| |
| |||||||
Log-Analyse und Auswertung: tcbhn hat ein Problem festgestellt und muß beendet werdenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.02.2015, 18:51
| #1 |
| |  tcbhn hat ein Problem festgestellt und muß beendet werden Hallo, wenn ich den computer einschalte erscheint die meldung "tcbhn hat ein Problem festgestellt und muß beendet werden". Ich habe daher OTL.exe runtergeladen und einen suchlauf mit folgendem ergebniss gestartet. OTL.Txt:OTL Logfile: OTL logfile created on: 08.02.2015 18:19:39 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vivien\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 43,63% Memory free 8,21 Gb Paging File | 5,51 Gb Available in Paging File | 67,11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 231,43 Gb Total Space | 34,89 Gb Free Space | 15,08% Space Free | Partition Type: NTFS Drive D: | 347,16 Gb Total Space | 152,13 Gb Free Space | 43,82% Space Free | Partition Type: NTFS Computer Name: ***-PC-ACER | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Vivien\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\WaInterEnhance\WaInterEnhance Internet Enhancer\InternetEnhancerService.exe () PRC - C:\Program Files (x86)\WaInterEnhance\WaInterEnhance Internet Enhancer\InternetEnhancer.exe () PRC - C:\Program Files (x86)\LPT\srptsl.exe () PRC - C:\Program Files (x86)\LPT\srpts.exe () PRC - C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe (Blabbers Communications Ltd) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe (Uniblue Systems Ltd) PRC - C:\Program Files (x86)\Illustrate\dBpoweramp\uMediaLibrary.exe (Illustrate) PRC - C:\Program Files (x86)\Illustrate\dBpoweramp\Asset-uPNP.exe (Illustrate) PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe (Egis inc.) PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) ========== Modules (No Company Name) ========== MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll () MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\40.0.2214.111\pdf.dll () MOD - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll () ========== Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (27019e42) -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) SRV - (Internet Enhancer Service) -- C:\Program Files (x86)\WaInterEnhance\WaInterEnhance Internet Enhancer\InternetEnhancerService.exe () SRV - (LPTSystemUpdater) -- C:\Program Files (x86)\LPT\srpts.exe () SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AssetUPnP) -- C:\Program Files (x86)\Illustrate\dBpoweramp\Asset-UPnPService.exe () SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (OMSI download service) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (eDataSecurity Service) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe () SRV - (Acer HomeMedia Connect Service) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) SRV - (LVSrvLauncher) -- C:\Programme\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.) SRV - (LVPrcS64) -- C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (LVCOMSer) -- C:\Programme\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe (Logitech Inc.) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (HauppaugeTVServer) -- C:\PROGRA~2\WinTV\HCWTVS~1.EXE (Hauppauge Computer Works) ========== Driver Services (SafeList) ========== DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\DRIVERS\netaapl64.sys (Apple Inc.) DRV:64bit: - (acedrv05) -- C:\Windows\SysNative\drivers\acedrv05.sys () DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys (Logitech Inc.) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys (Microsoft Corporation) DRV:64bit: - (psdvdisk) -- C:\Windows\SysNative\drivers\psdvdisk.sys (Egis Incorporated) DRV:64bit: - (PSDNServ) -- C:\Windows\SysNative\drivers\PSDNServ.sys (Egis Incorporated) DRV:64bit: - (PSDFilter) -- C:\Windows\SysNative\DRIVERS\psdfilter.sys (Egis Incorporated) DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.) DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.) DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\DRIVERS\s0016mdm.sys (MCCI Corporation) DRV:64bit: - (s0016unic) -- C:\Windows\SysNative\DRIVERS\s0016unic.sys (MCCI Corporation) DRV:64bit: - (s0016mgmt) -- C:\Windows\SysNative\DRIVERS\s0016mgmt.sys (MCCI Corporation) DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\DRIVERS\s0016obex.sys (MCCI Corporation) DRV:64bit: - (s0016nd5) -- C:\Windows\SysNative\DRIVERS\s0016nd5.sys (MCCI Corporation) DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\DRIVERS\s0016mdfl.sys (MCCI Corporation) DRV:64bit: - (s0016bus) -- C:\Windows\SysNative\DRIVERS\s0016bus.sys (MCCI Corporation) DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (AMD Technologies Inc.) DRV:64bit: - (ITEIO.SYS) -- C:\Windows\SysNative\drivers\ITEIO.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys () DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys () DRV:64bit: - (LVcKap64) -- C:\Windows\SysNative\DRIVERS\LVcKap64.sys (Logitech Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (seehcri) -- C:\Windows\SysNative\DRIVERS\seehcri.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell) DRV:64bit: - (Point64) -- C:\Windows\SysNative\DRIVERS\point64k.sys (Microsoft Corporation) DRV:64bit: - (hcwAVD2) -- C:\Windows\SysNative\drivers\HCWUSB264.sys (Conexant Systems, Inc.) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=1&o=vp64&d=1208&m=aspire_m3201 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=1&o=vp64&d=1208&m=aspire_m3201 IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpDLIiC3wcwpHk_G1lmlfZWdQVt8_oxzw7BX3dxrXLp2gQURS7OjR5S-UUjDrZ_U0L-y6xiNUBIE94WpJxZf-PT0F0yFZK_QaOYDPa7WElOdVr6M8YQjp9RaaXsqGL9Kj8iTIn14562AlQxZoZJ_RXh2NUIYESjtWUA,&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback> IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51802;https=127.0.0.1:51802 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback> IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51802;https=127.0.0.1:51802 IE - HKU\S-1-5-21-322743433-1170930369-4053580053-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227980 IE - HKU\S-1-5-21-322743433-1170930369-4053580053-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=1&o=vp64&d=1208&m=aspire_m3201 IE - HKU\S-1-5-21-322743433-1170930369-4053580053-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-322743433-1170930369-4053580053-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpDLIiC3wcwpHk_G1lmlfZWdQVt8_oxzw7BX3dxrXLp2gQURS7OjR5S-UUjDrZ_U0L-y6xiNUBIE94WpJxZf-PT0F0yFZK_QaOYDPa7WElOdVr6M8YQjp9RaaXsqGL9Kj8iTIn14562AkgGMrUiVBcus87Suy_g0VQk,&q={searchTerms} IE - HKU\S-1-5-21-322743433-1170930369-4053580053-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpDLIiC3wcwpHk_G1lmlfZWdQVt8_oxzw7BX3dxrXLp2gQURS7OjR5S-UUjDrZ_U0L-y6xiNUBIE94WpJxZf-PT0F0yFZK_QaOYDPa7WElOdVr6M8YQjp9RaaXsqGL9Kj8iTIn14562AkgGMrUiVBcus87Suy_g0VQk,&q={searchTerms} IE - HKU\S-1-5-21-322743433-1170930369-4053580053-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-322743433-1170930369-4053580053-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpDLIiC3wcwpHk_G1lmlfZWdQVt8_oxzw7BX3dxrXLp2gQURS7OjR5S-UUjDrZ_U0L-y6xiNUBIE94Wlkq3jNkYYpe30tx2DsQ01UBSMxCFX5UHgeLaVG8wtULI4N1yyaLxchQvLPmMOlyFSS3eh7HYRBkg3qHpNGw8, IE - HKU\S-1-5-21-322743433-1170930369-4053580053-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-322743433-1170930369-4053580053-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpDLIiC3wcwpHk_G1lmlfZWdQVt8_oxzw7BX3dxrXLp2gQURS7OjR5S-UUjDrZ_U0L-y6xiNUBIE94WpJxZf-PT0F0yFZK_QaOYDPa7WElOdVr6M8YQjp9RaaXsqGL9Kj8iTIn14562AkgGMrUiVBcus87Suy_g0VQk,&q={searchTerms} IE - HKU\S-1-5-21-322743433-1170930369-4053580053-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpDLIiC3wcwpHk_G1lmlfZWdQVt8_oxzw7BX3dxrXLp2gQURS7OjR5S-UUjDrZ_U0L-y6xiNUBIE94WpJxZf-PT0F0yFZK_QaOYDPa7WElOdVr6M8YQjp9RaaXsqGL9Kj8iTIn14562AkgGMrUiVBcus87Suy_g0VQk,&q={searchTerms} IE - HKU\S-1-5-21-322743433-1170930369-4053580053-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKU\S-1-5-21-322743433-1170930369-4053580053-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpDLIiC3wcwpHk_G1lmlfZWdQVt8_oxzw7BX3dxrXLp2gQURS7OjR5S-UUjDrZ_U0L-y6xiNUBIE94WpJxZf-PT0F0yFZK_QaOYDPa7WElOdVr6M8YQjp9RaaXsqGL9Kj8iTIn14562AkgGMrUiVBcus87Suy_g0VQk,&q={searchTerms} IE - HKU\S-1-5-21-322743433-1170930369-4053580053-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-322743433-1170930369-4053580053-1000\..\SearchScopes\{2F6E88DB-4D40-449D-97B4-9A9694FFE3B0}: "URL" = hxxp://www.google.at/search?source=ig&hl=de&rlz=1I7GGLL_de&q={searchTerms}&meta=lr= IE - HKU\S-1-5-21-322743433-1170930369-4053580053-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deAT307AT307 IE - HKU\S-1-5-21-322743433-1170930369-4053580053-1000\..\SearchScopes\{9C2AC448-A388-406D-980D-474CD101A6A1}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=de_US&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^AT&apn_uid=c0e44432-d8a9-43e5-acb6-610a7d003efa&apn_sauid=46FE3B50-B670-4F33-9480-D664E3BB5328 IE - HKU\S-1-5-21-322743433-1170930369-4053580053-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\S-1-5-21-322743433-1170930369-4053580053-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-322743433-1170930369-4053580053-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback> IE - HKU\S-1-5-21-322743433-1170930369-4053580053-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51802;https=127.0.0.1:51802 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\***\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\***\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\***\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.6.4\FF [2012.11.04 18:03:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\PC Performer Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B64D9B05-48E1-4CEB-BF58-E0643994E900}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2014.09.25 11:05:57 | 000,000,000 | ---D | M] [2013.06.30 17:01:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - default_search_provider: (Enabled) CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\40.0.2214.111\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\40.0.2214.111\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live® Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\***\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Facebook Plugin (Enabled) = C:\Users\***\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll CHR - plugin: Move Media Player 7 (Enabled) = C:\Users\Vivien\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll CHR - default_search_provider: 1B3AE4790E7FE5C5C7281E19E9A89FF95C7FD5C4C23342046F205D44B015203C (Enabled) CHR - default_search_provider: search_url = B08D99C311DDDCA275BA710CA70B66248C9FE73C99D318B212FAADA71255F627 CHR - default_search_provider: suggest_url = CHR - homepage: 8C14565E1C227EE0D7DB5544749CA138F4252FD56EA9300BB901D612BD7C9EB8 CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\ CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpcngmlhjpglhbdbomhggfdjebkgaoap\1.2_1\ CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis) O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (DVDVideoSoft IE Extension) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Ginyas Browser Companion) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( ) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Savings Sidekick) - {11111111-1111-1111-1111-110011501160} - C:\Program Files (x86)\Savings Sidekick\Savings Sidekick.dll (215 Apps) O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll (PriceGong) O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found. O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (SpecialSavings) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll (SpecialSavings) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {963B125B-8B21-49A2-A3A8-E37092276531}} - No CLSID value found. O2 - BHO: (no name) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {ED1E27F0-1BCD-42A4-AD62-7FC21E086E54}} - No CLSID value found. O2 - BHO: (DVDVideoSoft IE Extension) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3:64bit: - HKU\S-1-5-21-322743433-1170930369-4053580053-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.) O3 - HKU\S-1-5-21-322743433-1170930369-4053580053-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKU\S-1-5-21-322743433-1170930369-4053580053-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKU\S-1-5-21-322743433-1170930369-4053580053-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programme\Acer\Empowering Technology\SysMonitor.exe () O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated) O4:64bit: - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot File not found O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files (x86)\Logitech\QuickCam\Quickcam.exe () O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files (x86)\Microsoft Works\WksSb.exe (Microsoft® Corporation) O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () O4 - HKLM..\Run: [Trigger New Acer AlaunchX] c:\ACER\Preload\Command\AlaunchX\AppInRun.exe (Acer Inc.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-322743433-1170930369-4053580053-1000..\Run: [Facebook Update] C:\Users\Vivien\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-322743433-1170930369-4053580053-1000..\Run: [Sony Ericsson PC Suite] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB) O4 - HKU\S-1-5-21-322743433-1170930369-4053580053-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O4 - HKLM..\RunOnce: [New Acer AlaunchX] c:\ACER\Preload\Command\AlaunchX\LaunchAlaunchX.exe (Acer Inc.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Asset UPnP uMediaLibrary.lnk = C:\Program Files (x86)\Illustrate\dBpoweramp\uMediaLibrary.exe (Illustrate) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Asset UPnP.lnk = C:\Program Files (x86)\Illustrate\dBpoweramp\Asset-uPNP.exe (Illustrate) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O7 - HKU\S-1-5-21-322743433-1170930369-4053580053-1000\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O7 - HKU\S-1-5-21-322743433-1170930369-4053580053-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx File not found O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to iPod Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx File not found O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: SpecialSavings - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll (SpecialSavings) O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B320AA6B-FFF9-4677-BF03-99FE621D5118}: DhcpNameServer = 213.162.69.1 213.162.69.169 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA8ADC0F-CA17-47F0-8461-A51055E5CD73}: DhcpNameServer = 195.34.133.21 212.186.211.21 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Vivien\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Fotogalerie-Hintergrundbild.jpg O24 - Desktop BackupWallPaper: C:\Users\Vivien\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Fotogalerie-Hintergrundbild.jpg O27:64bit: - HKLM IFEO\quickcam.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\sepcsuite.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\quickcam.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\sepcsuite.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{97db6ae0-41ea-11e2-9f71-001fe2009a59}\Shell - "" = AutoRun O33 - MountPoints2\{97db6ae0-41ea-11e2-9f71-001fe2009a59}\Shell\AutoRun\command - "" = L:\MMMTest.EXE O33 - MountPoints2\{d32fe147-94d6-11e4-ad9f-001fe2009a59}\Shell - "" = AutoRun O33 - MountPoints2\{d32fe147-94d6-11e4-ad9f-001fe2009a59}\Shell\AutoRun\command - "" = K:\HTC_Sync_Manager_PC.exe O33 - MountPoints2\K\Shell - "" = AutoRun O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\HTC_Sync_Manager_PC.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2015.02.08 17:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\ChampionDeals [2015.02.08 17:29:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IndepthInit [2010.01.23 14:34:21 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe4934.dll ========== Files - Modified Within 30 Days ========== [2015.02.08 18:15:01 | 000,001,040 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanion Chrome Watcher.job [2015.02.08 18:09:05 | 000,001,040 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanion Stats Report.job [2015.02.08 18:08:25 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-322743433-1170930369-4053580053-1000UA.job [2015.02.08 18:08:18 | 000,002,089 | ---- | M] () -- C:\Users\Vivien\Desktop\Google Chrome.lnk [2015.02.08 18:05:05 | 000,000,992 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanion FireFox Watcher.job [2015.02.08 18:05:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanion Update Checker.job [2015.02.08 18:03:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-322743433-1170930369-4053580053-1000Core.job [2015.02.08 17:50:26 | 000,000,020 | ---- | M] () -- C:\Users\Vivien\AppData\Roaming\appdataFr3.bin [2015.02.08 17:41:15 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2015.02.08 17:39:01 | 000,000,294 | ---- | M] () -- C:\Windows\tasks\Dealply.job [2015.02.08 17:39:01 | 000,000,131 | ---- | M] () -- C:\Users\Vivien\AppData\Roaming\WB.CFG [2015.02.08 17:32:03 | 001,573,788 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2015.02.08 17:32:03 | 000,676,774 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2015.02.08 17:32:03 | 000,636,418 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2015.02.08 17:32:03 | 000,146,286 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2015.02.08 17:32:03 | 000,119,924 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2015.02.08 17:26:39 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\dsmonitor.job [2015.02.08 17:26:37 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2015.02.08 17:25:41 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml [2015.02.08 17:25:24 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2015.02.08 17:25:24 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2015.02.08 17:25:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2015.02.08 17:24:41 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs ========== Files Created - No Company Name ========== [2015.02.08 17:50:26 | 000,000,020 | ---- | C] () -- C:\Users\***\AppData\Roaming\appdataFr3.bin [2013.12.18 19:34:02 | 000,000,131 | ---- | C] () -- C:\Users\***\AppData\Roaming\WB.CFG [2013.03.10 18:41:12 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2012.08.15 09:50:43 | 000,000,732 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps64.dat [2011.10.08 12:56:47 | 000,000,218 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2011.10.08 12:56:12 | 000,000,021 | ---- | C] () -- C:\Users\***\.gtk-bookmarks [2011.06.13 12:17:29 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{25BB92A7-BE2F-4A05-AA46-D5A40D5680F1} [2011.06.13 12:15:42 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{F46025CA-936F-48A6-920E-B7114F9C5ADE} [2010.04.07 13:29:57 | 000,007,168 | -H-- | C] () -- C:\Users\***\photothumb.db [2010.04.01 13:12:17 | 018,458,776 | ---- | C] () -- C:\Users\***\*** Kürmusik 2010 - The Voice Within.wav [2010.03.09 15:01:04 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2009.08.10 15:56:16 | 000,024,088 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2009.06.23 14:10:52 | 002,838,612 | ---- | C] () -- C:\Users\***\CIMG4792.JPG [2008.12.27 23:47:22 | 000,051,200 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.27 16:01:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.12.26 15:02:58 | 000,000,630 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014.03.25 17:30:37 | 012,900,864 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 14:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2008.08.05 22:29:43 | 000,000,000 | ---D | M] -- C:\Users\Alastair\AppData\Roaming\Acer GameZone Console [2008.08.05 22:29:43 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Acer GameZone Console [2014.11.07 18:35:02 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Canon [2011.10.11 08:25:05 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\DVDVideoSoft [2011.04.18 13:34:38 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\GrabPro [2010.11.20 03:24:23 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Orbit [2010.11.19 23:33:46 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\ProgSense [2013.08.14 14:55:36 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\TuneUp Software [2008.08.05 22:29:43 | 000,000,000 | ---D | M] -- C:\Users\Suzanne\AppData\Roaming\Acer GameZone Console [2013.08.21 16:32:54 | 000,000,000 | ---D | M] -- C:\Users\Suzanne\AppData\Roaming\TuneUp Software [2008.08.05 22:29:43 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\Acer GameZone Console [2009.05.17 08:08:32 | 000,000,000 | -HSD | M] -- C:\Users\Vivien\AppData\Roaming\.# [2011.09.13 18:23:41 | 000,000,000 | ---D | M] -- C:\Users\Vivien\AppData\Roaming\Ableton [2008.08.05 22:29:43 | 000,000,000 | ---D | M] -- C:\Users\Vivien\AppData\Roaming\Acer GameZone Console [2012.01.02 17:00:58 | 000,000,000 | ---D | M] -- C:\Users\Vivien\AppData\Roaming\Audio Recorder for Free [2012.12.09 12:38:22 | 000,000,000 | ---D | M] -- C:\Users\Vivien\AppData\Roaming\AUTOSICH [2012.05.18 18:33:11 | 000,000,000 | ---D | M] -- C:\Users\Vivien\AppData\Roaming\Babylon [2009.05.17 07:47:25 | 000,000,000 | ---D | M] -- C:\Users\Vivien\AppData\Roaming\Big Fish Games [2015.01.03 17:17:35 | 000,000,000 | ---D | M] -- C:\Users\Vivien\AppData\Roaming\BRAVIS [2013.08.23 15:19:30 | 000,000,000 | ---D | M] -- C:\Users\Vivien\AppData\Roaming\BrowserCompanion [2014.04.17 11:36:02 | 000,000,000 | ---D | M] -- C:\Users\Vivien\AppData\Roaming\Canon [2011.07.01 15:45:52 | 000,000,000 | ---D | M] -- C:\Users\Vivien\AppData\Roaming\dBpoweramp [2013.02.10 09:40:16 | 000,000,000 | ---D | M] -- C:\Users\Vivien\AppData\Roaming\DealPly [2014.09.25 11:07:50 | 000,000,000 | ---D | M] -- C:\Users\Vivien\AppData\Roaming\DVDVideoSoft [2013.06.30 17:00:53 | 000,000,000 | ---D | M] -- C:\Users\Vivien\AppData\Roaming\DVDVideoSoftIEHelpers [2008.12.26 23:22:46 | 000,000,000 | ---D | M] -- C:\Users\Vivien\AppData\Roaming\eSobi [2008.12.26 11:30:39 | 000,000,000 | ---D | M] -- C:\Users\Vivien\AppData\Roaming\FloodLightGames [2012.01.02 20:15:18 | 000,000,000 | ---D | M] -- C:\Users\Vivien\AppData\Roaming\Free Audio Editor [2010.09.30 14:11:08 | 000,000,000 | ---D | M] -- C:\Users\Vivien\AppData\Roaming\GrabPro [2011.10.08 12:56:30 | 000,000,000 | ---D | M] -- C:\Users\Vivien\AppData\Roaming\gtk-2.0 [2009.03.03 14:17:09 | 000,000,000 | ---D | M] -- C:\Users\Vivien\AppData\Roaming\Leadertech [2010.11.10 15:58:34 | 000,000,000 | ---D | M] -- C:\Users\Vivien\AppData\Roaming\Mobipocket [2014.09.25 11:05:55 | 000,000,000 | ---D | M] -- C:\Users\Vivien\AppData\Roaming\OpenCandy [2014.09.25 11:13:33 | 000,000,000 | ---D | M] -- C:\Users\Vivien\AppData\Roaming\Opera Software [2012.12.16 17:45:29 | 000,000,000 | ---D | M] -- C:\Users\Vivien\AppData\Roaming\Orbit [2011.10.08 10:27:30 | 000,000,000 | ---D | M] -- C:\Users\Vivien\AppData\Roaming\Participatory Culture Foundation [2011.10.08 19:50:08 | 000,000,000 | ---D | M] -- C:\Users\Vivien\AppData\Roaming\PCF-VLC [2009.08.10 15:56:15 | 000,000,000 | ---D | M] -- C:\Users\Vivien\AppData\Roaming\PeerNetworking [2010.09.30 14:20:53 | 000,000,000 | ---D | M] -- C:\Users\Vivien\AppData\Roaming\ProgSense [2014.09.25 11:12:34 | 000,000,000 | ---D | M] -- C:\Users\Vivien\AppData\Roaming\RHEng [2008.12.26 15:07:23 | 000,000,000 | ---D | M] -- C:\Users\Vivien\AppData\Roaming\Template [2013.01.29 20:31:56 | 000,000,000 | ---D | M] -- C:\Users\Vivien\AppData\Roaming\TuneUp Software [2013.06.30 17:02:04 | 000,000,000 | ---D | M] -- C:\Users\Vivien\AppData\Roaming\Uniblue ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 60 bytes -> C:\Users\Public\Documents\.DS_Store:AFP_AfpInfo @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:9E22BBE8 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4BB26BE9 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:8AB6C1D7 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:861A898F @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C95B63DA @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:793F316E @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:9F683177 @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:FEBEC560 < End of report > Extras.TxtOTL Logfile: OTL Extras logfile created on: 08.02.2015 18:19:39 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vivien\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 43,63% Memory free 8,21 Gb Paging File | 5,51 Gb Available in Paging File | 67,11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 231,43 Gb Total Space | 34,89 Gb Free Space | 15,08% Space Free | Partition Type: NTFS Drive D: | 347,16 Gb Total Space | 152,13 Gb Free Space | 43,82% Space Free | Partition Type: NTFS Computer Name: ***-PC-ACER | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = FC D5 2E 8A 09 A0 CE 01 [binary data] -- (Microsoft Corporation) 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0FFD17E9-DA61-41BF-9C91-EF8473F9C336}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1838E3A0-884A-4254-8625-B60614D55AD1}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1FD5D617-35D3-4AC4-933E-A7D2F7D0B5F2}" = rport=138 | protocol=17 | dir=out | app=system | "{22481D5D-14F5-43AB-BFD6-9CE53BBBDDA2}" = lport=26125 | protocol=17 | dir=in | name=asset upnp udp | "{234D059A-7148-4071-AC01-1B00FEDF87DE}" = rport=137 | protocol=17 | dir=out | app=system | "{2BFAB961-5BBE-4792-A0F1-074D3877FA25}" = lport=2869 | protocol=6 | dir=in | app=system | "{2FA930D6-3F83-4BA1-94B4-31F8653BCF10}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{33C1324E-4EC5-4F11-B350-A1E02DD75109}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{3B5ED5E7-60FE-4DA4-8FD9-2660F7332715}" = lport=138 | protocol=17 | dir=in | app=system | "{3C986B9B-62DF-48A1-B51D-4E7398EE708A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{4F0ED6E9-6489-4DB9-A1EC-45016DE7E787}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{5B6BC157-3AB8-416E-96B4-3225DEB7C1B2}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{5D83F8DB-6C3D-45BE-B2F1-EA10B0734F37}" = rport=445 | protocol=6 | dir=out | app=system | "{5ECF00CC-2FFC-490C-B467-DAD0ACCA95AB}" = rport=139 | protocol=6 | dir=out | app=system | "{5EE7247B-289A-42DA-BE08-9C4C402D010E}" = lport=5353 | protocol=17 | dir=in | app=c:\users\vivien\appdata\local\google\chrome\application\chrome.exe | "{67EF911E-BEA7-435E-B729-24B168154D14}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{72FB4142-772B-498E-8315-E2045A3B40D3}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7C883040-82AC-493B-A59B-8408AE184889}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8D19BBBB-02DF-4A44-8685-F4825F8765F3}" = lport=26125 | protocol=6 | dir=in | name=asset upnp tcp | "{9AC7AC59-A4B6-4EFA-9340-105104F26EA4}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9BA834E6-D9FA-4531-A4D3-937B5CE76B57}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A7C31286-CB1C-4046-83E0-12F3356DBCB7}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{BDB2E18F-BFCF-4B93-9972-DD794379DFAA}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C3DBA887-FE86-4373-BD53-203E14D887C6}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C578A1AC-4A4C-4A52-98B4-6EFDF2DD7C89}" = lport=137 | protocol=17 | dir=in | app=system | "{CD906022-26FE-4084-862A-1B1FDDD5E03A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{D5D4629C-7421-4821-9469-CAA20501C879}" = lport=445 | protocol=6 | dir=in | app=system | "{D85F960A-A7D7-469A-B16A-B283722E9DFB}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E822A5E9-AABB-469D-9984-24A25295B032}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F45CEA8D-8F03-46AC-9A5B-B982DF06F8B7}" = lport=139 | protocol=6 | dir=in | app=system | "{F8D92B13-F13B-4C30-9408-E95217757758}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{090008C7-31C7-4E91-BED7-9DCDFFB623DC}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe | "{090C5FB0-48F1-474D-BD45-71A2D5E56F8A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{097E6330-3D9F-48C4-8F63-1EDB3DA7A486}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{1795BC66-5607-4BF8-BAD7-85653F96C5B7}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{18376957-DF25-43FE-8C5C-EFA92C2F461A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{1CCA9591-C788-428C-BC43-E83956CDC921}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{27F196B0-31AD-4114-A9D3-559FE0DF7F3B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{2921B5D1-9016-4423-B831-6E4E5BA31465}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe | "{304DA79C-C97D-4389-9284-4D2F7DEAB205}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe | "{30B6DD0E-9185-4FDF-A9F5-EB263EB17B26}" = dir=in | app=c:\users\vivien\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{3921AFEE-4CA7-46AE-99A9-0F2DD9DCCBD3}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{3BBC156C-67ED-410A-A2BA-4209B2DAC92F}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{3F52115A-6276-48F5-A07C-677E2B2D2AB6}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{4461B4F0-78D6-4652-962D-EA605F93712E}" = protocol=6 | dir=in | app=c:\program files (x86)\illustrate\dbpoweramp\asset-upnp.exe | "{44E1EFF3-B2C6-469F-A82F-0B04902E94FC}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe | "{48E6BB4C-768A-4A83-9C36-B801CA3586D8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{4DC03A83-D533-49F2-A714-D6B0B8918D09}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\apple\windows migration assistant\migrationassistant.exe | "{5092C146-B238-4F81-9B8E-103AF98E514D}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{76A126CD-FC84-499F-9DBA-272BFD8C2BCA}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{830D772D-050D-44A0-8D16-FDD6AD2543DE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{9D2E28E5-F6BC-4FB1-842E-437CB1A847C1}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe | "{9E1DD897-10D7-4C1D-8377-31D6E63525CC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{9FACF5C9-72EF-4545-A28C-60DBF3269D76}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | "{A0237EB2-2AC5-4FA0-9789-BF83FEC46CE4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{B5F4C195-E741-4CE5-B886-FC2AE00F1CA3}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{B6C2E339-DF52-4716-AF82-17482EE14889}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{BB577BE2-4EE0-4D37-B3BE-98E123F1CCCF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{BEBA54A4-E57A-4C14-94B8-26F07D3F0384}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe | "{C258F7DA-5280-4E03-99E3-778BE506E5EF}" = protocol=17 | dir=in | app=c:\program files (x86)\illustrate\dbpoweramp\asset-upnp.exe | "{CB9E6907-3F0C-4316-8D78-20B3CC46D9A7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{DB9F10C5-C0B8-4524-BF80-5E4DB9A0A22F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{DC5F5E6A-98CC-49E2-92DC-E7CEF6FD89C2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{E718809A-A607-4E76-B915-541DA6A4E84C}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe | "{E897D50A-3FB1-418F-8545-8E3F2409B0CC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{FA653989-6557-420A-8D64-FFF686245D42}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | "{FAA5ACC9-D69F-4E34-8355-3EE35DEA75CD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{FBA75DB9-EBC8-4EB3-888C-486207684EED}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\apple\windows migration assistant\migrationassistant.exe | "TCP Query User{61ED6674-4F82-4762-8A05-1D6DE52C02C3}C:\program files (x86)\illustrate\dbpoweramp\asset-upnp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\illustrate\dbpoweramp\asset-upnp.exe | "TCP Query User{6D584D43-97D8-4026-8890-C41753B5801F}C:\users\vivien\appdata\roaming\bravis galaxee 4free\bravis.exe" = protocol=6 | dir=in | app=c:\users\vivien\appdata\roaming\bravis galaxee 4free\bravis.exe | "TCP Query User{D8195CD4-06B6-4519-BDA5-BC0092A2B2B4}C:\users\vivien\appdata\roaming\bravis galaxee 4free\bravis.exe" = protocol=6 | dir=in | app=c:\users\vivien\appdata\roaming\bravis galaxee 4free\bravis.exe | "UDP Query User{7AB3E900-84AF-4200-8BF5-6714F2626DEC}C:\users\vivien\appdata\roaming\bravis galaxee 4free\bravis.exe" = protocol=17 | dir=in | app=c:\users\vivien\appdata\roaming\bravis galaxee 4free\bravis.exe | "UDP Query User{C2CF15D0-93D9-45DA-BFB7-059F333F407F}C:\program files (x86)\illustrate\dbpoweramp\asset-upnp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\illustrate\dbpoweramp\asset-upnp.exe | "UDP Query User{F8599774-6E8E-4242-9CC2-714973512C92}C:\users\vivien\appdata\roaming\bravis galaxee 4free\bravis.exe" = protocol=17 | dir=in | app=c:\users\vivien\appdata\roaming\bravis galaxee 4free\bravis.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04C43AE1-5B72-487F-AC6C-6BC1AA19FE03}" = Microsoft IntelliPoint 6.2 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6300_series" = Canon MG6300 series MP Drivers "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series" = Canon MP520 series "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers "{23F2C78C-E131-4CA0-8F84-3473FB7728BA}" = Microsoft Security Client "{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}" = iTunes "{67DB4BFC-02AA-4806-B3CF-9840F29C92FA}" = Microsoft IntelliType Pro 6.2 "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1 "{8FF3A93A-5F76-2C4B-CA86-E2D0D9008874}" = ATI Catalyst Install Manager "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch) "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9704638C-E8C9-4E25-8757-E50AEF55002D}" = Logitech QuickCam "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}" = Apple Mobile Device Support "{C513739C-5F16-37B5-9ACF-99925FF1C1F3}" = Microsoft .NET Framework 4.5.1 (DEU) "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety "{F7BBC6A1-A3C9-4745-BFFF-6BAA485D89C3}" = PG583_64_inf "C5AA3B5CB0B86D325AD6960FFC90ABB1076B8FA7" = Windows-Treiberpaket - YUAN High-Tech Development Co. Ltd. (OmniTV) Media (12/14/2007 6.1.64.42) "CanonMyPrinter" = Canon My Printer "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{27019e42}" = IndepthInit "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect "{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{1A3A92EC-A218-4FEE-8A51-05BCD409A048}" = Windows-Migrationsassistent "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{2091F234-EB58-4B80-8C96-8EB78C808CF7}" = Facebook Video Calling 3.1.0.521 "{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21 "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00 "{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}" = Microsoft XNA Framework Redistributable 1.0 Refresh "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{37476589-E48E-439E-A706-56189E2ED4C4}_is1" = ChampionDeals "{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}" = QuickTime 7 "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11 "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6E44E036-5A82-44ff-994E-122A0A8D2EDF}" = CyberLink AudioDirector 3 "{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{750A1A07-2A69-4606-9619-EA29A2BFF426}" = MAGIX Audio Cleaning Lab 16 deluxe "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}" = Apple Application Support "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}_OUTLOOKR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}_OUTLOOKR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_OUTLOOKR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_OUTLOOKR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}_OUTLOOKR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007 "{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine "{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}" = LPT System Updater Service "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = DriverScanner "{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013 "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D0AC6844-79D4-11D4-AFEE-00C04F443448}" = Microsoft Works 6.0 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE) "{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician "{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician "Acoustica MP3 Audio Mixer" = Acoustica MP3 Audio Mixer "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Asset UPnP" = Asset UPnP "Audio Recorder for Free_is1" = Audio Recorder for Free 2010 v12.8.2 "BrowserCompanion" = BrowserCompanion "Canon MG6300 series Benutzerregistrierung" = Canon MG6300 series Benutzerregistrierung "Canon MG6300 series On-screen Manual" = Canon MG6300 series On-screen Manual "Canon MP520 series Benutzerregistrierung" = Canon MP520 series Benutzerregistrierung "Canon MP550 series Benutzerregistrierung" = Canon MP550 series Benutzerregistrierung "Canon My Image Garden" = Canon My Image Garden "Canon My Image Garden Design Files" = Canon My Image Garden Design Files "Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "Canon_IJ_Scan_Utility" = Canon IJ Scan Utility "CanonMyPrinter" = Canon My Printer "CanonQuickMenu" = Canon Quick Menu "CanonSolutionMenu" = Canon Utilities Solution Menu "DVD Shrink_is1" = DVD Shrink 3.2 "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "Easy-WebPrint EX" = Canon Easy-WebPrint EX "FL Studio 10" = FL Studio 10 "FLV Player" = FLV Player 2.0 (build 25) "Free Audio Editor_is1" = Free Audio Editor v7.9.4 "Free YouTube Download_is1" = Free YouTube Download version 3.2.46.923 "GinyasBrowserCompanion" = GinyasBrowserCompanion "Hauppauge WinTV" = Hauppauge WinTV "Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote "Hauppauge WinTV IR Blaster" = Hauppauge WinTV IR Blaster "Hauppauge WinTV Radio" = Hauppauge WinTV Radio "Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler "Hauppauge WinTV TV Services" = Hauppauge WinTV TV Services "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "IL Download Manager" = IL Download Manager "IL Shared Libraries" = IL Shared Libraries "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{6E44E036-5A82-44ff-994E-122A0A8D2EDF}" = CyberLink AudioDirector 3 "Live 8.2.6" = Live 8.2.6 "MAGIX Speed burnR D" = MAGIX Speed burnR "mclab_16dlx" = MAGIX Audio Cleaning Lab 16 deluxe "nanoPEG-Editor 2.6.0 for WinTV_is1" = nanoPEG-Editor 2.6.0 for WinTV "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Orbit_is1" = Orbit Downloader "OUTLOOKR" = Microsoft Office Outlook 2007 "PhotoScape" = PhotoScape "PriceGong" = PriceGong 2.6.4 "Savings Sidekick" = Savings Sidekick "SpecialSavings" = SpecialSavings "TuneUp Utilities 2013" = TuneUp Utilities 2013 "VLC media player" = VLC media player 2.0.1 "WaInterEnhance" = Wajam "Wave Editor_is1" = Wave Editor 3.2.0.8 "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "DealPly" = DealPly ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "DealPly" = DealPly ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-322743433-1170930369-4053580053-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater "DealPly" = Update for DealPly "FLV Player" = FLV Player "Google Chrome" = Google Chrome "Move Media Player" = Move Media Player "Photoelectric Effect" = Photoelectric Effect ========== Last 20 Event Log Errors ========== [ OSession Events ] Error - 26.01.2009 10:11:57 | Computer Name = ***-PC-acer | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 36 seconds with 0 seconds of active time. This session ended with a crash. Error - 26.01.2009 14:37:28 | Computer Name = ***-PC-acer | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 115 seconds with 60 seconds of active time. This session ended with a crash. Error - 26.01.2009 14:54:26 | Computer Name = ***-PC-acer | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 864 seconds with 0 seconds of active time. This session ended with a crash. Error - 26.01.2009 14:56:13 | Computer Name = ***-PC-acer | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 89 seconds with 0 seconds of active time. This session ended with a crash. Error - 26.01.2009 15:01:37 | Computer Name = ***-PC-acer | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 86 seconds with 60 seconds of active time. This session ended with a crash. Error - 08.02.2009 06:51:59 | Computer Name = ***-PC-acer | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 85 seconds with 60 seconds of active time. This session ended with a crash. Error - 08.02.2009 06:53:23 | Computer Name = ***-PC-acer | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 60 seconds with 60 seconds of active time. This session ended with a crash. Error - 08.02.2009 06:54:15 | Computer Name = ***-PC-acer | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 27 seconds with 0 seconds of active time. This session ended with a crash. Error - 12.11.2011 14:40:38 | Computer Name = ***-PC-acer | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. Error - 22.04.2013 13:26:12 | Computer Name = ***-PC-acer | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 11198 seconds with 7560 seconds of active time. This session ended with a crash. [ System Events ] Error - 03.01.2015 18:45:44 | Computer Name = ***-PC-acer | Source = Service Control Manager | ID = 7000 Description = Error - 05.01.2015 08:34:02 | Computer Name = ***-PC-acer | Source = Service Control Manager | ID = 7026 Description = Error - 05.01.2015 08:38:18 | Computer Name = ***-PC-acer | Source = Service Control Manager | ID = 7022 Description = Error - 05.01.2015 08:40:41 | Computer Name = ***-PC-acer | Source = Service Control Manager | ID = 7038 Description = Error - 05.01.2015 08:40:41 | Computer Name = ***-PC-acer | Source = Service Control Manager | ID = 7000 Description = Error - 08.02.2015 12:26:01 | Computer Name = ***-PC-acer | Source = Service Control Manager | ID = 7026 Description = Error - 08.02.2015 12:30:30 | Computer Name = ***-PC-acer | Source = Service Control Manager | ID = 7038 Description = Error - 08.02.2015 12:30:30 | Computer Name = ***-PC-acer | Source = Service Control Manager | ID = 7000 Description = Error - 08.02.2015 12:31:16 | Computer Name = ***-PC-acer | Source = Service Control Manager | ID = 7038 Description = Error - 08.02.2015 12:31:16 | Computer Name = ***-PC-acer | Source = Service Control Manager | ID = 7000 Description = < End of report > Wie muss ich jetzt weiter vorgehen ? Vielen dank und beste grüße |
|
08.02.2015, 18:53
| #2 |
| /// the machine /// TB-Ausbilder    | tcbhn hat ein Problem festgestellt und muß beendet werden hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
| Themen zu tcbhn hat ein Problem festgestellt und muß beendet werden |
| beste grüße, bho, bonjour, computer, converter, downloader, dvdvideosoft ltd., error, firefox, flash player, format, google, helper.exe, home, install.exe, logfile, mp3, popup, problem, realtek, registry, rundll, scan, senden, siteadvisor, software, svchost.exe, usb, vista |
Linear-Darstellung
