59]
########## EOF - C:\AdwCleaner[S1].txt - [1634 octets] ##########
Code:
ATTFilter OTL logfile created on: 14.06.2013 12:04:24 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\malte brz\Desktop\malte\Programme 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16599) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,80 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 66,26% Memory free 7,67 Gb Paging File | 6,36 Gb Available in Paging File | 82,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451,28 Gb Total Space | 322,25 Gb Free Space | 71,41% Space Free | Partition Type: NTFS Drive F: | 782,96 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: MALTE | User Name: malte brz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\malte brz\Desktop\malte\Programme\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe (Atheros) PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation) PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) PRC - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe () PRC - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe () PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe (Intel Corporation) PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\be8901c962e7860e6cdbc04cf004d28c\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a91c02c943b1c6d0397debcaf59fa3f1\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\4d7213b26ae1b5f4877cb7a46ad9c7ee\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\a36962349a0b781bf4d9efb28b00e12a\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\3f5b2ec744f4902295c007a00ef2e060\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a5b7cd1182dbe492f15867eeeae2ca83\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a259a25da81b643ba88f2d2de42d0db9\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dd071d70e98a648536d0f31bc016ee3f\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3f6e02350032d57ae226460ede82a5b8\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\78937c63c1db458e4d9649fa2320cb39\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5cb0754debdf19b9f0d63d4d8721f532\System.Windows.Forms.ni.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\374a0cc6603f58864831897ef723bd4a\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll () MOD - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe () MOD - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe () MOD - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll () MOD - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll () MOD - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll () MOD - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll () MOD - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ServiceManagerStarter.dll () MOD - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll () MOD - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll () MOD - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll () MOD - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll () MOD - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll () MOD - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll () MOD - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll () ========== Services (SafeList) ========== SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (ose64) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (RfButtonDriverService) -- C:\Windows\RfBtnSvc64.exe (Dritek System INC.) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (ZAtheros Wlan Agent) -- C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe (Atheros) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer Power Management\ePowerSvc.exe (Acer Incorporated) SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Qualcomm Atheros Commnucations) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation) SRV - (DeviceFastLaneService) -- C:\Programme\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe (Acer Incorporated) SRV - (CCDMonitorService) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. ) SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys () DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\Drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys () DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\Drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\Drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\Drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\Drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\Drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\Drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\Drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (Ps2Kb2Hid) -- C:\Windows\SysNative\Drivers\aPs2Kb2Hid.sys (Dritek System Inc.) DRV:64bit: - (ETD) -- C:\Windows\SysNative\Drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\Drivers\btfilter.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\Drivers\btath_rcp.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\Drivers\btath_lwflt.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\Drivers\btath_hcrp.sys (Qualcomm Atheros) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\Drivers\btath_flt.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\Drivers\btath_a2dp.sys (Qualcomm Atheros) DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\Drivers\btath_avdt.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\Drivers\btath_bus.sys (Qualcomm Atheros) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\Drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.) DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (RSBASTOR) -- C:\Windows\SysNative\Drivers\RtsBaStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek ) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\Drivers\BCMWL63A.SYS (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\Drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (ccSet_NARA) -- C:\Windows\SysNative\Drivers\NARAx64\0401000.00A\ccSetx64.sys (Symantec Corporation) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\Drivers\UBHelper.sys (NTI Corporation) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NTI Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{9E939EC6-340C-4E76-BDF7-F28FF5D4F5EC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{9E939EC6-340C-4E76-BDF7-F28FF5D4F5EC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=; ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: support%40free-hideip.com:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.gopher: "" FF - prefs.js..network.proxy.gopher_port: 0 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\malte brz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.05.23 11:02:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.15 10:25:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013.01.08 23:10:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\malte brz\AppData\Roaming\mozilla\Extensions [2013.03.21 17:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\malte brz\AppData\Roaming\mozilla\Firefox\Profiles\qgd1y4n3.default\extensions [2013.01.20 18:41:28 | 000,004,548 | ---- | M] () (No name found) -- C:\Users\malte brz\AppData\Roaming\mozilla\firefox\profiles\qgd1y4n3.default\extensions\support@free-hideip.com.xpi [2013.05.22 14:14:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.22 14:14:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.05.22 11:07:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\updated\browser\extensions [2013.05.22 11:07:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.01.11 04:06:08 | 000,033,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [BtPreLoad] C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe () O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BakupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LManager] File not found O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [Facebook Update] C:\Users\malte brz\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [Free Hide IP] C:\Program Files (x86)\FreeHideIP\FreeHideIP.exe (FreeHideIP.Com) O4 - HKCU..\Run: [icq] C:\Users\malte brz\AppData\Roaming\ICQM\icq.exe (ICQ) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - Startup: C:\Users\malte brz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java-Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58005BF4-5BE1-4695-A3C1-F09A055C2BED}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3FA6D09-1C7A-452C-9AC8-FCCCDA5130F1}: DhcpNameServer = 192.11.128.24 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.12.13 23:04:47 | 000,000,175 | R--- | M] () - F:\autorun.inf -- [ UDF ] O33 - MountPoints2\{efef7591-6886-11e2-be90-206a8a8e0cb7}\Shell - "" = AutoRun O33 - MountPoints2\{efef7591-6886-11e2-be90-206a8a8e0cb7}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- [2012.10.02 02:25:32 | 000,214,664 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{efef7591-6886-11e2-be90-206a8a8e0cb7}\Shell\configure\command - "" = F:\setup.exe -- [2012.10.02 02:25:32 | 000,214,664 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{efef7591-6886-11e2-be90-206a8a8e0cb7}\Shell\install\command - "" = F:\setup.exe -- [2012.10.02 02:25:32 | 000,214,664 | R--- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.14 11:46:37 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.06.14 11:46:11 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.14 11:44:52 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\malte brz\Desktop\JRT.exe [2013.06.13 17:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013.06.12 18:42:36 | 001,889,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013.06.12 18:42:35 | 001,255,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe [2013.06.12 18:42:35 | 001,013,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe [2013.06.12 18:42:34 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013.06.12 18:41:35 | 000,733,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.06.12 18:40:00 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll [2013.06.12 18:40:00 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll [2013.06.12 18:39:36 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.06.12 18:39:22 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll [2013.06.12 18:39:21 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.06.12 18:39:21 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.06.12 18:39:19 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.06.12 18:39:19 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.06.12 18:39:18 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll [2013.06.12 18:39:18 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll [2013.06.12 15:08:30 | 000,000,000 | ---D | C] -- C:\Users\malte brz\AppData\Roaming\Malwarebytes [2013.06.12 15:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.12 15:08:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.06.12 15:08:04 | 000,000,000 | ---D | C] -- C:\Users\malte brz\AppData\Local\Programs [2013.06.12 13:51:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos [2013.06.12 03:58:27 | 000,000,000 | ---D | C] -- C:\Users\malte brz\AppData\Local\Canon Easy-PhotoPrint EX [2013.06.11 23:46:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2013.06.11 19:58:05 | 000,000,000 | ---D | C] -- C:\Users\malte brz\AppData\Roaming\WildTangent [2013.06.11 16:17:53 | 000,000,000 | ---D | C] -- C:\Users\malte brz\AppData\Roaming\Apple Computer [2013.06.11 16:17:53 | 000,000,000 | ---D | C] -- C:\Users\malte brz\AppData\Local\Apple Computer [2013.06.11 16:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.06.11 16:17:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.06.11 16:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.06.11 16:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.06.11 16:16:15 | 000,000,000 | ---D | C] -- C:\Users\malte brz\AppData\Local\Apple [2013.06.11 16:16:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013.06.11 16:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2013.06.11 16:15:34 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2013.06.11 16:15:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2013.06.11 16:15:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013.06.11 16:15:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013.06.10 10:57:23 | 000,000,000 | ---D | C] -- C:\Users\malte brz\Documents\Bluetooth Folder [2013.05.23 10:59:11 | 000,693,112 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.23 10:59:11 | 000,078,200 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.22 14:24:26 | 013,648,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll [2013.05.22 14:24:24 | 003,552,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll [2013.05.22 14:24:23 | 014,267,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2013.05.22 14:24:21 | 011,878,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2013.05.22 14:24:20 | 002,107,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll [2013.05.22 14:24:19 | 010,789,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll [2013.05.22 14:24:18 | 002,767,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll [2013.05.22 14:24:17 | 001,593,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll [2013.05.22 14:24:15 | 001,829,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013.05.22 14:24:15 | 001,444,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSAudDecMFT.dll [2013.05.22 14:24:10 | 010,116,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll [2013.05.22 14:24:08 | 001,113,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSAudDecMFT.dll [2013.05.22 14:24:07 | 000,306,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd_02_10ec.dll [2013.05.22 14:24:06 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll [2013.05.22 14:24:05 | 000,446,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll [2013.05.22 14:24:05 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe [2013.05.22 14:24:05 | 000,298,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rsaenh.dll [2013.05.22 14:24:04 | 000,489,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll [2013.05.22 14:24:03 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll [2013.05.22 14:24:03 | 000,435,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll [2013.05.22 14:24:03 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.05.22 14:24:03 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmredir.dll [2013.05.22 14:24:02 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.05.22 14:24:02 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll [2013.05.22 14:24:02 | 000,253,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe [2013.05.22 14:24:01 | 000,804,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RecoveryDrive.exe [2013.05.22 14:24:01 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpncore.dll [2013.05.22 14:24:00 | 001,403,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi [2013.05.22 14:24:00 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.BackgroundTransfer.dll [2013.05.22 14:23:59 | 002,035,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.05.22 14:23:59 | 001,267,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe [2013.05.22 14:23:58 | 001,217,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi [2013.05.22 14:23:58 | 000,523,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.05.22 14:23:55 | 001,093,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe [2013.05.22 14:23:54 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll [2013.05.22 14:23:54 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll [2013.05.22 14:23:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhengine.dll [2013.05.22 14:23:54 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dmvdsitf.dll [2013.05.22 14:23:53 | 000,659,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll [2013.05.22 14:23:53 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll [2013.05.22 14:23:53 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll [2013.05.22 14:23:53 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll [2013.05.22 14:23:53 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEndpointBuilder.dll [2013.05.22 14:23:52 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe [2013.05.22 14:23:52 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Robocopy.exe [2013.05.22 14:23:52 | 000,123,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll [2013.05.22 14:23:52 | 000,077,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdvm.dll [2013.05.22 14:23:51 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Robocopy.exe [2013.05.22 14:23:50 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\intl.cpl [2013.05.22 14:23:50 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iuilp.dll [2013.05.22 14:23:49 | 000,284,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys [2013.05.22 14:23:48 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.05.22 14:23:48 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll [2013.05.22 14:23:48 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dmvdsitf.dll [2013.05.22 14:23:48 | 000,086,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdnet.dll [2013.05.22 14:23:47 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys [2013.05.22 14:23:46 | 000,745,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll [2013.05.22 14:23:45 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GenuineCenter.dll [2013.05.22 14:23:45 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll [2013.05.22 14:23:44 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\intl.cpl [2013.05.22 14:23:44 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fmifs.dll [2013.05.22 14:23:43 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fmifs.dll [2013.05.22 14:23:42 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssprxy.dll [2013.05.22 14:23:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll [2013.05.22 14:23:42 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshooks.dll [2013.05.22 14:23:42 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshooks.dll [2013.05.22 14:21:50 | 006,987,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.05.22 14:18:35 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.05.22 14:18:35 | 000,112,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013.05.22 14:18:09 | 002,382,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll [2013.05.22 14:18:08 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll [2013.05.16 10:15:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.05.16 10:15:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.05.16 10:14:56 | 000,866,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.05.16 10:14:56 | 000,788,896 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.05.16 10:14:56 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.05.16 10:14:54 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.05.16 10:14:54 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.05.16 10:14:54 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.05.16 10:14:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.05.16 10:09:13 | 000,203,672 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2013.05.16 10:09:13 | 000,103,064 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2013.05.16 10:03:16 | 000,000,000 | ---D | C] -- C:\Users\malte brz\Documents\samsung ========== Files - Modified Within 30 Days ========== [2013.06.14 12:00:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.14 11:58:43 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2013.06.14 11:58:08 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.06.14 11:58:06 | 3262,828,544 | -HS- | M] () -- C:\hiberfil.sys [2013.06.14 11:58:04 | 000,053,284 | ---- | M] () -- C:\Windows\SysNative\wpbbin.exe [2013.06.14 11:57:19 | 000,000,101 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.06.14 11:45:00 | 000,648,201 | ---- | M] () -- C:\Users\malte brz\Desktop\adwcleaner.exe [2013.06.14 11:44:54 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\malte brz\Desktop\JRT.exe [2013.06.14 11:18:01 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2902786437-1967056483-2516386748-1001UA.job [2013.06.14 11:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.13 17:57:01 | 000,000,870 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2013.06.13 15:16:00 | 431,600,004 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.13 09:25:52 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.13 09:25:52 | 000,753,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.13 09:25:52 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.13 09:25:52 | 000,155,826 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.13 09:25:52 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.12 18:23:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013.06.05 00:09:22 | 000,693,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.06.05 00:09:22 | 000,078,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.23 11:04:06 | 000,449,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.22 14:14:29 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.05.16 10:14:46 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.05.16 10:14:45 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.05.16 10:14:45 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.05.16 10:14:45 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.05.16 10:14:44 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.05.16 10:14:44 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.05.16 00:37:03 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll [2013.05.16 00:35:49 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll ========== Files Created - No Company Name ========== [2013.06.14 11:57:06 | 000,000,101 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.06.14 11:44:58 | 000,648,201 | ---- | C] () -- C:\Users\malte brz\Desktop\adwcleaner.exe [2013.06.11 16:16:13 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.05.23 11:03:54 | 000,449,688 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.22 14:23:42 | 000,387,688 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml [2013.02.05 18:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2013.01.17 18:00:27 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.09.06 07:33:46 | 000,000,267 | ---- | C] () -- C:\Windows\LaunApp.ini [2012.09.06 07:24:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin [2012.09.06 07:24:27 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.09.06 07:24:26 | 000,963,388 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin [2012.09.06 07:23:36 | 000,001,327 | ---- | C] () -- C:\Windows\WPatchProgress.ini [2012.09.06 07:23:36 | 000,000,223 | ---- | C] () -- C:\Windows\WisLangCode.ini [2012.09.05 22:13:32 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2012.08.07 03:57:19 | 000,000,460 | ---- | C] () -- C:\Windows\Prelaunch.ini [2012.08.07 03:57:19 | 000,000,395 | ---- | C] () -- C:\Windows\WisPriority.ini [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2012.04.20 13:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2013.03.20 16:32:35 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 14.06.2013 12:04:24 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\malte brz\Desktop\malte\Programme
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16599)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,80 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 66,26% Memory free
7,67 Gb Paging File | 6,36 Gb Available in Paging File | 82,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,28 Gb Total Space | 322,25 Gb Free Space | 71,41% Space Free | Partition Type: NTFS
Drive F: | 782,96 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: MALTE | User Name: malte brz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AB446E-56FB-47F8-AD64-BB68BD19BBAF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{112688F8-266A-41CF-9029-3206BBA88B28}" = lport=445 | protocol=6 | dir=in | app=system |
"{14FA7462-8B10-4AEB-9339-29049E337E0C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{160F0965-B73B-40CE-9648-64F944402158}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2364BA54-3A04-42EB-A240-537F6CB9FB69}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2520A42E-883B-42D7-8D9E-513AB6155DEB}" = rport=137 | protocol=17 | dir=out | app=system |
"{276ABE02-EE13-49AE-A19C-543C94FB2C80}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3BCDA151-D0F4-4074-BD6D-47664B3D9B39}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3EDFCC97-65B3-40BA-95C2-4259C5B8D857}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\dashost.exe |
"{41BF809A-D6F5-4305-B477-C39365E57381}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5036C5A7-6D59-4E09-B7B8-CE5A0E431966}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{53B7EAEC-330A-4D99-9AF8-78736BCBBADA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{591E48EC-1427-45B1-8B8A-C4FE5DD91952}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6193618D-2C7F-4781-BC8E-1B1167D68424}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |
"{65BBF4B2-8845-4276-8746-10041AFA3A58}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{67A13397-FF22-4839-85AC-DB9EEDC5BAB7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{688BD4CF-939C-4104-B814-A45A68F28158}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7B01F653-A8A2-4197-93F8-8654FBF7FF6D}" = lport=138 | protocol=17 | dir=in | app=system |
"{82401F79-B2A3-4029-BB79-F692C1143D27}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8E3599CE-3CF2-4502-989B-3990772474C4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ACBAD150-38E9-46A1-BE15-9F32E5CFD9FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B618A313-D12A-4B0B-ACB0-B6CE6F316326}" = lport=139 | protocol=6 | dir=in | app=system |
"{B65BF351-30DB-4307-AEF0-B90173332669}" = rport=2869 | protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B71C26F4-3837-43EF-9DA8-01822C5C5E7D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C811A8AC-B44C-4E04-8311-AD07476866A7}" = lport=137 | protocol=17 | dir=in | app=system |
"{CA33EA60-FE14-42DF-A7F1-A7EC1835D494}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CFF22A68-0D70-4AAB-B5EE-DC362F51F4D6}" = rport=138 | protocol=17 | dir=out | app=system |
"{D538C273-B4E0-49C7-A5B5-34017F7E4EF3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1F194E8-38C1-42D5-9F5E-D7AD8EE38E57}" = rport=139 | protocol=6 | dir=out | app=system |
"{E5CEE736-3EAF-4A38-978D-F988CDCB8E26}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E79EF012-EE27-4310-946C-44E99100FD15}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E8B31D01-25EF-42CB-8D48-B2E7F34BA252}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E9579924-6EB0-4B34-94C6-3B8602BBFC35}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EB8B6622-7105-40ED-9527-DCE7235E8B13}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FE33CCEA-06FF-429F-A90B-080D22C16E57}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CFEC0A-BCBC-446D-8AF5-59567ED7F21C}" = dir=in | name=shuffle party |
"{03459F46-A7C6-42F3-8CC5-89D5B716E512}" = dir=out | name=acer crystal eye |
"{0AC30674-5BB1-4BF0-843B-9506B24BC0C2}" = dir=out | name=ebay |
"{0AC3DCE9-B8BE-44AE-9D49-690CCC1080EF}" = dir=out | name=@{45242croysapps.archeryshooting_3.9.1.15_neutral__6bm9tbz9trsva?ms-resource://45242croysapps.archeryshooting/resources/gamename} |
"{0B13E16E-22B4-4678-9497-98FE6D7E62E0}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{18B9DBAA-ECFE-4216-8DA1-20BB78241E60}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1BB0C9AD-8E06-4987-ABFE-B6699193E02D}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{1C0DEA0A-997C-4F2F-8FF5-DB7567F67FB1}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{22B582EF-DBF8-47CA-96C9-9C8002DDD485}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{235D1FD4-BE74-4B0E-98E5-2622E3EB1A6F}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{2806CD28-1278-4F6A-BFE1-36BF39ED7516}" = dir=out | name=bild tablet |
"{28499078-552F-4516-93CD-855EA4A98C6A}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe |
"{298C9775-8C77-4964-AB7A-F334BB299E81}" = dir=out | name=shuffle party |
"{2CAEC09E-1A9B-4949-9279-6959FEB6DEE6}" = dir=out | name=tv-programm |
"{2D7CE946-5E6A-4C20-BBAF-4111AF505861}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe |
"{2F110AF0-5C9D-40E1-A72E-B6577E44639B}" = dir=out | name=the treasures of montezuma 3 |
"{3149B654-654B-4D6B-B6B9-0DBF0ACEF259}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{35F7F8C1-7FA9-4AE4-9B65-E9A8397F1CFC}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{36B16D64-DA51-487E-8153-57C2B97DFF3C}" = dir=out | name=post mobil |
"{3D722E03-7CAB-4A32-BCB8-11690C7F1630}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{3E74DDD3-0FF1-41E0-A065-30BD91674B47}" = dir=out | name=windows_ie_ac_001 |
"{3F6955EE-BEC2-449C-9E2D-4CD05FC364B7}" = dir=out | name=@{microsoft.remotedesktop_6.2.9200.20523_neutral__8wekyb3d8bbwe?ms-resource://microsoft.remotedesktop/resources/displayname} |
"{40198709-3F7D-41B0-9032-854FA1C539DE}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{44AC93BF-45DF-4F83-888E-64D0F5D1CE72}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{49A60F7C-59D3-4534-9EA6-86547054C3FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C4B58D5-463A-4D5C-8C8F-DE97018A89D5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4F5A4B66-5AFD-4CEC-8386-E8666C5F6058}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{504BAA0F-77EC-406A-B2B8-D78419411258}" = dir=out | name=microsoft solitaire collection |
"{5117B8BC-BE99-4154-BC71-E421A99A1D36}" = protocol=6 | dir=out | app=c:\program files (x86)\bluetooth suite\win7ui.exe |
"{539F107A-71A8-40C3-92CE-02748F319B30}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\musicplayer.exe |
"{619CA108-1DD0-495E-82C5-4E2C82E8BF31}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{63DA3455-7679-48CA-81DD-3C833FFEEF29}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{69A21F84-4694-42FE-AD15-114CDA5F9BC8}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{6B20DB39-DF7D-4EA7-B1F5-3B1148C92D91}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{708BF4B0-317E-4D6F-93D8-253F02568AD7}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{726E24A1-EF3F-4184-8DBD-04A13233CB87}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{73AA14E1-14D9-4DCD-9E95-062C011110AC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{76FB1EEB-D8DF-4ED0-B5B0-4DBCBDEF8FF5}" = protocol=6 | dir=out | app=system |
"{7964CF4B-F5E8-4490-A250-C884B309FC46}" = dir=in | name=ebay |
"{807A2574-AF1A-40A2-9E6E-73EA04756BBF}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{84DF2214-29FB-4AEA-A097-41BDE25B6D58}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{86905359-088D-42A9-B610-D5CA8D80D148}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{87602140-078C-4211-BDB7-1FDE1B3C2C1A}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe |
"{884B3506-3E2F-44CD-8F7C-AA9859685360}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{8C669277-9F37-49DC-85D9-BA91805AD4FA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{8CEBB7F0-3CD3-47C0-BAE3-65D56810849D}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{900EC83B-768A-4E63-8AD1-518A67253124}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{918047C2-EA27-42C5-B4DA-CBF1250EFE64}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{922FA47F-252A-497F-93D2-E2E9E165DC05}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{94B5967E-9834-47C7-9E0A-5B1F1FCE6551}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9622AF03-BB91-460A-B17B-0BC96F1BC5F2}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\fileexplorer.exe |
"{96473C4E-BE8C-4F30-B117-FD66B2A7E0AC}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\backupmanager.exe |
"{98D2B843-BF9A-4258-8AED-FBE5A1124C91}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9C416A28-D205-4FB6-B917-435863334E34}" = dir=out | name=men´s health |
"{9DED3FC4-DE08-457F-823E-C8B503161EAC}" = dir=out | name=@{microsoft.skypeapp_1.6.0.115_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{A4212012-C62C-46B6-A968-1A0C5B75DE89}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{A74EE93A-6597-4E0C-9411-5EF562614025}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AB382A7B-20E0-4559-9BF5-7556F149A6A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B3EDCA72-0181-421F-A716-69D7751E646C}" = dir=out | name=cut the rope |
"{B5CA6B96-DB86-43E7-A961-E2EFD77A713B}" = dir=in | name=@{microsoft.skypeapp_1.6.0.115_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{B7B73897-2916-43EC-B040-2802AB4E5ED4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{B9347A7B-194D-402D-ABE1-4B3BB3F518D1}" = protocol=6 | dir=out | app=c:\program files (x86)\bluetooth suite\bttray.exe |
"{BA50B35D-826F-49E8-94CB-D819176E8EBE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC6ABCAF-0940-4B82-9816-A177DE49AF7F}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\movie\playmovie.exe |
"{BF93B74A-7AD5-4697-8470-86FE101AD32A}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe |
"{C103E70F-7527-4E91-A4C1-D3751E6A203A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C1A2DFFF-1896-43EF-9F3C-BFE6286B6D05}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{C2BC5FE1-2E37-4E44-A481-302473865C28}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C2EB6DE9-2974-403A-889C-880DD64D9A46}" = protocol=17 | dir=in | app=c:\users\malte brz\appdata\roaming\icqm\icq.exe |
"{C504FE57-A2CA-403B-AC7D-CC42F54FFD28}" = protocol=6 | dir=in | app=c:\users\malte brz\appdata\roaming\icqm\icq.exe |
"{CA117769-935F-415F-BF19-CD9B87717A69}" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\btvstack.exe |
"{CB84D801-02D4-472F-ADD6-B9330BF67D85}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{CEBE45B5-F8E3-4CC2-9D7A-55A36748D912}" = dir=out | name=amazon |
"{D0131D37-A8D9-4A34-ABCD-5165D08300E2}" = dir=out | name=youtube player |
"{D024F0E3-34CC-4103-AE9F-83F0A7D9D18B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D59D0F5C-4847-4340-9B6E-D9F17085529B}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{D723CDB0-4852-456E-8FD9-5910F422540B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D8A1758E-784F-4225-BF4E-55E02E9F28B8}" = dir=in | app=c:\users\malte brz\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{DC3E0DC3-5D7A-4FFB-A18B-558065A7F4DA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{DEC762C5-4B9D-42B1-BAD5-28D99F191B78}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E40E8887-F81F-4846-81E3-2AC2FAF3F0F3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E439E921-8CAD-4793-8E14-D370603F3AE2}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{E55C0AE6-6EC0-432D-8023-08F6A3C4D648}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\ischedulesvc.exe |
"{E74D1109-70E6-46AB-A632-4BA90767998B}" = dir=in | name=@{microsoft.remotedesktop_6.2.9200.20523_neutral__8wekyb3d8bbwe?ms-resource://microsoft.remotedesktop/resources/displayname} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E7B6EBCC-DC09-48C3-9352-58D805345765}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EB424450-C736-4DA0-8C66-8095D351ADC8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EBC5490A-64FA-4500-818E-A973FFA88FA8}" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\bttray.exe |
"{ED8CC248-019E-42D8-A6A1-C4B7E4C85727}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF2B2EB0-278F-4B75-A542-2C89BA97E118}" = dir=out | name=@{microsoft.zunemusic_1.2.150.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{F197EC63-09AE-4E66-AAE3-814092CE055A}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe |
"{F3EA9B08-CEF0-47C7-AE36-A79DDBB157AF}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{F4DE4715-6790-47D0-BEC6-298AEBF812D8}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{FB627121-D4BD-4261-9780-ED0A8245328C}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{FD4203DB-E4FB-4E78-9E44-5B3776B7732A}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"TCP Query User{11F1A83D-E771-4312-ADED-3173CDB66D62}C:\program files (x86)\bluetooth suite\bttray.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\bttray.exe |
"TCP Query User{1FF459A9-A79B-4857-8B97-FB8A4E432A7B}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{BA31D625-7FF6-46C6-9F63-BDA626B1223D}C:\program files (x86)\bluetooth suite\btvstack.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\btvstack.exe |
"UDP Query User{39954282-A805-46CA-A689-CACBCC66C462}C:\program files (x86)\bluetooth suite\bttray.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bluetooth suite\bttray.exe |
"UDP Query User{99ECD298-6808-4762-B16D-E951FD4E3CE1}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{B816FDCF-D023-4C62-A1BF-E32249AB6493}C:\program files (x86)\bluetooth suite\btvstack.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bluetooth suite\btvstack.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}" = Acer Device Fast-lane
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.SingleImage_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.SingleImage_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90150000-0015-0407-1000-0000000FF1CE}" = Microsoft Access MUI (German) 2013
"{90150000-0016-0407-1000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013
"{90150000-0018-0407-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013
"{90150000-0019-0407-1000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013
"{90150000-001A-0407-1000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013
"{90150000-001B-0407-1000-0000000FF1CE}" = Microsoft Word MUI (German) 2013
"{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013
"{90150000-0044-0407-1000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013
"{90150000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-0090-0407-1000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013
"{90150000-00A1-0407-1000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013
"{90150000-00BA-0407-1000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2013
"{90150000-00E1-0407-1000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013
"{90150000-00E2-0407-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013
"{90150000-012B-0407-1000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013
"{91150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{B492663B-604B-4C9D-84A4-B17279167D4C}" = Acer Instant Update Service
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"Elantech" = ETDWare PS/2-X64 11.6.4.001_WHQL
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12141d67-56cc-4aca-ade4-bc44b4adaff8}" = Jackpot Capital German
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" = clear.fi SDK- Movie 2
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Backup Manager v4
"{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud
"{A694AF57-9891-4D62-824C-7E55A1361A14}" = eBay Worldwide
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media
"{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" = clear.fi SDK - Video 2
"{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"32red" = 32Red Casino
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Canon MG5100 series Benutzerregistrierung" = Canon MG5100 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DAEMON Tools Lite" = DAEMON Tools Lite
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FreeHideIP" = Free Hide IP
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Acer Backup Manager
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"jackpotcity" = Jackpot City
"LManager" = Launch Manager
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NARA" = Norton Online Backup ARA
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"TmNationsForever_is1" = TmNationsForever
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"WTA-09d2c448-d843-4a2f-aff0-2599ecf16da6" = Magic Academy
"WTA-0c9c90bd-8b9a-48ed-8796-dfa759fc70bc" = Delicious: Emily's True Love Premium Edition
"WTA-1cd52b52-b118-4842-a30a-c781e1b59467" = Agatha Christie - Death on the Nile
"WTA-346be69b-2a6c-44dd-81d6-20659fa1dd6c" = Bejeweled 3
"WTA-600c80ab-4c1d-42c5-bf1c-c9b61a73cbaa" = Jewel Match 3
"WTA-79a8095c-b9f6-44ff-84cb-7af007dbe03b" = Aloha TriPeaks
"WTA-82ad3123-157c-47a6-970c-77bf510025fa" = John Deere Drive Green
"WTA-8dce07a8-de6d-44d9-b33b-f55a37c48c64" = Polar Bowler
"WTA-9f45d707-3efd-47a1-af0a-36a384c656f3" = Governor of Poker 2 Premium Edition
"WTA-b8618fc5-1651-476c-ac3b-c8d5761e317b" = Final Drive: Nitro
"WTA-bb20c4d2-26cf-4d72-89ac-9a7f4e7ee408" = Plants vs. Zombies - Game of the Year
"WTA-c4396a31-4ce7-4f3a-98d8-d36dd1bfae4e" = Penguins!
"WTA-d7312d19-d22b-4e24-931c-a218fa99c4b2" = Tales of Lagoona
"WTA-e7cca8c6-98dd-4d97-957c-bb84630ad520" = Zuma's Revenge
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"EuroGrand Casino" = EuroGrand Casino
"ICQ" = ICQ 8.0 (build 5981, für aktuellen Benutzer)
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 14.06.2013 05:58:02 | Computer Name = malte | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =
< End of report >
|
|
14.06.2013, 11:24
| #20 |
| | Welcome to nginx Virus beseitigen adw-Cleaner: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 14/06/2013 um 11:56:59 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzer : malte brz - MALTE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\malte brz\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Gelöscht mit Neustart : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\MALTEB~1\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\MALTEB~1\AppData\Local\Temp\OCS
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\malte brz\AppData\Roaming\Mozilla\Firefox\Profiles\qgd1y4n3.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1574 octets] - [14/06/2013 11:56:59]
########## EOF - C:\AdwCleaner[S1].txt - [1634 octets] ##########
Code:
ATTFilter OTL logfile created on: 14.06.2013 12:18:00 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\malte brz\Desktop\malte\Programme 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16599) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,80 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 56,95% Memory free 7,67 Gb Paging File | 6,14 Gb Available in Paging File | 80,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451,28 Gb Total Space | 322,21 Gb Free Space | 71,40% Space Free | Partition Type: NTFS Drive F: | 782,96 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: MALTE | User Name: malte brz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\malte brz\Desktop\malte\Programme\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Windows\SysWOW64\WWAHost.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe (Atheros) PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation) PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) PRC - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe () PRC - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe () PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\be8901c962e7860e6cdbc04cf004d28c\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a91c02c943b1c6d0397debcaf59fa3f1\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\4d7213b26ae1b5f4877cb7a46ad9c7ee\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\a36962349a0b781bf4d9efb28b00e12a\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\3f5b2ec744f4902295c007a00ef2e060\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a5b7cd1182dbe492f15867eeeae2ca83\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a259a25da81b643ba88f2d2de42d0db9\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dd071d70e98a648536d0f31bc016ee3f\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3f6e02350032d57ae226460ede82a5b8\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\78937c63c1db458e4d9649fa2320cb39\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5cb0754debdf19b9f0d63d4d8721f532\System.Windows.Forms.ni.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\374a0cc6603f58864831897ef723bd4a\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll () MOD - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe () MOD - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe () ========== Services (SafeList) ========== SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (ose64) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (RfButtonDriverService) -- C:\Windows\RfBtnSvc64.exe (Dritek System INC.) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (ZAtheros Wlan Agent) -- C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe (Atheros) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer Power Management\ePowerSvc.exe (Acer Incorporated) SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Qualcomm Atheros Commnucations) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation) SRV - (DeviceFastLaneService) -- C:\Programme\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe (Acer Incorporated) SRV - (CCDMonitorService) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. ) SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys () DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\Drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys () DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\Drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\Drivers\ssudmdm.sys (DEVGURU Co., LTD.(DEVGURU :: DEVGURU? ????? ?????.)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\Drivers\ssudbus.sys (DEVGURU Co., LTD.(DEVGURU :: DEVGURU? ????? ?????.)) DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\Drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\Drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\Drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\Drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (Ps2Kb2Hid) -- C:\Windows\SysNative\Drivers\aPs2Kb2Hid.sys (Dritek System Inc.) DRV:64bit: - (ETD) -- C:\Windows\SysNative\Drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\Drivers\btfilter.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\Drivers\btath_rcp.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\Drivers\btath_lwflt.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\Drivers\btath_hcrp.sys (Qualcomm Atheros) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\Drivers\btath_flt.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\Drivers\btath_a2dp.sys (Qualcomm Atheros) DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\Drivers\btath_avdt.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\Drivers\btath_bus.sys (Qualcomm Atheros) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\Drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.) DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (RSBASTOR) -- C:\Windows\SysNative\Drivers\RtsBaStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek ) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\Drivers\BCMWL63A.SYS (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\Drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (ccSet_NARA) -- C:\Windows\SysNative\Drivers\NARAx64\0401000.00A\ccSetx64.sys (Symantec Corporation) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\Drivers\UBHelper.sys (NTI Corporation) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NTI Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{9E939EC6-340C-4E76-BDF7-F28FF5D4F5EC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{9E939EC6-340C-4E76-BDF7-F28FF5D4F5EC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=; ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: support%40free-hideip.com:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.gopher: "" FF - prefs.js..network.proxy.gopher_port: 0 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\malte brz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.05.23 11:02:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.15 10:25:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013.01.08 23:10:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\malte brz\AppData\Roaming\mozilla\Extensions [2013.03.21 17:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\malte brz\AppData\Roaming\mozilla\Firefox\Profiles\qgd1y4n3.default\extensions [2013.01.20 18:41:28 | 000,004,548 | ---- | M] () (No name found) -- C:\Users\malte brz\AppData\Roaming\mozilla\firefox\profiles\qgd1y4n3.default\extensions\support@free-hideip.com.xpi [2013.05.22 14:14:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.22 14:14:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.05.22 11:07:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\updated\browser\extensions [2013.05.22 11:07:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.01.11 04:06:08 | 000,033,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013.05.11 12:37:28 | 000,209,472 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [BtPreLoad] C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe () O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BakupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LManager] File not found O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation) O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [Facebook Update] C:\Users\malte brz\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [Free Hide IP] C:\Program Files (x86)\FreeHideIP\FreeHideIP.exe (FreeHideIP.Com) O4 - HKCU..\Run: [icq] C:\Users\malte brz\AppData\Roaming\ICQM\icq.exe (ICQ) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - Startup: C:\Users\malte brz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java-Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58005BF4-5BE1-4695-A3C1-F09A055C2BED}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3FA6D09-1C7A-452C-9AC8-FCCCDA5130F1}: DhcpNameServer = 192.11.128.24 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - File not found O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.12.13 23:04:47 | 000,000,175 | R--- | M] () - F:\autorun.inf -- [ UDF ] O33 - MountPoints2\{efef7591-6886-11e2-be90-206a8a8e0cb7}\Shell - "" = AutoRun O33 - MountPoints2\{efef7591-6886-11e2-be90-206a8a8e0cb7}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- [2012.10.02 02:25:32 | 000,214,664 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{efef7591-6886-11e2-be90-206a8a8e0cb7}\Shell\configure\command - "" = F:\setup.exe -- [2012.10.02 02:25:32 | 000,214,664 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{efef7591-6886-11e2-be90-206a8a8e0cb7}\Shell\install\command - "" = F:\setup.exe -- [2012.10.02 02:25:32 | 000,214,664 | R--- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.14 11:46:37 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.06.14 11:46:11 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.14 11:44:52 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\malte brz\Desktop\JRT.exe [2013.06.13 17:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013.06.12 18:42:36 | 001,889,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013.06.12 18:42:35 | 001,255,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe [2013.06.12 18:42:35 | 001,013,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe [2013.06.12 18:42:34 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013.06.12 18:41:35 | 000,733,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.06.12 18:40:00 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll [2013.06.12 18:40:00 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll [2013.06.12 18:39:36 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.06.12 18:39:22 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll [2013.06.12 18:39:21 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.06.12 18:39:21 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.06.12 18:39:19 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.06.12 18:39:19 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.06.12 18:39:18 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll [2013.06.12 18:39:18 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll [2013.06.12 15:08:30 | 000,000,000 | ---D | C] -- C:\Users\malte brz\AppData\Roaming\Malwarebytes [2013.06.12 15:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.12 15:08:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.06.12 15:08:04 | 000,000,000 | ---D | C] -- C:\Users\malte brz\AppData\Local\Programs [2013.06.12 13:51:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos [2013.06.12 03:58:27 | 000,000,000 | ---D | C] -- C:\Users\malte brz\AppData\Local\Canon Easy-PhotoPrint EX [2013.06.11 23:46:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2013.06.11 19:58:05 | 000,000,000 | ---D | C] -- C:\Users\malte brz\AppData\Roaming\WildTangent [2013.06.11 16:17:53 | 000,000,000 | ---D | C] -- C:\Users\malte brz\AppData\Roaming\Apple Computer [2013.06.11 16:17:53 | 000,000,000 | ---D | C] -- C:\Users\malte brz\AppData\Local\Apple Computer [2013.06.11 16:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.06.11 16:17:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.06.11 16:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.06.11 16:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.06.11 16:16:15 | 000,000,000 | ---D | C] -- C:\Users\malte brz\AppData\Local\Apple [2013.06.11 16:16:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013.06.11 16:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2013.06.11 16:15:34 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2013.06.11 16:15:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2013.06.11 16:15:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013.06.11 16:15:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013.06.10 10:57:23 | 000,000,000 | ---D | C] -- C:\Users\malte brz\Documents\Bluetooth Folder [2013.05.23 10:59:11 | 000,693,112 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.23 10:59:11 | 000,078,200 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.22 14:24:26 | 013,648,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll [2013.05.22 14:24:24 | 003,552,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll [2013.05.22 14:24:23 | 014,267,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2013.05.22 14:24:21 | 011,878,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2013.05.22 14:24:20 | 002,107,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll [2013.05.22 14:24:19 | 010,789,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll [2013.05.22 14:24:18 | 002,767,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll [2013.05.22 14:24:17 | 001,593,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll [2013.05.22 14:24:15 | 001,829,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013.05.22 14:24:15 | 001,444,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSAudDecMFT.dll [2013.05.22 14:24:10 | 010,116,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll [2013.05.22 14:24:08 | 001,113,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSAudDecMFT.dll [2013.05.22 14:24:07 | 000,306,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd_02_10ec.dll [2013.05.22 14:24:06 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll [2013.05.22 14:24:05 | 000,446,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll [2013.05.22 14:24:05 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe [2013.05.22 14:24:05 | 000,298,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rsaenh.dll [2013.05.22 14:24:04 | 000,489,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll [2013.05.22 14:24:03 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll [2013.05.22 14:24:03 | 000,435,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll [2013.05.22 14:24:03 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.05.22 14:24:03 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmredir.dll [2013.05.22 14:24:02 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.05.22 14:24:02 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll [2013.05.22 14:24:02 | 000,253,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe [2013.05.22 14:24:01 | 000,804,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RecoveryDrive.exe [2013.05.22 14:24:01 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpncore.dll [2013.05.22 14:24:00 | 001,403,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi [2013.05.22 14:24:00 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.BackgroundTransfer.dll [2013.05.22 14:23:59 | 002,035,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.05.22 14:23:59 | 001,267,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe [2013.05.22 14:23:58 | 001,217,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi [2013.05.22 14:23:58 | 000,523,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.05.22 14:23:55 | 001,093,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe [2013.05.22 14:23:54 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll [2013.05.22 14:23:54 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll [2013.05.22 14:23:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhengine.dll [2013.05.22 14:23:54 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dmvdsitf.dll [2013.05.22 14:23:53 | 000,659,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll [2013.05.22 14:23:53 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll [2013.05.22 14:23:53 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll [2013.05.22 14:23:53 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll [2013.05.22 14:23:53 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEndpointBuilder.dll [2013.05.22 14:23:52 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe [2013.05.22 14:23:52 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Robocopy.exe [2013.05.22 14:23:52 | 000,123,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll [2013.05.22 14:23:52 | 000,077,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdvm.dll [2013.05.22 14:23:51 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Robocopy.exe [2013.05.22 14:23:50 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\intl.cpl [2013.05.22 14:23:50 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iuilp.dll [2013.05.22 14:23:49 | 000,284,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys [2013.05.22 14:23:48 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.05.22 14:23:48 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll [2013.05.22 14:23:48 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dmvdsitf.dll [2013.05.22 14:23:48 | 000,086,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdnet.dll [2013.05.22 14:23:47 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys [2013.05.22 14:23:46 | 000,745,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll [2013.05.22 14:23:45 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GenuineCenter.dll [2013.05.22 14:23:45 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll [2013.05.22 14:23:44 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\intl.cpl [2013.05.22 14:23:44 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fmifs.dll [2013.05.22 14:23:43 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fmifs.dll [2013.05.22 14:23:42 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssprxy.dll [2013.05.22 14:23:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll [2013.05.22 14:23:42 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshooks.dll [2013.05.22 14:23:42 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshooks.dll [2013.05.22 14:21:50 | 006,987,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.05.22 14:18:35 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.05.22 14:18:35 | 000,112,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013.05.22 14:18:09 | 002,382,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll [2013.05.22 14:18:08 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll [2013.05.16 10:15:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.05.16 10:15:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.05.16 10:14:56 | 000,866,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.05.16 10:14:56 | 000,788,896 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.05.16 10:14:56 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.05.16 10:14:54 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.05.16 10:14:54 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.05.16 10:14:54 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.05.16 10:14:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.05.16 10:09:13 | 000,203,672 | ---- | C] (DEVGURU Co., LTD.(DEVGURU :: DEVGURU? ????? ?????.)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2013.05.16 10:09:13 | 000,103,064 | ---- | C] (DEVGURU Co., LTD.(DEVGURU :: DEVGURU? ????? ?????.)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2013.05.16 10:03:16 | 000,000,000 | ---D | C] -- C:\Users\malte brz\Documents\samsung ========== Files - Modified Within 30 Days ========== [2013.06.14 12:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.14 12:00:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.14 11:58:43 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2013.06.14 11:58:08 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.06.14 11:58:06 | 3262,828,544 | -HS- | M] () -- C:\hiberfil.sys [2013.06.14 11:58:04 | 000,053,284 | ---- | M] () -- C:\Windows\SysNative\wpbbin.exe [2013.06.14 11:57:19 | 000,000,101 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.06.14 11:45:00 | 000,648,201 | ---- | M] () -- C:\Users\malte brz\Desktop\adwcleaner.exe [2013.06.14 11:44:54 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\malte brz\Desktop\JRT.exe [2013.06.14 11:18:01 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2902786437-1967056483-2516386748-1001UA.job [2013.06.13 17:57:01 | 000,000,870 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2013.06.13 15:16:00 | 431,600,004 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.13 09:25:52 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.13 09:25:52 | 000,753,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.13 09:25:52 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.13 09:25:52 | 000,155,826 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.13 09:25:52 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.12 18:23:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013.06.05 00:09:22 | 000,693,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.06.05 00:09:22 | 000,078,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.23 11:04:06 | 000,449,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.22 14:14:29 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.05.16 10:14:46 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.05.16 10:14:45 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.05.16 10:14:45 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.05.16 10:14:45 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.05.16 10:14:44 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.05.16 10:14:44 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.05.16 00:37:03 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll [2013.05.16 00:35:49 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll ========== Files Created - No Company Name ========== [2013.06.14 11:57:06 | 000,000,101 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.06.14 11:44:58 | 000,648,201 | ---- | C] () -- C:\Users\malte brz\Desktop\adwcleaner.exe [2013.06.11 16:16:13 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.05.23 11:03:54 | 000,449,688 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.22 14:23:42 | 000,387,688 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml [2013.02.05 18:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2013.01.17 18:00:27 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.09.06 07:33:46 | 000,000,267 | ---- | C] () -- C:\Windows\LaunApp.ini [2012.09.06 07:24:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin [2012.09.06 07:24:27 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.09.06 07:24:26 | 000,963,388 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin [2012.09.06 07:23:36 | 000,001,327 | ---- | C] () -- C:\Windows\WPatchProgress.ini [2012.09.06 07:23:36 | 000,000,223 | ---- | C] () -- C:\Windows\WisLangCode.ini [2012.09.05 22:13:32 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2012.08.07 03:57:19 | 000,000,460 | ---- | C] () -- C:\Windows\Prelaunch.ini [2012.08.07 03:57:19 | 000,000,395 | ---- | C] () -- C:\Windows\WisPriority.ini [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2012.04.20 13:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2013.03.20 16:32:35 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.06.2013 12:18:00 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\malte brz\Desktop\malte\Programme
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16599)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,80 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 56,95% Memory free
7,67 Gb Paging File | 6,14 Gb Available in Paging File | 80,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,28 Gb Total Space | 322,21 Gb Free Space | 71,40% Space Free | Partition Type: NTFS
Drive F: | 782,96 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: MALTE | User Name: malte brz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AB446E-56FB-47F8-AD64-BB68BD19BBAF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{112688F8-266A-41CF-9029-3206BBA88B28}" = lport=445 | protocol=6 | dir=in | app=system |
"{14FA7462-8B10-4AEB-9339-29049E337E0C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{160F0965-B73B-40CE-9648-64F944402158}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2364BA54-3A04-42EB-A240-537F6CB9FB69}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2520A42E-883B-42D7-8D9E-513AB6155DEB}" = rport=137 | protocol=17 | dir=out | app=system |
"{276ABE02-EE13-49AE-A19C-543C94FB2C80}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3BCDA151-D0F4-4074-BD6D-47664B3D9B39}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3EDFCC97-65B3-40BA-95C2-4259C5B8D857}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\dashost.exe |
"{41BF809A-D6F5-4305-B477-C39365E57381}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5036C5A7-6D59-4E09-B7B8-CE5A0E431966}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{53B7EAEC-330A-4D99-9AF8-78736BCBBADA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{591E48EC-1427-45B1-8B8A-C4FE5DD91952}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6193618D-2C7F-4781-BC8E-1B1167D68424}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |
"{65BBF4B2-8845-4276-8746-10041AFA3A58}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{67A13397-FF22-4839-85AC-DB9EEDC5BAB7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{688BD4CF-939C-4104-B814-A45A68F28158}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7B01F653-A8A2-4197-93F8-8654FBF7FF6D}" = lport=138 | protocol=17 | dir=in | app=system |
"{82401F79-B2A3-4029-BB79-F692C1143D27}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8E3599CE-3CF2-4502-989B-3990772474C4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ACBAD150-38E9-46A1-BE15-9F32E5CFD9FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B618A313-D12A-4B0B-ACB0-B6CE6F316326}" = lport=139 | protocol=6 | dir=in | app=system |
"{B65BF351-30DB-4307-AEF0-B90173332669}" = rport=2869 | protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B71C26F4-3837-43EF-9DA8-01822C5C5E7D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C811A8AC-B44C-4E04-8311-AD07476866A7}" = lport=137 | protocol=17 | dir=in | app=system |
"{CA33EA60-FE14-42DF-A7F1-A7EC1835D494}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CFF22A68-0D70-4AAB-B5EE-DC362F51F4D6}" = rport=138 | protocol=17 | dir=out | app=system |
"{D538C273-B4E0-49C7-A5B5-34017F7E4EF3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1F194E8-38C1-42D5-9F5E-D7AD8EE38E57}" = rport=139 | protocol=6 | dir=out | app=system |
"{E5CEE736-3EAF-4A38-978D-F988CDCB8E26}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E79EF012-EE27-4310-946C-44E99100FD15}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E8B31D01-25EF-42CB-8D48-B2E7F34BA252}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E9579924-6EB0-4B34-94C6-3B8602BBFC35}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EB8B6622-7105-40ED-9527-DCE7235E8B13}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FE33CCEA-06FF-429F-A90B-080D22C16E57}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CFEC0A-BCBC-446D-8AF5-59567ED7F21C}" = dir=in | name=shuffle party |
"{03459F46-A7C6-42F3-8CC5-89D5B716E512}" = dir=out | name=acer crystal eye |
"{0AC30674-5BB1-4BF0-843B-9506B24BC0C2}" = dir=out | name=ebay |
"{0AC3DCE9-B8BE-44AE-9D49-690CCC1080EF}" = dir=out | name=@{45242croysapps.archeryshooting_3.9.1.15_neutral__6bm9tbz9trsva?ms-resource://45242croysapps.archeryshooting/resources/gamename} |
"{0B13E16E-22B4-4678-9497-98FE6D7E62E0}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{18B9DBAA-ECFE-4216-8DA1-20BB78241E60}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1BB0C9AD-8E06-4987-ABFE-B6699193E02D}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{1C0DEA0A-997C-4F2F-8FF5-DB7567F67FB1}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{22B582EF-DBF8-47CA-96C9-9C8002DDD485}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{235D1FD4-BE74-4B0E-98E5-2622E3EB1A6F}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{2806CD28-1278-4F6A-BFE1-36BF39ED7516}" = dir=out | name=bild tablet |
"{28499078-552F-4516-93CD-855EA4A98C6A}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe |
"{298C9775-8C77-4964-AB7A-F334BB299E81}" = dir=out | name=shuffle party |
"{2CAEC09E-1A9B-4949-9279-6959FEB6DEE6}" = dir=out | name=tv-programm |
"{2D7CE946-5E6A-4C20-BBAF-4111AF505861}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe |
"{2F110AF0-5C9D-40E1-A72E-B6577E44639B}" = dir=out | name=the treasures of montezuma 3 |
"{3149B654-654B-4D6B-B6B9-0DBF0ACEF259}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{35F7F8C1-7FA9-4AE4-9B65-E9A8397F1CFC}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{36B16D64-DA51-487E-8153-57C2B97DFF3C}" = dir=out | name=post mobil |
"{3D722E03-7CAB-4A32-BCB8-11690C7F1630}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{3E74DDD3-0FF1-41E0-A065-30BD91674B47}" = dir=out | name=windows_ie_ac_001 |
"{3F6955EE-BEC2-449C-9E2D-4CD05FC364B7}" = dir=out | name=@{microsoft.remotedesktop_6.2.9200.20523_neutral__8wekyb3d8bbwe?ms-resource://microsoft.remotedesktop/resources/displayname} |
"{40198709-3F7D-41B0-9032-854FA1C539DE}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{44AC93BF-45DF-4F83-888E-64D0F5D1CE72}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{49A60F7C-59D3-4534-9EA6-86547054C3FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C4B58D5-463A-4D5C-8C8F-DE97018A89D5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4F5A4B66-5AFD-4CEC-8386-E8666C5F6058}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{504BAA0F-77EC-406A-B2B8-D78419411258}" = dir=out | name=microsoft solitaire collection |
"{5117B8BC-BE99-4154-BC71-E421A99A1D36}" = protocol=6 | dir=out | app=c:\program files (x86)\bluetooth suite\win7ui.exe |
"{539F107A-71A8-40C3-92CE-02748F319B30}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\musicplayer.exe |
"{619CA108-1DD0-495E-82C5-4E2C82E8BF31}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{63DA3455-7679-48CA-81DD-3C833FFEEF29}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{69A21F84-4694-42FE-AD15-114CDA5F9BC8}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{6B20DB39-DF7D-4EA7-B1F5-3B1148C92D91}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{708BF4B0-317E-4D6F-93D8-253F02568AD7}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{726E24A1-EF3F-4184-8DBD-04A13233CB87}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{73AA14E1-14D9-4DCD-9E95-062C011110AC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{76FB1EEB-D8DF-4ED0-B5B0-4DBCBDEF8FF5}" = protocol=6 | dir=out | app=system |
"{7964CF4B-F5E8-4490-A250-C884B309FC46}" = dir=in | name=ebay |
"{807A2574-AF1A-40A2-9E6E-73EA04756BBF}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{84DF2214-29FB-4AEA-A097-41BDE25B6D58}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{86905359-088D-42A9-B610-D5CA8D80D148}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{87602140-078C-4211-BDB7-1FDE1B3C2C1A}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe |
"{884B3506-3E2F-44CD-8F7C-AA9859685360}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{8C669277-9F37-49DC-85D9-BA91805AD4FA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{8CEBB7F0-3CD3-47C0-BAE3-65D56810849D}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{900EC83B-768A-4E63-8AD1-518A67253124}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{918047C2-EA27-42C5-B4DA-CBF1250EFE64}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{922FA47F-252A-497F-93D2-E2E9E165DC05}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{94B5967E-9834-47C7-9E0A-5B1F1FCE6551}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9622AF03-BB91-460A-B17B-0BC96F1BC5F2}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\fileexplorer.exe |
"{96473C4E-BE8C-4F30-B117-FD66B2A7E0AC}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\backupmanager.exe |
"{98D2B843-BF9A-4258-8AED-FBE5A1124C91}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9C416A28-D205-4FB6-B917-435863334E34}" = dir=out | name=men´s health |
"{9DED3FC4-DE08-457F-823E-C8B503161EAC}" = dir=out | name=@{microsoft.skypeapp_1.6.0.115_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{A4212012-C62C-46B6-A968-1A0C5B75DE89}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{A74EE93A-6597-4E0C-9411-5EF562614025}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AB382A7B-20E0-4559-9BF5-7556F149A6A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B3EDCA72-0181-421F-A716-69D7751E646C}" = dir=out | name=cut the rope |
"{B5CA6B96-DB86-43E7-A961-E2EFD77A713B}" = dir=in | name=@{microsoft.skypeapp_1.6.0.115_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{B7B73897-2916-43EC-B040-2802AB4E5ED4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{B9347A7B-194D-402D-ABE1-4B3BB3F518D1}" = protocol=6 | dir=out | app=c:\program files (x86)\bluetooth suite\bttray.exe |
"{BA50B35D-826F-49E8-94CB-D819176E8EBE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC6ABCAF-0940-4B82-9816-A177DE49AF7F}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\movie\playmovie.exe |
"{BF93B74A-7AD5-4697-8470-86FE101AD32A}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe |
"{C103E70F-7527-4E91-A4C1-D3751E6A203A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C1A2DFFF-1896-43EF-9F3C-BFE6286B6D05}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{C2BC5FE1-2E37-4E44-A481-302473865C28}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C2EB6DE9-2974-403A-889C-880DD64D9A46}" = protocol=17 | dir=in | app=c:\users\malte brz\appdata\roaming\icqm\icq.exe |
"{C504FE57-A2CA-403B-AC7D-CC42F54FFD28}" = protocol=6 | dir=in | app=c:\users\malte brz\appdata\roaming\icqm\icq.exe |
"{CA117769-935F-415F-BF19-CD9B87717A69}" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\btvstack.exe |
"{CB84D801-02D4-472F-ADD6-B9330BF67D85}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{CEBE45B5-F8E3-4CC2-9D7A-55A36748D912}" = dir=out | name=amazon |
"{D0131D37-A8D9-4A34-ABCD-5165D08300E2}" = dir=out | name=youtube player |
"{D024F0E3-34CC-4103-AE9F-83F0A7D9D18B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D59D0F5C-4847-4340-9B6E-D9F17085529B}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{D723CDB0-4852-456E-8FD9-5910F422540B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D8A1758E-784F-4225-BF4E-55E02E9F28B8}" = dir=in | app=c:\users\malte brz\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{DC3E0DC3-5D7A-4FFB-A18B-558065A7F4DA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{DEC762C5-4B9D-42B1-BAD5-28D99F191B78}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E40E8887-F81F-4846-81E3-2AC2FAF3F0F3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E439E921-8CAD-4793-8E14-D370603F3AE2}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{E55C0AE6-6EC0-432D-8023-08F6A3C4D648}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\ischedulesvc.exe |
"{E74D1109-70E6-46AB-A632-4BA90767998B}" = dir=in | name=@{microsoft.remotedesktop_6.2.9200.20523_neutral__8wekyb3d8bbwe?ms-resource://microsoft.remotedesktop/resources/displayname} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E7B6EBCC-DC09-48C3-9352-58D805345765}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EB424450-C736-4DA0-8C66-8095D351ADC8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EBC5490A-64FA-4500-818E-A973FFA88FA8}" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\bttray.exe |
"{ED8CC248-019E-42D8-A6A1-C4B7E4C85727}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF2B2EB0-278F-4B75-A542-2C89BA97E118}" = dir=out | name=@{microsoft.zunemusic_1.2.150.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{F197EC63-09AE-4E66-AAE3-814092CE055A}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe |
"{F3EA9B08-CEF0-47C7-AE36-A79DDBB157AF}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{F4DE4715-6790-47D0-BEC6-298AEBF812D8}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{FB627121-D4BD-4261-9780-ED0A8245328C}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{FD4203DB-E4FB-4E78-9E44-5B3776B7732A}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"TCP Query User{11F1A83D-E771-4312-ADED-3173CDB66D62}C:\program files (x86)\bluetooth suite\bttray.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\bttray.exe |
"TCP Query User{1FF459A9-A79B-4857-8B97-FB8A4E432A7B}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{BA31D625-7FF6-46C6-9F63-BDA626B1223D}C:\program files (x86)\bluetooth suite\btvstack.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\btvstack.exe |
"UDP Query User{39954282-A805-46CA-A689-CACBCC66C462}C:\program files (x86)\bluetooth suite\bttray.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bluetooth suite\bttray.exe |
"UDP Query User{99ECD298-6808-4762-B16D-E951FD4E3CE1}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{B816FDCF-D023-4C62-A1BF-E32249AB6493}C:\program files (x86)\bluetooth suite\btvstack.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bluetooth suite\btvstack.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}" = Acer Device Fast-lane
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.SingleImage_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.SingleImage_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90150000-0015-0407-1000-0000000FF1CE}" = Microsoft Access MUI (German) 2013
"{90150000-0016-0407-1000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013
"{90150000-0018-0407-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013
"{90150000-0019-0407-1000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013
"{90150000-001A-0407-1000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013
"{90150000-001B-0407-1000-0000000FF1CE}" = Microsoft Word MUI (German) 2013
"{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013
"{90150000-0044-0407-1000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013
"{90150000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-0090-0407-1000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013
"{90150000-00A1-0407-1000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013
"{90150000-00BA-0407-1000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2013
"{90150000-00E1-0407-1000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013
"{90150000-00E2-0407-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013
"{90150000-012B-0407-1000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013
"{91150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{B492663B-604B-4C9D-84A4-B17279167D4C}" = Acer Instant Update Service
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"Elantech" = ETDWare PS/2-X64 11.6.4.001_WHQL
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12141d67-56cc-4aca-ade4-bc44b4adaff8}" = Jackpot Capital German
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" = clear.fi SDK- Movie 2
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Backup Manager v4
"{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud
"{A694AF57-9891-4D62-824C-7E55A1361A14}" = eBay Worldwide
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media
"{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" = clear.fi SDK - Video 2
"{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"32red" = 32Red Casino
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Canon MG5100 series Benutzerregistrierung" = Canon MG5100 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DAEMON Tools Lite" = DAEMON Tools Lite
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FreeHideIP" = Free Hide IP
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Acer Backup Manager
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"jackpotcity" = Jackpot City
"LManager" = Launch Manager
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NARA" = Norton Online Backup ARA
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"TmNationsForever_is1" = TmNationsForever
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"WTA-09d2c448-d843-4a2f-aff0-2599ecf16da6" = Magic Academy
"WTA-0c9c90bd-8b9a-48ed-8796-dfa759fc70bc" = Delicious: Emily's True Love Premium Edition
"WTA-1cd52b52-b118-4842-a30a-c781e1b59467" = Agatha Christie - Death on the Nile
"WTA-346be69b-2a6c-44dd-81d6-20659fa1dd6c" = Bejeweled 3
"WTA-600c80ab-4c1d-42c5-bf1c-c9b61a73cbaa" = Jewel Match 3
"WTA-79a8095c-b9f6-44ff-84cb-7af007dbe03b" = Aloha TriPeaks
"WTA-82ad3123-157c-47a6-970c-77bf510025fa" = John Deere Drive Green
"WTA-8dce07a8-de6d-44d9-b33b-f55a37c48c64" = Polar Bowler
"WTA-9f45d707-3efd-47a1-af0a-36a384c656f3" = Governor of Poker 2 Premium Edition
"WTA-b8618fc5-1651-476c-ac3b-c8d5761e317b" = Final Drive: Nitro
"WTA-bb20c4d2-26cf-4d72-89ac-9a7f4e7ee408" = Plants vs. Zombies - Game of the Year
"WTA-c4396a31-4ce7-4f3a-98d8-d36dd1bfae4e" = Penguins!
"WTA-d7312d19-d22b-4e24-931c-a218fa99c4b2" = Tales of Lagoona
"WTA-e7cca8c6-98dd-4d97-957c-bb84630ad520" = Zuma's Revenge
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"EuroGrand Casino" = EuroGrand Casino
"ICQ" = ICQ 8.0 (build 5981, für aktuellen Benutzer)
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 14.06.2013 05:58:02 | Computer Name = malte | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =
< End of report >
|
|
14.06.2013, 11:27
| #21 |
| | Welcome to nginx Virus beseitigen adw-Cleaner: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 14/06/2013 um 11:56:59 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzer : malte brz - MALTE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\malte brz\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Gelöscht mit Neustart : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\MALTEB~1\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\MALTEB~1\AppData\Local\Temp\OCS
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\malte brz\AppData\Roaming\Mozilla\Firefox\Profiles\qgd1y4n3.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1574 octets] - [14/06/2013 11:56:59]
########## EOF - C:\AdwCleaner[S1].txt - [1634 octets] ##########
Code:
ATTFilter OTL logfile created on: 14.06.2013 12:18:00 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\malte brz\Desktop\malte\Programme 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16599) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,80 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 56,95% Memory free 7,67 Gb Paging File | 6,14 Gb Available in Paging File | 80,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451,28 Gb Total Space | 322,21 Gb Free Space | 71,40% Space Free | Partition Type: NTFS Drive F: | 782,96 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: MALTE | User Name: malte brz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\malte brz\Desktop\malte\Programme\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Windows\SysWOW64\WWAHost.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe (Atheros) PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation) PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) PRC - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe () PRC - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe () PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\be8901c962e7860e6cdbc04cf004d28c\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a91c02c943b1c6d0397debcaf59fa3f1\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\4d7213b26ae1b5f4877cb7a46ad9c7ee\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\a36962349a0b781bf4d9efb28b00e12a\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\3f5b2ec744f4902295c007a00ef2e060\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a5b7cd1182dbe492f15867eeeae2ca83\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a259a25da81b643ba88f2d2de42d0db9\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dd071d70e98a648536d0f31bc016ee3f\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3f6e02350032d57ae226460ede82a5b8\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\78937c63c1db458e4d9649fa2320cb39\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5cb0754debdf19b9f0d63d4d8721f532\System.Windows.Forms.ni.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\374a0cc6603f58864831897ef723bd4a\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll () MOD - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe () MOD - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe () ========== Services (SafeList) ========== SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (ose64) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (RfButtonDriverService) -- C:\Windows\RfBtnSvc64.exe (Dritek System INC.) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (ZAtheros Wlan Agent) -- C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe (Atheros) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer Power Management\ePowerSvc.exe (Acer Incorporated) SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Qualcomm Atheros Commnucations) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation) SRV - (DeviceFastLaneService) -- C:\Programme\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe (Acer Incorporated) SRV - (CCDMonitorService) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. ) SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys () DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\Drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys () DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\Drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\Drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\Drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\Drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\Drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\Drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\Drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (Ps2Kb2Hid) -- C:\Windows\SysNative\Drivers\aPs2Kb2Hid.sys (Dritek System Inc.) DRV:64bit: - (ETD) -- C:\Windows\SysNative\Drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\Drivers\btfilter.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\Drivers\btath_rcp.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\Drivers\btath_lwflt.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\Drivers\btath_hcrp.sys (Qualcomm Atheros) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\Drivers\btath_flt.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\Drivers\btath_a2dp.sys (Qualcomm Atheros) DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\Drivers\btath_avdt.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\Drivers\btath_bus.sys (Qualcomm Atheros) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\Drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.) DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (RSBASTOR) -- C:\Windows\SysNative\Drivers\RtsBaStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek ) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\Drivers\BCMWL63A.SYS (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\Drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (ccSet_NARA) -- C:\Windows\SysNative\Drivers\NARAx64\0401000.00A\ccSetx64.sys (Symantec Corporation) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\Drivers\UBHelper.sys (NTI Corporation) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NTI Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{9E939EC6-340C-4E76-BDF7-F28FF5D4F5EC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{9E939EC6-340C-4E76-BDF7-F28FF5D4F5EC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=; ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: support%40free-hideip.com:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.gopher: "" FF - prefs.js..network.proxy.gopher_port: 0 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\malte brz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.05.23 11:02:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.15 10:25:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013.01.08 23:10:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\malte brz\AppData\Roaming\mozilla\Extensions [2013.03.21 17:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\malte brz\AppData\Roaming\mozilla\Firefox\Profiles\qgd1y4n3.default\extensions [2013.01.20 18:41:28 | 000,004,548 | ---- | M] () (No name found) -- C:\Users\malte brz\AppData\Roaming\mozilla\firefox\profiles\qgd1y4n3.default\extensions\support@free-hideip.com.xpi [2013.05.22 14:14:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.22 14:14:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.05.22 11:07:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\updated\browser\extensions [2013.05.22 11:07:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.01.11 04:06:08 | 000,033,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013.05.11 12:37:28 | 000,209,472 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [BtPreLoad] C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe () O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BakupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LManager] File not found O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation) O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [Facebook Update] C:\Users\malte brz\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [Free Hide IP] C:\Program Files (x86)\FreeHideIP\FreeHideIP.exe (FreeHideIP.Com) O4 - HKCU..\Run: [icq] C:\Users\malte brz\AppData\Roaming\ICQM\icq.exe (ICQ) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - Startup: C:\Users\malte brz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java-Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58005BF4-5BE1-4695-A3C1-F09A055C2BED}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3FA6D09-1C7A-452C-9AC8-FCCCDA5130F1}: DhcpNameServer = 192.11.128.24 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - File not found O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.12.13 23:04:47 | 000,000,175 | R--- | M] () - F:\autorun.inf -- [ UDF ] O33 - MountPoints2\{efef7591-6886-11e2-be90-206a8a8e0cb7}\Shell - "" = AutoRun O33 - MountPoints2\{efef7591-6886-11e2-be90-206a8a8e0cb7}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- [2012.10.02 02:25:32 | 000,214,664 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{efef7591-6886-11e2-be90-206a8a8e0cb7}\Shell\configure\command - "" = F:\setup.exe -- [2012.10.02 02:25:32 | 000,214,664 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{efef7591-6886-11e2-be90-206a8a8e0cb7}\Shell\install\command - "" = F:\setup.exe -- [2012.10.02 02:25:32 | 000,214,664 | R--- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.14 11:46:37 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.06.14 11:46:11 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.14 11:44:52 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\malte brz\Desktop\JRT.exe [2013.06.13 17:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013.06.12 18:42:36 | 001,889,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013.06.12 18:42:35 | 001,255,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe [2013.06.12 18:42:35 | 001,013,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe [2013.06.12 18:42:34 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013.06.12 18:41:35 | 000,733,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.06.12 18:40:00 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll [2013.06.12 18:40:00 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll [2013.06.12 18:39:36 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.06.12 18:39:22 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll [2013.06.12 18:39:21 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.06.12 18:39:21 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.06.12 18:39:19 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.06.12 18:39:19 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.06.12 18:39:18 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll [2013.06.12 18:39:18 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll [2013.06.12 15:08:30 | 000,000,000 | ---D | C] -- C:\Users\malte brz\AppData\Roaming\Malwarebytes [2013.06.12 15:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.12 15:08:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.06.12 15:08:04 | 000,000,000 | ---D | C] -- C:\Users\malte brz\AppData\Local\Programs [2013.06.12 13:51:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos [2013.06.12 03:58:27 | 000,000,000 | ---D | C] -- C:\Users\malte brz\AppData\Local\Canon Easy-PhotoPrint EX [2013.06.11 23:46:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2013.06.11 19:58:05 | 000,000,000 | ---D | C] -- C:\Users\malte brz\AppData\Roaming\WildTangent [2013.06.11 16:17:53 | 000,000,000 | ---D | C] -- C:\Users\malte brz\AppData\Roaming\Apple Computer [2013.06.11 16:17:53 | 000,000,000 | ---D | C] -- C:\Users\malte brz\AppData\Local\Apple Computer [2013.06.11 16:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.06.11 16:17:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.06.11 16:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.06.11 16:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.06.11 16:16:15 | 000,000,000 | ---D | C] -- C:\Users\malte brz\AppData\Local\Apple [2013.06.11 16:16:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013.06.11 16:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2013.06.11 16:15:34 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2013.06.11 16:15:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2013.06.11 16:15:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013.06.11 16:15:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013.06.10 10:57:23 | 000,000,000 | ---D | C] -- C:\Users\malte brz\Documents\Bluetooth Folder [2013.05.23 10:59:11 | 000,693,112 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.23 10:59:11 | 000,078,200 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.22 14:24:26 | 013,648,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll [2013.05.22 14:24:24 | 003,552,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll [2013.05.22 14:24:23 | 014,267,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2013.05.22 14:24:21 | 011,878,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2013.05.22 14:24:20 | 002,107,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll [2013.05.22 14:24:19 | 010,789,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll [2013.05.22 14:24:18 | 002,767,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll [2013.05.22 14:24:17 | 001,593,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll [2013.05.22 14:24:15 | 001,829,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013.05.22 14:24:15 | 001,444,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSAudDecMFT.dll [2013.05.22 14:24:10 | 010,116,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll [2013.05.22 14:24:08 | 001,113,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSAudDecMFT.dll [2013.05.22 14:24:07 | 000,306,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd_02_10ec.dll [2013.05.22 14:24:06 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll [2013.05.22 14:24:05 | 000,446,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll [2013.05.22 14:24:05 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe [2013.05.22 14:24:05 | 000,298,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rsaenh.dll [2013.05.22 14:24:04 | 000,489,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll [2013.05.22 14:24:03 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll [2013.05.22 14:24:03 | 000,435,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll [2013.05.22 14:24:03 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.05.22 14:24:03 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmredir.dll [2013.05.22 14:24:02 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.05.22 14:24:02 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll [2013.05.22 14:24:02 | 000,253,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe [2013.05.22 14:24:01 | 000,804,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RecoveryDrive.exe [2013.05.22 14:24:01 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpncore.dll [2013.05.22 14:24:00 | 001,403,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi [2013.05.22 14:24:00 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.BackgroundTransfer.dll [2013.05.22 14:23:59 | 002,035,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.05.22 14:23:59 | 001,267,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe [2013.05.22 14:23:58 | 001,217,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi [2013.05.22 14:23:58 | 000,523,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.05.22 14:23:55 | 001,093,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe [2013.05.22 14:23:54 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll [2013.05.22 14:23:54 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll [2013.05.22 14:23:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhengine.dll [2013.05.22 14:23:54 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dmvdsitf.dll [2013.05.22 14:23:53 | 000,659,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll [2013.05.22 14:23:53 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll [2013.05.22 14:23:53 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll [2013.05.22 14:23:53 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll [2013.05.22 14:23:53 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEndpointBuilder.dll [2013.05.22 14:23:52 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe [2013.05.22 14:23:52 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Robocopy.exe [2013.05.22 14:23:52 | 000,123,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll [2013.05.22 14:23:52 | 000,077,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdvm.dll [2013.05.22 14:23:51 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Robocopy.exe [2013.05.22 14:23:50 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\intl.cpl [2013.05.22 14:23:50 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iuilp.dll [2013.05.22 14:23:49 | 000,284,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys [2013.05.22 14:23:48 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.05.22 14:23:48 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll [2013.05.22 14:23:48 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dmvdsitf.dll [2013.05.22 14:23:48 | 000,086,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdnet.dll [2013.05.22 14:23:47 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys [2013.05.22 14:23:46 | 000,745,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll [2013.05.22 14:23:45 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GenuineCenter.dll [2013.05.22 14:23:45 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll [2013.05.22 14:23:44 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\intl.cpl [2013.05.22 14:23:44 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fmifs.dll [2013.05.22 14:23:43 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fmifs.dll [2013.05.22 14:23:42 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssprxy.dll [2013.05.22 14:23:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll [2013.05.22 14:23:42 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshooks.dll [2013.05.22 14:23:42 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshooks.dll [2013.05.22 14:21:50 | 006,987,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.05.22 14:18:35 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.05.22 14:18:35 | 000,112,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013.05.22 14:18:09 | 002,382,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll [2013.05.22 14:18:08 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll [2013.05.16 10:15:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.05.16 10:15:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.05.16 10:14:56 | 000,866,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.05.16 10:14:56 | 000,788,896 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.05.16 10:14:56 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.05.16 10:14:54 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.05.16 10:14:54 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.05.16 10:14:54 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.05.16 10:14:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.05.16 10:09:13 | 000,203,672 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2013.05.16 10:09:13 | 000,103,064 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2013.05.16 10:03:16 | 000,000,000 | ---D | C] -- C:\Users\malte brz\Documents\samsung ========== Files - Modified Within 30 Days ========== [2013.06.14 12:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.14 12:00:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.14 11:58:43 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2013.06.14 11:58:08 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.06.14 11:58:06 | 3262,828,544 | -HS- | M] () -- C:\hiberfil.sys [2013.06.14 11:58:04 | 000,053,284 | ---- | M] () -- C:\Windows\SysNative\wpbbin.exe [2013.06.14 11:57:19 | 000,000,101 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.06.14 11:45:00 | 000,648,201 | ---- | M] () -- C:\Users\malte brz\Desktop\adwcleaner.exe [2013.06.14 11:44:54 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\malte brz\Desktop\JRT.exe [2013.06.14 11:18:01 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2902786437-1967056483-2516386748-1001UA.job [2013.06.13 17:57:01 | 000,000,870 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2013.06.13 15:16:00 | 431,600,004 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.13 09:25:52 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.13 09:25:52 | 000,753,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.13 09:25:52 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.13 09:25:52 | 000,155,826 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.13 09:25:52 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.12 18:23:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013.06.05 00:09:22 | 000,693,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.06.05 00:09:22 | 000,078,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.23 11:04:06 | 000,449,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.22 14:14:29 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.05.16 10:14:46 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.05.16 10:14:45 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.05.16 10:14:45 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.05.16 10:14:45 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.05.16 10:14:44 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.05.16 10:14:44 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.05.16 00:37:03 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll [2013.05.16 00:35:49 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll ========== Files Created - No Company Name ========== [2013.06.14 11:57:06 | 000,000,101 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.06.14 11:44:58 | 000,648,201 | ---- | C] () -- C:\Users\malte brz\Desktop\adwcleaner.exe [2013.06.11 16:16:13 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.05.23 11:03:54 | 000,449,688 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.22 14:23:42 | 000,387,688 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml [2013.02.05 18:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2013.01.17 18:00:27 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.09.06 07:33:46 | 000,000,267 | ---- | C] () -- C:\Windows\LaunApp.ini [2012.09.06 07:24:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin [2012.09.06 07:24:27 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.09.06 07:24:26 | 000,963,388 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin [2012.09.06 07:23:36 | 000,001,327 | ---- | C] () -- C:\Windows\WPatchProgress.ini [2012.09.06 07:23:36 | 000,000,223 | ---- | C] () -- C:\Windows\WisLangCode.ini [2012.09.05 22:13:32 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2012.08.07 03:57:19 | 000,000,460 | ---- | C] () -- C:\Windows\Prelaunch.ini [2012.08.07 03:57:19 | 000,000,395 | ---- | C] () -- C:\Windows\WisPriority.ini [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2012.04.20 13:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2013.03.20 16:32:35 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 14.06.2013 12:18:00 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\malte brz\Desktop\malte\Programme
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16599)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,80 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 56,95% Memory free
7,67 Gb Paging File | 6,14 Gb Available in Paging File | 80,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,28 Gb Total Space | 322,21 Gb Free Space | 71,40% Space Free | Partition Type: NTFS
Drive F: | 782,96 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: MALTE | User Name: malte brz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AB446E-56FB-47F8-AD64-BB68BD19BBAF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{112688F8-266A-41CF-9029-3206BBA88B28}" = lport=445 | protocol=6 | dir=in | app=system |
"{14FA7462-8B10-4AEB-9339-29049E337E0C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{160F0965-B73B-40CE-9648-64F944402158}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2364BA54-3A04-42EB-A240-537F6CB9FB69}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2520A42E-883B-42D7-8D9E-513AB6155DEB}" = rport=137 | protocol=17 | dir=out | app=system |
"{276ABE02-EE13-49AE-A19C-543C94FB2C80}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3BCDA151-D0F4-4074-BD6D-47664B3D9B39}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3EDFCC97-65B3-40BA-95C2-4259C5B8D857}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\dashost.exe |
"{41BF809A-D6F5-4305-B477-C39365E57381}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5036C5A7-6D59-4E09-B7B8-CE5A0E431966}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{53B7EAEC-330A-4D99-9AF8-78736BCBBADA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{591E48EC-1427-45B1-8B8A-C4FE5DD91952}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6193618D-2C7F-4781-BC8E-1B1167D68424}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |
"{65BBF4B2-8845-4276-8746-10041AFA3A58}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{67A13397-FF22-4839-85AC-DB9EEDC5BAB7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{688BD4CF-939C-4104-B814-A45A68F28158}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7B01F653-A8A2-4197-93F8-8654FBF7FF6D}" = lport=138 | protocol=17 | dir=in | app=system |
"{82401F79-B2A3-4029-BB79-F692C1143D27}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8E3599CE-3CF2-4502-989B-3990772474C4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ACBAD150-38E9-46A1-BE15-9F32E5CFD9FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B618A313-D12A-4B0B-ACB0-B6CE6F316326}" = lport=139 | protocol=6 | dir=in | app=system |
"{B65BF351-30DB-4307-AEF0-B90173332669}" = rport=2869 | protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B71C26F4-3837-43EF-9DA8-01822C5C5E7D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C811A8AC-B44C-4E04-8311-AD07476866A7}" = lport=137 | protocol=17 | dir=in | app=system |
"{CA33EA60-FE14-42DF-A7F1-A7EC1835D494}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CFF22A68-0D70-4AAB-B5EE-DC362F51F4D6}" = rport=138 | protocol=17 | dir=out | app=system |
"{D538C273-B4E0-49C7-A5B5-34017F7E4EF3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1F194E8-38C1-42D5-9F5E-D7AD8EE38E57}" = rport=139 | protocol=6 | dir=out | app=system |
"{E5CEE736-3EAF-4A38-978D-F988CDCB8E26}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E79EF012-EE27-4310-946C-44E99100FD15}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E8B31D01-25EF-42CB-8D48-B2E7F34BA252}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E9579924-6EB0-4B34-94C6-3B8602BBFC35}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EB8B6622-7105-40ED-9527-DCE7235E8B13}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FE33CCEA-06FF-429F-A90B-080D22C16E57}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CFEC0A-BCBC-446D-8AF5-59567ED7F21C}" = dir=in | name=shuffle party |
"{03459F46-A7C6-42F3-8CC5-89D5B716E512}" = dir=out | name=acer crystal eye |
"{0AC30674-5BB1-4BF0-843B-9506B24BC0C2}" = dir=out | name=ebay |
"{0AC3DCE9-B8BE-44AE-9D49-690CCC1080EF}" = dir=out | name=@{45242croysapps.archeryshooting_3.9.1.15_neutral__6bm9tbz9trsva?ms-resource://45242croysapps.archeryshooting/resources/gamename} |
"{0B13E16E-22B4-4678-9497-98FE6D7E62E0}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{18B9DBAA-ECFE-4216-8DA1-20BB78241E60}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1BB0C9AD-8E06-4987-ABFE-B6699193E02D}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{1C0DEA0A-997C-4F2F-8FF5-DB7567F67FB1}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{22B582EF-DBF8-47CA-96C9-9C8002DDD485}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{235D1FD4-BE74-4B0E-98E5-2622E3EB1A6F}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{2806CD28-1278-4F6A-BFE1-36BF39ED7516}" = dir=out | name=bild tablet |
"{28499078-552F-4516-93CD-855EA4A98C6A}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe |
"{298C9775-8C77-4964-AB7A-F334BB299E81}" = dir=out | name=shuffle party |
"{2CAEC09E-1A9B-4949-9279-6959FEB6DEE6}" = dir=out | name=tv-programm |
"{2D7CE946-5E6A-4C20-BBAF-4111AF505861}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe |
"{2F110AF0-5C9D-40E1-A72E-B6577E44639B}" = dir=out | name=the treasures of montezuma 3 |
"{3149B654-654B-4D6B-B6B9-0DBF0ACEF259}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{35F7F8C1-7FA9-4AE4-9B65-E9A8397F1CFC}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{36B16D64-DA51-487E-8153-57C2B97DFF3C}" = dir=out | name=post mobil |
"{3D722E03-7CAB-4A32-BCB8-11690C7F1630}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{3E74DDD3-0FF1-41E0-A065-30BD91674B47}" = dir=out | name=windows_ie_ac_001 |
"{3F6955EE-BEC2-449C-9E2D-4CD05FC364B7}" = dir=out | name=@{microsoft.remotedesktop_6.2.9200.20523_neutral__8wekyb3d8bbwe?ms-resource://microsoft.remotedesktop/resources/displayname} |
"{40198709-3F7D-41B0-9032-854FA1C539DE}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{44AC93BF-45DF-4F83-888E-64D0F5D1CE72}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{49A60F7C-59D3-4534-9EA6-86547054C3FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C4B58D5-463A-4D5C-8C8F-DE97018A89D5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4F5A4B66-5AFD-4CEC-8386-E8666C5F6058}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{504BAA0F-77EC-406A-B2B8-D78419411258}" = dir=out | name=microsoft solitaire collection |
"{5117B8BC-BE99-4154-BC71-E421A99A1D36}" = protocol=6 | dir=out | app=c:\program files (x86)\bluetooth suite\win7ui.exe |
"{539F107A-71A8-40C3-92CE-02748F319B30}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\musicplayer.exe |
"{619CA108-1DD0-495E-82C5-4E2C82E8BF31}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{63DA3455-7679-48CA-81DD-3C833FFEEF29}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{69A21F84-4694-42FE-AD15-114CDA5F9BC8}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{6B20DB39-DF7D-4EA7-B1F5-3B1148C92D91}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{708BF4B0-317E-4D6F-93D8-253F02568AD7}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{726E24A1-EF3F-4184-8DBD-04A13233CB87}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{73AA14E1-14D9-4DCD-9E95-062C011110AC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{76FB1EEB-D8DF-4ED0-B5B0-4DBCBDEF8FF5}" = protocol=6 | dir=out | app=system |
"{7964CF4B-F5E8-4490-A250-C884B309FC46}" = dir=in | name=ebay |
"{807A2574-AF1A-40A2-9E6E-73EA04756BBF}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{84DF2214-29FB-4AEA-A097-41BDE25B6D58}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{86905359-088D-42A9-B610-D5CA8D80D148}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{87602140-078C-4211-BDB7-1FDE1B3C2C1A}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe |
"{884B3506-3E2F-44CD-8F7C-AA9859685360}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{8C669277-9F37-49DC-85D9-BA91805AD4FA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{8CEBB7F0-3CD3-47C0-BAE3-65D56810849D}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{900EC83B-768A-4E63-8AD1-518A67253124}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{918047C2-EA27-42C5-B4DA-CBF1250EFE64}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{922FA47F-252A-497F-93D2-E2E9E165DC05}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{94B5967E-9834-47C7-9E0A-5B1F1FCE6551}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9622AF03-BB91-460A-B17B-0BC96F1BC5F2}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\fileexplorer.exe |
"{96473C4E-BE8C-4F30-B117-FD66B2A7E0AC}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\backupmanager.exe |
"{98D2B843-BF9A-4258-8AED-FBE5A1124C91}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9C416A28-D205-4FB6-B917-435863334E34}" = dir=out | name=men´s health |
"{9DED3FC4-DE08-457F-823E-C8B503161EAC}" = dir=out | name=@{microsoft.skypeapp_1.6.0.115_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{A4212012-C62C-46B6-A968-1A0C5B75DE89}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{A74EE93A-6597-4E0C-9411-5EF562614025}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AB382A7B-20E0-4559-9BF5-7556F149A6A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B3EDCA72-0181-421F-A716-69D7751E646C}" = dir=out | name=cut the rope |
"{B5CA6B96-DB86-43E7-A961-E2EFD77A713B}" = dir=in | name=@{microsoft.skypeapp_1.6.0.115_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{B7B73897-2916-43EC-B040-2802AB4E5ED4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{B9347A7B-194D-402D-ABE1-4B3BB3F518D1}" = protocol=6 | dir=out | app=c:\program files (x86)\bluetooth suite\bttray.exe |
"{BA50B35D-826F-49E8-94CB-D819176E8EBE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC6ABCAF-0940-4B82-9816-A177DE49AF7F}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\movie\playmovie.exe |
"{BF93B74A-7AD5-4697-8470-86FE101AD32A}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe |
"{C103E70F-7527-4E91-A4C1-D3751E6A203A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C1A2DFFF-1896-43EF-9F3C-BFE6286B6D05}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{C2BC5FE1-2E37-4E44-A481-302473865C28}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C2EB6DE9-2974-403A-889C-880DD64D9A46}" = protocol=17 | dir=in | app=c:\users\malte brz\appdata\roaming\icqm\icq.exe |
"{C504FE57-A2CA-403B-AC7D-CC42F54FFD28}" = protocol=6 | dir=in | app=c:\users\malte brz\appdata\roaming\icqm\icq.exe |
"{CA117769-935F-415F-BF19-CD9B87717A69}" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\btvstack.exe |
"{CB84D801-02D4-472F-ADD6-B9330BF67D85}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{CEBE45B5-F8E3-4CC2-9D7A-55A36748D912}" = dir=out | name=amazon |
"{D0131D37-A8D9-4A34-ABCD-5165D08300E2}" = dir=out | name=youtube player |
"{D024F0E3-34CC-4103-AE9F-83F0A7D9D18B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D59D0F5C-4847-4340-9B6E-D9F17085529B}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{D723CDB0-4852-456E-8FD9-5910F422540B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D8A1758E-784F-4225-BF4E-55E02E9F28B8}" = dir=in | app=c:\users\malte brz\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{DC3E0DC3-5D7A-4FFB-A18B-558065A7F4DA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{DEC762C5-4B9D-42B1-BAD5-28D99F191B78}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E40E8887-F81F-4846-81E3-2AC2FAF3F0F3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E439E921-8CAD-4793-8E14-D370603F3AE2}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{E55C0AE6-6EC0-432D-8023-08F6A3C4D648}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\ischedulesvc.exe |
"{E74D1109-70E6-46AB-A632-4BA90767998B}" = dir=in | name=@{microsoft.remotedesktop_6.2.9200.20523_neutral__8wekyb3d8bbwe?ms-resource://microsoft.remotedesktop/resources/displayname} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E7B6EBCC-DC09-48C3-9352-58D805345765}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EB424450-C736-4DA0-8C66-8095D351ADC8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EBC5490A-64FA-4500-818E-A973FFA88FA8}" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\bttray.exe |
"{ED8CC248-019E-42D8-A6A1-C4B7E4C85727}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF2B2EB0-278F-4B75-A542-2C89BA97E118}" = dir=out | name=@{microsoft.zunemusic_1.2.150.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{F197EC63-09AE-4E66-AAE3-814092CE055A}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe |
"{F3EA9B08-CEF0-47C7-AE36-A79DDBB157AF}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{F4DE4715-6790-47D0-BEC6-298AEBF812D8}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{FB627121-D4BD-4261-9780-ED0A8245328C}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{FD4203DB-E4FB-4E78-9E44-5B3776B7732A}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"TCP Query User{11F1A83D-E771-4312-ADED-3173CDB66D62}C:\program files (x86)\bluetooth suite\bttray.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\bttray.exe |
"TCP Query User{1FF459A9-A79B-4857-8B97-FB8A4E432A7B}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{BA31D625-7FF6-46C6-9F63-BDA626B1223D}C:\program files (x86)\bluetooth suite\btvstack.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\btvstack.exe |
"UDP Query User{39954282-A805-46CA-A689-CACBCC66C462}C:\program files (x86)\bluetooth suite\bttray.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bluetooth suite\bttray.exe |
"UDP Query User{99ECD298-6808-4762-B16D-E951FD4E3CE1}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{B816FDCF-D023-4C62-A1BF-E32249AB6493}C:\program files (x86)\bluetooth suite\btvstack.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bluetooth suite\btvstack.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}" = Acer Device Fast-lane
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.SingleImage_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.SingleImage_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90150000-0015-0407-1000-0000000FF1CE}" = Microsoft Access MUI (German) 2013
"{90150000-0016-0407-1000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013
"{90150000-0018-0407-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013
"{90150000-0019-0407-1000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013
"{90150000-001A-0407-1000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013
"{90150000-001B-0407-1000-0000000FF1CE}" = Microsoft Word MUI (German) 2013
"{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013
"{90150000-0044-0407-1000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013
"{90150000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-0090-0407-1000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013
"{90150000-00A1-0407-1000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013
"{90150000-00BA-0407-1000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2013
"{90150000-00E1-0407-1000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013
"{90150000-00E2-0407-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013
"{90150000-012B-0407-1000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013
"{91150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{B492663B-604B-4C9D-84A4-B17279167D4C}" = Acer Instant Update Service
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"Elantech" = ETDWare PS/2-X64 11.6.4.001_WHQL
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12141d67-56cc-4aca-ade4-bc44b4adaff8}" = Jackpot Capital German
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" = clear.fi SDK- Movie 2
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Backup Manager v4
"{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud
"{A694AF57-9891-4D62-824C-7E55A1361A14}" = eBay Worldwide
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media
"{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" = clear.fi SDK - Video 2
"{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"32red" = 32Red Casino
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Canon MG5100 series Benutzerregistrierung" = Canon MG5100 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DAEMON Tools Lite" = DAEMON Tools Lite
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FreeHideIP" = Free Hide IP
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Acer Backup Manager
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"jackpotcity" = Jackpot City
"LManager" = Launch Manager
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NARA" = Norton Online Backup ARA
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"TmNationsForever_is1" = TmNationsForever
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"WTA-09d2c448-d843-4a2f-aff0-2599ecf16da6" = Magic Academy
"WTA-0c9c90bd-8b9a-48ed-8796-dfa759fc70bc" = Delicious: Emily's True Love Premium Edition
"WTA-1cd52b52-b118-4842-a30a-c781e1b59467" = Agatha Christie - Death on the Nile
"WTA-346be69b-2a6c-44dd-81d6-20659fa1dd6c" = Bejeweled 3
"WTA-600c80ab-4c1d-42c5-bf1c-c9b61a73cbaa" = Jewel Match 3
"WTA-79a8095c-b9f6-44ff-84cb-7af007dbe03b" = Aloha TriPeaks
"WTA-82ad3123-157c-47a6-970c-77bf510025fa" = John Deere Drive Green
"WTA-8dce07a8-de6d-44d9-b33b-f55a37c48c64" = Polar Bowler
"WTA-9f45d707-3efd-47a1-af0a-36a384c656f3" = Governor of Poker 2 Premium Edition
"WTA-b8618fc5-1651-476c-ac3b-c8d5761e317b" = Final Drive: Nitro
"WTA-bb20c4d2-26cf-4d72-89ac-9a7f4e7ee408" = Plants vs. Zombies - Game of the Year
"WTA-c4396a31-4ce7-4f3a-98d8-d36dd1bfae4e" = Penguins!
"WTA-d7312d19-d22b-4e24-931c-a218fa99c4b2" = Tales of Lagoona
"WTA-e7cca8c6-98dd-4d97-957c-bb84630ad520" = Zuma's Revenge
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"EuroGrand Casino" = EuroGrand Casino
"ICQ" = ICQ 8.0 (build 5981, für aktuellen Benutzer)
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 14.06.2013 05:58:02 | Computer Name = malte | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =
< End of report >
|
|
14.06.2013, 11:29
| #22 |
| | Welcome to nginx Virus beseitigen extras.txt: Code:
ATTFilter OTL Extras logfile created on: 14.06.2013 12:18:00 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\malte brz\Desktop\malte\Programme
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16599)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,80 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 56,95% Memory free
7,67 Gb Paging File | 6,14 Gb Available in Paging File | 80,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,28 Gb Total Space | 322,21 Gb Free Space | 71,40% Space Free | Partition Type: NTFS
Drive F: | 782,96 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: MALTE | User Name: malte brz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AB446E-56FB-47F8-AD64-BB68BD19BBAF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{112688F8-266A-41CF-9029-3206BBA88B28}" = lport=445 | protocol=6 | dir=in | app=system |
"{14FA7462-8B10-4AEB-9339-29049E337E0C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{160F0965-B73B-40CE-9648-64F944402158}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2364BA54-3A04-42EB-A240-537F6CB9FB69}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2520A42E-883B-42D7-8D9E-513AB6155DEB}" = rport=137 | protocol=17 | dir=out | app=system |
"{276ABE02-EE13-49AE-A19C-543C94FB2C80}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3BCDA151-D0F4-4074-BD6D-47664B3D9B39}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3EDFCC97-65B3-40BA-95C2-4259C5B8D857}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\dashost.exe |
"{41BF809A-D6F5-4305-B477-C39365E57381}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5036C5A7-6D59-4E09-B7B8-CE5A0E431966}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{53B7EAEC-330A-4D99-9AF8-78736BCBBADA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{591E48EC-1427-45B1-8B8A-C4FE5DD91952}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6193618D-2C7F-4781-BC8E-1B1167D68424}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |
"{65BBF4B2-8845-4276-8746-10041AFA3A58}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{67A13397-FF22-4839-85AC-DB9EEDC5BAB7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{688BD4CF-939C-4104-B814-A45A68F28158}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7B01F653-A8A2-4197-93F8-8654FBF7FF6D}" = lport=138 | protocol=17 | dir=in | app=system |
"{82401F79-B2A3-4029-BB79-F692C1143D27}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8E3599CE-3CF2-4502-989B-3990772474C4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ACBAD150-38E9-46A1-BE15-9F32E5CFD9FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B618A313-D12A-4B0B-ACB0-B6CE6F316326}" = lport=139 | protocol=6 | dir=in | app=system |
"{B65BF351-30DB-4307-AEF0-B90173332669}" = rport=2869 | protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B71C26F4-3837-43EF-9DA8-01822C5C5E7D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C811A8AC-B44C-4E04-8311-AD07476866A7}" = lport=137 | protocol=17 | dir=in | app=system |
"{CA33EA60-FE14-42DF-A7F1-A7EC1835D494}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CFF22A68-0D70-4AAB-B5EE-DC362F51F4D6}" = rport=138 | protocol=17 | dir=out | app=system |
"{D538C273-B4E0-49C7-A5B5-34017F7E4EF3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1F194E8-38C1-42D5-9F5E-D7AD8EE38E57}" = rport=139 | protocol=6 | dir=out | app=system |
"{E5CEE736-3EAF-4A38-978D-F988CDCB8E26}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E79EF012-EE27-4310-946C-44E99100FD15}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E8B31D01-25EF-42CB-8D48-B2E7F34BA252}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E9579924-6EB0-4B34-94C6-3B8602BBFC35}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EB8B6622-7105-40ED-9527-DCE7235E8B13}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FE33CCEA-06FF-429F-A90B-080D22C16E57}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CFEC0A-BCBC-446D-8AF5-59567ED7F21C}" = dir=in | name=shuffle party |
"{03459F46-A7C6-42F3-8CC5-89D5B716E512}" = dir=out | name=acer crystal eye |
"{0AC30674-5BB1-4BF0-843B-9506B24BC0C2}" = dir=out | name=ebay |
"{0AC3DCE9-B8BE-44AE-9D49-690CCC1080EF}" = dir=out | name=@{45242croysapps.archeryshooting_3.9.1.15_neutral__6bm9tbz9trsva?ms-resource://45242croysapps.archeryshooting/resources/gamename} |
"{0B13E16E-22B4-4678-9497-98FE6D7E62E0}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{18B9DBAA-ECFE-4216-8DA1-20BB78241E60}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1BB0C9AD-8E06-4987-ABFE-B6699193E02D}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{1C0DEA0A-997C-4F2F-8FF5-DB7567F67FB1}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{22B582EF-DBF8-47CA-96C9-9C8002DDD485}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{235D1FD4-BE74-4B0E-98E5-2622E3EB1A6F}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{2806CD28-1278-4F6A-BFE1-36BF39ED7516}" = dir=out | name=bild tablet |
"{28499078-552F-4516-93CD-855EA4A98C6A}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe |
"{298C9775-8C77-4964-AB7A-F334BB299E81}" = dir=out | name=shuffle party |
"{2CAEC09E-1A9B-4949-9279-6959FEB6DEE6}" = dir=out | name=tv-programm |
"{2D7CE946-5E6A-4C20-BBAF-4111AF505861}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe |
"{2F110AF0-5C9D-40E1-A72E-B6577E44639B}" = dir=out | name=the treasures of montezuma 3 |
"{3149B654-654B-4D6B-B6B9-0DBF0ACEF259}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{35F7F8C1-7FA9-4AE4-9B65-E9A8397F1CFC}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{36B16D64-DA51-487E-8153-57C2B97DFF3C}" = dir=out | name=post mobil |
"{3D722E03-7CAB-4A32-BCB8-11690C7F1630}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{3E74DDD3-0FF1-41E0-A065-30BD91674B47}" = dir=out | name=windows_ie_ac_001 |
"{3F6955EE-BEC2-449C-9E2D-4CD05FC364B7}" = dir=out | name=@{microsoft.remotedesktop_6.2.9200.20523_neutral__8wekyb3d8bbwe?ms-resource://microsoft.remotedesktop/resources/displayname} |
"{40198709-3F7D-41B0-9032-854FA1C539DE}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{44AC93BF-45DF-4F83-888E-64D0F5D1CE72}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{49A60F7C-59D3-4534-9EA6-86547054C3FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C4B58D5-463A-4D5C-8C8F-DE97018A89D5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4F5A4B66-5AFD-4CEC-8386-E8666C5F6058}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{504BAA0F-77EC-406A-B2B8-D78419411258}" = dir=out | name=microsoft solitaire collection |
"{5117B8BC-BE99-4154-BC71-E421A99A1D36}" = protocol=6 | dir=out | app=c:\program files (x86)\bluetooth suite\win7ui.exe |
"{539F107A-71A8-40C3-92CE-02748F319B30}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\musicplayer.exe |
"{619CA108-1DD0-495E-82C5-4E2C82E8BF31}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{63DA3455-7679-48CA-81DD-3C833FFEEF29}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{69A21F84-4694-42FE-AD15-114CDA5F9BC8}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{6B20DB39-DF7D-4EA7-B1F5-3B1148C92D91}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{708BF4B0-317E-4D6F-93D8-253F02568AD7}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{726E24A1-EF3F-4184-8DBD-04A13233CB87}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{73AA14E1-14D9-4DCD-9E95-062C011110AC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{76FB1EEB-D8DF-4ED0-B5B0-4DBCBDEF8FF5}" = protocol=6 | dir=out | app=system |
"{7964CF4B-F5E8-4490-A250-C884B309FC46}" = dir=in | name=ebay |
"{807A2574-AF1A-40A2-9E6E-73EA04756BBF}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{84DF2214-29FB-4AEA-A097-41BDE25B6D58}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{86905359-088D-42A9-B610-D5CA8D80D148}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{87602140-078C-4211-BDB7-1FDE1B3C2C1A}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe |
"{884B3506-3E2F-44CD-8F7C-AA9859685360}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{8C669277-9F37-49DC-85D9-BA91805AD4FA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{8CEBB7F0-3CD3-47C0-BAE3-65D56810849D}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{900EC83B-768A-4E63-8AD1-518A67253124}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{918047C2-EA27-42C5-B4DA-CBF1250EFE64}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{922FA47F-252A-497F-93D2-E2E9E165DC05}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{94B5967E-9834-47C7-9E0A-5B1F1FCE6551}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9622AF03-BB91-460A-B17B-0BC96F1BC5F2}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\fileexplorer.exe |
"{96473C4E-BE8C-4F30-B117-FD66B2A7E0AC}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\backupmanager.exe |
"{98D2B843-BF9A-4258-8AED-FBE5A1124C91}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9C416A28-D205-4FB6-B917-435863334E34}" = dir=out | name=men´s health |
"{9DED3FC4-DE08-457F-823E-C8B503161EAC}" = dir=out | name=@{microsoft.skypeapp_1.6.0.115_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{A4212012-C62C-46B6-A968-1A0C5B75DE89}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{A74EE93A-6597-4E0C-9411-5EF562614025}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AB382A7B-20E0-4559-9BF5-7556F149A6A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B3EDCA72-0181-421F-A716-69D7751E646C}" = dir=out | name=cut the rope |
"{B5CA6B96-DB86-43E7-A961-E2EFD77A713B}" = dir=in | name=@{microsoft.skypeapp_1.6.0.115_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{B7B73897-2916-43EC-B040-2802AB4E5ED4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{B9347A7B-194D-402D-ABE1-4B3BB3F518D1}" = protocol=6 | dir=out | app=c:\program files (x86)\bluetooth suite\bttray.exe |
"{BA50B35D-826F-49E8-94CB-D819176E8EBE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC6ABCAF-0940-4B82-9816-A177DE49AF7F}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\movie\playmovie.exe |
"{BF93B74A-7AD5-4697-8470-86FE101AD32A}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe |
"{C103E70F-7527-4E91-A4C1-D3751E6A203A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C1A2DFFF-1896-43EF-9F3C-BFE6286B6D05}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{C2BC5FE1-2E37-4E44-A481-302473865C28}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C2EB6DE9-2974-403A-889C-880DD64D9A46}" = protocol=17 | dir=in | app=c:\users\malte brz\appdata\roaming\icqm\icq.exe |
"{C504FE57-A2CA-403B-AC7D-CC42F54FFD28}" = protocol=6 | dir=in | app=c:\users\malte brz\appdata\roaming\icqm\icq.exe |
"{CA117769-935F-415F-BF19-CD9B87717A69}" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\btvstack.exe |
"{CB84D801-02D4-472F-ADD6-B9330BF67D85}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{CEBE45B5-F8E3-4CC2-9D7A-55A36748D912}" = dir=out | name=amazon |
"{D0131D37-A8D9-4A34-ABCD-5165D08300E2}" = dir=out | name=youtube player |
"{D024F0E3-34CC-4103-AE9F-83F0A7D9D18B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D59D0F5C-4847-4340-9B6E-D9F17085529B}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{D723CDB0-4852-456E-8FD9-5910F422540B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D8A1758E-784F-4225-BF4E-55E02E9F28B8}" = dir=in | app=c:\users\malte brz\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{DC3E0DC3-5D7A-4FFB-A18B-558065A7F4DA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{DEC762C5-4B9D-42B1-BAD5-28D99F191B78}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E40E8887-F81F-4846-81E3-2AC2FAF3F0F3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E439E921-8CAD-4793-8E14-D370603F3AE2}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{E55C0AE6-6EC0-432D-8023-08F6A3C4D648}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\ischedulesvc.exe |
"{E74D1109-70E6-46AB-A632-4BA90767998B}" = dir=in | name=@{microsoft.remotedesktop_6.2.9200.20523_neutral__8wekyb3d8bbwe?ms-resource://microsoft.remotedesktop/resources/displayname} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E7B6EBCC-DC09-48C3-9352-58D805345765}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EB424450-C736-4DA0-8C66-8095D351ADC8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EBC5490A-64FA-4500-818E-A973FFA88FA8}" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\bttray.exe |
"{ED8CC248-019E-42D8-A6A1-C4B7E4C85727}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF2B2EB0-278F-4B75-A542-2C89BA97E118}" = dir=out | name=@{microsoft.zunemusic_1.2.150.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{F197EC63-09AE-4E66-AAE3-814092CE055A}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe |
"{F3EA9B08-CEF0-47C7-AE36-A79DDBB157AF}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{F4DE4715-6790-47D0-BEC6-298AEBF812D8}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{FB627121-D4BD-4261-9780-ED0A8245328C}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{FD4203DB-E4FB-4E78-9E44-5B3776B7732A}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"TCP Query User{11F1A83D-E771-4312-ADED-3173CDB66D62}C:\program files (x86)\bluetooth suite\bttray.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\bttray.exe |
"TCP Query User{1FF459A9-A79B-4857-8B97-FB8A4E432A7B}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{BA31D625-7FF6-46C6-9F63-BDA626B1223D}C:\program files (x86)\bluetooth suite\btvstack.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\btvstack.exe |
"UDP Query User{39954282-A805-46CA-A689-CACBCC66C462}C:\program files (x86)\bluetooth suite\bttray.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bluetooth suite\bttray.exe |
"UDP Query User{99ECD298-6808-4762-B16D-E951FD4E3CE1}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{B816FDCF-D023-4C62-A1BF-E32249AB6493}C:\program files (x86)\bluetooth suite\btvstack.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bluetooth suite\btvstack.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}" = Acer Device Fast-lane
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.SingleImage_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.SingleImage_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90150000-0015-0407-1000-0000000FF1CE}" = Microsoft Access MUI (German) 2013
"{90150000-0016-0407-1000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013
"{90150000-0018-0407-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013
"{90150000-0019-0407-1000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013
"{90150000-001A-0407-1000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013
"{90150000-001B-0407-1000-0000000FF1CE}" = Microsoft Word MUI (German) 2013
"{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013
"{90150000-0044-0407-1000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013
"{90150000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-0090-0407-1000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013
"{90150000-00A1-0407-1000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013
"{90150000-00BA-0407-1000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2013
"{90150000-00E1-0407-1000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013
"{90150000-00E2-0407-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013
"{90150000-012B-0407-1000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013
"{91150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{B492663B-604B-4C9D-84A4-B17279167D4C}" = Acer Instant Update Service
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"Elantech" = ETDWare PS/2-X64 11.6.4.001_WHQL
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12141d67-56cc-4aca-ade4-bc44b4adaff8}" = Jackpot Capital German
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" = clear.fi SDK- Movie 2
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Backup Manager v4
"{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud
"{A694AF57-9891-4D62-824C-7E55A1361A14}" = eBay Worldwide
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media
"{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" = clear.fi SDK - Video 2
"{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"32red" = 32Red Casino
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Canon MG5100 series Benutzerregistrierung" = Canon MG5100 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DAEMON Tools Lite" = DAEMON Tools Lite
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FreeHideIP" = Free Hide IP
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Acer Backup Manager
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"jackpotcity" = Jackpot City
"LManager" = Launch Manager
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NARA" = Norton Online Backup ARA
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"TmNationsForever_is1" = TmNationsForever
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"WTA-09d2c448-d843-4a2f-aff0-2599ecf16da6" = Magic Academy
"WTA-0c9c90bd-8b9a-48ed-8796-dfa759fc70bc" = Delicious: Emily's True Love Premium Edition
"WTA-1cd52b52-b118-4842-a30a-c781e1b59467" = Agatha Christie - Death on the Nile
"WTA-346be69b-2a6c-44dd-81d6-20659fa1dd6c" = Bejeweled 3
"WTA-600c80ab-4c1d-42c5-bf1c-c9b61a73cbaa" = Jewel Match 3
"WTA-79a8095c-b9f6-44ff-84cb-7af007dbe03b" = Aloha TriPeaks
"WTA-82ad3123-157c-47a6-970c-77bf510025fa" = John Deere Drive Green
"WTA-8dce07a8-de6d-44d9-b33b-f55a37c48c64" = Polar Bowler
"WTA-9f45d707-3efd-47a1-af0a-36a384c656f3" = Governor of Poker 2 Premium Edition
"WTA-b8618fc5-1651-476c-ac3b-c8d5761e317b" = Final Drive: Nitro
"WTA-bb20c4d2-26cf-4d72-89ac-9a7f4e7ee408" = Plants vs. Zombies - Game of the Year
"WTA-c4396a31-4ce7-4f3a-98d8-d36dd1bfae4e" = Penguins!
"WTA-d7312d19-d22b-4e24-931c-a218fa99c4b2" = Tales of Lagoona
"WTA-e7cca8c6-98dd-4d97-957c-bb84630ad520" = Zuma's Revenge
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"EuroGrand Casino" = EuroGrand Casino
"ICQ" = ICQ 8.0 (build 5981, für aktuellen Benutzer)
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 14.06.2013 05:58:02 | Computer Name = malte | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =
< End of report >
|
|
14.06.2013, 11:51
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Welcome to nginx Virus beseitigen Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Welcome to nginx Virus beseitigen |
| beseitigen, bestimmte, entferne, fenster, liebe, lieben, logfiles, nginx, poste, sobald, virus, virus beseitigen, websites, weißes, weißes fenster, welcome, öffnen, öffnet |
Linear-Darstellung
