| |
| |||||||
Log-Analyse und Auswertung: VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
30.12.2013, 19:07
| #1 |
 |  VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ? Moin, Ich weiss nicht wirklich weiter. Zunächst war ich recht sicher das ich mir nen Virus oder so eingefangen hatte. Seit ca. 1-2 Wochen folgende Symptome: Latop (Win7) friert manchmal ein oder stürzt komplett ab (schwarzer Bildschirm & nix weiter möglich - dabei erhebliche HDD Aktivität). Teils kommt ne Meldung das Programme geschlossen werden müssen, da Arbeitsspeicher zu gering - auch wenn nur Firefox + Exchange offen sind! Insbesondere Firefox schien oft der Auslöser für Abstürze zu sein. Hab nun folgende Scan bereits durch (chronologisch) - Im Anhang die Logs da als Code hier viel zu lang: - Avast - Komplett Scan - Nix gefunden - FRST64 - Merkwürdige System Errors etc. in der "Addition.txt" - GMER - Find da nix auffällig, weiss aber auch nicht wonach ich suchen muss - MalWarebytes - Nix gefunden - MalWarebytes Anti-Root - Nix gefunden - OTL - Merkwürdige Fehlermeldungen in der "Extras.txt" - AdwCleaner - Einige Funde aber wohl eher harmlose Toolbars etc. - Emisoft - Ein Paar Registry Einträge aber wohl nix wildes Über Nacht will ich dann noch ESET Scanner laufen lassen. Der Witz: Obwohl ich ja ausser einige belanglose Registry Einträge (Patrypoker...) nix weiter entfernt hab läuft das System im Moment wieder stabil und soweit ich erkenne ohne Macken. Wäre dennoch dankbar, wenn mal jemand einen Blick auf die Logfiles im Anhang wirft. |
|
31.12.2013, 02:23
| #2 |
| /// the machine /// TB-Ausbilder    | VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ? Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
31.12.2013, 09:11
| #3 |
| | VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ? Moin Schrauber. Sinf halt ne Menge.
__________________Ich fang ma an... FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01
Ran by APB (administrator) on ACER-ULTRA on 30-12-2013 13:42:31
Running from C:\Users\APB\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Acer Incorporated) C:\Program Files\Sleep Memory Optimizer\FFSService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Dropbox, Inc.) C:\Users\APB\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe
(Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\PeerManager.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\tunmgr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\BbDevMgr.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1021056 2012-03-08] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800896 2012-03-08] (Atheros Commnucations)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2822952 2012-02-24] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM\...\Run: [InstantUpdate] - C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe [124520 2012-02-20] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [170496 2013-06-02] (Sun Microsystems, Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-21] (Logitech, Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-24] (Dritek System Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [RIM PeerManager] - C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\PeerManager.exe [4265472 2013-04-26] (Research In Motion Limited)
HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\72c2e4d7-871f-4dee-b80b-4301baba235d.exe [180184 2013-11-23] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKCU\...\Run: [Personal ID] - C:\coolspot AG\Personal ID\pid.exe [1134008 2009-03-04] (coolspot AG, Düsseldorf)
MountPoints2: {1cdabc58-bf86-11e2-a8d0-917478fbae53} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\start.exe
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\Default\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe [1845832 2013-01-22] (Acer Incorporated)
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\Default User\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe [1845832 2013-01-22] (Acer Incorporated)
Startup: C:\Users\APB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\APB\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\APB\AppData\Roaming\Mozilla\Firefox\Profiles\h3p0lpdr.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: avast! Ad Blocker - C:\Program Files (x86)\Mozilla Firefox\extensions\adblocker@avast.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Logitech SetPoint) - C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0
CHR Extension: (Google Wallet) - C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-02-06] (Research In Motion Limited)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-01-24] (Acer Incorporated)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-02-17] (Diskeeper Corporation)
R2 FFSOpzSvc; C:\Program Files\Sleep Memory Optimizer\FFSService.exe [141192 2011-09-17] (Acer Incorporated)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-29] ()
S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-03-28] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-29] (Intel Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2013-04-26] (Apple Inc.)
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1235456 2013-04-26] (Research In Motion Limited)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [345744 2012-11-12] (Acer Incorporated)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [72864 2012-02-19] (Atheros)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-02-17] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [92976 2012-02-17] (Diskeeper Corporation)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-03-28] (Intel Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2013-04-26] (Research in Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-30 13:42 - 2013-12-30 13:42 - 00023848 _____ C:\Users\APB\Desktop\FRST.txt
2013-12-30 13:30 - 2013-12-30 13:30 - 00000000 ____D C:\FRST
2013-12-30 13:21 - 2013-12-30 13:21 - 00377856 _____ C:\Users\APB\Desktop\4s7438ut.exe
2013-12-30 13:16 - 2013-12-30 13:16 - 01931302 _____ (Farbar) C:\Users\APB\Desktop\FRST64.exe
2013-12-30 11:31 - 2013-12-30 11:31 - 00003288 ____N C:\bootsqm.dat
2013-12-30 10:52 - 2013-12-30 10:52 - 00000000 ___DC C:\Users\APB\AppData\Local\MigWiz
2013-12-30 10:19 - 2013-05-04 17:51 - 00001228 _____ C:\Users\APB\Desktop\Explorer.lnk
2013-12-30 10:19 - 2013-05-04 15:36 - 00000700 _____ C:\Users\APB\Desktop\Biblio.lnk
2013-12-30 10:07 - 2013-12-30 10:09 - 00000000 ____D C:\Users\APB\Desktop\ACER_SAS
2013-12-29 12:17 - 2013-12-30 02:11 - 00000000 ____D C:\Program Files\CCleaner
2013-12-29 12:03 - 2013-12-29 12:03 - 00128764 _____ C:\Users\APB\Desktop\Extras.Txt
2013-12-29 12:02 - 2013-12-29 12:02 - 00107164 _____ C:\Users\APB\Desktop\OTL.Txt
2013-12-29 11:23 - 2013-12-29 11:24 - 00000000 ____D C:\AdwCleaner
2013-12-28 19:35 - 2013-12-28 19:35 - 00000000 ____D C:\Users\APB\AppData\Roaming\Malwarebytes
2013-12-28 19:34 - 2013-12-29 17:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-28 19:34 - 2013-12-28 19:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-28 19:33 - 2013-12-29 17:26 - 00000000 ____D C:\Users\APB\Downloads\ANTIVIR
2013-12-23 05:15 - 2013-12-23 05:15 - 00000000 ____D C:\Users\APB\dwhelper
2013-12-20 09:24 - 2013-12-29 17:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 09:01 - 2013-12-20 09:01 - 00000000 ____D C:\Users\APB\AppData\Local\{BDF73505-64CB-4A28-9990-C822EFCE3D12}
2013-12-19 07:37 - 2013-12-19 07:37 - 00000000 ____D C:\Users\APB\AppData\Local\{2B140492-5FC5-41A1-94C9-74DCB4805487}
2013-12-18 10:49 - 2013-12-18 10:50 - 00000000 ____D C:\Users\APB\AppData\Local\{E1DF1BD8-A55C-40BD-A4E9-1AAD3BE3CC2B}
2013-12-17 09:10 - 2013-12-17 09:11 - 00000000 ____D C:\Users\APB\AppData\Local\{B17FE4F4-478F-4693-8B38-598A83554B4A}
2013-12-16 11:49 - 2013-12-16 11:49 - 00000000 ____D C:\Users\APB\AppData\Local\{6325584A-A627-4E06-BD5E-DD2C49885B55}
2013-12-15 10:40 - 2013-12-15 10:40 - 00000000 ____D C:\Users\APB\AppData\Local\{D2324234-C310-4EC8-8C46-2FF3583558B6}
2013-12-14 09:23 - 2013-12-14 09:23 - 00000000 ____D C:\Users\APB\AppData\Local\{9BFB83A7-93D0-4DCE-87D0-07612EBEDCD1}
2013-12-13 09:14 - 2013-12-13 09:14 - 00000000 ____D C:\Users\APB\AppData\Local\{CEB7D5C0-24F2-42AB-887F-A269488BE7EF}
2013-12-13 07:28 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-13 07:28 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-13 07:28 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-13 07:28 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-13 07:26 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-13 07:26 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-13 07:26 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-13 07:26 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-13 07:26 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-13 07:26 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-13 07:26 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-13 07:26 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-13 07:26 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-13 07:26 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-13 07:26 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-13 07:26 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-13 07:26 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-13 07:26 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-13 07:26 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-13 07:26 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-13 07:26 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-13 07:26 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-13 07:26 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-13 07:26 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-13 07:26 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-13 07:26 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-13 07:26 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-13 07:26 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-13 07:26 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-13 07:26 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-13 07:26 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-13 07:26 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-13 07:26 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-13 07:26 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-13 07:26 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 20:25 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 20:25 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 20:25 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 20:25 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-12 20:25 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 20:25 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-12 20:25 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 20:25 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 20:25 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 20:25 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 20:25 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 20:25 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-12 20:25 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-12 20:25 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 20:25 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 20:25 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-12 20:25 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-12 20:25 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 20:25 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-12 12:19 - 2013-12-12 12:20 - 18277248 _____ (pdfforge ) C:\Users\APB\Downloads\PDFCreator-1_7_2_setup.exe
2013-12-12 11:24 - 2013-12-12 11:24 - 00000000 ____D C:\Users\APB\AppData\Local\{2F47591A-C639-46DF-99D6-B49855015C7F}
2013-12-11 12:17 - 2013-12-11 12:17 - 00000000 ____D C:\Users\APB\AppData\Local\{A4C4C9D7-1E95-47E6-8D33-173BA47A781F}
2013-12-03 15:04 - 2013-12-03 15:04 - 00000000 ____D C:\Users\APB\AppData\Local\{C7FABDC8-6BE3-4822-84B3-8A90A30124BB}
2013-12-01 09:40 - 2013-12-01 09:40 - 00000000 ____D C:\Users\APB\AppData\Local\{270D3B0E-0616-4AB3-A772-75895074453C}
2013-11-30 15:08 - 2013-11-30 15:08 - 00836416 _____ C:\Users\APB\Downloads\pidsetup.exe
2013-11-30 15:08 - 2013-11-30 15:08 - 00000000 ____D C:\coolspot AG
2013-11-30 10:20 - 2013-11-30 10:20 - 00000000 ____D C:\Users\APB\AppData\Local\{ABE5A90D-DB41-433E-801C-91BFF6DC92EC}
==================== One Month Modified Files and Folders =======
2013-12-30 13:42 - 2013-12-30 13:42 - 00023848 _____ C:\Users\APB\Desktop\FRST.txt
2013-12-30 13:37 - 2013-04-30 14:18 - 01314558 _____ C:\Windows\WindowsUpdate.log
2013-12-30 13:36 - 2013-05-04 15:41 - 00000000 ____D C:\Users\APB\AppData\Roaming\Skype
2013-12-30 13:30 - 2013-12-30 13:30 - 00000000 ____D C:\FRST
2013-12-30 13:21 - 2013-12-30 13:21 - 00377856 _____ C:\Users\APB\Desktop\4s7438ut.exe
2013-12-30 13:19 - 2012-03-27 19:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-30 13:16 - 2013-12-30 13:16 - 01931302 _____ (Farbar) C:\Users\APB\Desktop\FRST64.exe
2013-12-30 12:55 - 2013-05-04 15:34 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-30 11:55 - 2013-05-04 15:34 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-30 11:41 - 2009-07-14 05:45 - 00031248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-30 11:41 - 2009-07-14 05:45 - 00031248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-30 11:35 - 2013-05-05 13:14 - 00000000 ____D C:\Users\APB\AppData\Roaming\Dropbox
2013-12-30 11:34 - 2013-05-05 13:16 - 00000000 ___RD C:\Users\APB\Dropbox
2013-12-30 11:34 - 2013-05-04 15:34 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-12-30 11:33 - 2013-04-30 14:24 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-12-30 11:32 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-30 11:32 - 2009-07-14 05:51 - 00065054 _____ C:\Windows\setupact.log
2013-12-30 11:31 - 2013-12-30 11:31 - 00003288 ____N C:\bootsqm.dat
2013-12-30 10:52 - 2013-12-30 10:52 - 00000000 ___DC C:\Users\APB\AppData\Local\MigWiz
2013-12-30 10:38 - 2013-05-01 00:09 - 00700418 _____ C:\Windows\system32\perfh007.dat
2013-12-30 10:38 - 2013-05-01 00:09 - 00149182 _____ C:\Windows\system32\perfc007.dat
2013-12-30 10:38 - 2009-07-14 06:13 - 01621308 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-30 10:09 - 2013-12-30 10:07 - 00000000 ____D C:\Users\APB\Desktop\ACER_SAS
2013-12-30 10:05 - 2013-08-26 14:07 - 00000000 ____D C:\Users\APB\Documents\FORMDOC_FILES
2013-12-30 09:46 - 2013-05-04 15:43 - 00000000 ____D C:\Users\APB\AppData\Local\CrashDumps
2013-12-30 09:22 - 2013-05-04 13:24 - 00000000 ____D C:\Users\APB\AppData\Local\Deployment
2013-12-30 02:11 - 2013-12-29 12:17 - 00000000 ____D C:\Program Files\CCleaner
2013-12-29 17:54 - 2013-05-04 15:34 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-12-29 17:52 - 2013-05-04 10:28 - 00000000 ____D C:\Users\APB
2013-12-29 17:51 - 2013-12-28 19:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-29 17:51 - 2013-12-20 09:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-29 17:51 - 2013-07-11 06:54 - 00000000 ____D C:\Users\APB\AppData\Roaming\IrfanView
2013-12-29 17:51 - 2013-06-09 18:01 - 00000000 ____D C:\Windows\Minidump
2013-12-29 17:51 - 2013-05-05 13:14 - 00000000 ____D C:\Users\APB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-29 17:51 - 2013-05-04 12:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-29 17:51 - 2013-05-04 10:30 - 00000000 ___RD C:\Users\APB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-29 17:51 - 2012-03-27 19:50 - 00000000 ____D C:\ProgramData\BackupManager
2013-12-29 17:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-12-29 17:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-12-29 17:49 - 2013-05-04 12:03 - 00000000 ____D C:\Users\APB\AppData\Local\Mozilla
2013-12-29 17:26 - 2013-12-28 19:33 - 00000000 ____D C:\Users\APB\Downloads\ANTIVIR
2013-12-29 12:33 - 2012-03-24 02:58 - 00000000 ____D C:\Windows\Panther
2013-12-29 12:03 - 2013-12-29 12:03 - 00128764 _____ C:\Users\APB\Desktop\Extras.Txt
2013-12-29 12:02 - 2013-12-29 12:02 - 00107164 _____ C:\Users\APB\Desktop\OTL.Txt
2013-12-29 11:24 - 2013-12-29 11:23 - 00000000 ____D C:\AdwCleaner
2013-12-28 19:35 - 2013-12-28 19:35 - 00000000 ____D C:\Users\APB\AppData\Roaming\Malwarebytes
2013-12-28 19:34 - 2013-12-28 19:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-28 11:30 - 2013-04-30 14:24 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-12-23 11:38 - 2013-05-05 13:15 - 00000973 _____ C:\Windows\wininit.ini
2013-12-23 05:15 - 2013-12-23 05:15 - 00000000 ____D C:\Users\APB\dwhelper
2013-12-20 09:01 - 2013-12-20 09:01 - 00000000 ____D C:\Users\APB\AppData\Local\{BDF73505-64CB-4A28-9990-C822EFCE3D12}
2013-12-19 07:37 - 2013-12-19 07:37 - 00000000 ____D C:\Users\APB\AppData\Local\{2B140492-5FC5-41A1-94C9-74DCB4805487}
2013-12-18 10:50 - 2013-12-18 10:49 - 00000000 ____D C:\Users\APB\AppData\Local\{E1DF1BD8-A55C-40BD-A4E9-1AAD3BE3CC2B}
2013-12-17 09:11 - 2013-12-17 09:10 - 00000000 ____D C:\Users\APB\AppData\Local\{B17FE4F4-478F-4693-8B38-598A83554B4A}
2013-12-17 08:07 - 2010-11-21 04:47 - 00212972 _____ C:\Windows\PFRO.log
2013-12-16 11:49 - 2013-12-16 11:49 - 00000000 ____D C:\Users\APB\AppData\Local\{6325584A-A627-4E06-BD5E-DD2C49885B55}
2013-12-15 10:40 - 2013-12-15 10:40 - 00000000 ____D C:\Users\APB\AppData\Local\{D2324234-C310-4EC8-8C46-2FF3583558B6}
2013-12-15 08:50 - 2013-07-25 23:45 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 08:47 - 2013-05-07 17:42 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 18:56 - 2013-05-04 15:34 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-14 09:23 - 2013-12-14 09:23 - 00000000 ____D C:\Users\APB\AppData\Local\{9BFB83A7-93D0-4DCE-87D0-07612EBEDCD1}
2013-12-13 16:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-13 09:14 - 2013-12-13 09:14 - 00000000 ____D C:\Users\APB\AppData\Local\{CEB7D5C0-24F2-42AB-887F-A269488BE7EF}
2013-12-13 08:24 - 2009-07-14 05:45 - 00469272 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-13 07:28 - 2013-05-04 11:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 12:20 - 2013-12-12 12:19 - 18277248 _____ (pdfforge ) C:\Users\APB\Downloads\PDFCreator-1_7_2_setup.exe
2013-12-12 11:24 - 2013-12-12 11:24 - 00000000 ____D C:\Users\APB\AppData\Local\{2F47591A-C639-46DF-99D6-B49855015C7F}
2013-12-11 16:19 - 2012-03-27 19:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 16:19 - 2012-03-27 19:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 16:19 - 2012-03-27 19:45 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 12:17 - 2013-12-11 12:17 - 00000000 ____D C:\Users\APB\AppData\Local\{A4C4C9D7-1E95-47E6-8D33-173BA47A781F}
2013-12-09 09:03 - 2013-05-14 05:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-09 09:03 - 2012-03-27 20:00 - 00000000 ____D C:\ProgramData\Skype
2013-12-03 15:04 - 2013-12-03 15:04 - 00000000 ____D C:\Users\APB\AppData\Local\{C7FABDC8-6BE3-4822-84B3-8A90A30124BB}
2013-12-01 09:40 - 2013-12-01 09:40 - 00000000 ____D C:\Users\APB\AppData\Local\{270D3B0E-0616-4AB3-A772-75895074453C}
2013-11-30 15:08 - 2013-11-30 15:08 - 00836416 _____ C:\Users\APB\Downloads\pidsetup.exe
2013-11-30 15:08 - 2013-11-30 15:08 - 00000000 ____D C:\coolspot AG
2013-11-30 10:20 - 2013-11-30 10:20 - 00000000 ____D C:\Users\APB\AppData\Local\{ABE5A90D-DB41-433E-801C-91BFF6DC92EC}
Some content of TEMP:
====================
C:\Users\APB\AppData\Local\Temp\BlackBerryDeviceManager.exe
C:\Users\APB\AppData\Local\Temp\BlackBerryLauncher.exe
C:\Users\APB\AppData\Local\Temp\DesktopInstaller.exe
C:\Users\APB\AppData\Local\Temp\jna5975893615272437134.dll
C:\Users\APB\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\APB\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\APB\AppData\Local\Temp\LMkRstPt.exe
C:\Users\APB\AppData\Local\Temp\PidGenX.dll
C:\Users\APB\AppData\Local\Temp\SIInvoker.exe
C:\Users\APB\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-30 08:56
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-12-2013 01
Ran by APB at 2013-12-30 13:42:55
Running from C:\Users\APB\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
clear.fi SDK - Video 2 (x32 Version: 2.1.2308 - CyberLink Corp.)
clear.fi SDK- Movie 2 (x32 Version: 2.1.2112 - CyberLink Corp.)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Acer Backup Manager (x32 Version: 3.0.0.100 - NTI Corporation)
Acer Crystal Eye Webcam (x32 Version: 1.5.2728.00 - CyberLink Corp.)
Acer ePower Management (x32 Version: 6.00.3010 - Acer Incorporated)
Acer eRecovery Management (x32 Version: 5.00.3507 - Acer Incorporated)
Acer Games (x32 Version: 1.0.2.5 - WildTangent)
Acer Instant Update Service (Version: 1.00.3001 - Acer Incorporated)
Acer Registration (x32 Version: 1.04.3506 - Acer Incorporated)
Acer ScreenSaver (x32 Version: 20.12.0307.1154 - Acer Incorporated)
Acer Theft Shield (Version: 1.01.3006 - Acer Incorporated)
Acer Updater (x32 Version: 1.02.3501 - Acer Incorporated)
Acer VCM (x32 Version: 4.05.3501 - Acer Incorporated)
AcerCloud Docs (x32 Version: 1.01.2007 - Acer Incorporated)
AcerCloud Portal (x32 Version: 2.02.2018 - Acer Incorporated)
Adobe AIR (x32 Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent)
Atheros Bluetooth Suite (64) (Version: 7.4.0.126 - Atheros)
avast! Free Antivirus (x32 Version: 8.0.1497.0 - AVAST Software)
AVM FRITZ!Box Dokumentation (x32 Version: - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (x32 Version: - AVM Berlin)
AVM FRITZ!fax für FRITZ!Box (x32 Version: - AVM Berlin)
AX88772B Windows 7 Drivers (x32 Version: 1.0.1.1 - ASIX Electronics Corporation)
Backup Manager V3 (x32 Version: 3.0.0.100 - NTI Corporation)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent)
BlackBerry Link (x32 Version: 1.1.0.37 - Research in Motion Ltd.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent)
clear.fi Media (x32 Version: 2.02.2009 - Acer Incorporated)
clear.fi Photo (x32 Version: 2.02.2016 - Acer Incorporated)
CyberLink MediaEspresso (x32 Version: 6.5.1720_38230 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
Dolby Home Theater v4 (x32 Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dropbox (HKCU Version: 2.4.10 - Dropbox, Inc.)
ElsterFormular (x32 Version: 14.4.20130909 - Landesfinanzdirektion Thüringen)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.)
ETDWare PS/2-X64 10.6.9.8_WHQL (Version: 10.6.9.8 - ELAN Microelectronic Corp.)
Evernote v. 4.5.2 (x32 Version: 4.5.2.5866 - Evernote Corp.)
ExpressCache (Version: 1.0.82 - Diskeeper Corporation)
FATE (x32 Version: 2.2.0.97 - WildTangent)
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent)
Flachheizkörper-Auswahl 2011 Version 2.0 (x32 Version: - )
FleetMon Explorer (x32 Version: 2.07 - JAKOTA Cruise Systems GmbH)
FormDocs 8.3.0 (x32 Version: 8.3.0 - FormDocs LLC)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Full Tilt Poker (x32 Version: 4.65.0.WIN.FullTilt.COM - )
Full Tilt Poker.Eu (x32 Version: 4.65.0.WIN.FullTilt.EU - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.)
Hydrostatix Master Suite (x32 Version: 1.0.43 - Hydrostatix)
Identity Card (x32 Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent)
Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36279 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 8.0.10.1464 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (x32 Version: - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2712 - Intel Corporation)
Intel(R) Rapid Start Technology (x32 Version: 1.0.0.1024 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.23.943.1 - Intel Corporation)
IrfanView (remove only) (x32 Version: 4.36 - Irfan Skiljan)
Java 7 Update 25 (64-bit) (Version: 7.0.250 - Oracle)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.)
Java(TM) 6 Update 13 (64-bit) (Version: 6.0.130 - Sun Microsystems, Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent)
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent)
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Kobo (x32 Version: 2.1.5 - Kobo Inc.)
Launch Manager (x32 Version: 5.1.15 - Acer Inc.)
Lexware Abschreibungsrechner (x32 Version: 12.00.04.0003 - Haufe-Lexware GmbH & Co.KG)
Lexware büro easy 2013 (x32 Version: 26.10.04.0051 - Haufe-Lexware GmbH & Co.KG)
Lexware Elster (x32 Version: 13.15.00.0074 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (x32 Version: 2.90.00.0009 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (x32 Version: 18.00.00.0035 - Haufe-Lexware GmbH & Co.KG)
Lexware Sepa Check (x32 Version: 1.00.00.0003 - Haufe-Lexware GmbH & Co.KG)
Lexware Zeiterfassung (x32 Version: 26.00.04.0001 - Haufe-Lexware GmbH & Co.KG)
Logitech Harmony Remote Software 7 (x32 Version: 7.7.0.0 - Logitech)
Logitech SetPoint 6.52 (Version: 6.52.74 - Logitech)
Logitech Unifying-Software 2.10 (Version: 2.10.37 - Logitech)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.)
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.)
Office Addin (x32 Version: 2.02.2008 - Acer)
Office Addin 2003 (x32 Version: 2.02.2008 - Acer)
partypoker (x32 Version: - PartyGaming)
PDF Architect (x32 Version: 1.1.83.9982 - pdfforge GmbH)
PDF Split And Merge Basic (Version: 2.2.2 - Andrea Vacondio)
PDFCreator (x32 Version: 1.7.0 - pdfforge)
Penguins! (x32 Version: 2.2.0.98 - WildTangent)
Personal ID (x32 Version: 1.8.5 - coolspot AG)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent)
PNMD (x32 Version: 1.00.0000 - NETRONIX)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent)
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Qualcomm Atheros WiFi Driver Installation (x32 Version: 3.1 - Qualcomm Atheros)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6597 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7601.39025 - Realtek Semiconductor Corp.)
Remote Control USB Driver (x32 Version: 2.3.2.317 - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.)
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Sleep Memory Optimizer (x32 Version: 1.00.3004 - Acer Incorporated)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent)
Smart Timer (x32 Version: 1.00.3004 - Acer Incorporated)
SSF Editor (x32 Version: 1.0.0 - SDSD)
Torchlight (x32 Version: 2.2.0.98 - WildTangent)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.5 (Version: 2.5.1.0 - Intel)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent)
Visual Studio 2005 Tools for Office Second Edition Runtime (x32 Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (x32 Version: 1 - Microsoft Corporation)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent)
Welcome Center (x32 Version: 1.02.3507 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.32 - WildTangent)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation)
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт)
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт)
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {2C04AD64-50FE-4D88-AC26-BDE2DD1FD904} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-03-26] (Intel Corporation)
Task: {56F06DD2-E015-43AD-B2FD-69C6114A441C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {6450085A-4321-4BBA-8114-2546710C0CBB} - System32\Tasks\Theft Shield\AcerTheftShieldTask => C:\Program Files\Acer\Acer Theft Shield\USecuAppLauncher.exe [2012-11-12] (Acer Incorporated)
Task: {85AC4994-7CE6-4801-9FD0-E22957AA1A09} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-03-26] (Intel Corporation)
Task: {86171674-E24F-4CFB-85F6-495DA6CDEC29} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {9E92F86C-CE0F-4F26-814C-D5A52B8C6234} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-04] (Google Inc.)
Task: {AE9AFAC4-40AC-45B6-A599-3305DA49F2FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-04] (Google Inc.)
Task: {CC1E2782-52EE-4DCA-8FC9-37FE091CAC4B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {CE86FF2C-F9C8-41A0-BFC8-067461DFA5BB} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-05-20] (CyberLink)
Task: {D10A3F32-1B9E-4820-95A8-F9460ED773B2} - System32\Tasks\Smart Timer Task Scheduler => Smart_Timer.exe
Task: {EA1E36F0-DD88-423F-A651-B4D9F2D504EF} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-07] (Acer Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
==================== Loaded Modules (whitelisted) =============
2013-05-04 11:11 - 2013-03-21 17:40 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2013-04-30 23:55 - 2012-03-27 02:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-12-29 17:55 - 2013-12-29 13:58 - 02246144 _____ () C:\Program Files\AVAST Software\Avast\defs\13122900\algo.dll
2012-01-05 22:22 - 2012-01-05 22:22 - 00465344 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-01-05 22:22 - 2012-01-05 22:22 - 01081368 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-01-05 22:22 - 2012-01-05 22:22 - 00125464 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\APB\AppData\Roaming\Dropbox\bin\libcef.dll
2013-12-20 09:24 - 2013-12-20 09:24 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-04-30 14:24 - 2012-03-29 07:18 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: HD WebCam
Description: USB-Videogerät
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/30/2013 11:01:26 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (12/30/2013 11:01:26 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (12/30/2013 11:01:26 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (12/30/2013 11:01:26 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (12/30/2013 11:01:26 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (12/30/2013 11:01:26 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (12/30/2013 11:01:25 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (12/30/2013 11:01:25 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (12/30/2013 11:01:25 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (12/30/2013 11:01:25 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
System errors:
=============
Error: (12/30/2013 01:25:19 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (12/30/2013 01:21:59 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "My Passport" den Befehl "chkdsk" aus.
Error: (12/30/2013 01:21:59 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "My Passport" den Befehl "chkdsk" aus.
Error: (12/30/2013 01:21:59 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "My Passport" den Befehl "chkdsk" aus.
Error: (12/30/2013 01:21:59 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "My Passport" den Befehl "chkdsk" aus.
Error: (12/30/2013 01:21:59 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "My Passport" den Befehl "chkdsk" aus.
Error: (12/30/2013 01:21:59 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "My Passport" den Befehl "chkdsk" aus.
Error: (12/30/2013 01:21:59 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "My Passport" den Befehl "chkdsk" aus.
Error: (12/30/2013 01:21:59 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "My Passport" den Befehl "chkdsk" aus.
Error: (12/30/2013 01:21:59 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "My Passport" den Befehl "chkdsk" aus.
Microsoft Office Sessions:
=========================
Error: (12/30/2013 11:01:26 AM) (Source: SideBySide)(User: )
Description: C:\Windows\system32\WFS.exeC:\Windows\system32\WFS.exe0
Error: (12/30/2013 11:01:26 AM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exeC:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe0
Error: (12/30/2013 11:01:26 AM) (Source: SideBySide)(User: )
Description: C:\Windows\system32\WFS.exeC:\Windows\system32\WFS.exe0
Error: (12/30/2013 11:01:26 AM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exeC:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe0
Error: (12/30/2013 11:01:26 AM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exeC:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe0
Error: (12/30/2013 11:01:26 AM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exeC:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe0
Error: (12/30/2013 11:01:25 AM) (Source: SideBySide)(User: )
Description: C:\Windows\ehome\ehshell.exeC:\Windows\ehome\ehshell.exe0
Error: (12/30/2013 11:01:25 AM) (Source: SideBySide)(User: )
Description: C:\Windows\system32\WindowsAnytimeUpgradeUI.exeC:\Windows\system32\WindowsAnytimeUpgradeUI.exe0
Error: (12/30/2013 11:01:25 AM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exeC:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe0
Error: (12/30/2013 11:01:25 AM) (Source: SideBySide)(User: )
Description: C:\Windows\system32\WindowsAnytimeUpgradeUI.exeC:\Windows\system32\WindowsAnytimeUpgradeUI.exe0
==================== Memory info ===========================
Percentage of memory in use: 70%
Total physical RAM: 3934.36 MB
Available physical RAM: 1170.95 MB
Total Pagefile: 7866.89 MB
Available Pagefile: 4276.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:450.53 GB) (Free:388.34 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 6E8CE96C)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 19 GB) (Disk ID: 37A019CD)
Partition 1: (Not Active) - (Size=4 GB) - (Type=84)
Partition 2: (Not Active) - (Size=15 GB) - (Type=73)
==================== End Of Log ============================
|
|
31.12.2013, 09:13
| #4 |
| | VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ? GMER: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-30 13:57:57
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD50 rev.01.0 465,76GB
Running: 4s7438ut.exe; Driver: C:\Users\APB\AppData\Local\Temp\kxdoakob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003207000 45 bytes [00, 00, 1E, 02, 4E, 53, 49, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff8000320702f 16 bytes [00, 58, C0, 4F, 0B, 80, FA, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\System32\svchost.exe[700] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007789eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[736] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007789eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007789eecd 1 byte [62]
.text C:\Windows\Explorer.EXE[1572] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007789eecd 1 byte [62]
.text C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe[1372] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2ba 1 byte [62]
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[2124] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007789eecd 1 byte [62]
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2260] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007789eecd 1 byte [62]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2380] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2ba 1 byte [62]
.text C:\Program Files (x86)\PDF Architect\HelperService.exe[2168] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2ba 1 byte [62]
.text C:\Users\APB\AppData\Roaming\Dropbox\bin\Dropbox.exe[1556] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2ba 1 byte [62]
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3180] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe[3252] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2ba 1 byte [62]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3260] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2ba 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3380] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe[3440] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2ba 1 byte [62]
.text C:\Windows\system32\svchost.exe[3448] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007789eecd 1 byte [62]
.text C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe[3528] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\PeerManager.exe[3548] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[3576] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007585a2ba 1 byte [62]
.text C:\Windows\system32\igfxsrvc.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a83b10 5 bytes JMP 000000010021075c
.text C:\Windows\system32\igfxsrvc.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077a87ac0 5 bytes JMP 00000001002103a4
.text C:\Windows\system32\igfxsrvc.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077ab1430 5 bytes JMP 0000000100210b14
.text C:\Windows\system32\igfxsrvc.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077ab1490 5 bytes JMP 0000000100210ecc
.text C:\Windows\system32\igfxsrvc.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077ab1570 5 bytes JMP 000000010021163c
.text C:\Windows\system32\igfxsrvc.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077ab17b0 5 bytes JMP 0000000100211284
.text C:\Windows\system32\igfxsrvc.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ab27e0 5 bytes JMP 00000001002119f4
.text C:\Windows\system32\SearchIndexer.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a83b10 5 bytes JMP 00000001001a075c
.text C:\Windows\system32\SearchIndexer.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077a87ac0 5 bytes JMP 00000001001a03a4
.text C:\Windows\system32\SearchIndexer.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077ab1430 5 bytes JMP 00000001001a0b14
.text C:\Windows\system32\SearchIndexer.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077ab1490 5 bytes JMP 00000001001a0ecc
.text C:\Windows\system32\SearchIndexer.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077ab1570 5 bytes JMP 00000001001a163c
.text C:\Windows\system32\SearchIndexer.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077ab17b0 5 bytes JMP 00000001001a1284
.text C:\Windows\system32\SearchIndexer.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ab27e0 5 bytes JMP 00000001001a19f4
.text C:\Windows\system32\SearchIndexer.exe[5772] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007789eecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe[5060] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077c5fac0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe[5060] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077c5fb58 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe[5060] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c5fcb0 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe[5060] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c60038 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe[5060] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c61920 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe[5060] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077c7c4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe[5060] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c81287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe[5060] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007585a2ba 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[6416] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a83b10 5 bytes JMP 000000010011075c
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[6416] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077a87ac0 5 bytes JMP 00000001001103a4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[6416] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077ab1430 5 bytes JMP 0000000100110b14
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[6416] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077ab1490 5 bytes JMP 0000000100110ecc
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[6416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077ab1570 5 bytes JMP 000000010011163c
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[6416] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077ab17b0 5 bytes JMP 0000000100111284
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[6416] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ab27e0 5 bytes JMP 00000001001119f4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[6416] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007789eecd 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[6416] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe536e00 5 bytes JMP 000007ff7e551dac
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[6416] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe536f2c 5 bytes JMP 000007ff7e550ecc
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[6416] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe537220 5 bytes JMP 000007ff7e551284
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[6416] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe53739c 5 bytes JMP 000007ff7e55163c
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[6416] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe537538 5 bytes JMP 000007ff7e5519f4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[6416] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5375e8 5 bytes JMP 000007ff7e5503a4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[6416] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe53790c 5 bytes JMP 000007ff7e55075c
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[6416] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe537ab4 5 bytes JMP 000007ff7e550b14
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[6692] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077c5fac0 5 bytes JMP 0000000100150600
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[6692] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077c5fb58 5 bytes JMP 0000000100150804
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[6692] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c5fcb0 5 bytes JMP 0000000100150c0c
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[6692] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c60038 5 bytes JMP 0000000100150a08
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[6692] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c61920 5 bytes JMP 0000000100150e10
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[6692] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077c7c4dd 5 bytes JMP 00000001001501f8
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[6692] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c81287 5 bytes JMP 00000001001503fc
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[6692] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007585a2ba 1 byte [62]
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[6700] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077c5fac0 5 bytes JMP 0000000100090600
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[6700] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077c5fb58 5 bytes JMP 0000000100090804
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[6700] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c5fcb0 5 bytes JMP 0000000100090c0c
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[6700] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c60038 5 bytes JMP 0000000100090a08
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[6700] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c61920 5 bytes JMP 0000000100090e10
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[6700] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077c7c4dd 5 bytes JMP 00000001000901f8
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[6700] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c81287 5 bytes JMP 00000001000903fc
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[6700] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007585a2ba 1 byte [62]
.text C:\Windows\System32\svchost.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a83b10 5 bytes JMP 000000010023075c
.text C:\Windows\System32\svchost.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077a87ac0 5 bytes JMP 00000001002303a4
.text C:\Windows\System32\svchost.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077ab1430 5 bytes JMP 0000000100230b14
.text C:\Windows\System32\svchost.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077ab1490 5 bytes JMP 0000000100230ecc
.text C:\Windows\System32\svchost.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077ab1570 5 bytes JMP 000000010023163c
.text C:\Windows\System32\svchost.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077ab17b0 5 bytes JMP 0000000100231284
.text C:\Windows\System32\svchost.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ab27e0 5 bytes JMP 00000001002319f4
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4492] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077c5fac0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4492] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077c5fb58 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4492] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c5fcb0 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4492] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c60038 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4492] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c61920 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4492] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077c7c4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4492] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c81287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4492] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007585a2ba 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077c5fac0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077c5fb58 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c5fcb0 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c60038 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c61920 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077c7c4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c81287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007585a2ba 1 byte [62]
.text C:\Windows\system32\AUDIODG.EXE[5744] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 000000007789eecd 1 byte [62]
.text C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077c5fac0 5 bytes JMP 0000000100030600
.text C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077c5fb58 5 bytes JMP 0000000100030804
.text C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c5fcb0 5 bytes JMP 0000000100030c0c
.text C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c60038 5 bytes JMP 0000000100030a08
.text C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c61920 5 bytes JMP 0000000100030e10
.text C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077c7c4dd 5 bytes JMP 00000001000301f8
.text C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c81287 5 bytes JMP 00000001000303fc
.text C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007585a2ba 1 byte [62]
.text C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075ea5181 5 bytes JMP 00000001001e1014
.text C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075ea5254 5 bytes JMP 00000001001e0804
.text C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075ea53d5 5 bytes JMP 00000001001e0a08
.text C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075ea54c2 5 bytes JMP 00000001001e0c0c
.text C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075ea55e2 5 bytes JMP 00000001001e0e10
.text C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075ea567c 5 bytes JMP 00000001001e01f8
.text C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075ea589f 5 bytes JMP 00000001001e03fc
.text C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075ea5a22 5 bytes JMP 00000001001e0600
.text C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007600ee09 5 bytes JMP 00000001001f01f8
.text C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076013982 5 bytes JMP 00000001001f03fc
.text C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076017603 5 bytes JMP 00000001001f0804
.text C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007601835c 5 bytes JMP 00000001001f0600
.text C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007602f52b 5 bytes JMP 00000001001f0a08
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [948:3900] 000007fefaab2154
Thread C:\Windows\system32\svchost.exe [400:3896] 000007fefaab2154
Thread C:\Windows\System32\svchost.exe [700:1108] 000007fefc1ef2f4
Thread C:\Windows\System32\svchost.exe [700:1124] 000007fefc016204
Thread C:\Windows\System32\svchost.exe [700:1256] 000007fefb7c2070
Thread C:\Windows\System32\svchost.exe [700:1284] 000007fefb625428
Thread C:\Windows\System32\svchost.exe [700:6880] 000007fefe5cc608
Thread C:\Windows\System32\svchost.exe [700:2916] 000007fee92a6b8c
Thread C:\Windows\System32\svchost.exe [700:4116] 000007fee92a1d88
Thread C:\Windows\System32\svchost.exe [700:1312] 000007fefad65fd0
Thread C:\Windows\System32\svchost.exe [700:2208] 000007fefb70a828
Thread C:\Windows\System32\svchost.exe [736:1340] 000007fefb2659a0
Thread C:\Windows\System32\svchost.exe [736:1424] 000007fefd271a70
Thread C:\Windows\System32\svchost.exe [736:5072] 000007fef5d188f8
Thread C:\Windows\System32\svchost.exe [736:5108] 000007fef51544e0
Thread C:\Windows\System32\svchost.exe [736:1804] 000007feed1720c0
Thread C:\Windows\System32\svchost.exe [736:4072] 000007feed1726a8
Thread C:\Windows\System32\svchost.exe [736:4860] 000007feed1729dc
Thread C:\Windows\System32\svchost.exe [736:6564] 000007feead33efc
Thread C:\Windows\System32\svchost.exe [736:3420] 000007feead78a4c
Thread C:\Windows\System32\svchost.exe [736:6076] 000007feeac442c8
Thread C:\Windows\System32\svchost.exe [736:892] 000007fefad65fd0
Thread C:\Windows\System32\svchost.exe [736:4900] 000007fefad663ec
Thread C:\Windows\system32\svchost.exe [964:6840] 000007feeb41d3c8
Thread C:\Windows\system32\svchost.exe [964:6336] 000007feeb41d3c8
Thread C:\Windows\system32\svchost.exe [964:6860] 000007feeb41d3c8
Thread C:\Windows\system32\svchost.exe [964:6856] 000007feeb41d3c8
Thread C:\Windows\system32\svchost.exe [964:5276] 000007feeb54c2d4
Thread C:\Windows\system32\svchost.exe [964:4468] 000007feeb54c2d4
Thread C:\Windows\system32\svchost.exe [964:3876] 000007feeb54c2d4
Thread C:\Windows\system32\svchost.exe [964:3048] 000007feeb54c2d4
Thread C:\Windows\system32\svchost.exe [964:5636] 000007fef5d55124
Thread C:\Windows\system32\svchost.exe [1036:5404] 000007feefba506c
Thread C:\Windows\system32\svchost.exe [1036:5408] 000007fef8081c20
Thread C:\Windows\system32\svchost.exe [1036:5412] 000007fef8081c20
Thread C:\Windows\system32\svchost.exe [1036:2456] 000007fef5d55124
Thread C:\Windows\system32\svchost.exe [1036:6740] 000007fee6cccb70
Thread C:\Windows\system32\svchost.exe [1128:1420] 000007fefbd28274
Thread C:\Windows\system32\svchost.exe [1128:1540] 000007fefbd28274
Thread C:\Windows\system32\svchost.exe [1244:1292] 000007fefb6c341c
Thread C:\Windows\system32\svchost.exe [1244:1300] 000007fefb6c3a2c
Thread C:\Windows\system32\svchost.exe [1244:1304] 000007fefb6c3768
Thread C:\Windows\system32\svchost.exe [1244:1308] 000007fefb6c5c20
Thread C:\Windows\system32\svchost.exe [1244:3036] 000007fef61cbd88
Thread C:\Windows\system32\svchost.exe [1244:4916] 000007fef8505170
Thread C:\Windows\system32\svchost.exe [1244:6544] 000007fef5d55124
Thread C:\Windows\system32\svchost.exe [1244:6816] 000007fefb6c3900
Thread C:\Windows\System32\spoolsv.exe [1784:3796] 000007fefa9410c8
Thread C:\Windows\System32\spoolsv.exe [1784:3852] 000007fef6c26144
Thread C:\Windows\System32\spoolsv.exe [1784:3856] 000007fefad65fd0
Thread C:\Windows\System32\spoolsv.exe [1784:3860] 000007fefa903438
Thread C:\Windows\System32\spoolsv.exe [1784:3864] 000007fefad663ec
Thread C:\Windows\System32\spoolsv.exe [1784:3868] 000007fefa903438
Thread C:\Windows\System32\spoolsv.exe [1784:3872] 000007fefad663ec
Thread C:\Windows\System32\spoolsv.exe [1784:3904] 000007fef52e5e5c
Thread C:\Windows\System32\spoolsv.exe [1784:3984] 000007fef5415074
Thread C:\Windows\system32\svchost.exe [1824:1852] 000007fefd271a70
Thread C:\Windows\system32\svchost.exe [1824:1856] 000007fefd271a70
Thread C:\Windows\system32\svchost.exe [1824:1936] 000007fefd271a70
Thread C:\Windows\system32\svchost.exe [1824:1960] 000007fef9a52c70
Thread C:\Windows\system32\svchost.exe [1824:1992] 000007fef9a5fb40
Thread C:\Windows\system32\svchost.exe [1824:2004] 000007fef9a71d20
Thread C:\Windows\system32\svchost.exe [1824:2008] 000007fef9a5f6f0
Thread C:\Windows\system32\svchost.exe [1824:1672] 000007fef84335c0
Thread C:\Windows\system32\svchost.exe [1824:6000] 000007fef8435600
Thread C:\Windows\system32\svchost.exe [1824:6504] 000007feebb82888
Thread C:\Windows\system32\svchost.exe [1824:6532] 000007feebb52940
Thread C:\Windows\system32\svchost.exe [2488:2932] 000007fefad65fd0
Thread C:\Windows\system32\svchost.exe [2488:2944] 000007fefad663ec
Thread C:\Windows\system32\svchost.exe [2488:6536] 000007feec1d8470
Thread C:\Windows\system32\svchost.exe [2488:6540] 000007feec1e2418
Thread C:\Windows\system32\svchost.exe [2488:6400] 000007feeb47f130
Thread C:\Windows\system32\svchost.exe [2488:4192] 000007feeb474734
Thread C:\Windows\system32\svchost.exe [2488:6284] 000007feeb474734
Thread C:\Windows\system32\svchost.exe [2488:4144] 000007feec1e976c
Thread C:\Windows\system32\wbem\wmiprvse.exe [5420:5488] 000007fef8081c20
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6416:5068] 000007fefe130168
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6416:4944] 000007fefbb72a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6416:3100] 000007fee9634830
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6416:5948] 000007fef5d55124
Thread C:\Windows\System32\svchost.exe [7052:7068] 000007fef8505170
Thread C:\Windows\System32\svchost.exe [7052:2448] 000007fef5d59874
Thread C:\Windows\System32\svchost.exe [6084:5748] 000007fee6f29688
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{899AC9CD-C277-40F6-88FB-A8BC50C6E288}\Connection@Name isatap.{637B9800-7C80-4D5C-91D8-2880EB94C04D}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{B6DAEFB3-F26A-4480-BB27-0FEF2D71DF24}?\Device\{899AC9CD-C277-40F6-88FB-A8BC50C6E288}?\Device\{2094E1C8-9A5C-4BB7-BA6E-243B1BA58B49}?\Device\{9BB5DC1F-C610-484A-823D-6E536CDF9C41}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{B6DAEFB3-F26A-4480-BB27-0FEF2D71DF24}"?"{899AC9CD-C277-40F6-88FB-A8BC50C6E288}"?"{2094E1C8-9A5C-4BB7-BA6E-243B1BA58B49}"?"{9BB5DC1F-C610-484A-823D-6E536CDF9C41}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{B6DAEFB3-F26A-4480-BB27-0FEF2D71DF24}?\Device\TCPIP6TUNNEL_{899AC9CD-C277-40F6-88FB-A8BC50C6E288}?\Device\TCPIP6TUNNEL_{2094E1C8-9A5C-4BB7-BA6E-243B1BA58B49}?\Device\TCPIP6TUNNEL_{9BB5DC1F-C610-484A-823D-6E536CDF9C41}?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 3
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 91
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 7658193
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition3\Windows
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 11
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\844bf5a75a0e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c018855b6f38
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{899AC9CD-C277-40F6-88FB-A8BC50C6E288}@InterfaceName isatap.{637B9800-7C80-4D5C-91D8-2880EB94C04D}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{899AC9CD-C277-40F6-88FB-A8BC50C6E288}@ReusableType 0
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 3
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 91
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 7658193
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition3\Windows
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 11
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\844bf5a75a0e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c018855b6f38 (not active ControlSet)
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.12.30.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 APB :: ACER-ULTRA [Administrator] Schutz: Aktiviert 30.12.2013 14:15:37 mbam-log-2013-12-30 (14-15-37).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 381989 Laufzeit: 47 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.16476
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.696000 GHz
Memory total: 4125470720, free: 999219200
Downloaded database version: v2013.12.30.04
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
12/30/2013 15:19:20
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\system32\DRIVERS\excsd.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\system32\DRIVERS\excfs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\irstrtdv.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\System32\Drivers\rimvndis6_AMD64.sys
\SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\LEqdUsb.Sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\LHidEqd.Sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\TurboB.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Users\APB\AppData\Local\Temp\kxdoakob.sys
\SystemRoot\system32\DRIVERS\umpass.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\WSDPrint.sys
\SystemRoot\system32\drivers\WSDScan.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\psapi.dll
\Windows\System32\user32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\kernel32.dll
\Windows\System32\advapi32.dll
\Windows\System32\msctf.dll
\Windows\System32\setupapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\nsi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\difxapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\usp10.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007d45060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8006aed050
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007d44060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xfffffa8006ae9050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007d44060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007be18e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007be2880, DeviceName: \Device\excsd0\, DriverName: \Driver\excsd\
DevicePointer: 0xfffffa8007d44060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006ae9050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\excsd0\, DriverName: \Driver\excsd\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6E8CE96C
Partition information:
Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 31744000
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 31746048 Numsec = 204800
Partition is not bootable
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 31950848 Numsec = 944820224
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007d45060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007d45b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007be3880, DeviceName: \Device\excsd1\, DriverName: \Driver\excsd\
DevicePointer: 0xfffffa8007d45060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006aed050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\excsd1\, DriverName: \Driver\excsd\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 37A019CD
Partition information:
Partition 0 type is Other (0x84)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 7835648
Partition 1 type is Other (0x73)
Partition is NOT ACTIVE.
Partition starts at LBA: 7839744 Numsec = 31246336
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 20014718976 bytes
Sector size: 512 bytes
Done!
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_31746048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removal finished
|
|
31.12.2013, 09:17
| #5 |
| | VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ? OTL Code:
ATTFilter OTL logfile created on: 30.12.2013 15:39:55 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\APB\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16428) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,84 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 33,21% Memory free 7,68 Gb Paging File | 4,18 Gb Available in Paging File | 54,41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450,53 Gb Total Space | 387,89 Gb Free Space | 86,10% Space Free | Partition Type: NTFS Computer Name: ACER-ULTRA | User Name: APB | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days ========== Processes (SafeList) ========== PRC - C:\Users\APB\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\APB\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\PeerManager.exe (Research In Motion Limited) PRC - C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe (Research In Motion Limited) PRC - C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH) PRC - C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GmbH) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited) PRC - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe () PRC - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe () PRC - C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe (Atheros) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated) PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation) PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Users\APB\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf () MOD - C:\Users\APB\AppData\Roaming\Dropbox\bin\libcef.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\c9786062fbb311c543497e28c1e1a0c5\CustomMarshalers.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll () MOD - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe () MOD - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe () MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll () ========== Services (SafeList) ========== SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (AdobeARMservice) -- c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (RIM MDNS) -- C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe (Apple Inc.) SRV - (RIM Tunnel Service) -- C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe (Research In Motion Limited) SRV - (PDF Architect Helper Service) -- C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH) SRV - (PDF Architect Service) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GmbH) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (BlackBerry Device Manager) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited) SRV - (CCDMonitorService) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated) SRV - (USecuAppSvc) -- C:\Programme\Acer\Acer Theft Shield\USecuAppSvc.exe (Acer Incorporated) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (irstrtsv) -- C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (ZAtheros Wlan Agent) -- C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe (Atheros) SRV - (ExpressCache) -- C:\Programme\Diskeeper Corporation\ExpressCache\ExpressCache.exe (Diskeeper Corporation) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (Live Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated) SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation) SRV - (FFSOpzSvc) -- C:\Programme\Sleep Memory Optimizer\FFSService.exe (Acer Incorporated) SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. ) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys () DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys () DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (rimvndis) -- C:\Windows\SysNative\drivers\rimvndis6_AMD64.sys (Research in Motion Limited) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (usbrndis6) -- C:\Windows\SysNative\drivers\usb80236.sys (Microsoft Corporation) DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited) DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.) DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (irstrtdv) -- C:\Windows\SysNative\drivers\irstrtdv.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\RtsUVStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros) DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (excsd) -- C:\Windows\SysNative\drivers\excsd.sys (Diskeeper Corporation) DRV:64bit: - (excfs) -- C:\Windows\SysNative\drivers\excfs.sys (Diskeeper Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation) DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1497 FF - prefs.js..extensions.enabledAddons: FFPDFArchitectConverter%40pdfarchitect.com:1.0 FF - prefs.js..extensions.enabledAddons: %7BF003DA68-8256-4b37-A6C4-350FA04494DF%7D:6.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.09.11 07:45:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.06.16 05:56:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.06.24 09:43:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.04 12:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\APB\AppData\Roaming\mozilla\Extensions [2013.12.29 17:57:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\APB\AppData\Roaming\mozilla\Firefox\Profiles\h3p0lpdr.default\extensions [2013.12.20 09:24:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.12.20 09:24:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.12.20 09:24:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.06.16 05:56:15 | 000,000,000 | ---D | M] (PDF Architect Converter For Firefox) -- C:\PROGRAM FILES (X86)\PDF ARCHITECT\FFPDFARCHITECTEXT [2013.09.11 07:45:36 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2013.06.24 09:43:16 | 000,000,000 | ---D | M] (Logitech SetPoint) -- C:\PROGRAM FILES\LOGITECH\SETPOINTP\LOGISMOOTHFIREFOXEXT ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll CHR - Extension: Google Docs = C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Logitech SetPoint = C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0\ CHR - Extension: Google Wallet = C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\ CHR - Extension: Google Mail = C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [InstantUpdate] C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe () O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\72c2e4d7-871f-4dee-b80b-4301baba235d.exe (AVAST Software) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [RIM PeerManager] C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe (Research In Motion Limited) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [Personal ID] C:\coolspot AG\Personal ID\pid.exe (coolspot AG, Düsseldorf) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\APB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\APB\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 10.25.2) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 10.25.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E733ADF-00F4-4012-AA5C-A807FDCD2CBD}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1cdabc58-bf86-11e2-a8d0-917478fbae53}\Shell - "" = AutoRun O33 - MountPoints2\{1cdabc58-bf86-11e2-a8d0-917478fbae53}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\start.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 60 Days ========== [2013.12.30 15:19:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013.12.30 15:19:19 | 000,117,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2013.12.30 15:18:25 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2013.12.30 15:18:21 | 000,000,000 | ---D | C] -- C:\Users\APB\Desktop\mbar [2013.12.30 14:13:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.12.30 14:12:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\APB\Desktop\OTL.exe [2013.12.30 13:30:06 | 000,000,000 | ---D | C] -- C:\FRST [2013.12.30 13:16:33 | 001,931,302 | ---- | C] (Farbar) -- C:\Users\APB\Desktop\FRST64.exe [2013.12.30 10:52:29 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\MigWiz [2013.12.30 10:10:58 | 000,000,000 | ---D | C] -- C:\Users\APB\Desktop\ACER_DESKTOP [2013.12.30 10:07:52 | 000,000,000 | ---D | C] -- C:\Users\APB\Desktop\ACER_SAS [2013.12.29 12:17:06 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.12.29 11:23:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2013.12.28 19:35:04 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Roaming\Malwarebytes [2013.12.28 19:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.12.28 19:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.12.28 19:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.12.23 05:15:36 | 000,000,000 | ---D | C] -- C:\Users\APB\dwhelper [2013.12.20 09:24:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.12.20 09:01:32 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{BDF73505-64CB-4A28-9990-C822EFCE3D12} [2013.12.19 07:37:09 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{2B140492-5FC5-41A1-94C9-74DCB4805487} [2013.12.18 10:49:59 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{E1DF1BD8-A55C-40BD-A4E9-1AAD3BE3CC2B} [2013.12.17 09:10:51 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{B17FE4F4-478F-4693-8B38-598A83554B4A} [2013.12.16 11:49:35 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{6325584A-A627-4E06-BD5E-DD2C49885B55} [2013.12.15 10:40:25 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{D2324234-C310-4EC8-8C46-2FF3583558B6} [2013.12.14 18:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.12.14 09:23:04 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{9BFB83A7-93D0-4DCE-87D0-07612EBEDCD1} [2013.12.13 09:14:43 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{CEB7D5C0-24F2-42AB-887F-A269488BE7EF} [2013.12.13 07:28:16 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2013.12.13 07:28:15 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2013.12.13 07:28:15 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2013.12.13 07:28:13 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2013.12.13 07:26:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2013.12.13 07:26:30 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.12.13 07:26:29 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.12.13 07:26:29 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.12.13 07:26:29 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.12.13 07:26:29 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.12.13 07:26:28 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2013.12.13 07:26:28 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.12.13 07:26:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2013.12.13 07:26:27 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.12.13 07:26:27 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2013.12.13 07:26:27 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.12.13 07:26:27 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2013.12.13 07:26:24 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.12.13 07:26:24 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.12.13 07:26:22 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.12.12 20:25:23 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll [2013.12.12 20:25:21 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll [2013.12.12 20:25:20 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.12.12 20:25:20 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.12.12 20:25:19 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2013.12.12 20:25:07 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys [2013.12.12 20:25:06 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx [2013.12.12 20:25:06 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys [2013.12.12 20:25:05 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll [2013.12.12 20:25:05 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll [2013.12.12 20:25:05 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe [2013.12.12 20:25:05 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe [2013.12.12 20:25:05 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx [2013.12.12 11:24:21 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{2F47591A-C639-46DF-99D6-B49855015C7F} [2013.12.11 12:17:21 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{A4C4C9D7-1E95-47E6-8D33-173BA47A781F} [2013.12.03 15:04:38 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{C7FABDC8-6BE3-4822-84B3-8A90A30124BB} [2013.12.01 09:57:37 | 000,000,000 | ---D | C] -- C:\Users\APB\Application Data [2013.12.01 09:40:12 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{270D3B0E-0616-4AB3-A772-75895074453C} [2013.11.30 15:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Personal ID [2013.11.30 15:08:28 | 000,000,000 | ---D | C] -- C:\coolspot AG [2013.11.30 10:20:46 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{ABE5A90D-DB41-433E-801C-91BFF6DC92EC} [2013.11.29 10:58:52 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{44231D47-34AB-4D3F-9F4A-F9F867514BEC} [2013.11.28 19:44:44 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{DC06D0A3-0B3D-4D74-B884-9D71AE1932F6} [2013.11.28 09:46:15 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\.elfohilfe [2013.11.28 09:43:17 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Roaming\elsterformular [2013.11.28 09:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular [2013.11.28 09:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular [2013.11.28 09:42:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular [2013.11.28 06:21:59 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{FDBF0089-7962-42C5-B792-2B4AA57F0B7B} [2013.11.27 11:45:14 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{0B14E3BE-F507-4BB9-9BAD-B7B69972D9BA} [2013.11.25 10:32:10 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{7DA4428D-449B-48BE-AE5D-D1E0A228B667} [2013.11.24 10:52:53 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{D2831063-2855-4D8F-B8A1-FCF3396191BE} [2013.11.23 09:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Buderus [2013.11.23 09:48:11 | 000,000,000 | ---D | C] -- C:\Users\APB\Documents\Buderus [2013.11.23 09:48:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Buderus [2013.11.23 08:06:16 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{E759CCF0-AF69-42F6-9378-73A3A247BDF8} [2013.11.22 12:26:40 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{BEBB9594-A8BA-484B-967B-D8058C5A7025} [2013.11.21 10:29:58 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{39DAADD9-ACC9-4F96-BA25-AE1D5CDBD812} [2013.11.20 16:30:54 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\FullTiltPoker.eu [2013.11.20 16:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker.Eu [2013.11.20 16:30:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Full Tilt Poker.Eu [2013.11.20 16:27:53 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\cache [2013.11.20 16:27:47 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\FullTiltPoker [2013.11.20 16:27:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker [2013.11.20 16:27:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Full Tilt Poker [2013.11.20 08:14:18 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{91583922-03CE-48C5-8987-D0B82C31A7DA} [2013.11.20 07:35:04 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE [2013.11.20 07:27:29 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.11.20 07:27:29 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.11.20 07:27:26 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.11.20 07:27:26 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.11.20 07:27:26 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll [2013.11.20 07:27:26 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.11.20 07:27:26 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll [2013.11.20 07:27:26 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.11.20 07:27:26 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.11.20 07:27:26 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.11.20 07:27:26 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.11.20 07:27:26 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.11.20 07:27:26 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.11.20 07:27:26 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.11.20 07:27:26 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.11.20 07:27:26 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.11.20 07:27:26 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.11.20 07:27:26 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.11.20 07:27:26 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.11.20 07:27:26 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.11.20 07:27:26 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.11.20 07:27:26 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.11.20 07:27:26 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.11.20 07:27:26 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.11.20 07:27:26 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.11.20 07:27:26 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.11.20 07:27:26 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.11.20 07:27:26 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.11.20 07:27:26 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.11.20 07:27:26 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.11.20 07:27:26 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.11.20 07:27:26 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.11.20 07:27:26 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.11.20 07:27:26 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.11.20 07:27:26 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.11.20 07:27:26 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.11.20 07:27:26 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.11.20 07:27:26 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.11.20 07:27:26 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.11.20 07:27:26 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll [2013.11.20 07:27:26 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.11.20 07:27:26 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.11.20 07:27:26 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.11.20 07:27:26 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.11.20 07:27:26 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.11.20 07:27:26 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.11.20 07:27:26 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.11.20 07:27:26 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.11.20 07:27:26 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.11.20 07:27:26 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2013.11.20 07:27:26 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.11.20 07:27:26 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.11.20 07:27:26 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2013.11.20 07:27:26 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.11.20 07:27:26 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.11.20 07:27:26 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.11.20 07:27:26 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll [2013.11.20 07:27:26 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll [2013.11.20 07:27:26 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.11.20 07:27:26 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.11.20 07:27:26 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.11.20 07:27:26 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.11.20 07:27:26 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.11.20 07:27:26 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.11.19 19:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\partypoker [2013.11.19 17:02:29 | 000,000,000 | ---D | C] -- C:\Users\APB\PARTYPOKERPokerDir [2013.11.19 13:15:50 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{FB1A619F-E64A-440F-9D14-421C43A94066} [2013.11.18 08:45:01 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{051C067B-CA6D-41F1-87D8-3A2C8FE76FC5} [2013.11.16 17:49:35 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Roaming\cef-cache [2013.11.16 17:49:31 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Roaming\Party [2013.11.16 17:49:08 | 000,000,000 | ---D | C] -- C:\Programs [2013.11.16 17:26:33 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{1865F77F-CFB2-4ACF-ACB7-66C28C429C2A} [2013.11.15 20:33:30 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{D28A5EFD-C381-4640-87B9-9E61093E4A84} [2013.11.15 12:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.11.15 12:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2013.11.15 11:17:41 | 000,000,000 | ---D | C] -- C:\Windows\Offline Address Books [2013.11.15 08:33:04 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{D6B39F1C-5489-4E24-BE4B-BE1E9ECD63EB} [2013.11.14 07:52:09 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{754DA478-7EC0-4FB6-AEEB-1F7828ED5D63} [2013.11.13 07:25:20 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{176EA23E-A1B6-4DCF-8B64-A2EE816029E0} [2013.11.13 07:22:56 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013.11.13 07:22:48 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.11.13 07:22:47 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.11.13 07:22:46 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll [2013.11.13 07:22:46 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll [2013.11.13 07:22:46 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll [2013.11.13 07:22:38 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2013.11.13 07:22:38 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.11.13 07:22:38 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2013.11.13 07:22:37 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2013.11.13 07:22:37 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2013.11.13 07:22:33 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll [2013.11.13 07:22:30 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll [2013.11.13 07:22:30 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll [2013.11.13 07:22:30 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL [2013.11.13 07:22:30 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL [2013.11.12 13:53:09 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\Citrix [2013.11.12 07:52:28 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{F11E7D11-2937-48B2-A702-A10625B22078} [2013.11.11 19:52:06 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{CD841451-6712-481A-85EC-E0A2717E3AAD} [2013.11.11 07:51:42 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{8D6C97A9-F929-4105-A37F-B2D048FA8243} [2013.11.10 10:37:54 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{B007BD3B-DB79-482E-A35D-5FE225F3FCD9} [2013.11.09 10:13:10 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{87578B61-976E-4E06-94C3-8489247E39DC} [2013.11.08 10:40:34 | 000,000,000 | ---D | C] -- C:\Users\APB\.pdfsam [2013.11.08 10:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge Basic [2013.11.08 10:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Split And Merge Basic [2013.11.08 09:13:44 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{33BFB54D-CFA5-4899-BD6B-C60EE3AC5CB2} [2013.11.07 13:14:05 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{E72E13C9-9399-42EF-87CB-3D249A177C96} [2013.11.06 16:54:47 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{6A44BC39-62EA-4A6F-A46A-29848E98009F} [2 C:\Users\APB\Desktop\*.tmp files -> C:\Users\APB\Desktop\*.tmp -> ] ========== Files - Modified Within 60 Days ========== [2013.12.30 15:19:19 | 000,117,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2013.12.30 15:19:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.12.30 15:18:25 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2013.12.30 14:55:35 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.12.30 14:19:27 | 001,233,962 | ---- | M] () -- C:\Users\APB\Desktop\adwcleaner.exe [2013.12.30 14:13:34 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.12.30 14:12:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\APB\Desktop\OTL.exe [2013.12.30 13:21:16 | 000,377,856 | ---- | M] () -- C:\Users\APB\Desktop\4s7438ut.exe [2013.12.30 13:16:58 | 001,931,302 | ---- | M] (Farbar) -- C:\Users\APB\Desktop\FRST64.exe [2013.12.30 11:55:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.12.30 11:41:38 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.12.30 11:41:38 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.12.30 11:33:02 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2013.12.30 11:32:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.12.30 11:32:14 | 3094,102,016 | -HS- | M] () -- C:\hiberfil.sys [2013.12.30 11:31:46 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat [2013.12.30 10:38:43 | 001,621,308 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.12.30 10:38:43 | 000,700,418 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.12.30 10:38:43 | 000,655,090 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.12.30 10:38:43 | 000,149,182 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.12.30 10:38:43 | 000,121,962 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.12.29 17:54:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013.12.28 11:30:11 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2013.12.23 11:38:09 | 000,000,973 | ---- | M] () -- C:\Windows\wininit.ini [2013.12.23 11:38:08 | 000,001,053 | ---- | M] () -- C:\Users\APB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.12.13 08:24:22 | 000,469,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.12.11 16:19:15 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.12.11 16:19:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.11.26 11:18:23 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2013.11.26 10:48:07 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.11.26 10:46:25 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2013.11.26 10:27:54 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.11.26 10:21:24 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.11.26 10:18:39 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.11.26 10:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2013.11.26 10:16:57 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2013.11.26 09:57:44 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.11.26 09:35:02 | 005,769,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.11.26 09:32:08 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.11.26 09:28:16 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2013.11.26 09:02:16 | 001,995,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.11.26 08:32:06 | 001,928,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.11.26 07:34:55 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.11.26 07:34:27 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.11.24 11:23:14 | 000,000,106 | ---- | M] () -- C:\Windows\DTABegleit.INI [2013.11.23 19:26:20 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.11.23 18:47:34 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.11.20 16:28:49 | 022,734,832 | ---- | M] () -- C:\Users\APB\AppData\Local\TempFullTiltPokerEuSetup.exe [2013.11.20 07:27:29 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.11.20 07:27:29 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.11.20 07:27:26 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.11.20 07:27:26 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.11.20 07:27:26 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll [2013.11.20 07:27:26 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.11.20 07:27:26 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll [2013.11.20 07:27:26 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.11.20 07:27:26 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.11.20 07:27:26 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.11.20 07:27:26 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.11.20 07:27:26 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.11.20 07:27:26 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.11.20 07:27:26 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.11.20 07:27:26 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.11.20 07:27:26 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.11.20 07:27:26 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.11.20 07:27:26 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.11.20 07:27:26 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.11.20 07:27:26 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.11.20 07:27:26 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.11.20 07:27:26 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.11.20 07:27:26 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.11.20 07:27:26 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.11.20 07:27:26 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.11.20 07:27:26 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.11.20 07:27:26 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.11.20 07:27:26 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.11.20 07:27:26 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.11.20 07:27:26 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.11.20 07:27:26 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.11.20 07:27:26 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.11.20 07:27:26 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.11.20 07:27:26 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.11.20 07:27:26 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.11.20 07:27:26 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.11.20 07:27:26 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.11.20 07:27:26 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.11.20 07:27:26 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.11.20 07:27:26 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll [2013.11.20 07:27:26 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.11.20 07:27:26 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.11.20 07:27:26 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.11.20 07:27:26 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.11.20 07:27:26 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.11.20 07:27:26 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.11.20 07:27:26 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.11.20 07:27:26 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.11.20 07:27:26 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.11.20 07:27:26 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2013.11.20 07:27:26 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.11.20 07:27:26 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.11.20 07:27:26 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2013.11.20 07:27:26 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.11.20 07:27:26 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.11.20 07:27:26 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.11.20 07:27:26 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll [2013.11.20 07:27:26 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll [2013.11.20 07:27:26 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.11.20 07:27:26 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.11.20 07:27:26 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.11.20 07:27:26 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.11.20 07:27:26 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.11.20 07:27:26 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.11.20 07:27:26 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.11.20 07:27:26 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.11.12 13:53:05 | 000,102,248 | ---- | M] () -- C:\Users\APB\GoToAssistDownloadHelper.exe [2 C:\Users\APB\Desktop\*.tmp files -> C:\Users\APB\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.12.30 14:19:19 | 001,233,962 | ---- | C] () -- C:\Users\APB\Desktop\adwcleaner.exe [2013.12.30 14:13:34 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.12.30 13:21:05 | 000,377,856 | ---- | C] () -- C:\Users\APB\Desktop\4s7438ut.exe [2013.12.30 11:31:46 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat [2013.12.30 10:19:21 | 000,001,228 | ---- | C] () -- C:\Users\APB\Desktop\Explorer.lnk [2013.12.30 10:19:21 | 000,000,700 | ---- | C] () -- C:\Users\APB\Desktop\Biblio.lnk [2013.11.20 16:28:49 | 022,734,832 | ---- | C] () -- C:\Users\APB\AppData\Local\TempFullTiltPokerEuSetup.exe [2013.11.20 07:27:26 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.11.20 07:27:26 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.11.12 13:53:04 | 000,102,248 | ---- | C] () -- C:\Users\APB\GoToAssistDownloadHelper.exe [2013.10.19 10:04:45 | 000,000,106 | ---- | C] () -- C:\Windows\DTABegleit.INI [2013.10.04 14:21:16 | 000,000,017 | ---- | C] () -- C:\Users\APB\AppData\Local\resmon.resmoncfg [2013.09.22 14:04:13 | 000,013,312 | ---- | C] () -- C:\Users\APB\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.08.25 08:51:52 | 000,000,179 | ---- | C] () -- C:\Windows\ODBC.INI [2013.06.22 07:15:44 | 000,000,421 | ---- | C] () -- C:\Users\APB\AppData\Roaming\1_and_1_redirect.xml [2013.06.09 08:58:08 | 000,000,160 | ---- | C] () -- C:\Windows\DeskCalc.INI [2013.05.18 08:12:31 | 001,599,202 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.05.05 13:15:06 | 000,000,973 | ---- | C] () -- C:\Windows\wininit.ini [2013.05.04 13:10:46 | 000,007,053 | ---- | C] () -- C:\Users\APB\AppData\Roaming\e458452195.prf [2013.05.04 13:10:38 | 000,000,417 | ---- | C] () -- C:\Users\APB\AppData\Roaming\redirect.xml [2013.05.01 00:03:19 | 000,000,267 | ---- | C] () -- C:\Windows\LaunApp.ini [2013.04.30 23:55:55 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2013.04.30 23:55:55 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2013.04.30 23:55:54 | 013,024,768 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2013.04.30 23:55:54 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2013.04.30 23:54:41 | 000,001,327 | ---- | C] () -- C:\Windows\WPatchProgress.ini [2012.10.07 11:23:10 | 000,207,488 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll [2012.10.07 11:23:08 | 000,138,368 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll [2012.10.07 11:23:08 | 000,074,368 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll [2012.10.07 11:23:06 | 000,318,592 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll [2012.03.27 20:17:54 | 000,000,445 | ---- | C] () -- C:\Windows\Prelaunch.ini [2012.03.27 20:17:54 | 000,000,395 | ---- | C] () -- C:\Windows\WisPriority.ini [2012.03.27 20:17:54 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini [2012.03.07 00:40:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
31.12.2013, 09:22
| #6 |
| | VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ? OTL Extras: Code:
ATTFilter OTL Extras logfile created on: 30.12.2013 15:39:55 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\APB\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,84 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 33,21% Memory free
7,68 Gb Paging File | 4,18 Gb Available in Paging File | 54,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,53 Gb Total Space | 387,89 Gb Free Space | 86,10% Space Free | Partition Type: NTFS
Computer Name: ACER-ULTRA | User Name: APB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- Reg Error: Value error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- Reg Error: Value error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{036ECD61-665B-4800-84EB-346492F853D9}" = lport=8080 | protocol=6 | dir=in | app=c:\program files (x86)\common files\research in motion\nginx\nginx.exe |
"{0B8A38DF-65FA-4788-99A0-79BBA5D7BDBF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0D942463-9853-4E9B-A4A5-6DA1344E47A6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1427466A-B1D9-462E-AD3C-8835E757188A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1D59C561-62E1-462B-8634-42DE0247FB47}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{283EDACB-9CAE-45D1-B034-EBD0FC9578E3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2F7E7CD7-8D52-4723-82D0-12DA0E230071}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3540CCDD-89D3-4012-B9A2-0BDE088FE243}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{36E4D13D-3A1F-4F5E-96F9-7BF62A6BA9E0}" = rport=445 | protocol=6 | dir=out | app=system |
"{4350D173-2DD9-4405-9A13-639278A0B0D9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{491A05A3-FC23-4184-9090-7BC1CD1E5CF8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6EA027FC-C9DA-4094-B5BC-E44A55CBCEB4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{737A6122-B71B-4274-8FC3-6CA95E300473}" = lport=137 | protocol=17 | dir=in | app=system |
"{7575D93E-D9D1-40E3-B66E-4C4C4A77F9BC}" = lport=139 | protocol=6 | dir=in | app=system |
"{8EDB2601-9A23-45AA-93FA-446788A011BD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{97ACFF37-642D-46E2-A8F2-18F7B2887FFB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1C952B8-5BAB-4F79-B4C0-BCD7DF8E24F6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{AD229DC5-BAC4-4292-A274-6175A0FBBE5F}" = rport=138 | protocol=17 | dir=out | app=system |
"{AF483AF8-CA82-4151-A396-461A1F3FE95B}" = rport=139 | protocol=6 | dir=out | app=system |
"{B02E0073-EAE9-49D3-A926-C273FF8C5898}" = lport=138 | protocol=17 | dir=in | app=system |
"{B9D75F4C-C67C-4B2A-90AF-F499373FB1D9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C9948D02-CA64-43DC-8253-FD7A40664727}" = lport=445 | protocol=6 | dir=in | app=system |
"{CF05244A-C76A-42E5-9789-337EA4A4FE81}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{ED457866-9FE5-493E-8CB1-1A72D2B88C68}" = rport=137 | protocol=17 | dir=out | app=system |
"{FA3D8509-0268-4D9C-BD46-7CE7C058D431}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04BFB58E-7F0B-491F-9FB8-DEDD92D1B09A}" = protocol=6 | dir=in | app=c:\users\apb\appdata\roaming\dropbox\bin\dropbox.exe |
"{08F6C765-3723-4096-B2F5-8E6788AF93F9}" = protocol=6 | dir=in | svc=* | app=c:\program files (x86)\common files\research in motion\tunnel manager\tunmgr.exe |
"{0D5BCA22-479C-422C-9283-ED723573DFC9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0F1CADB4-1EC3-4AC6-B578-CAFD8FF8A784}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{11E2E1EE-6842-4E7C-B608-DEF4C35EFEEC}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{17602986-267F-44BC-A523-4EAE209A09D5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1976D439-C1D3-4298-A16D-1D75806A47FB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{1B6BDF63-0C4A-4960-8941-D055EDA1A38C}" = protocol=6 | dir=in | svc=* | app=c:\program files (x86)\common files\research in motion\tunnel manager\mdnsresponder.exe |
"{1C3E3C6C-1A2B-4F3D-8E54-FBE938CABF76}" = protocol=17 | dir=in | app=c:\users\apb\appdata\local\temp\smallinstaller\installfiles\ccdd.exe |
"{1E2AACED-747E-40ED-9EF2-7D9C38CC4EF0}" = protocol=17 | dir=in | svc=* | app=c:\program files (x86)\common files\research in motion\tunnel manager\tunmgr.exe |
"{24DB28D7-D17C-4383-B1C9-F857D2149C40}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{2C4BC1C5-F510-487B-BC74-572396894DB4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2C91CB71-D229-4AA5-9E94-94E5DBB7A5F3}" = protocol=6 | dir=in | app=c:\program files (x86)\sdsd\ssf editor\ssfeditor.exe |
"{31A6A4D9-C983-431C-B508-1AB8C3D570F1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{32A3C026-B7BE-4E77-9672-DC45FEF3A986}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{3AC1E7F3-32F1-4161-BA87-1F020ADA09D0}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{40069544-5AB1-4596-8F31-9E8F19319174}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{45A67AF6-AEBC-4819-967C-9023297F2289}" = protocol=58 | dir=in | app=system |
"{4D480D2A-822F-4F13-8EF7-2E092B766E50}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{4FCE9769-DA42-4598-96B5-C1B4C37F7B99}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{567EB23C-C461-4FED-8E42-30C5EAF7F3D9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{5A7BCB0C-3CAA-4D9A-A780-675AD582C740}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{61854202-5C83-4BCE-9A9A-DAF6BCE79CB0}" = dir=in | app=c:\program files\acer\acer theft shield\usecuappclient.exe |
"{64B5ABB9-511C-469C-BCFB-7EE8188AF49E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{65D4E9CB-458B-43B4-843E-449812300F59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6F23BC36-9165-44FE-92CB-2634D262B4FC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{76E2A7F9-2B4E-4712-8BDD-8C68EA84D10A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{787F8A49-BE93-4372-BB3E-D54F6AAA2E9A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7A63FA1A-335A-4483-B649-BF3460F9047E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe |
"{7E38CDFC-43CE-44AA-897B-4995D6F3D29E}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |
"{7F61D764-2350-43ED-A442-FB6C9A82510A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{80D76908-1E1A-40D2-BF97-CAFFF6321E2D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{863C1002-7F5B-4B44-8C84-6B8FC2BD2DF3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8672422C-2C3D-41B0-8B62-D47D8526CE5D}" = protocol=17 | dir=in | svc=* | app=c:\program files (x86)\common files\research in motion\tunnel manager\mdnsresponder.exe |
"{86F87E59-6227-4FE5-A49F-44BDE47FBBF3}" = protocol=17 | dir=in | app=c:\users\apb\appdata\roaming\dropbox\bin\dropbox.exe |
"{A0331BE6-7988-41E2-8EAD-B3D9B6B55A28}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{A19F079E-F930-46C3-B7AA-BF49789C65A7}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{A370B58E-6C64-4E64-B771-590DC6996FB0}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
"{A69D056D-DE79-4C01-B205-BB81CC3DF544}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{AB4BAFF7-F46D-4D6D-903D-A21815216EE5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C65A4485-7EF5-4C24-8379-BA0C8FAC20F8}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk20\movie\playmovie.exe |
"{C75C906D-2F31-46F9-8760-DAB3DB9AAFFE}" = protocol=6 | dir=in | app=c:\users\apb\appdata\local\temp\smallinstaller\installfiles\ccdd.exe |
"{C8B77245-BD31-40C1-B7B1-A6C4D57967B4}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\movie\playmovie.exe |
"{CA791863-3B18-4923-90EA-A9E783181CC9}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{CD74CFEE-EB7B-4B45-BA21-21CDC77E450D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CFB8EFFE-E96E-470A-ABB1-D06CE65D554A}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\musicplayer.exe |
"{D29E1956-B2E1-42D9-AC50-81623E7EE659}" = protocol=6 | dir=out | app=system |
"{E6A1B84C-39EE-44A7-9544-449346257A09}" = protocol=17 | dir=in | app=c:\program files (x86)\sdsd\ssf editor\ssfeditor.exe |
"{E704795C-AC5F-4EB6-95D8-A989BCE90839}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E76DF1C7-9FAC-41A3-BE24-6493F480E320}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{EA6B5601-F9FB-4EAF-B0A6-868B0FB47F48}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{F492F653-3690-4B30-A6ED-ED24933E4DA5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F5624989-CAE1-412E-8592-BB372D110A1A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F9133A55-84AD-4105-A6B2-6030B00B17C6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FB99D473-23F7-46BF-92A0-F478A096404B}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe |
"TCP Query User{040CCEA6-0A04-4171-9B41-9A8ACA820B30}C:\program files (x86)\nas utility\pnmd\pnmd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nas utility\pnmd\pnmd.exe |
"TCP Query User{0F798DB0-69D9-4197-9691-22207FAE3455}C:\users\apb\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\apb\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{513A8EF8-6274-49F5-BBDE-272EF9BC6CF9}C:\users\apb\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\apb\appdata\local\temp\_istmp1.dir\_ins5576._mp |
"TCP Query User{5939E3E8-073C-4951-A6B8-40B05C1C0720}C:\program files (x86)\acer\acer cloud\sdd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\sdd.exe |
"TCP Query User{6057385B-A57F-495D-9212-9AAC0CECE5E2}C:\program files (x86)\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\frifax32.exe |
"TCP Query User{6528D010-CD58-43A1-A6D3-1A20853E46DE}C:\users\apb\downloads\dtrace_fuer_fritzbox_fon_1.03\dtrace32.exe" = protocol=6 | dir=in | app=c:\users\apb\downloads\dtrace_fuer_fritzbox_fon_1.03\dtrace32.exe |
"TCP Query User{A3A5A6F6-807A-4010-89E1-E63BDFAEDFF3}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{D7A03031-BA3A-43E0-BFA2-2A746282E7DD}C:\users\apb\downloads\longshine\pnmd\pnmd\program files\nas utility\pnmd\pnmd.exe" = protocol=6 | dir=in | app=c:\users\apb\downloads\longshine\pnmd\pnmd\program files\nas utility\pnmd\pnmd.exe |
"UDP Query User{30AF1455-26F1-4FF6-B2A0-C6256AFDDCF8}C:\program files (x86)\acer\acer cloud\sdd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\sdd.exe |
"UDP Query User{430E0D5B-9D5B-4D9B-803E-73F3A815AD66}C:\users\apb\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\apb\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{A0BF85E2-5970-4C30-9607-BAF6F1BF85F5}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{C2672462-F539-491B-8B61-1EE203792B2C}C:\program files (x86)\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\frifax32.exe |
"UDP Query User{C7F3CCE7-98B0-4AFB-A1BB-98381D85404E}C:\users\apb\downloads\longshine\pnmd\pnmd\program files\nas utility\pnmd\pnmd.exe" = protocol=17 | dir=in | app=c:\users\apb\downloads\longshine\pnmd\pnmd\program files\nas utility\pnmd\pnmd.exe |
"UDP Query User{D30BAA69-C238-474F-8FB6-2387AE1E2593}C:\users\apb\downloads\dtrace_fuer_fritzbox_fon_1.03\dtrace32.exe" = protocol=17 | dir=in | app=c:\users\apb\downloads\dtrace_fuer_fritzbox_fon_1.03\dtrace32.exe |
"UDP Query User{F35FD89E-A146-4361-8CED-B7D9CA15F7A9}C:\program files (x86)\nas utility\pnmd\pnmd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nas utility\pnmd\pnmd.exe |
"UDP Query User{FE9FFAC2-B56A-4713-8EFC-058B730F295E}C:\users\apb\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\apb\appdata\local\temp\_istmp1.dir\_ins5576._mp |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{171C7193-1BB5-4619-BF23-E962598CAB13}" = Intel® Trusted Connect Service Client
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E084588-8CC6-4D1B-B904-B1A09DA22A52}" = ExpressCache
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit)
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.5
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{86B80582-A4F2-4F12-B29F-49D3309C7024}" = Acer Instant Update Service
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADB0CD2-4E5A-452F-BB3B-3A2984CAC749}" = Acer Theft Shield
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C91B24F6-1629-11E2-B696-21676188709B}" = PDF Split And Merge Basic
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Elantech" = ETDWare PS/2-X64 10.6.9.8_WHQL
"Logitech Unifying" = Logitech Unifying-Software 2.10
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"sp6" = Logitech SetPoint 6.52
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{024FC197-6D2C-425C-8E04-606158E19ADC}" = Hydrostatix Master Suite
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{064A929A-4DE8-40CF-A901-BD40C14E4D25}" = PDF Architect
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{127BEFB3-24B2-4B44-8E99-AD22C2A5A8ED}" = Full Tilt Poker.Eu
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C227C2E-2295-4820-87B1-4B13E98E6C66}" = Lexware Elster
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{1FCC073B-CC01-4443-AD20-E559F66E6E83}" = Office Addin 2003
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21C289A1-5974-4D13-A13C-D698FA757D82}" = Lexware Abschreibungsrechner
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34BE2594-1D20-4A2E-97A0-B9E2837520AE}" = Sleep Memory Optimizer
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" = clear.fi SDK- Movie 2
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{41115DDB-A8D9-48D9-B530-4A0252DFAF20}" = Lexware Zeiterfassung
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{4FB87656-466A-49A5-AFEA-75FA2624AB61}" = Lexware büro easy 2013
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{54A168C9-2250-4058-80EB-1F4A4192548A}" = AX88772B Windows 7 Drivers
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{6308DF89-68B0-F4E6-FFE7-6DCC7843A5E3}" = FleetMon Explorer
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B364EC1-9735-4BD6-9321-6D81C94DF70E}" = Lexware online banking
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89DB52FC-EA72-468F-A0C7-150AF8B7AB74}" = Smart Timer
"{8AE7E507-BC49-4DF0-A236-26878691AB53}" = Lexware Info Service
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A3583E44-1343-406A-87B8-90FF089F9EE3}" = Lexware Sepa Check
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud Portal
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.8) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE7FAFE7-1F10-48BD-BC3B-2E135CC74039}" = SSF Editor
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6EC987A-1E19-47F3-8172-60511412D1DD}" = PNMD
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" = clear.fi SDK - Video 2
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F53EE198-4318-43C4-ADDF-9CCE032E2FD1}" = BlackBerry Link
"{F722209B-739E-40E4-ADB1-062BD032A0DB}" = Personal ID
"{F77EF646-19EB-11E1-9A9E-984BE15F174E}" = Evernote v. 4.5.2
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel(R) Rapid Start Technology
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"BlackBerry_10_Desktop" = BlackBerry Link
"com.fleetmon.fmx" = FleetMon Explorer
"ElsterFormular" = ElsterFormular
"Flachheizkörper-Auswahl 2011_is1" = Flachheizkörper-Auswahl 2011 Version 2.0
"FormDocs" = FormDocs 8.3.0
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"Google Chrome" = Google Chrome
"Identity Card" = Identity Card
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{54A168C9-2250-4058-80EB-1F4A4192548A}" = AX88772B Windows 7 Drivers
"InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"InstallShield_{D6EC987A-1E19-47F3-8172-60511412D1DD}" = PNMD
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"IrfanView" = IrfanView (remove only)
"Kobo" = Kobo
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 26.0 (x86 de)" = Mozilla Firefox 26.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"PartyPoker" = partypoker
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"WTA-05e331ba-1196-4352-8af4-5cb06296cf59" = Slingo Deluxe
"WTA-07670c6d-8403-4dca-8f87-762a2fa71926" = Chuzzle Deluxe
"WTA-148d2ec2-e207-416c-99a9-e8193a683105" = Wedding Dash
"WTA-3498f084-e8fd-44d2-835f-5ba1293c27e6" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-357245f2-665c-413a-b9a4-4a77d044dcbb" = Final Drive: Nitro
"WTA-497d1d25-ea8b-4a87-9ddf-3d282eec075b" = Insaniquarium Deluxe
"WTA-8417fbe2-7d07-42b6-a340-1f739046d32b" = Polar Bowler
"WTA-84e19ed7-31b3-479f-b627-8db3cdf11ec7" = Zuma Deluxe
"WTA-9a180a10-f33f-4424-973a-517d112e3822" = FATE
"WTA-a387f6e5-5ece-42e2-8a4b-6aae4a44eb64" = Plants vs. Zombies - Game of the Year
"WTA-a8b32f7b-ea12-4d9f-8f18-a3ccd9f13ac7" = Bejeweled 3
"WTA-b699f051-ff08-4662-8673-2c6f05ab7329" = Penguins!
"WTA-bd32458a-b9a3-49e4-83ee-72cf1b61fd38" = Virtual Villagers 4 - The Tree of Life
"WTA-c43d57bd-8b96-47b9-bd8f-9426e6cdab75" = Agatha Christie - Death on the Nile
"WTA-d1881591-afb3-4eed-94c5-efd0b4e2ab13" = Torchlight
"WTA-ddb0f776-ac7f-4986-8fd4-3a6236eea6b1" = Jewel Match 3
"WTA-ed3b739a-0237-4745-aafd-050b36808fd2" = John Deere Drive Green
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.12.2013 06:01:25 | Computer Name = ACER-ULTRA | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\WindowsAnytimeUpgradeUI.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Windows\system32\WindowsAnytimeUpgradeUI.exe"
in Zeile 0. Ungültige XML-Syntax.
Error - 30.12.2013 06:01:25 | Computer Name = ACER-ULTRA | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\ehome\ehshell.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Windows\ehome\ehshell.exe" in Zeile
0. Ungültige XML-Syntax.
Error - 30.12.2013 06:01:26 | Computer Name = ACER-ULTRA | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Windows Live\Photo Gallery\MovieMaker.exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" in Zeile 0. Ungültige
XML-Syntax.
Error - 30.12.2013 06:01:26 | Computer Name = ACER-ULTRA | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Windows Live\Photo Gallery\MovieMaker.exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" in Zeile 0. Ungültige
XML-Syntax.
Error - 30.12.2013 06:01:26 | Computer Name = ACER-ULTRA | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Windows Live\Photo Gallery\MovieMaker.exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" in Zeile 0. Ungültige
XML-Syntax.
Error - 30.12.2013 06:01:26 | Computer Name = ACER-ULTRA | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\WFS.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Windows\system32\WFS.exe" in Zeile
0. Ungültige XML-Syntax.
Error - 30.12.2013 06:01:26 | Computer Name = ACER-ULTRA | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Windows Live\Photo Gallery\MovieMaker.exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" in Zeile 0. Ungültige
XML-Syntax.
Error - 30.12.2013 06:01:26 | Computer Name = ACER-ULTRA | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\WFS.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Windows\system32\WFS.exe" in Zeile
0. Ungültige XML-Syntax.
Error - 30.12.2013 08:46:26 | Computer Name = ACER-ULTRA | Source = RIM MDNS | ID = 100
Description = send_msg ERROR: failed to write 65 of 65 bytes to fd 608 errno 10053
(Eine bestehende Verbindung wurde softwaregesteuert durch den Hostcomputer abgebrochen.)
Error - 30.12.2013 08:46:26 | Computer Name = ACER-ULTRA | Source = RIM MDNS | ID = 100
Description = 608: Could not write data to client because of error - aborting connection
Error - 30.12.2013 08:46:26 | Computer Name = ACER-ULTRA | Source = RIM MDNS | ID = 100
Description = 608: DNSServiceGetAddrInfo v4v6 Q10.local.
[ System Events ]
Error - 04.10.2013 08:16:14 | Computer Name = ACER-ULTRA | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 04.10.2013 09:16:16 | Computer Name = ACER-ULTRA | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 04.10.2013 10:16:18 | Computer Name = ACER-ULTRA | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 04.10.2013 11:16:20 | Computer Name = ACER-ULTRA | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 04.10.2013 12:16:22 | Computer Name = ACER-ULTRA | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 04.10.2013 13:16:24 | Computer Name = ACER-ULTRA | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 04.10.2013 14:16:27 | Computer Name = ACER-ULTRA | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 04.10.2013 16:19:08 | Computer Name = ACER-ULTRA | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 04.10.2013 17:19:15 | Computer Name = ACER-ULTRA | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 05.10.2013 01:23:11 | Computer Name = ACER-ULTRA | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
< End of report >
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.016 - Bericht erstellt am 29/12/2013 um 11:23:38
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : APB - ACER-ULTRA
# Gestartet von : C:\Users\APB\Downloads\ANTIVIR\adwcleaner.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gefunden C:\Users\APB\AppData\Roaming\pdfforge
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\APB\AppData\Roaming\Mozilla\Firefox\Profiles\ccllyq4m.default-1388255121798\prefs.js ]
-\\ Google Chrome v31.0.1650.63
[ Datei : C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1477 octets] - [29/12/2013 11:23:38]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1537 octets] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.016 - Bericht erstellt am 30/12/2013 um 15:56:55
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : APB - ACER-ULTRA
# Gestartet von : C:\Users\APB\Desktop\adwcleaner.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gefunden C:\Users\APB\AppData\Roaming\pdfforge
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\APB\AppData\Roaming\Mozilla\Firefox\Profiles\h3p0lpdr.default\prefs.js ]
-\\ Google Chrome v31.0.1650.63
[ Datei : C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [3070 octets] - [29/12/2013 11:23:38]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3130 octets] ##########
ADWCLEAN 2 AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.016 - Bericht erstellt am 30/12/2013 um 15:59:50
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : APB - ACER-ULTRA
# Gestartet von : C:\Users\APB\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\APB\AppData\Roaming\pdfforge
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\APB\AppData\Roaming\Mozilla\Firefox\Profiles\h3p0lpdr.default\prefs.js ]
-\\ Google Chrome v31.0.1650.63
[ Datei : C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [3210 octets] - [29/12/2013 11:23:38]
AdwCleaner[S0].txt - [1516 octets] - [30/12/2013 15:59:50]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1576 octets] ##########
EMISOFT: Code:
ATTFilter Emsisoft Anti-Malware - Version 8.1
Letztes Update: 30.12.2013 16:24:04
Benutzerkonto: ACER-ULTRA\APB
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
PUPs-Erkennung: An
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan Beginn: 30.12.2013 16:26:55
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> 1 gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> 10 gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> 2 gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> 4 gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> 5 gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> 6 gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> 7 gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> 9 gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> ADSLASTKNOWNSTATE gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> APPPATH gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> FOURCOLOURDECK gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> HHENABLELOG gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> HHLOGDAYS gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> HHLOGSIZE gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> ID gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> INITIALPORT gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> INSTALLSTATE gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> SL gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> TABLETYPE gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> USECOUNT gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING -> CFDIALOGSHOWN gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING -> FRESHINSTALL gefunden: PartyPoker (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PARTYPOKER -> DISPLAYICON gefunden: PartyPoker (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PARTYPOKER -> DISPLAYNAME gefunden: PartyPoker (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PARTYPOKER -> INSTALLLOCATION gefunden: PartyPoker (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PARTYPOKER -> PUBLISHER gefunden: PartyPoker (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PARTYPOKER -> UNINSTALLSTRING gefunden: PartyPoker (A)
Gescannt 503883
Gefunden 27
Scan Ende: 30.12.2013 17:22:33
Scan Zeit: 0:55:38
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> 1 Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> 10 Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> 2 Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> 4 Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> 5 Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> 6 Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> 7 Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> 9 Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> ADSLASTKNOWNSTATE Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> APPPATH Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> FOURCOLOURDECK Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> HHENABLELOG Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> HHLOGDAYS Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> HHLOGSIZE Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> ID Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> INITIALPORT Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> INSTALLSTATE Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> SL Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> TABLETYPE Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> USECOUNT Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING -> CFDIALOGSHOWN Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING -> FRESHINSTALL Quarantäne PartyPoker (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PARTYPOKER -> DISPLAYICON Quarantäne PartyPoker (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PARTYPOKER -> DISPLAYNAME Quarantäne PartyPoker (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PARTYPOKER -> INSTALLLOCATION Quarantäne PartyPoker (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PARTYPOKER -> PUBLISHER Quarantäne PartyPoker (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PARTYPOKER -> UNINSTALLSTRING Quarantäne PartyPoker (A)
Quarantäne 27
Schon mal vielen Dank im Voraus und guten Rutsch!  |
|
31.12.2013, 15:54
| #7 |
| /// the machine /// TB-Ausbilder | VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ? sieht gut aus 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.01.2014, 12:33
| #8 |
| | VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ? Moin Schrauber Wie meinen? Alles sauber & gut? Kann ja über Nacht trotzdem nochmal Esset laufen lassen. LG & Frohes Neues! |
|
02.01.2014, 08:54
| #9 |
| /// the machine /// TB-Ausbilder | VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ? Kannst Du machen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.01.2014, 09:57
| #10 |
| | VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ? Ok, hab ich gestern verpennt. Aber wenn fertig stell ich das hier noch rein. Auf jeden Fall vielen Dank! |
|
03.01.2014, 09:49
| #11 |
| /// the machine /// TB-Ausbilder | VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ? ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ? |
| abstürze, avast, bildschirm, code, eset, fehlermeldungen, firefox, folge, friert, gen, gmer, logfiles, malwarebytes, meldung, programme, registry, scan, scanner, schwarzer bildschirm, suche, system, total, virus, win, win7 |
Linear-Darstellung
