![]() |
Log-Analyse und Auswertung: Manche Programme kein Internetzugriff zum UpdatenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() |
![]() | #1 |
| ![]() Manche Programme kein Internetzugriff zum Updaten Guten Abend, ich bin nun mit meinem eigenen Latein am Ende und weis nicht mehr weiter seit dem 29.03.2015 gehen viele Programme mit Internetzugriff nicht mehr und Updates auch nicht mehr angeblich kein Internetzugriff bzw. Leitung. Spiele wie League of Legends, Archeage und Updater gehen nicht mehr und lassen sich somit nicht mehr starten. Das normale Internet geht Youtube alles perfekt nur keine Updates und ESET Onlinescanner geht auch nicht logisch irgendwie. Mbam hat nichts gefunden. Ich benutze den hauptsächlich für legales Spielen. Daten zum Laptop: Acer V3-571G Win 8.0 64bit Version 8 GB Ram Nvidia Geforce 540m Intel Core 2.60 GHz Browser Cyberfox ist ein legaler für 64bit Versionen und ist flüssiger als der normale Firefox OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.03.2015 22:48:26 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Dominik Engl\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.17183) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,82 Gb Total Physical Memory | 5,59 Gb Available Physical Memory | 71,46% Memory free 9,19 Gb Paging File | 6,82 Gb Available in Paging File | 74,22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 446,19 Gb Total Space | 181,20 Gb Free Space | 40,61% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: DOMINIK | User Name: Dominik Engl | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2015.03.29 22:47:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dominik Engl\Downloads\OTL.exe PRC - [2015.03.29 11:59:39 | 000,079,360 | ---- | M] () -- C:\Users\Dominik Engl\AppData\Local\5DE05E1C-1427630375-E211-B636-B888E3AA6D9A\insgE757.tmp PRC - [2015.03.29 11:49:40 | 000,248,832 | ---- | M] () -- C:\Users\Dominik Engl\AppData\Local\5DE05E1C-1427629776-E211-B636-B888E3AA6D9A\snsoC004.tmp PRC - [2015.03.29 11:49:26 | 000,116,224 | ---- | M] () -- C:\Users\Dominik Engl\AppData\Local\5DE05E1C-1427629762-E211-B636-B888E3AA6D9A\cnsi8B4A.tmp PRC - [2015.03.29 11:46:20 | 000,173,568 | ---- | M] () -- C:\Users\Dominik Engl\AppData\Roaming\5DE05E1C-1427622349-E211-B636-B888E3AA6D9A\jnsgA66D.tmp PRC - [2015.03.17 06:14:00 | 006,212,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe PRC - [2014.12.19 09:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2014.10.30 00:25:46 | 004,673,432 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Dominik Engl\AppData\Local\Akamai\netsession_win.exe PRC - [2014.07.30 20:37:42 | 001,081,808 | ---- | M] (Mischel Internet Security) -- C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe PRC - [2014.07.21 03:39:26 | 001,154,112 | ---- | M] (Ruiware LLC) -- C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe PRC - [2014.06.27 12:52:26 | 002,088,408 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2014.06.24 11:41:42 | 001,738,168 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2014.04.25 15:12:20 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2014.03.27 14:07:18 | 000,581,568 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Online Games Manager\ogmservice.exe PRC - [2014.02.17 21:04:25 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013.08.14 15:19:22 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe PRC - [2012.12.14 05:45:35 | 000,061,440 | ---- | M] () -- C:\Windows\SysWOW64\secpro.exe PRC - [2012.08.28 22:35:53 | 001,176,688 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2012.08.28 21:01:31 | 000,473,712 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe PRC - [2012.08.28 21:01:29 | 000,348,784 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2012.08.23 22:24:38 | 002,435,728 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe PRC - [2012.08.23 08:24:38 | 000,259,136 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe PRC - [2012.08.23 08:24:10 | 000,533,568 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe PRC - [2012.08.23 00:04:22 | 000,025,232 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe PRC - [2012.08.23 00:04:20 | 000,044,176 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe PRC - [2012.08.01 01:08:36 | 000,081,536 | ---- | M] (Atheros) -- C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe PRC - [2012.07.18 02:10:33 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.07.18 02:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.07.18 02:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.01.23 19:19:32 | 001,858,048 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe ========== Modules (No Company Name) ========== MOD - [2014.12.31 03:46:33 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fe8338843cae5d28c40b596abcdb863c\System.Windows.Forms.ni.dll MOD - [2014.12.31 03:46:21 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5f38473ec57164f540b42fcb1d6bc7e9\System.Drawing.ni.dll MOD - [2014.12.31 03:45:23 | 007,991,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9188b682a091faf275c0294fe77ccbf3\System.ni.dll MOD - [2014.09.15 19:32:13 | 011,500,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b9d3e6f3fe8936deb2f1defb3a205f9a\mscorlib.ni.dll MOD - [2012.08.23 08:26:10 | 000,465,384 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll MOD - [2012.08.23 00:04:22 | 000,025,232 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe MOD - [2012.08.23 00:04:20 | 000,044,176 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe ========== Services (SafeList) ========== SRV:64bit: - [2014.10.03 00:29:16 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2014.09.22 08:04:33 | 000,016,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:64bit: - [2014.07.07 07:52:33 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2014.05.30 01:02:28 | 000,439,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2013.08.16 07:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2013.07.27 08:05:15 | 002,676,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2013.06.01 11:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2013.05.04 08:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013.05.04 08:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012.09.05 11:31:44 | 000,085,904 | ---- | M] (ELAN Microelectronics Corp.) [Auto | Running] -- C:\Program Files\Elantech\ETDService.exe -- (ETDService) SRV:64bit: - [2012.08.22 21:02:36 | 000,658,576 | ---- | M] (Acer Incorporated) [On_Demand | Running] -- C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe -- (ePowerSvc) SRV:64bit: - [2012.08.20 17:36:22 | 000,176,640 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe -- (BrcmCardReader) SRV:64bit: - [2012.07.26 05:08:39 | 000,051,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\rundll32.exe -- (3a37b93a) SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2012.04.20 15:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2015.03.29 11:59:39 | 000,079,360 | ---- | M] () [Auto | Running] -- C:\Users\Dominik Engl\AppData\Local\5DE05E1C-1427630375-E211-B636-B888E3AA6D9A\insgE757.tmp -- (xynujyxe) SRV - [2015.03.29 11:49:40 | 000,248,832 | ---- | M] () [Auto | Running] -- C:\Users\Dominik Engl\AppData\Local\5DE05E1C-1427629776-E211-B636-B888E3AA6D9A\snsoC004.tmp -- (rokerole) SRV - [2015.03.29 11:49:26 | 000,116,224 | ---- | M] () [Auto | Running] -- C:\Users\Dominik Engl\AppData\Local\5DE05E1C-1427629762-E211-B636-B888E3AA6D9A\cnsi8B4A.tmp -- (xenunysi) SRV - [2015.03.29 11:46:20 | 000,173,568 | ---- | M] () [Auto | Running] -- C:\Users\Dominik Engl\AppData\Roaming\5DE05E1C-1427622349-E211-B636-B888E3AA6D9A\jnsgA66D.tmp -- (mynesele) SRV - [2015.03.24 06:22:24 | 000,836,288 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2015.03.17 06:14:08 | 001,080,120 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe -- (MBAMService) SRV - [2015.02.04 23:09:42 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014.12.25 04:37:10 | 001,903,472 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service) SRV - [2014.12.19 09:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2014.06.18 17:36:26 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService) SRV - [2014.03.27 14:07:18 | 000,581,568 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- C:\Program Files (x86)\Online Games Manager\ogmservice.exe -- (ogmservice) SRV - [2014.02.17 21:04:25 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2014.01.13 09:30:00 | 005,214,384 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2013.10.09 23:30:17 | 000,234,096 | ---- | M] (soft Xpansion) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe -- (SXDS10) SRV - [2013.08.14 15:19:22 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service) SRV - [2013.07.27 08:05:15 | 002,676,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2013.03.01 03:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2012.12.15 21:06:15 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.12.15 20:44:28 | 000,093,296 | ---- | M] (Dritek System INC.) [Auto | Running] -- C:\Windows\RfBtnSvc64.exe -- (RfButtonDriverService) SRV - [2012.12.14 05:45:35 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\secpro.exe -- (SecStore) SRV - [2012.10.23 20:37:58 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.08.28 21:01:29 | 000,348,784 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2012.08.23 22:24:38 | 002,435,728 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe -- (CCDMonitorService) SRV - [2012.08.23 08:24:38 | 000,259,136 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2012.08.10 19:28:14 | 000,211,584 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2012.08.01 01:08:36 | 000,081,536 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent) SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012.07.18 02:10:33 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.07.18 02:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.07.18 02:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.07.12 05:10:24 | 000,174,160 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service) SRV - [2012.01.23 19:19:32 | 001,858,048 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2011.04.26 14:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) ========== Driver Services (SafeList) ========== DRV:64bit: - [2015.03.29 22:42:23 | 000,136,408 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy) DRV:64bit: - [2015.03.17 06:15:40 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mwac.sys -- (MBAMWebAccessControl) DRV:64bit: - [2015.03.17 06:15:24 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2014.11.22 12:46:30 | 000,038,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\nvvad64v.sys -- (nvvad_WaveExtensible) DRV:64bit: - [2014.10.30 06:53:26 | 000,031,560 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2014.09.22 07:53:10 | 000,035,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2014.08.27 00:08:01 | 000,270,024 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2014.07.24 15:50:54 | 000,447,296 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2014.07.10 15:09:30 | 000,389,240 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Trufos.sys -- (Trufos) DRV:64bit: - [2014.04.09 21:05:52 | 000,031,920 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice) DRV:64bit: - [2013.12.18 15:35:07 | 000,047,240 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tbhsd.sys -- (tbhsd) DRV:64bit: - [2013.12.18 15:34:59 | 000,024,744 | ---- | M] (Audials AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\RrNetCapFilterDriver.sys -- (RrNetCapFilterDriver) DRV:64bit: - [2013.10.10 13:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2013.10.05 08:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2013.09.08 22:03:02 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2013.08.22 14:40:24 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2013.08.16 07:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2013.08.10 08:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2013.07.09 10:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2013.07.02 03:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2013.07.02 03:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2013.06.29 08:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2013.06.09 18:19:47 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2013.06.09 18:19:46 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2013.06.01 05:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2013.03.01 03:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\npf.sys -- (NPF) DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2012.12.15 20:44:28 | 000,026,736 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\aPs2Kb2Hid.sys -- (Ps2Kb2Hid) DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012.11.02 05:41:38 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2012.11.02 05:41:38 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2012.11.02 05:41:38 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2012.10.23 20:37:42 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.09.05 11:31:46 | 000,319,888 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETD.sys -- (ETD) DRV:64bit: - [2012.08.20 12:48:22 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rrnetcap.sys -- (RRNetCapMP) DRV:64bit: - [2012.08.20 12:48:22 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rrnetcap.sys -- (RRNetCap) DRV:64bit: - [2012.08.14 12:15:36 | 000,070,744 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\bScsiSDa.sys -- (bScsiSDa) DRV:64bit: - [2012.08.13 11:59:42 | 000,072,280 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\b57xdbd.sys -- (b57xdbd) DRV:64bit: - [2012.08.13 11:59:42 | 000,021,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\b57xdmp.sys -- (b57xdmp) DRV:64bit: - [2012.08.10 19:09:46 | 000,567,808 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2012.08.10 19:09:44 | 000,135,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2012.08.10 19:09:42 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2012.08.10 19:09:42 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2012.08.10 19:09:42 | 000,076,952 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2012.08.10 19:09:40 | 000,344,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2012.08.10 19:09:40 | 000,114,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_avdt.sys -- (btath_avdt) DRV:64bit: - [2012.08.10 19:09:40 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 04:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum) DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.07.24 09:44:02 | 003,618,304 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr) DRV:64bit: - [2012.07.09 14:43:12 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2012.07.03 00:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.06.22 03:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2012.06.19 16:40:51 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012.06.18 17:20:52 | 000,055,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\bScsiMSa.sys -- (bScsiMSa) DRV:64bit: - [2012.06.02 16:31:37 | 000,425,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2012.06.02 16:31:33 | 005,139,968 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BCMWL63A.SYS -- (BCM43XX) DRV:64bit: - [2010.07.09 05:51:38 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2010.04.20 04:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2009.09.29 09:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\lgbtpt64.sys -- (LgBttPort) DRV:64bit: - [2009.09.29 09:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\lgvmdm64.sys -- (LGVMODEM) DRV:64bit: - [2009.09.29 09:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\lgbtbs64.sys -- (lgbusenum) DRV:64bit: - [2009.07.31 03:40:32 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\XENfiltv.sys -- (XENfiltv) DRV - [2014.02.17 17:23:22 | 000,026,856 | ---- | M] (CPUID) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys -- (cpuz137) DRV - [2014.01.30 17:40:18 | 000,109,144 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Driver] [Kernel | System | Running] -- C:\Windows\SleeN1864.sys -- (SLEE_18_DRIVER) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{93C01DC1-C35F-4B80-AE50-255C0E85F0CD}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{93C01DC1-C35F-4B80-AE50-255C0E85F0CD}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Disable Script Debugger Default = yes IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,DisableScriptDebuggerIE Default = yes IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Before = hxxp://acer13.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.countryCode: "DE" FF - prefs.js..browser.search.highlightCount: 0 FF - prefs.js..browser.search.isUS: false FF - prefs.js..browser.search.region: "DE" FF - prefs.js..browser.search.searchengine.desc: "this is my first firefox searchEngine" FF - prefs.js..browser.search.searchengine.ptid: "face" FF - prefs.js..browser.search.searchengine.uid: "ST9500325AS_S2WPKPZZXXXXS2WPKPZZ" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:36.0.4 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.40.2: C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.40.2: C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: File not found FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@nielsen/FirefoxTracker: File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin: File not found FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( ) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version= C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version= C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Dominik Engl\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS) FF - HKCU\Software\MozillaPlugins\@tools.coowon.com/Coowon Update;version=3: File not found FF - HKCU\Software\MozillaPlugins\@tools.coowon.com/Coowon Update;version=9: File not found FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Dominik Engl\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: File not found FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.10.18 17:47:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013.10.18 17:47:10 | 000,000,000 | ---D | M] [2014.11.05 01:43:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominik Engl\AppData\Roaming\mozilla\Extensions [2015.03.29 12:53:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominik Engl\AppData\Roaming\mozilla\Firefox\Profiles\t1ill8lh.default\extensions [2015.03.11 18:01:46 | 000,970,602 | ---- | M] () (No name found) -- C:\Users\Dominik Engl\AppData\Roaming\mozilla\firefox\profiles\t1ill8lh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ========== Chrome ========== CHR - default_search_provider: istartsurf (Enabled) CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: CHR - plugin: Error reading preferences file CHR - Extension: Mail Control = C:\Users\Dominik Engl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejlhiijedldjjdmjgfiainenegbkokhn\132\ CHR - Extension: Google Wallet = C:\Users\Dominik Engl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\\ CHR - Extension: Cinema PlusV29.03 = C:\Users\Dominik Engl\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.26_0\ O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - No CLSID value found. O4:64bit: - HKLM..\Run: [] File not found O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [THGuard] C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe (Mischel Internet Security) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Dominik Engl\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [WinPatrol] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe (Ruiware LLC) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\wshbth.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: aeriagames.com ([]https in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88DF895C-3030-4742-90D0-88964960F09F}: DhcpNameServer = O18:64bit: - Protocol\Handler\tmop - No CLSID value found O18 - Protocol\Handler\tmop - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not found O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found O20 - HKLM Winlogon: UserInit - (userinit.exe) - File not found O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found O29 - HKLM SecurityProviders - (credssp.dll) - File not found O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{4d66018b-d232-11e2-be7a-b888e3aa6d9a}\Shell - "" = AutoRun O33 - MountPoints2\{4d66018b-d232-11e2-be7a-b888e3aa6d9a}\Shell\AutoRun\command - "" = "E:\autorun.exe" O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (bootdelete) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2015.03.29 19:34:39 | 000,000,000 | ---D | C] -- C:\Users\Dominik Engl\Documents\My Games [2015.03.29 17:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2015.03.29 17:47:38 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft [2015.03.29 17:26:56 | 000,000,000 | ---D | C] -- C:\Users\Dominik Engl\AppData\Roaming\AVAST Software [2015.03.29 17:20:38 | 000,442,264 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\SysNative\drivers\yzmjkeua.sys [2015.03.29 17:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2015.03.29 16:42:37 | 000,000,000 | ---D | C] -- C:\Users\Dominik Engl\AppData\Roaming\TrojanHunter [2015.03.29 16:13:03 | 000,136,408 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2015.03.29 16:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware [2015.03.29 16:12:09 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2015.03.29 16:12:09 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys [2015.03.29 16:12:09 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2015.03.29 16:12:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware [2015.03.29 15:51:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TrojanHunter [2015.03.29 15:51:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter [2015.03.29 15:51:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrojanHunter 5.6 [2015.03.29 15:42:16 | 000,000,000 | ---D | C] -- C:\Users\Dominik Engl\AppData\Local\Howard_Media [2015.03.29 15:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FixCleanRepair [2015.03.29 15:39:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FixCleanRepair [2015.03.29 12:09:41 | 000,000,000 | ---D | C] -- C:\Users\Dominik Engl\AppData\Local\Opera Software [2015.03.29 12:09:40 | 000,000,000 | ---D | C] -- C:\Users\Dominik Engl\AppData\Roaming\Opera Software [2015.03.29 12:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\GufKrJTwA [2015.03.29 12:06:01 | 000,000,000 | ---D | C] -- C:\Users\Dominik Engl\AppData\Roaming\PDFConvert [2015.03.29 12:06:01 | 000,000,000 | ---D | C] -- C:\Users\Dominik Engl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DocToPDFConverter [2015.03.29 12:06:01 | 000,000,000 | ---D | C] -- C:\Users\Dominik Engl\AppData\Roaming\DocToPDFConverter [2015.03.29 11:59:35 | 000,000,000 | ---D | C] -- C:\Users\Dominik Engl\AppData\Local\5DE05E1C-1427630375-E211-B636-B888E3AA6D9A [2015.03.29 11:49:36 | 000,000,000 | ---D | C] -- C:\Users\Dominik Engl\AppData\Local\5DE05E1C-1427629776-E211-B636-B888E3AA6D9A [2015.03.29 11:49:22 | 000,000,000 | ---D | C] -- C:\Users\Dominik Engl\AppData\Local\5DE05E1C-1427629762-E211-B636-B888E3AA6D9A [2015.03.29 11:47:03 | 000,000,000 | ---D | C] -- C:\Users\Dominik Engl\AppData\Local\5DE05E1C-1427629623-E211-B636-B888E3AA6D9A [2015.03.29 11:45:49 | 000,000,000 | ---D | C] -- C:\Users\Dominik Engl\AppData\Roaming\5DE05E1C-1427622349-E211-B636-B888E3AA6D9A [2015.03.28 21:41:01 | 000,000,000 | ---D | C] -- C:\Users\Dominik Engl\AppData\Local\Glyph [2015.03.28 21:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph [2015.03.28 21:40:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glyph [2015.03.28 20:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webzen [2015.03.28 17:04:38 | 000,000,000 | ---D | C] -- C:\Users\Dominik Engl\AppData\Roaming\8pecxstudios [2015.03.28 17:04:38 | 000,000,000 | ---D | C] -- C:\Users\Dominik Engl\AppData\Local\8pecxstudios [2015.03.28 17:04:08 | 000,000,000 | ---D | C] -- C:\Users\Dominik Engl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cyberfox [2015.03.28 17:03:55 | 000,000,000 | ---D | C] -- C:\Program Files\Cyberfox [2015.03.25 00:08:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\lib [2015.03.25 00:08:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bin [2015.03.22 13:57:32 | 000,000,000 | ---D | C] -- C:\Users\Dominik Engl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVE [2015.03.22 12:47:10 | 000,000,000 | ---D | C] -- C:\Users\Dominik Engl\AppData\Local\CCP [2015.03.21 13:36:14 | 000,000,000 | ---D | C] -- C:\Users\Dominik Engl\AppData\Roaming\Tropico 5 [2015.03.21 13:35:20 | 000,000,000 | ---D | C] -- C:\Users\Dominik Engl\AppData\Roaming\Kalypso Media [2015.03.21 12:41:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2015.03.17 22:48:33 | 000,000,000 | ---D | C] -- C:\Users\Dominik Engl\AppData\Roaming\GameInvest [2015.03.17 12:51:40 | 000,000,000 | ---D | C] -- C:\Users\Dominik Engl\AppData\Roaming\Five-BN Games [2015.03.16 10:47:51 | 000,000,000 | ---D | C] -- C:\Users\Dominik Engl\AppData\Roaming\NVIDIA [2015.03.15 23:39:20 | 000,000,000 | ---D | C] -- C:\Users\Dominik Engl\AppData\Roaming\.minecraft [2015.03.15 22:36:22 | 000,000,000 | ---D | C] -- C:\ProgramData\4423493481857464035 [2015.03.15 22:34:35 | 000,000,000 | ---D | C] -- C:\ProgramData\{cce61d59-8c68-bfa4-cce6-61d598c67566} [2015.03.14 22:22:26 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2015.03.14 21:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\{44587a0a-6024-e1cf-4458-87a0a602e829} [2015.03.12 15:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\HipSoft [2015.03.11 13:46:47 | 000,000,000 | ---D | C] -- C:\Users\Dominik Engl\AppData\Roaming\Sahmon Games [2015.03.11 12:59:18 | 000,000,000 | ---D | C] -- C:\ProgramData\com.gamehouse.acid [2015.03.11 12:58:46 | 000,000,000 | ---D | C] -- C:\Zylom Games [2015.03.11 12:57:54 | 000,000,000 | ---D | C] -- C:\Users\Dominik Engl\AppData\Local\com.gamehouse.acid [2015.03.11 12:44:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2015.03.11 12:44:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2015.03.11 12:43:57 | 000,000,000 | ---D | C] -- C:\ProgramData\81d19778c51c4881a7eae8f07044d0be [2015.03.11 12:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\0d4294919c9a4941ba7cc97f91f909a5 [2015.03.07 01:37:56 | 000,000,000 | ---D | C] -- C:\Users\Dominik Engl\AppData\Local\Geckofx [2015.03.07 01:37:43 | 000,000,000 | ---D | C] -- C:\Users\Dominik Engl\AppData\Roaming\Firefly Studios [2015.03.03 16:22:09 | 000,000,000 | ---D | C] -- C:\Users\Dominik Engl\AppData\Local\Steam [2015.03.03 01:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari [2015.03.03 01:55:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atari [2015.03.02 22:47:39 | 000,000,000 | ---D | C] -- C:\Users\Dominik Engl\Documents\Euro Truck Simulator 2 [2015.03.02 21:47:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ANNO 1503 [2015.03.01 00:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HMH Interactive [2015.03.01 00:48:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HMH Interactive [2014.04.25 21:27:08 | 041,212,184 | ---- | C] (NVIDIA Corporation) -- C:\Users\Dominik Engl\AppData\Roaming\PhysX_9.09.0814_SystemSoftware.exe [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2015.03.29 22:48:00 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2015.03.29 22:42:23 | 000,136,408 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2015.03.29 22:42:11 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2015.03.29 22:29:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2015.03.29 22:27:33 | 000,001,374 | ---- | M] () -- C:\Windows\tasks\EZ.job [2015.03.29 22:27:33 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2015.03.29 22:27:10 | 005,144,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2015.03.29 22:26:44 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2015.03.29 22:26:44 | 2422,013,951 | -HS- | M] () -- C:\hiberfil.sys [2015.03.29 22:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2015.03.29 17:20:38 | 000,442,264 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\SysNative\drivers\yzmjkeua.sys [2015.03.29 15:51:36 | 000,059,392 | R--- | M] () -- C:\Windows\SysWow64\streamhlp.dll [2015.03.29 15:51:36 | 000,001,089 | ---- | M] () -- C:\Users\Dominik Engl\Desktop\TrojanHunter.lnk [2015.03.29 15:38:11 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2015.03.29 15:38:11 | 000,753,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2015.03.29 15:38:11 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2015.03.29 15:38:11 | 000,155,826 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2015.03.29 15:38:11 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2015.03.29 14:49:21 | 000,001,382 | ---- | M] () -- C:\Windows\tasks\SCPHBQ.job [2015.03.29 14:04:17 | 000,001,225 | ---- | M] () -- C:\Users\Dominik Engl\Desktop\TreeSize Free.lnk [2015.03.29 13:57:31 | 000,001,001 | ---- | M] () -- C:\Users\Dominik Engl\Desktop\Glyph.lnk [2015.03.29 12:04:30 | 002,168,320 | ---- | M] () -- C:\Users\Dominik Engl\Desktop\adwcleaner_4.113.exe [2015.03.29 12:04:05 | 000,008,632 | ---- | M] () -- C:\Windows\SysWow64\VCLOff.ini [2015.03.29 12:04:05 | 000,008,632 | ---- | M] () -- C:\Windows\SysNative\VCLOff.ini [2015.03.27 17:25:27 | 000,000,482 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Dominik Engl.job [2015.03.26 21:14:08 | 000,005,542 | ---- | M] () -- C:\Users\Dominik Engl\AppData\Roaming\SCPHBQ [2015.03.26 21:14:08 | 000,004,185 | ---- | M] () -- C:\Users\Dominik Engl\AppData\Roaming\EZ [2015.03.25 11:09:11 | 000,098,304 | ---- | M] () -- C:\Users\Dominik Engl\fbchathistory.dat [2015.03.22 14:03:36 | 000,000,066 | ---- | M] () -- C:\Windows\4457412 [2015.03.21 12:40:44 | 000,111,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2015.03.17 06:15:40 | 000,064,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys [2015.03.17 06:15:28 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2015.03.17 06:15:24 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2015.03.29 16:12:16 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2015.03.29 15:51:36 | 000,001,089 | ---- | C] () -- C:\Users\Dominik Engl\Desktop\TrojanHunter.lnk [2015.03.29 15:51:34 | 000,059,392 | R--- | C] () -- C:\Windows\SysWow64\streamhlp.dll [2015.03.29 14:04:17 | 000,001,225 | ---- | C] () -- C:\Users\Dominik Engl\Desktop\TreeSize Free.lnk [2015.03.29 12:04:26 | 002,168,320 | ---- | C] () -- C:\Users\Dominik Engl\Desktop\adwcleaner_4.113.exe [2015.03.29 12:01:57 | 000,008,632 | ---- | C] () -- C:\Windows\SysWow64\VCLOff.ini [2015.03.29 12:01:57 | 000,008,632 | ---- | C] () -- C:\Windows\SysNative\VCLOff.ini [2015.03.29 12:01:53 | 000,001,374 | ---- | C] () -- C:\Windows\tasks\EZ.job [2015.03.29 12:01:16 | 000,001,382 | ---- | C] () -- C:\Windows\tasks\SCPHBQ.job [2015.03.28 21:41:02 | 000,001,001 | ---- | C] () -- C:\Users\Dominik Engl\Desktop\Glyph.lnk [2015.03.26 21:14:08 | 000,005,542 | ---- | C] () -- C:\Users\Dominik Engl\AppData\Roaming\SCPHBQ [2015.03.26 21:14:08 | 000,004,185 | ---- | C] () -- C:\Users\Dominik Engl\AppData\Roaming\EZ [2015.03.25 11:09:11 | 000,098,304 | ---- | C] () -- C:\Users\Dominik Engl\fbchathistory.dat [2015.03.22 14:03:36 | 000,000,066 | ---- | C] () -- C:\Windows\4457412 [2015.02.04 16:25:13 | 000,000,937 | ---- | C] () -- C:\Users\Dominik Engl\measure-units.properties [2014.11.05 01:53:01 | 000,007,602 | ---- | C] () -- C:\Users\Dominik Engl\AppData\Local\Resmon.ResmonCfg [2014.10.18 20:04:42 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2014.06.30 20:05:16 | 000,346,112 | ---- | C] () -- C:\Windows\SysWow64\LiveWrapRTSP.dll [2014.06.04 21:22:46 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2014.05.15 03:42:29 | 000,009,060 | ---- | C] () -- C:\Users\Dominik Engl\AppData\Roaming\.freeciv-client-rc-2.4 [2014.04.09 06:45:19 | 000,231,960 | ---- | C] () -- C:\Windows\RegBootClean64.exe [2014.04.09 04:26:48 | 000,000,036 | ---- | C] () -- C:\Users\Dominik Engl\AppData\Local\housecall.guid.cache [2014.04.09 04:21:28 | 000,000,522 | ---- | C] () -- C:\Windows\wininit.ini [2014.02.22 12:42:59 | 000,001,496 | ---- | C] () -- C:\Users\Dominik Engl\AppData\Local\recently-used.xbel [2014.01.10 19:25:50 | 000,000,000 | ---- | C] () -- C:\Users\Dominik Engl\AppData\Roaming\FileOut.cns [2014.01.10 19:25:50 | 000,000,000 | ---- | C] () -- C:\Users\Dominik Engl\AppData\Roaming\FileIn.cns [2013.12.29 23:12:41 | 000,000,008 | ---- | C] () -- C:\Users\Dominik Engl\AppData\Roaming\DofusAppId0_2 [2013.12.13 02:18:43 | 000,290,776 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.12.13 02:18:42 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.12.05 14:34:48 | 000,251,144 | ---- | C] () -- C:\Windows\SysWow64\prgiso.dll [2013.10.31 21:08:05 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2013.10.09 23:05:08 | 000,235,008 | ---- | C] () -- C:\Windows\SysWow64\FltEng.dll [2013.10.09 23:05:08 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\secpro.exe [2013.10.06 13:28:51 | 000,999,424 | ---- | C] () -- C:\Windows\SysWow64\fathmail.dll [2013.09.08 03:08:08 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini [2013.08.28 23:03:36 | 000,054,272 | ---- | C] () -- C:\Windows\sassr.dat [2013.08.20 13:29:23 | 000,061,952 | -H-- | C] () -- C:\Windows\SysWow64\sinvfct.dll [2013.07.20 02:07:51 | 000,000,125 | ---- | C] () -- C:\Users\Dominik Engl\AppData\Roaming\D2Info0 [2013.07.20 02:07:51 | 000,000,008 | ---- | C] () -- C:\Users\Dominik Engl\AppData\Roaming\DofusAppId0_1 [2013.07.18 17:40:42 | 000,110,080 | ---- | C] () -- C:\Windows\sysk32.dll [2013.07.08 00:38:57 | 000,004,608 | ---- | C] () -- C:\Users\Dominik Engl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.07.08 00:38:25 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll [2013.07.08 00:38:23 | 001,200,937 | ---- | C] () -- C:\Windows\unins000.exe [2013.07.08 00:38:23 | 000,074,634 | ---- | C] () -- C:\Windows\unins000.dat [2013.05.25 02:15:17 | 000,098,344 | ---- | C] () -- C:\Windows\unTMV.exe [2013.03.30 22:43:45 | 000,022,655 | ---- | C] () -- C:\Windows\SysWow64\mswiniore.dll [2012.12.15 20:47:32 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl ========== ZeroAccess Check ========== [2013.04.24 00:42:20 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014.10.11 09:44:56 | 019,764,736 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014.10.11 07:57:57 | 017,562,112 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:82F50D1C @Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:8927A071 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:BC1F7CAE @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:2CB9631F < End of report > OTL EXTRAS Logfile: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.03.2015 22:48:26 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Dominik Engl\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.17183) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,82 Gb Total Physical Memory | 5,59 Gb Available Physical Memory | 71,46% Memory free 9,19 Gb Paging File | 6,82 Gb Available in Paging File | 74,22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 446,19 Gb Total Space | 181,20 Gb Free Space | 40,61% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: DOMINIK | User Name: Dominik Engl | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) .reg [@ = regfile] -- regedit.exe "%1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .reg [@ = regfile] -- regedit.exe "%1" [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = CyberfoxHTML] -- C:\Program Files\Cyberfox\Cyberfox.exe (8pecxstudios) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [open] -- regedit.exe "%1" regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- Reg Error: Value error. Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [open] -- regedit.exe "%1" regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- Reg Error: Value error. Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03F4B46D-D4BF-462A-B3E2-928F71000DE5}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | "{0E3BD3FF-2872-49D8-B6CA-F2E521F8AC09}" = dir=out | name=acer crystal eye | "{0F23543B-63F9-43B7-A535-20429CF0571F}" = dir=out | name=weatherbug | "{12F67213-6CC6-4AFD-A7C5-916B39C64F02}" = dir=out | name=7digital music store | "{13D08EDC-DD2D-446B-83DD-0893C3EA7061}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{1E814EA8-DE58-4C34-A495-84D8DB699F98}" = dir=out | name=cut the rope | "{1FEB9FBC-B492-4517-A75B-D33E26103C12}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{2643B2AA-CC8E-4A48-929D-F1E36A17C63A}" = dir=out | name=microsoft minesweeper | "{307388A4-ABCF-461B-ADB9-0D8718941279}" = dir=out | name=microsoft solitaire collection | "{34476BC6-D142-4801-9A82-B3366E776944}" = dir=out | name=acer explorer | "{41497A87-BE30-4287-8E54-82ECFAEEB38D}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | "{47CB61EF-2C66-4FD9-BEED-12213AA68B0A}" = dir=out | name=skype | "{4BF51E3C-7A29-40E0-A432-233E5E61CB8A}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{4E00CABB-9A85-4A1D-B953-68DD958F868F}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{5249D2B8-9B47-4814-86A5-65F2FF489ECA}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{5A6208AC-CB33-4933-9901-230036E5821C}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | "{64519707-1DA2-4487-88C3-5E866B0EC7A3}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{6EE0C140-F89D-4421-B0EA-7480C9BA16F0}" = dir=out | name=social jogger | "{70C90499-B7A3-4C8A-A21E-201F65CDF726}" = dir=out | name=txtr reader | "{71E85B68-BDFE-4FB6-A38B-1D816FC9BD9B}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{725BF644-165F-4733-84DD-BF3C8E4E5690}" = dir=out | name=taptiles | "{7FE13506-F21F-4420-9562-F137DA56384B}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{85957B86-2AC8-4080-80E3-E25A5A7831AB}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{8BAF0C8D-46E2-42EE-B651-918FEB4E6F94}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | "{8DE02484-F6FA-4386-9413-94F047CAA7E6}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{903B54C9-D11D-4803-8F81-B2F31739FEF2}" = dir=out | name=skitch | "{98F7869C-4FCC-4FD7-9615-83BE203DD083}" = dir=out | name=tunein radio | "{A24884B0-FD2E-41A4-91FA-10FA322A7103}" = dir=out | name=evernote | "{AD9648E3-14FB-48B2-B8EF-79D3871E4B84}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | "{B46B07F5-A623-476D-A288-34CCED447CBF}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{BB370A92-B8C5-42A0-B204-C815276AFE79}" = protocol=17 | dir=in | app=c:\program files (x86)\glyph\glyphclient.exe | "{C0D3F266-6B0E-49D8-943F-EF5B1FD5743F}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{CEB4E93A-2B4D-4F1D-A936-79F5D76877A1}" = dir=in | name=ebay | "{D3E05E1B-C7F7-4227-91CB-79A37DBE1A50}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | "{D90FBA53-6B00-42A9-8B32-A1B5156940B8}" = dir=out | name=ebay | "{DD6D1B5D-4478-4903-AEEF-3A46994BD396}" = dir=in | name=skype | "{DDB3E1C7-EB77-4910-8401-6C34C4358C04}" = protocol=6 | dir=in | app=c:\program files (x86)\glyph\glyphclient.exe | "{E1FFD690-AAF9-4F84-92FD-DF1F714671FF}" = dir=out | name=newsxpresso metro | "{E90B2F2C-835C-49AB-9DD4-975609423955}" = dir=in | name=evernote | "{EB815270-71A8-4C01-9B18-B5EEB842A544}" = dir=out | name=microsoft mahjong | "{F8CF2071-A267-4207-9799-879B7306F737}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{FCA2C2CE-1539-4825-826E-858704BFD5BC}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | "TCP Query User{466B7D5E-DDD3-4709-91F9-AD3824E02346}C:\program files\cyberfox\cyberfox.exe" = protocol=6 | dir=in | app=c:\program files\cyberfox\cyberfox.exe | "UDP Query User{B88DABF3-B73B-420A-A922-EC13AFDDAE36}C:\program files\cyberfox\cyberfox.exe" = protocol=17 | dir=in | app=c:\program files\cyberfox\cyberfox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management "{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86418031F0}" = Java 8 Update 31 (64-bit) "{26A24AE4-039D-4CA4-87B4-2F86418040F0}" = Java 8 Update 40 (64-bit) "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS) "{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL) "{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}" = Acer Device Fast-lane "{4745C004-7D5D-42BB-816A-79BF29C3A65C}" = MAGIX Goya burnR (MSI) "{486D7332-4381-4982-8ABC-6A7B109FA34E}" = Vita String Ensemble "{4913C631-0363-496A-9E24-1A260205AB9D}" = MAGIX Music Maker 2013 (Demosongs) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR) "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS) "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR) "{5EFB52C0-4EC9-46B4-80EB-8432C6599641}_is1" = Cyberfox Web Browser "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}" = WinPatrol "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6D1428BD-E5F2-4378-B620-E7442E7C2BFB}" = AdAwareUpdater "{6EA96503-3738-4A4A-B743-0479CCBE371C}" = Vita Rock Drums "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE) "{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL) "{8215A318-CC27-435E-B3EA-2E3443C8998C}" = Acer Instant Update Service "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{86516976-CC47-4787-B9FD-720500EC1759}" = MAGIX Music Maker 2013 (Visuals) "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK) "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN) "{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management "{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND) "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT) "{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 "{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64) "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY) "{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium "{AD409A65-BD38-4322-8765-492DD4E72DBF}" = MAGIX Music Maker 2013 (Synthesizer und Effekte) "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 344.60 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.14.0702 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN) "{B55B2878-8E05-4EF8-A4EF-CC6835410C17}" = MAGIX Music Maker 2013 Soundpools "{B74C0F31-3688-4FCE-BEE8-0C3A47968027}" = Vita 2 "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN) "{CC347FC6-C8D7-493A-B70E-1D89E22691A7}" = AntimalwareEngine "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN) "{E56846B3-745F-443C-9C17-BC371A0902E0}" = AdAwareInstaller "{E7F7CA64-C0FC-4499-BC4D-C764E24CA67B}" = MAGIX Music Maker 2013 "{F0A7DF2F-0BE0-470F-B137-D7A19F977189}" = Broadcom Card Reader Driver Installer "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component "{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client "5723-2630-1175-8368" = Fakturama 1.6.7 "CCleaner" = CCleaner "TeamSpeak 3 Client" = TeamSpeak 3 Client "VLC media player" = VLC media player "WinRAR archiver" = WinRAR 4.20 (64-Bit) "ZonerPhotoStudio16_DE_is1" = Zoner Photo Studio 16 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5 "{025A585C-0C66-413D-80D2-4C05CB699771}" = Dead Space "{04450C18-F039-4B81-A621-70C3B0F523D5}" = The Sims 2: Ultimate Collection "{050F5BE0-A8F6-48E1-9815-97322C1C1DC5}_is1" = MarkSpace Outlook Server Version 1.0 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 "{15FA1110-CA8E-43E4-BD79-A28A897CD563}" = Audials "{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite "{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{19773614-FC22-4ACC-AAA3-E6BDA81ACF92}" = Windows Phone app for desktop "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FD9F07F-7BBF-4C91-B3F0-A23714A3A913}_is1" = RaceRoom Racing Experience Launcher "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3 "{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl "{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}" = FINAL FANTASY XIV - A Realm Reborn "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" = clear.fi SDK- Movie 2 "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime "{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0 "{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}" = Firebird SQL Server - MAGIX Edition "{39CCA8F3-19C1-4246-B4BA-8174D665407C}_is1" = TumblRipper "{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4 "{3bcf8c72-b231-4d28-9f39-3405c22d8b5a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 "{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator "{47E5588F-C3A0-11DE-9857-005056C00008}" = Paragon Partition Manager™ 2014 Free "{496D7B7E-EBDC-4E2B-B021-4FF03B188B69}" = Pokémon Trading Card Game Online "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B5EBB2A-A55C-40E9-A48F-AEBFBAA90EC1}_is1" = Welcome Home To Windows Phone Version 2.0 "{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}" = Should I Remove It "{517CC397-B22F-4593-8DCB-DE72CC541E9A}" = League of Legends "{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR "{574BF026-4487-4051-BCE5-83C4E40AAF6D}" = SlimComputer "{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}" = SimCity 2000 Special Edition "{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4 "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support "{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}" = Pflanzen gegen Zombies™ "{60e0155b-9898-42a1-ab0a-c33353e03705}" = Free YouTube Download Manager "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6FA83576-0E44-4235-86A2-32A104E97280}" = Audials "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72B63363-A6AF-403B-AEA6-5CE2586CADEA}" = Free YouTube Download Manager "{73ABAA0E-70F0-4048-AD43-A5F5A13A198D}" = Audials "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime "{7f51bdb9-ee21-49ee-94d6-90afc321780e}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 "{80AF0300-866F-400F-A350-D53E3C3E34E0}" = FUSSBALL MANAGER 13 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1" = Gameforge Live 2.0.6 "{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Backup Manager v4 "{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 "{A1CD76EB-30CA-45EE-9946-5FC20BA62012}" = Age of Wulin "{A227B892-C548-4490-9C5D-DB341F8194A6}_is1" = Euro Truck Simulator 2 Multiplayer 0.1.4 R3 Alpha "{A2F166A0-F031-4E27-A057-C69733219434}_is1" = TERA "{A347C572-F7B4-43A3-BD51-FFC99184F70D}" = Jurassic Park Operation Genesis "{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}" = PVZ Garden Warfare "{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime "{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.10) - Deutsch "{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers "{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 "{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4 "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy "{B455E95A-B804-439F-B533-336B1635AE97}" = NVIDIA PhysX "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime "{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C8842F80-0E07-4424-916D-9F6B6A9968E4}" = IncrediMail "{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader "{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs "{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 "{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1 "{CED8E25B-122A-4E80-B612-7F99B93284B3}" = Arc "{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "{D3FB0B73-11DF-41EE-9B6D-C7198079A88E}" = Steganos Safe 15 "{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh "{DCAB9AAC-1D1C-4B94-99B7-AA7D2617BD64}_is1" = concept/design onlineTV 10 "{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5 "{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1" = Wise Care 365 Version 2.92 "{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" = clear.fi SDK - Video 2 "{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}" = ANNO 1503 "{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 "{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1" = Ezvid "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package "023c03038d1e8d0dd5b29cacacce04d0" = Hospital Hustle Deluxe "08d71c43d7ba8e543f0215bcab884209" = Supermarket Management "0bd27f65980f021b19a2ee12501961b1" = The Island - Castaway Deluxe "266cd93b236c46d9e3a0a44ddaf12961" = Shop it Up! Deluxe "37a9e322478ad928b108ecf42de3c631" = Delicious - Emily's Honeymoon Cruise "64ce3775e2b476d3c34210a5a9d238dc" = The Island - Castaway 2 Deluxe "8b567f6f25e6a3d6abf028aeb1d36a31" = Delicious Promo "92dfa5216d9c72682019916b3be098cf" = Sky High Farm Deluxe "9b264bb29bdb57d30fcff344d51d815b" = Lost Lands - Dark Overlord Platinum Edition "Adobe AIR" = Adobe AIR "Adobe Creative Cloud" = Adobe Creative Cloud "Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "Ankh" = Ankh "Audacity_is1" = Audacity 2.0.6 "b18451a1aab4b749ac384387f5fa24ff" = Stand O'Food Deluxe "Burger Bustle" = Burger Bustle "CanonSolutionMenu" = Canon Utilities Solution Menu "Cinema Tycoon 2" = Cinema Tycoon 2 "Combat Arms EU" = Combat Arms EU "d4f8b6cf2daf5a8fa093daf3123e2b92" = Burger Bustle "Delicious: Emily und der Duft des Erfolgs" = Delicious: Emily und der Duft des Erfolgs "Der bartlose Zauberer" = Der bartlose Zauberer "Der Hummelfluch" = W&G - Der Hummelfluch "Deutschland Spielt - Spiele Post" = Deutschland Spielt - Spiele Post "Die Abenteuer von Robinson Crusoe" = Die Abenteuer von Robinson Crusoe "DivXCodec" = DivX 4.02 Codec "Dream Hills: Gestohlene Magie" = Dream Hills: Gestohlene Magie "DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER "ESET Online Scanner" = ESET Online Scanner v3 "Fall of the New Age: Im Bann der Sekte Sammleredition" = Fall of the New Age: Im Bann der Sekte Sammleredition "FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011 "FixCleanRepair_is1" = FixCleanRepair v1.0 "FreeFixer1.12" = FreeFixer "Game Booster_is1" = Game Booster 3 "Geheime Fälle: Auf den Spuren von Casanova" = Geheime Fälle: Auf den Spuren von Casanova "Glyph" = Glyph "Goldrausch: Die Schatzsuche" = Goldrausch: Die Schatzsuche "Google Chrome" = Google Chrome "Heart's Medicine: Ärztin mit Herz" = Heart's Medicine: Ärztin mit Herz "Icy Tower v1.5_is1" = Icy Tower v1.5 "Image Converter Image Converter" = Image Converter "IncrediMail" = IncrediMail 2.5 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5 "InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite "InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Acer Backup Manager "InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5 "IsoBuster_is1" = IsoBuster 3.2 "JTL-Wawi_is1" = JTL-Wawi "Lawn & Order 2: Die Gartenverschwörung" = Lawn & Order 2: Die Gartenverschwörung "League of Legends 3.0.1" = League of Legends "Legends of Solitaire: Die verlorenen Karten" = Legends of Solitaire: Die verlorenen Karten "LG PC Suite IV" = LG PC Suite IV "LManager" = Launch Manager "MAGIX_GlobalContent" = MAGIX Content und Soundpools "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime "MP Navigator EX 3.0" = Canon MP Navigator EX 3.0 "MX.{4745C004-7D5D-42BB-816A-79BF29C3A65C}" = MAGIX Goya burnR (MSI) "MX.{4913C631-0363-496A-9E24-1A260205AB9D}" = MAGIX Music Maker 2013 (Demosongs) "MX.{86516976-CC47-4787-B9FD-720500EC1759}" = MAGIX Music Maker 2013 (Visuals) "MX.{AD409A65-BD38-4322-8765-492DD4E72DBF}" = MAGIX Music Maker 2013 (Synthesizer und Effekte) "MX.{E7F7CA64-C0FC-4499-BC4D-C764E24CA67B}" = MAGIX Music Maker 2013 "Online Games Manager" = Online Games Manager v1.30 "OpenAL" = OpenAL "OpenLibraries" = OpenLibraries "Origin" = Origin "PC Wizard 2013_is1" = PC Wizard 2013.2.12 "PureWare" = PureWare "Razer Game Booster_is1" = Razer Game Booster "RealPlayer 16.0" = RealPlayer "Revo Uninstaller" = Revo Uninstaller 1.95 "Ricky`s Restaurant" = Ricky`s Restaurant "Ritter Arthur 4" = Ritter Arthur 4 "S2TNG" = Die Siedler II - Die nächste Generation "SagaGamesHotelManager2_is1" = Hotel-Manager "Sam und Max All-Zeit Bereit" = Sam & Max All-Zeit Bereit "Spooky Mall" = Spooky Mall "Spotify" = Spotify "Startfenster" = Startfenster "Steam" = Steam "Steam App 107410" = Arma 3 "Steam App 18490" = The Whispered World "Steam App 201570" = Really Big Sky "Steam App 210770" = Sanctum 2 "Steam App 211500" = RaceRoom Racing Experience "Steam App 211820" = Starbound "Steam App 215080" = WAKFU "Steam App 221100" = DayZ "Steam App 223670" = F1 2013 "Steam App 224600" = Defiance "Steam App 227300" = Euro Truck Simulator 2 "Steam App 227700" = Firefall "Steam App 23490" = Tropico 3 - Steam Special Edition "Steam App 24200" = DC Universe Online "Steam App 245620" = Tropico 5 "Steam App 246280" = Happy Wars "Steam App 252530" = OMSI 2 "Steam App 257890" = Frozen Hearth "Steam App 263540" = Villagers and Heroes "Steam App 268540" = The Whispered World Special Edition "Steam App 40390" = Risen 2 - Dark Waters "Steam App 47410" = Stronghold Kingdoms "Steam App 8600" = RACE 07 "Steam App 8660" = GTR Evolution "Steam App 92800" = SpaceChem "The Island: Castaway" = The Island: Castaway "Tony Tough 2 - A Rake's Progress_is1" = Tony Tough 2 - Patch "Treasure Island" = Treasure Island "TreeSize Free_is1" = TreeSize Free V3.3.2 "TrojanHunter_is1" = TrojanHunter 5.6 "TV Farm 2: Bauer total" = TV Farm 2: Bauer total "Urlaub Unter Tage" = W&G - Urlaub Unter Tage "Wiggles_is1" = Wiggles 1.0.844 "WildTangent wildgames Master Uninstall" = WildTangent Games "WinPcapInst" = WinPcap 4.1.3 "Wise Game Booster_is1" = Wise Game Booster 1.12 "Wise Program Uninstaller_is1" = Wise Program Uninstaller 1.63 "WTA-0f70623e-a7c8-414b-812a-259fd65605e0" = Bejeweled 3 "WTA-1232a605-888e-464d-9cbd-bdf979a79f4b" = Magic Academy "WTA-243ad700-fe81-401c-bbb6-28fb7f941dae" = Polar Bowler "WTA-2b0fb711-4c2f-4fcd-ac58-4f2cce7d9c7e" = Delicious: Emily's True Love Premium Edition "WTA-2da04e97-7d1d-46a1-b9d8-50244960fbba" = Plants vs. Zombies - Game of the Year "WTA-41bc2c58-b116-4985-8548-97d138a760f2" = Governor of Poker 2 Premium Edition "WTA-4c8e0c71-6fd0-4c65-a00d-9d42ec9a321c" = Island Tribe "WTA-6396e918-8db9-484a-b249-6749fc0ef09d" = Aloha TriPeaks "WTA-72eef4ff-6c94-406b-81d7-ddb70c8bc5eb" = Penguins! "WTA-8cb45c96-db4a-4332-bda4-4cfe32683226" = Zuma's Revenge "WTA-a3e769bd-12eb-4975-ab09-221d6c973d92" = Jewel Match 3 "WTA-b6291e84-3a8b-4835-b3bf-0c4d327e62d5" = Agatha Christie - Death on the Nile "WTA-e34813a9-942e-4067-ae5a-cd2a939a15d5" = Tales of Lagoona "WTA-ec2b7e76-92aa-458d-9dc1-87b588f70c67" = John Deere Drive Green "Youda Farmer 3: Jahreszeiten" = Youda Farmer 3: Jahreszeiten "Youtube Downloader HD_is1" = Youtube Downloader HD v. ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "1F4715F1-86E7-4450-AA9A-13ADBF14BED1-2" = Wakfu "Akamai" = Akamai NetSession Interface "GamersFirst LIVE!" = GamersFirst LIVE! "HappyCloud" = Happy Cloud Client "MMDoC-PDCLive" = Duel of Champions "Octoshape Streaming Services" = Octoshape Streaming Services "sc15-GAMETWIST_MAIN" = Ski Challenge 15 "Should I Remove It 1.0.4" = Should I Remove It "SOE-DC Universe Online Live" = DC Universe Online Live "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 29.03.2015 15:52:48 | Computer Name = Dominik | Source = MsiInstaller | ID = 11706 Description = Error - 29.03.2015 15:52:50 | Computer Name = Dominik | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: DMCDaemon.exe, Version: 1.6.2005.1305, Zeitstempel: 0x50220370 Name des fehlerhaften Moduls: DMCDaemon.exe, Version: 1.6.2005.1305, Zeitstempel: 0x50220370 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00049d1c ID des fehlerhaften Prozesses: 0x12c4 Startzeit der fehlerhaften Anwendung: 0x01d06a59ecad4dfe Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe Berichtskennung: 2d9ebea1-d64d-11e4-bf47-b888e3aa6d9a Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 29.03.2015 15:52:56 | Computer Name = Dominik | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: WindowsUpnp.exe, Version: 1.6.2005.1305, Zeitstempel: 0x50220301 Name des fehlerhaften Moduls: WindowsUpnp.exe, Version: 1.6.2005.1305, Zeitstempel: 0x50220301 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0005912c ID des fehlerhaften Prozesses: 0x1780 Startzeit der fehlerhaften Anwendung: 0x01d06a59ecc06124 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe Berichtskennung: 30fb7b6d-d64d-11e4-bf47-b888e3aa6d9a Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 29.03.2015 15:52:59 | Computer Name = Dominik | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: DMCDaemon.exe, Version: 1.6.2005.1305, Zeitstempel: 0x50220370 Name des fehlerhaften Moduls: DMCDaemon.exe, Version: 1.6.2005.1305, Zeitstempel: 0x50220370 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00049d1c ID des fehlerhaften Prozesses: 0xdc4 Startzeit der fehlerhaften Anwendung: 0x01d06a59f4bbbc4a Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe Berichtskennung: 330cccb5-d64d-11e4-bf47-b888e3aa6d9a Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 29.03.2015 16:03:57 | Computer Name = Dominik | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 35.0.1916.153, Zeitstempel: 0x538fb354 Name des fehlerhaften Moduls: chrome.dll, Version: 35.0.1916.153, Zeitstempel: 0x538fb051 Ausnahmecode: 0x80000003 Fehleroffset: 0x00485166 ID des fehlerhaften Prozesses: 0xac8 Startzeit der fehlerhaften Anwendung: 0x01d06a5b7d2368a8 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\chrome.dll Berichtskennung: bb5ca108-d64e-11e4-bf47-b888e3aa6d9a Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 29.03.2015 16:04:00 | Computer Name = Dominik | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 35.0.1916.153, Zeitstempel: 0x538fb354 Name des fehlerhaften Moduls: chrome.dll, Version: 35.0.1916.153, Zeitstempel: 0x538fb051 Ausnahmecode: 0x80000003 Fehleroffset: 0x00485166 ID des fehlerhaften Prozesses: 0x174c Startzeit der fehlerhaften Anwendung: 0x01d06a5b7f66cc05 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\chrome.dll Berichtskennung: bd1ce146-d64e-11e4-bf47-b888e3aa6d9a Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 29.03.2015 16:04:04 | Computer Name = Dominik | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 35.0.1916.153, Zeitstempel: 0x538fb354 Name des fehlerhaften Moduls: chrome.dll, Version: 35.0.1916.153, Zeitstempel: 0x538fb051 Ausnahmecode: 0x80000003 Fehleroffset: 0x00485166 ID des fehlerhaften Prozesses: 0x1548 Startzeit der fehlerhaften Anwendung: 0x01d06a5b81971c6c Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\chrome.dll Berichtskennung: bf4f93e3-d64e-11e4-bf47-b888e3aa6d9a Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 29.03.2015 16:04:07 | Computer Name = Dominik | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 35.0.1916.153, Zeitstempel: 0x538fb354 Name des fehlerhaften Moduls: chrome.dll, Version: 35.0.1916.153, Zeitstempel: 0x538fb051 Ausnahmecode: 0x80000003 Fehleroffset: 0x00485166 ID des fehlerhaften Prozesses: 0xc80 Startzeit der fehlerhaften Anwendung: 0x01d06a5b836f3455 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\chrome.dll Berichtskennung: c1254991-d64e-11e4-bf47-b888e3aa6d9a Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 29.03.2015 16:07:37 | Computer Name = Dominik | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error - 29.03.2015 16:17:14 | Computer Name = Dominik | Source = MsiInstaller | ID = 11706 Description = Error - 29.03.2015 16:26:08 | Computer Name = Dominik | Source = SDUpdateService | ID = 0 Description = Error - 29.03.2015 17:06:32 | Computer Name = Dominik | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 35.0.1916.153, Zeitstempel: 0x538fb354 Name des fehlerhaften Moduls: chrome.dll, Version: 35.0.1916.153, Zeitstempel: 0x538fb051 Ausnahmecode: 0x80000003 Fehleroffset: 0x00485166 ID des fehlerhaften Prozesses: 0x1398 Startzeit der fehlerhaften Anwendung: 0x01d06a64323dda8a Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\chrome.dll Berichtskennung: 7959b225-d657-11e4-bf48-b888e3aa6d9a Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: [ System Events ] Error - 29.03.2015 15:14:21 | Computer Name = Dominik | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Wise Boot Assistant" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 29.03.2015 15:14:21 | Computer Name = Dominik | Source = Service Control Manager | ID = 7000 Description = Der Dienst "????4????tE" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 29.03.2015 15:16:25 | Computer Name = Dominik | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?29.?03.?2015 um 21:13:27 unerwartet heruntergefahren. Error - 29.03.2015 15:17:03 | Computer Name = Dominik | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht. Error - 29.03.2015 15:17:03 | Computer Name = Dominik | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Footer Typewriter" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 29.03.2015 15:17:07 | Computer Name = Dominik | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Wise Boot Assistant" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 29.03.2015 15:17:07 | Computer Name = Dominik | Source = Service Control Manager | ID = 7000 Description = Der Dienst "????4????tE" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 29.03.2015 16:27:50 | Computer Name = Dominik | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht. Error - 29.03.2015 16:27:51 | Computer Name = Dominik | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Wise Boot Assistant" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 29.03.2015 16:27:51 | Computer Name = Dominik | Source = Service Control Manager | ID = 7000 Description = Der Dienst "????4????tE" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 < End of report > --- --- --- Geändert von Blablub984 (29.03.2015 um 22:50 Uhr) |
![]() | #2 |
| ![]() Manche Programme kein Internetzugriff zum UpdatenCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 29.03.2015 Suchlauf-Zeit: 22:42:51 Logdatei: fsfa.txt Administrator: Ja Version: Malware Datenbank: v2015.03.09.05 Rootkit Datenbank: v2015.02.25.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8 CPU: x64 Dateisystem: NTFS Benutzer: Dominik Engl Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 399088 Verstrichene Zeit: 38 Min, 38 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter # AdwCleaner v4.113 - Bericht erstellt 29/03/2015 um 23:59:37 # Aktualisiert 22/03/2015 von Xplode # Datenbank : 2015-03-22.2 [Lokal] # Betriebssystem : Windows 8 (x64) # Benutzername : Dominik Engl - DOMINIK # Gestarted von : C:\Users\Dominik Engl\Desktop\adwcleaner_4.113.exe # Option : Suchlauf ***** [ Dienste ] ***** Dienst Gefunden : ServiceSAM ***** [ Dateien / Ordner ] ***** Ordner Gefunden : C:\Program Files\FreeFixer Ordner Gefunden : C:\Users\Dominik Engl\AppData\Local\FreeFixer Ordner Gefunden : C:\Users\Dominik Engl\AppData\Roaming\FreeFixer Ordner Gefunden : C:\Users\Dominik Engl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer ***** [ Geplante Tasks ] ***** Task Gefunden : LaunchSignup Task Gefunden : Optimizer Pro Schedule Task Gefunden : Software Updater Ui Task Gefunden : Software Updater Task Gefunden : SmartWeb Upgrade Trigger Task Task Gefunden : WOT WTHUR1 Task Gefunden : WOT WTUE1 Task Gefunden : WOT WMON1 Task Gefunden : WOT WW1 Task Gefunden : WOT WFRI1 Task Gefunden : WOT WW2 Task Gefunden : WOT WWED1 Task Gefunden : WOT W1 Task Gefunden : WOT W2 Task Gefunden : WOT T Task Gefunden : WOT N Task Gefunden : YourFileDownloader Installer Starter Task Gefunden : WinKit Task Gefunden : Winsta Update Task Gefunden : Convertor ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local> ***** [ Internetbrowser ] ***** -\\ Internet Explorer v10.0.9200.17183 -\\ Mozilla Firefox v -\\ Cyberfox v -\\ Google Chrome v35.0.1916.153 -\\ Chromium v -\\ Opera v0.0.0.0 ########## EOF - C:\AdwCleaner\AdwCleaner[R7].txt - [2582 Bytes] ########## Geändert von Blablub984 (29.03.2015 um 22:58 Uhr) |
![]() | #3 |
/// the machine /// TB-Ausbilder ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Manche Programme kein Internetzugriff zum Updaten hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: ![]() (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
![]() | #4 |
| ![]() Manche Programme kein Internetzugriff zum UpdatenFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Dominik Engl (administrator) on DOMINIK on 30-03-2015 09:39:31 Running from C:\Users\Dominik Engl\Downloads Loaded Profiles: Dominik Engl & Games (Available profiles: Dominik Engl & Games) Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 10 (Default browser path: "C:\Program Files\Cyberfox\Cyberfox.exe" -osint -url "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (Dritek System INC.) C:\Windows\RfBtnSvc64.exe () C:\Users\Dominik Engl\AppData\Local\5DE05E1C-1427629776-E211-B636-B888E3AA6D9A\snsoC004.tmp (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe () C:\Windows\SysWOW64\secpro.exe () C:\Users\Dominik Engl\AppData\Local\5DE05E1C-1427629762-E211-B636-B888E3AA6D9A\cnsi8B4A.tmp () C:\Users\Dominik Engl\AppData\Local\5DE05E1C-1427630375-E211-B636-B888E3AA6D9A\insgE757.tmp (Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Akamai Technologies, Inc.) C:\Users\Dominik Engl\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Dominik Engl\AppData\Local\Akamai\netsession_win.exe (Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Mischel Internet Security) C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Google Inc.) C:\Program Files (x86)\Google\Update\\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\\GoogleCrashHandler64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (8pecxstudios) C:\Program Files\Cyberfox\Cyberfox.exe (Emsi Software GmbH) C:\Program Files (x86)\a-squared Free\a2service.exe (Emsi Software GmbH) C:\Program Files (x86)\a-squared Free\a2free.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Farbar) C:\Users\Dominik Engl\Downloads\FRST64(1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM-x32\...\Run: [THGuard] => C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe [1081808 2014-07-30] (Mischel Internet Security) Winlogon\Notify\igfxcui: igfxdev.dll [X] Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-2989272098-668564025-1038308632-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Dominik Engl\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.) HKU\S-1-5-21-2989272098-668564025-1038308632-1002\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC) HKU\S-1-5-21-2989272098-668564025-1038308632-1002\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.) HKU\S-1-5-21-2989272098-668564025-1038308632-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd) HKU\S-1-5-21-2989272098-668564025-1038308632-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806744 2015-03-23] (SUPERAntiSpyware) HKU\S-1-5-21-2989272098-668564025-1038308632-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-2989272098-668564025-1038308632-1002\...\MountPoints2: {4d66018b-d232-11e2-be7a-b888e3aa6d9a} - "E:\autorun.exe" HKU\S-1-5-21-2989272098-668564025-1038308632-1007\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd) HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-10-30] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [156840 2014-10-30] (NVIDIA Corporation) AppInit_DLLs-x32: , c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [156840 2014-10-30] (NVIDIA Corporation) AppInit_DLLs-x32: , C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-10-30] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll () BootExecute: autocheck autochk * bootdeletesdnclean64.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-2989272098-668564025-1038308632-1002\Software\Microsoft\Internet Explorer\Main,Start Page Before = hxxp://acer13.msn.com HKU\S-1-5-21-2989272098-668564025-1038308632-1002\Software\Microsoft\Internet Explorer\Main,Start Page = HKU\S-1-5-21-2989272098-668564025-1038308632-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com HKU\S-1-5-21-2989272098-668564025-1038308632-1007\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com URLSearchHook: [S-1-5-21-2989272098-668564025-1038308632-1007_classes] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2989272098-668564025-1038308632-1007 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-21] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-21] (Oracle Corporation) BHO-x32: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File Toolbar: HKLM - No Name - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - No File Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - No File Winsock: Catalog9 01 C:\Windows\system32\VCL.dll File Not found () Winsock: Catalog9 02 C:\Windows\system32\VCL.dll File Not found () Winsock: Catalog9 03 C:\Windows\system32\VCL.dll File Not found () Winsock: Catalog9 04 C:\Windows\system32\VCL.dll File Not found () Winsock: Catalog9 16 C:\Windows\system32\VCL.dll File Not found () Tcpip\Parameters: [DhcpNameServer] FireFox: ======== FF ProfilePath: C:\Users\Dominik Engl\AppData\Roaming\Mozilla\Firefox\Profiles\t1ill8lh.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] () FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-21] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-21] (Oracle Corporation) FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2013-09-03] (Adobe Systems) FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-07-14] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @protectdisc.com/NPMPDRM -> C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll [2010-02-03] ( ) FF Plugin-x32: @real.com/nppl3260;version= -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2013-10-18] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version= -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-10-18] (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll [2015-03-30] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll [2015-03-30] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2013-09-03] (Adobe Systems) FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-07-14] (Adobe Systems) FF Plugin HKU\S-1-5-21-2989272098-668564025-1038308632-1002: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Dominik Engl\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll [2011-03-23] (Octoshape ApS) FF Plugin HKU\S-1-5-21-2989272098-668564025-1038308632-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dominik Engl\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-25] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-2989272098-668564025-1038308632-1002: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-05-05] (The Happy Cloud) FF Plugin ProgramFiles/Appdata: C:\Users\Dominik Engl\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2013-05-19] (Octoshape ApS) FF Extension: Adblock Plus - C:\Users\Dominik Engl\AppData\Roaming\Mozilla\Firefox\Profiles\t1ill8lh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-11] FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-10-18] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Dominik Engl\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (No Name) - C:\Users\Dominik Engl\AppData\Local\Google\Chrome\User Data\Default\Extensions\joddkgamaefebhjlglmamokefeeaelmp [2015-03-29] CHR Extension: (Google Wallet) - C:\Users\Dominik Engl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-19] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com) R2 a2free; C:\Program Files (x86)\a-squared Free\a2service.exe [1858144 2009-10-01] (Emsi Software GmbH) [File not signed] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations) [File not signed] S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-06-18] () [File not signed] R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed] R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [85904 2012-09-05] (ELAN Microelectronics Corp.) R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5214384 2014-01-13] (INCA Internet Co., Ltd.) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation) R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-25] (Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-17] () R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-12-15] (Dritek System INC.) R2 rokerole; C:\Users\Dominik Engl\AppData\Local\5DE05E1C-1427629776-E211-B636-B888E3AA6D9A\snsoC004.tmp [248832 2015-03-29] () [File not signed] S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 SecStore; C:\Windows\SysWOW64\secpro.exe [61440 2012-12-14] () [File not signed] S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-10-09] (soft Xpansion) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation) R2 xenunysi; C:\Users\Dominik Engl\AppData\Local\5DE05E1C-1427629762-E211-B636-B888E3AA6D9A\cnsi8B4A.tmp [116224 2015-03-29] () [File not signed] R2 xynujyxe; C:\Users\Dominik Engl\AppData\Local\5DE05E1C-1427630375-E211-B636-B888E3AA6D9A\insgE757.tmp [79360 2015-03-29] () [File not signed] R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros) [File not signed] S2 3a37b93a; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.64\OptProMon.dll",ENT S2 WiseBootAssistant; No ImagePath S2 楗敳潂瑯獁楳瑳湡t; 㩃停潲牧浡䘠汩獥⠠㡸⤶坜獩履楗敳䌠牡㘳尵潂瑯楔敭攮數 [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare) S4 aswSP; No ImagePath R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-06-09] () S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) S3 cpuz137; C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [26856 2014-02-17] (CPUID) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-09-08] (DT Soft Ltd) R3 LgBttPort; C:\Windows\system32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] (LG Electronics Inc.) R3 lgbusenum; C:\Windows\System32\drivers\lgbtbs64.sys [14848 2009-09-29] (LG Electronics Inc.) R3 LGVMODEM; C:\Windows\system32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] (LG Electronics Inc.) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-06-09] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation) S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-12-15] (Dritek System Inc.) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation) S3 RRNetCap; C:\Windows\system32\DRIVERS\rrnetcap.sys [37480 2012-08-20] (RapidSolution Software AG) R1 RrNetCapFilterDriver; C:\Windows\system32\DRIVERS\RrNetCapFilterDriver.sys [24744 2013-12-18] (Audials AG) R3 RRNetCapMP; C:\Windows\system32\DRIVERS\rrnetcap.sys [37480 2012-08-20] (RapidSolution Software AG) S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [109144 2014-01-30] (Softwareentwicklung Remus - ArchiCrypt - ) S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.) S3 XENfiltv; C:\Windows\system32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.) S3 Andbus; \SystemRoot\System32\drivers\lgandbus64.sys [X] S3 AndDiag; \SystemRoot\system32\DRIVERS\lganddiag64.sys [X] S3 AndGps; \SystemRoot\system32\DRIVERS\lgandgps64.sys [X] S3 ANDModem; \SystemRoot\system32\DRIVERS\lgandmodem64.sys [X] U2 TMAgent; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-30 09:38 - 2015-03-30 09:38 - 02095616 _____ (Farbar) C:\Users\Dominik Engl\Downloads\FRST64(1).exe 2015-03-30 03:00 - 2015-03-30 03:00 - 00000000 ____D () C:\SUPERDelete 2015-03-30 02:56 - 2015-03-30 02:56 - 00003606 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 7424bd66-51c5-4583-a26e-7b347b56d73e 2015-03-30 02:56 - 2015-03-30 02:56 - 00003524 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 0a987c32-62a3-40d4-aa67-81ba20521631 2015-03-30 02:56 - 2015-03-30 02:56 - 00001772 _____ () C:\Users\Dominik Engl\Desktop\SUPERAntiSpyware Free Edition.lnk 2015-03-30 02:56 - 2015-03-30 02:56 - 00000540 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7424bd66-51c5-4583-a26e-7b347b56d73e.job 2015-03-30 02:56 - 2015-03-30 02:56 - 00000540 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0a987c32-62a3-40d4-aa67-81ba20521631.job 2015-03-30 02:56 - 2015-03-30 02:56 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Roaming\SUPERAntiSpyware.com 2015-03-30 02:56 - 2015-03-30 02:56 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2015-03-30 02:56 - 2015-03-30 02:56 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2015-03-30 02:56 - 2015-03-30 02:56 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2015-03-30 02:55 - 2015-03-30 02:55 - 21514512 _____ (SUPERAntiSpyware) C:\Users\Dominik Engl\Downloads\SUPERAntiSpyware.exe 2015-03-30 02:44 - 2015-03-30 08:39 - 00000000 ____D () C:\Program Files (x86)\a-squared Free 2015-03-30 02:44 - 2015-03-30 02:44 - 00000965 _____ () C:\Users\Public\Desktop\a-squared Free.lnk 2015-03-30 02:44 - 2015-03-30 02:44 - 00000000 ____D () C:\Users\Dominik Engl\Documents\a-squared Free 2015-03-30 02:44 - 2015-03-30 02:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\a-squared Free 2015-03-30 02:41 - 2015-03-30 02:41 - 74121968 _____ (Emsi Software GmbH ) C:\Users\Dominik Engl\Downloads\a2FreeSetup.exe 2015-03-30 02:23 - 2015-03-30 08:44 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2989272098-668564025-1038308632-1002 2015-03-30 02:19 - 2015-03-30 02:29 - 00003805 _____ () C:\Windows\WindowsUpdate.log 2015-03-30 02:19 - 2015-03-30 02:19 - 00002786 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2015-03-30 01:43 - 2015-03-30 01:43 - 01389240 _____ (Thisisu) C:\Users\Dominik Engl\Downloads\JRT.exe 2015-03-30 01:25 - 2015-03-30 01:25 - 00057550 _____ () C:\Users\Dominik Engl\Desktop\FRST.txt 2015-03-30 01:15 - 2015-03-30 01:16 - 00057600 _____ () C:\Users\Dominik Engl\Downloads\Addition.txt 2015-03-30 01:14 - 2015-03-30 09:39 - 00024860 _____ () C:\Users\Dominik Engl\Downloads\FRST.txt 2015-03-30 01:14 - 2015-03-30 09:39 - 00000000 ____D () C:\FRST 2015-03-30 01:13 - 2015-03-30 01:13 - 02095616 _____ (Farbar) C:\Users\Dominik Engl\Downloads\FRST64.exe 2015-03-30 00:47 - 2015-03-30 00:47 - 02071768 _____ () C:\Users\Dominik Engl\Downloads\AdAware116WebInstaller.exe 2015-03-30 00:20 - 2015-03-30 00:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dominik Engl\Downloads\HiJackThis204(1).exe 2015-03-30 00:07 - 2015-03-30 00:07 - 00880208 _____ (Google Inc.) C:\Users\Dominik Engl\Downloads\ChromeSetup.exe 2015-03-30 00:06 - 2015-03-30 00:07 - 00243448 _____ () C:\Users\Dominik Engl\Downloads\Firefox Setup Stub 36.0.4(1).exe 2015-03-29 23:52 - 2015-03-29 23:54 - 00000000 ____D () C:\Users\Public\Documents\Stronghold AntiMalware 2015-03-29 23:52 - 2015-03-29 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stronghold AntiMalware 2015-03-29 23:52 - 2015-03-29 23:52 - 00000000 ____D () C:\Program Files (x86)\Stronghold AntiMalware 2015-03-29 23:11 - 2015-03-29 23:11 - 00091156 _____ () C:\Users\Dominik Engl\Downloads\Extras.Txt 2015-03-29 23:10 - 2015-03-29 23:11 - 06993464 _____ (Security Stronghold ) C:\Users\Dominik Engl\Downloads\StrongholdAntiMalware.exe 2015-03-29 23:09 - 2015-03-29 23:09 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Dominik Engl\Downloads\SpyHunter-Installer.exe 2015-03-29 23:09 - 2015-03-29 23:09 - 00148176 _____ () C:\Users\Dominik Engl\Downloads\OTL.Txt 2015-03-29 22:57 - 2015-03-29 22:59 - 00001268 _____ () C:\Users\Dominik Engl\Desktop\Revo Uninstaller.lnk 2015-03-29 22:57 - 2015-03-29 22:57 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-03-29 22:54 - 2015-03-29 22:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Dominik Engl\Downloads\revosetup95.exe 2015-03-29 22:47 - 2015-03-29 22:47 - 00602112 _____ (OldTimer Tools) C:\Users\Dominik Engl\Downloads\OTL.exe 2015-03-29 22:41 - 2015-03-29 22:41 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Dominik Engl\Downloads\mbam-setup- 2015-03-29 22:15 - 2015-03-29 22:15 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2989272098-668564025-1038308632-1007 2015-03-29 22:08 - 2015-03-29 22:08 - 00000000 ____D () C:\Users\Games\AppData\Roaming\Mozilla 2015-03-29 22:08 - 2015-03-29 22:08 - 00000000 ____D () C:\Users\Games\AppData\Roaming\8pecxstudios 2015-03-29 22:08 - 2015-03-29 22:08 - 00000000 ____D () C:\Users\Games\AppData\Local\8pecxstudios 2015-03-29 21:52 - 2015-03-29 22:04 - 00000000 ____D () C:\Users\Games\AppData\Local\CrashDumps 2015-03-29 21:52 - 2015-03-29 21:53 - 00000000 ____D () C:\Users\Games\AppData\Local\clear.fi 2015-03-29 21:52 - 2015-03-29 21:52 - 00001402 _____ () C:\Users\Games\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-03-29 21:52 - 2015-03-29 21:52 - 00000000 ____D () C:\Users\Games\PicStream 2015-03-29 21:52 - 2015-03-29 21:52 - 00000000 ____D () C:\Users\Games\AppData\Roaming\lm 2015-03-29 21:52 - 2015-03-29 21:52 - 00000000 ____D () C:\Users\Games\AppData\Roaming\Adobe 2015-03-29 21:52 - 2015-03-29 21:52 - 00000000 ____D () C:\Users\Games\AppData\Local\Google 2015-03-29 21:51 - 2015-03-29 21:52 - 00000000 ____D () C:\Users\Games\AppData\Local\VirtualStore 2015-03-29 21:51 - 2015-03-29 21:52 - 00000000 ____D () C:\Users\Games\AppData\Local\Packages 2015-03-29 21:51 - 2015-03-29 21:52 - 00000000 ____D () C:\Users\Games 2015-03-29 21:51 - 2015-03-29 21:51 - 00000020 ___SH () C:\Users\Games\ntuser.ini 2015-03-29 21:51 - 2015-03-29 21:51 - 00000000 _SHDL () C:\Users\Games\Vorlagen 2015-03-29 21:51 - 2015-03-29 21:51 - 00000000 _SHDL () C:\Users\Games\Startmenü 2015-03-29 21:51 - 2015-03-29 21:51 - 00000000 _SHDL () C:\Users\Games\Netzwerkumgebung 2015-03-29 21:51 - 2015-03-29 21:51 - 00000000 _SHDL () C:\Users\Games\Lokale Einstellungen 2015-03-29 21:51 - 2015-03-29 21:51 - 00000000 _SHDL () C:\Users\Games\Eigene Dateien 2015-03-29 21:51 - 2015-03-29 21:51 - 00000000 _SHDL () C:\Users\Games\Druckumgebung 2015-03-29 21:51 - 2015-03-29 21:51 - 00000000 _SHDL () C:\Users\Games\Documents\Eigene Musik 2015-03-29 21:51 - 2015-03-29 21:51 - 00000000 _SHDL () C:\Users\Games\Documents\Eigene Bilder 2015-03-29 21:51 - 2015-03-29 21:51 - 00000000 _SHDL () C:\Users\Games\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-03-29 21:51 - 2015-03-29 21:51 - 00000000 _SHDL () C:\Users\Games\AppData\Local\Verlauf 2015-03-29 21:51 - 2015-03-29 21:51 - 00000000 _SHDL () C:\Users\Games\AppData\Local\Anwendungsdaten 2015-03-29 21:51 - 2015-03-29 21:51 - 00000000 _SHDL () C:\Users\Games\Anwendungsdaten 2015-03-29 21:51 - 2014-12-31 02:40 - 00000000 ___RD () C:\Users\Games\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-29 21:51 - 2014-07-11 14:09 - 00000000 ___RD () C:\Users\Games\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-03-29 21:51 - 2013-12-29 12:49 - 00000000 ____D () C:\Users\Games\AppData\Roaming\Macromedia 2015-03-29 21:51 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Games\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-29 21:51 - 2012-07-26 10:13 - 00000000 ____D () C:\Users\Games\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-03-29 19:34 - 2015-03-29 19:34 - 00000000 ____D () C:\Users\Dominik Engl\Documents\My Games 2015-03-29 17:54 - 2015-03-29 17:54 - 00000000 ____D () C:\Program Files\AVAST Software 2015-03-29 17:26 - 2015-03-29 17:26 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Roaming\AVAST Software 2015-03-29 17:20 - 2015-03-29 17:20 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\yzmjkeua.sys 2015-03-29 17:19 - 2015-03-29 17:20 - 206523440 _____ (Avast Software s.r.o.) C:\Users\Dominik Engl\Downloads\avast_premier_antivirus_setup.exe 2015-03-29 17:12 - 2015-03-29 17:53 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-03-29 17:12 - 2015-03-29 17:12 - 05453024 _____ (Avast Software s.r.o.) C:\Users\Dominik Engl\Downloads\avast_premier_antivirus_setup_online.exe 2015-03-29 16:42 - 2015-03-29 16:42 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Roaming\TrojanHunter 2015-03-29 16:13 - 2015-03-30 00:19 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-29 16:12 - 2015-03-29 22:42 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-29 16:12 - 2015-03-29 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-29 16:12 - 2015-03-29 22:42 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-29 16:12 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-29 16:12 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-29 16:12 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-29 16:10 - 2015-03-29 16:10 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Dominik Engl\Downloads\mbam-setup- 2015-03-29 15:51 - 2015-03-30 01:36 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.6 2015-03-29 15:51 - 2015-03-29 15:51 - 00059392 ____R () C:\Windows\SysWOW64\streamhlp.dll 2015-03-29 15:51 - 2015-03-29 15:51 - 00000000 ____D () C:\ProgramData\TrojanHunter 2015-03-29 15:51 - 2015-03-29 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter 2015-03-29 15:49 - 2015-03-29 15:49 - 04314792 _____ (Bytelayer AB ) C:\Users\Dominik Engl\Downloads\TrojanHunter56Setup.exe 2015-03-29 15:44 - 2015-03-29 15:44 - 16409960 _____ (Safer Networking Limited ) C:\Users\Dominik Engl\Downloads\spybotsd162.exe 2015-03-29 15:42 - 2015-03-29 15:42 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Local\Howard_Media 2015-03-29 15:39 - 2015-03-29 21:15 - 00000000 ____D () C:\Program Files (x86)\FixCleanRepair 2015-03-29 15:39 - 2015-03-29 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FixCleanRepair 2015-03-29 15:29 - 2015-03-30 00:27 - 00000000 ____D () C:\Users\Dominik Engl\Downloads\backups 2015-03-29 15:17 - 2015-03-30 00:22 - 00011661 _____ () C:\Users\Dominik Engl\Downloads\hijackthis.log 2015-03-29 15:16 - 2015-03-29 15:16 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dominik Engl\Downloads\HiJackThis204.exe 2015-03-29 14:59 - 2015-03-29 15:00 - 07968584 _____ (TeamViewer GmbH) C:\Users\Dominik Engl\Downloads\TeamViewer_Setup_de.exe 2015-03-29 14:04 - 2015-03-29 14:04 - 00001225 _____ () C:\Users\Dominik Engl\Desktop\TreeSize Free.lnk 2015-03-29 14:03 - 2015-03-29 14:03 - 06639264 _____ (JAM Software ) C:\Users\Dominik Engl\Downloads\TreeSizeFreeSetup.exe 2015-03-29 13:56 - 2015-03-29 13:57 - 31754616 _____ (Trion Worlds Inc.) C:\Users\Dominik Engl\Downloads\GlyphInstall.exe 2015-03-29 13:34 - 2015-03-29 13:35 - 40909304 _____ () C:\Users\Dominik Engl\Downloads\Firefox_Setup_36.0.4.exe 2015-03-29 13:34 - 2015-03-29 13:35 - 40909304 _____ () C:\Users\Dominik Engl\Downloads\Firefox_Setup_36.0.4(1).exe 2015-03-29 13:31 - 2015-03-29 13:31 - 00243648 _____ () C:\Users\Dominik Engl\Downloads\Firefox Setup Stub 36.0.4.exe 2015-03-29 12:09 - 2015-03-29 12:09 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Roaming\Opera Software 2015-03-29 12:09 - 2015-03-29 12:09 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Local\Opera Software 2015-03-29 12:08 - 2015-03-29 16:46 - 00000000 ____D () C:\ProgramData\GufKrJTwA 2015-03-29 12:06 - 2015-03-29 12:06 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DocToPDFConverter 2015-03-29 12:04 - 2015-03-29 12:04 - 02168320 _____ () C:\Users\Dominik Engl\Desktop\adwcleaner_4.113.exe 2015-03-29 12:01 - 2015-03-29 12:04 - 00008632 _____ () C:\Windows\SysWOW64\VCLOff.ini 2015-03-29 12:01 - 2015-03-29 12:04 - 00008632 _____ () C:\Windows\system32\VCLOff.ini 2015-03-29 11:59 - 2015-03-29 21:11 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Local\5DE05E1C-1427630375-E211-B636-B888E3AA6D9A 2015-03-29 11:49 - 2015-03-30 02:24 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Local\5DE05E1C-1427629776-E211-B636-B888E3AA6D9A 2015-03-29 11:49 - 2015-03-29 21:11 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Local\5DE05E1C-1427629762-E211-B636-B888E3AA6D9A 2015-03-29 11:47 - 2015-03-29 11:47 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Local\5DE05E1C-1427629623-E211-B636-B888E3AA6D9A 2015-03-28 21:41 - 2015-03-29 21:40 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Local\Glyph 2015-03-28 21:41 - 2015-03-29 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph 2015-03-28 21:41 - 2015-03-29 13:57 - 00001001 _____ () C:\Users\Dominik Engl\Desktop\Glyph.lnk 2015-03-28 21:40 - 2015-03-29 21:10 - 00000000 ____D () C:\Program Files (x86)\Glyph 2015-03-28 20:53 - 2015-03-29 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webzen 2015-03-28 17:04 - 2015-03-28 17:04 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cyberfox 2015-03-28 17:04 - 2015-03-28 17:04 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Roaming\8pecxstudios 2015-03-28 17:04 - 2015-03-28 17:04 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Local\8pecxstudios 2015-03-28 17:03 - 2015-03-28 17:04 - 00000000 ____D () C:\Program Files\Cyberfox 2015-03-25 11:09 - 2015-03-25 11:09 - 00098304 _____ () C:\Users\Dominik Engl\fbchathistory.dat 2015-03-25 00:08 - 2015-03-25 00:08 - 00000000 ____D () C:\Program Files (x86)\lib 2015-03-25 00:08 - 2015-03-25 00:08 - 00000000 ____D () C:\Program Files (x86)\bin 2015-03-25 00:08 - 2015-03-25 00:08 - 00000000 _____ () C:\Windows\SysWOW64\RENBDF4.tmp 2015-03-25 00:01 - 2015-03-25 00:01 - 00000000 _____ () C:\Windows\SysWOW64\REN46ED.tmp 2015-03-22 14:03 - 2015-03-22 14:03 - 00000066 _____ () C:\Windows\4457412 2015-03-22 13:57 - 2015-03-29 22:13 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVE 2015-03-22 12:47 - 2015-03-22 12:47 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Local\CCP 2015-03-21 13:36 - 2015-03-21 16:32 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Roaming\Tropico 5 2015-03-21 13:35 - 2015-03-21 13:35 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Roaming\Kalypso Media 2015-03-21 12:43 - 2015-03-21 12:43 - 00000000 _____ () C:\Windows\SysWOW64\REN4382.tmp 2015-03-21 12:38 - 2015-03-21 12:38 - 00000000 _____ () C:\Windows\SysWOW64\REN744F.tmp 2015-03-21 12:23 - 2015-03-21 13:11 - 00011288 _____ () C:\Users\Dominik Engl\AppData\Localtransition_54d040c3273170d49671c6254a19f71d.ini 2015-03-21 12:23 - 2015-03-21 13:11 - 00001014 _____ () C:\Users\Dominik Engl\AppData\Roaming\Microsoft\Windows\Start Menu\Wakfu.lnk 2015-03-17 22:48 - 2015-03-17 22:48 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Roaming\GameInvest 2015-03-17 12:51 - 2015-03-17 12:51 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Roaming\Five-BN Games 2015-03-16 10:47 - 2015-03-16 10:47 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Roaming\NVIDIA 2015-03-15 23:39 - 2015-03-29 19:52 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Roaming\.minecraft 2015-03-15 22:36 - 2015-03-15 22:36 - 00000000 ____D () C:\ProgramData\4423493481857464035 2015-03-15 22:34 - 2015-03-29 21:11 - 00000000 ____D () C:\ProgramData\{cce61d59-8c68-bfa4-cce6-61d598c67566} 2015-03-14 22:22 - 2015-03-30 02:22 - 00000000 ____D () C:\AdwCleaner 2015-03-14 21:55 - 2015-03-29 16:46 - 00000000 ____D () C:\ProgramData\{44587a0a-6024-e1cf-4458-87a0a602e829} 2015-03-12 15:57 - 2015-03-12 15:57 - 00000000 ____D () C:\ProgramData\HipSoft 2015-03-11 13:46 - 2015-03-12 02:00 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Roaming\Sahmon Games 2015-03-11 12:59 - 2015-03-11 12:59 - 00000000 ____D () C:\ProgramData\com.gamehouse.acid 2015-03-11 12:58 - 2015-03-29 21:12 - 00000000 ____D () C:\Zylom Games 2015-03-11 12:57 - 2015-03-17 22:47 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Local\com.gamehouse.acid 2015-03-11 12:44 - 2015-03-11 12:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-03-11 12:44 - 2015-03-11 12:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2015-03-11 12:43 - 2015-03-29 16:46 - 00000000 ____D () C:\ProgramData\81d19778c51c4881a7eae8f07044d0be 2015-03-11 12:43 - 2015-03-11 12:43 - 00000000 ____D () C:\ProgramData\0d4294919c9a4941ba7cc97f91f909a5 2015-03-07 01:37 - 2015-03-07 01:37 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Roaming\Firefly Studios 2015-03-07 01:37 - 2015-03-07 01:37 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Local\Geckofx 2015-03-07 01:28 - 2015-03-28 15:21 - 00009562 _____ () C:\Users\Dominik Engl\AppData\Localtransition_695d023943ae953cd599497f44e981eb.ini 2015-03-03 16:22 - 2015-03-03 16:22 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Local\Steam 2015-03-03 01:58 - 2015-03-03 01:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari 2015-03-03 01:55 - 2015-03-29 21:10 - 00000000 ____D () C:\Program Files (x86)\Atari 2015-03-02 22:47 - 2015-03-08 00:39 - 00000000 ____D () C:\Users\Dominik Engl\Documents\Euro Truck Simulator 2 2015-03-02 21:47 - 2015-03-29 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ANNO 1503 2015-03-01 00:54 - 2015-03-01 00:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HMH Interactive 2015-03-01 00:48 - 2015-03-29 21:10 - 00000000 ____D () C:\Program Files (x86)\HMH Interactive ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-30 09:36 - 2012-11-02 05:40 - 00000000 ____D () C:\Program Files\EgisTec IPS 2015-03-30 09:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru 2015-03-30 06:36 - 2013-05-01 11:18 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CA5BD22F-A805-496B-80E3-62AFE6B66C45} 2015-03-30 02:18 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-30 02:14 - 2013-11-16 01:18 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-03-30 02:13 - 2013-04-23 03:12 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Local\CrashDumps 2015-03-30 01:56 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI 2015-03-30 00:58 - 2014-12-08 04:54 - 00000000 ____D () C:\Games 2015-03-30 00:07 - 2013-05-05 00:02 - 00000000 ____D () C:\Program Files (x86)\Google 2015-03-29 22:27 - 2015-01-02 01:20 - 05144544 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-29 22:16 - 2013-12-23 10:25 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Roaming\Wise Care 365 2015-03-29 22:13 - 2015-01-30 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PureWare 2015-03-29 22:13 - 2014-11-04 22:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva 2015-03-29 22:13 - 2014-11-04 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler 2015-03-29 22:13 - 2014-09-03 23:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotel-Manager 2015-03-29 22:13 - 2014-08-17 02:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol 2015-03-29 22:13 - 2014-05-08 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youtube Downloader HD 2015-03-29 22:13 - 2014-05-01 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 2015-03-29 22:13 - 2014-02-02 05:15 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6 2015-03-29 22:13 - 2013-10-06 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-03-29 22:13 - 2013-09-08 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster 2015-03-29 22:13 - 2013-07-08 00:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ezvid 2015-03-29 22:13 - 2013-06-08 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2 2015-03-29 22:13 - 2013-05-07 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities 2015-03-29 22:13 - 2013-04-27 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe 2015-03-29 22:13 - 2012-11-02 05:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer 2015-03-29 21:52 - 2013-04-23 02:20 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2015-03-29 21:13 - 2015-01-30 17:18 - 00000000 ____D () C:\Program Files (x86)\JTL-Software 2015-03-29 21:13 - 2014-12-24 00:50 - 00000000 ____D () C:\Program Files (x86)\Landwirtschafts Simulator 2011 2015-03-29 21:13 - 2013-12-15 05:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zylom 2015-03-29 21:13 - 2013-04-23 02:19 - 00000000 ____D () C:\Users\Dominik Engl 2015-03-29 21:12 - 2014-07-12 02:52 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokémon Trading Card Game Online 2015-03-29 21:11 - 2015-01-30 17:31 - 00000000 ____D () C:\Program Files (x86)\PureWare 2015-03-29 21:11 - 2015-01-27 03:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anaconda 2015-03-29 21:11 - 2015-01-27 03:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Lunch Design 2015-03-29 21:11 - 2015-01-20 20:05 - 00000000 ____D () C:\Program Files (x86)\Startfenster 2015-03-29 21:11 - 2014-12-26 00:55 - 00000000 ____D () C:\Riot Games 2015-03-29 21:11 - 2014-12-26 00:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends 2015-03-29 21:11 - 2014-12-24 00:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2011 2015-03-29 21:11 - 2014-11-13 21:48 - 00000000 ____D () C:\Program Files (x86)\Wiggles 2015-03-29 21:11 - 2014-11-04 22:21 - 00000000 ____D () C:\Program Files (x86)\SlimComputer 2015-03-29 21:11 - 2014-11-04 22:07 - 00000000 ____D () C:\Program Files (x86)\Reason 2015-03-29 21:11 - 2014-09-15 19:09 - 00000000 ____D () C:\Program Files (x86)\SpeedFan 2015-03-29 21:11 - 2014-08-17 02:33 - 00000000 ____D () C:\Program Files (x86)\Ruiware 2015-03-29 21:11 - 2014-08-01 18:28 - 00000000 ____D () C:\ProgramData\Glyph 2015-03-29 21:11 - 2014-05-08 23:22 - 00000000 ____D () C:\Program Files (x86)\Youtube Downloader HD 2015-03-29 21:11 - 2014-04-26 18:04 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2015-03-29 21:11 - 2014-04-04 23:31 - 00000000 ____D () C:\Program Files (x86)\OXXOGames 2015-03-29 21:11 - 2014-01-31 04:02 - 00000000 ____D () C:\Program Files (x86)\SuperTuxKart 2015-03-29 21:11 - 2014-01-10 23:51 - 00000000 ____D () C:\Program Files (x86)\Ubisoft 2015-03-29 21:11 - 2013-09-08 22:07 - 00000000 ____D () C:\Program Files (x86)\Smart Projects 2015-03-29 21:11 - 2013-07-09 05:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2015-03-29 21:10 - 2015-01-27 03:51 - 00000000 ____D () C:\Program Files (x86)\Anaconda 2015-03-29 21:10 - 2015-01-06 10:58 - 00000000 ____D () C:\Program Files (x86)\Audacity 2015-03-29 21:10 - 2014-12-30 21:35 - 00000000 ____D () C:\Program Files (x86)\MarkSpace 2015-03-29 21:10 - 2014-12-18 20:54 - 00000000 ____D () C:\Program Files (x86)\CPUID 2015-03-29 21:10 - 2014-12-08 04:27 - 00000000 ____D () C:\Program Files (x86)\concept design 2015-03-29 21:10 - 2014-12-07 00:46 - 00000000 ____D () C:\Program Files (x86)\Ankh 2015-03-29 21:10 - 2014-12-06 00:37 - 00000000 ____D () C:\Program Files (x86)\Daedalic Entertainment 2015-03-29 21:10 - 2014-10-28 14:02 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive 2015-03-29 21:10 - 2014-09-03 23:02 - 00000000 ____D () C:\Program Files (x86)\Hotel-Manager 2015-03-29 21:10 - 2014-04-04 23:31 - 00000000 ____D () C:\Program Files (x86)\DEUTSCHLAND SPIELT 2015-03-29 21:10 - 2014-02-22 12:20 - 00000000 ____D () C:\Program Files (x86)\ImageConverter Plus 2015-03-29 21:10 - 2013-11-26 05:58 - 00000000 ____D () C:\Program Files (x86)\Image Converter 2015-03-29 21:10 - 2012-11-02 05:40 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-03-29 21:08 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\registration 2015-03-29 17:22 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF 2015-03-29 16:50 - 2015-02-15 11:55 - 00000000 ____D () C:\Users\Dominik Engl\Desktop\Neuer Ordner 2015-03-29 16:46 - 2013-12-04 18:38 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Local\CRE 2015-03-29 16:46 - 2013-09-27 01:45 - 00000000 ____D () C:\Windows\Minidump 2015-03-29 16:46 - 2013-04-27 16:24 - 00000000 ____D () C:\Program Files (x86)\Adobe 2015-03-29 16:12 - 2013-08-09 17:00 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-29 15:38 - 2012-12-16 05:21 - 00753134 _____ () C:\Windows\system32\perfh007.dat 2015-03-29 15:38 - 2012-12-16 05:21 - 00155826 _____ () C:\Windows\system32\perfc007.dat 2015-03-29 15:38 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-29 13:37 - 2012-11-02 05:42 - 00003272 _____ () C:\Windows\System32\Tasks\PMMUpdate 2015-03-29 13:20 - 2014-01-27 00:31 - 00000000 ___RD () C:\Users\Dominik Engl\Desktop\Spiele 2015-03-29 12:50 - 2014-09-15 23:25 - 00000000 ____D () C:\Users\Dominik Engl\Downloads\CoreTemp_106 2015-03-29 12:38 - 2013-04-23 12:22 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Roaming\TS3Client 2015-03-29 12:12 - 2014-08-22 19:18 - 00000000 ____D () C:\Users\Dominik Engl\Documents\ArcheAge 2015-03-29 12:10 - 2014-11-04 23:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Partition Manager™ 2014 Free 2015-03-29 12:10 - 2014-08-02 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 Multiplayer 2015-03-29 12:10 - 2014-07-24 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon's Prophet 2015-03-29 12:10 - 2014-04-09 23:23 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duel of Champions Launcher 2015-03-29 12:10 - 2013-10-19 01:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jahshaka 2015-03-29 12:10 - 2013-05-05 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-03-29 12:10 - 2013-04-23 02:20 - 00001196 _____ () C:\Users\Dominik Engl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-03-28 18:41 - 2014-07-09 23:18 - 00000000 ____D () C:\ProgramData\WEBZEN 2015-03-26 17:33 - 2014-10-28 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live 2015-03-25 00:08 - 2013-10-06 14:45 - 00000000 ____D () C:\ProgramData\Oracle 2015-03-21 13:16 - 2013-11-16 01:33 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2015-03-21 12:40 - 2014-06-13 21:46 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-03-21 12:40 - 2014-06-13 21:46 - 00000000 ____D () C:\Program Files\Java 2015-03-21 12:38 - 2013-10-06 14:36 - 00000000 ____D () C:\Program Files (x86)\Java 2015-03-20 23:25 - 2013-07-09 05:29 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Roaming\vlc 2015-03-18 09:54 - 2013-04-23 03:40 - 00000000 ____D () C:\Users\Dominik Engl\AppData\Local\clear.fi 2015-03-17 21:50 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2015-03-11 12:32 - 2014-04-04 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEUTSCHLAND SPIELT 2015-03-08 22:34 - 2014-04-26 18:02 - 00000000 ____D () C:\ProgramData\Origin 2015-03-02 22:50 - 2014-08-02 20:10 - 00000000 ____D () C:\Users\Dominik Engl\Documents\ETS2MP ==================== Files in the root of some directories ======= 2014-05-15 03:42 - 2014-05-15 03:42 - 0009060 _____ () C:\Users\Dominik Engl\AppData\Roaming\.freeciv-client-rc-2.4 2013-07-20 02:07 - 2013-12-29 23:12 - 0000125 _____ () C:\Users\Dominik Engl\AppData\Roaming\D2Info0 2013-07-20 02:07 - 2013-12-29 14:56 - 0000008 _____ () C:\Users\Dominik Engl\AppData\Roaming\DofusAppId0_1 2013-12-29 23:12 - 2013-12-30 17:17 - 0000008 _____ () C:\Users\Dominik Engl\AppData\Roaming\DofusAppId0_2 2014-01-10 19:25 - 2014-06-16 16:49 - 0000000 _____ () C:\Users\Dominik Engl\AppData\Roaming\FileIn.cns 2014-01-10 19:25 - 2014-06-16 16:49 - 0000000 _____ () C:\Users\Dominik Engl\AppData\Roaming\FileOut.cns 2014-04-25 21:27 - 2009-11-23 11:07 - 41212184 _____ (NVIDIA Corporation) C:\Users\Dominik Engl\AppData\Roaming\PhysX_9.09.0814_SystemSoftware.exe 2013-07-08 00:38 - 2013-11-07 15:18 - 0004608 _____ () C:\Users\Dominik Engl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-04-09 04:26 - 2014-04-09 04:26 - 0000036 _____ () C:\Users\Dominik Engl\AppData\Local\housecall.guid.cache 2014-02-22 12:42 - 2014-02-22 12:42 - 0001496 _____ () C:\Users\Dominik Engl\AppData\Local\recently-used.xbel 2014-11-05 01:53 - 2014-11-05 01:53 - 0007602 _____ () C:\Users\Dominik Engl\AppData\Local\Resmon.ResmonCfg 2012-12-15 20:47 - 2012-12-15 20:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-09-08 03:08 - 2013-09-08 03:08 - 0000040 _____ () C:\ProgramData\ra3.ini Files to move or delete: ==================== C:\Users\Dominik Engl\fbchathistory.dat ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-24 12:59 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015 Ran by Dominik Engl at 2015-03-30 09:40:15 Running from C:\Users\Dominik Engl\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) clear.fi SDK - Video 2 (x32 Version: 2.1.1925 - CyberLink Corp.) Hidden clear.fi SDK- Movie 2 (x32 Version: 2.1.2008 - CyberLink Corp.) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: - Igor Pavlov) Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: - NTI Corporation) Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated) Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated) AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3115 - Acer Incorporated) AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3201 - Acer Incorporated) AdAwareInstaller (Version: 11.4.6792.0 - Lavasoft) Hidden AdAwareUpdater (Version: 11.4.6792.0 - Lavasoft) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: - Adobe Systems, Inc.) Agatha Christie - Death on the Nile (x32 Version: - WildTangent) Hidden Age of Wulin (HKLM-x32\...\{A1CD76EB-30CA-45EE-9946-5FC20BA62012}) (Version: - Webzen) Akamai NetSession Interface (HKU\S-1-5-21-2989272098-668564025-1038308632-1002\...\Akamai) (Version: - Akamai Technologies, Inc) Aloha TriPeaks (x32 Version: - WildTangent) Hidden Ankh (HKLM-x32\...\Ankh) (Version: - ) ANNO 1503 (HKLM-x32\...\{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}) (Version: 1.04.00 - ) AntimalwareEngine (Version: - Lavasoft) Hidden Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: - Apple Inc.) Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: - Perfect World Entertainment) Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive) a-squared Free 4.5 (HKLM-x32\...\a-squared Free_is1) (Version: 4.5 - Emsi Software GmbH) Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team) Audials (HKLM-x32\...\{15FA1110-CA8E-43E4-BD79-A28A897CD563}) (Version: 11.0.48200.0 - Audials AG) Audials (HKLM-x32\...\{6FA83576-0E44-4235-86A2-32A104E97280}) (Version: 10.2.28800.0 - Audials AG) Audials (HKLM-x32\...\{73ABAA0E-70F0-4048-AD43-A5F5A13A198D}) (Version: 9.1.31900.0 - Audials AG) Backup Manager v4 (x32 Version: - NTI Corporation) Hidden Bejeweled 3 (x32 Version: - WildTangent) Hidden bl (x32 Version: 1.0.0 - Your Company Name) Hidden Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: - Broadcom Corporation) Burger Bustle (HKLM-x32\...\Burger Bustle) (Version: - INTENIUM GmbH) Burger Bustle (HKLM-x32\...\d4f8b6cf2daf5a8fa093daf3123e2b92) (Version: - Zylom) Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version: - ) Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - Canon Inc.) Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform) Cinema Tycoon 2 (HKLM-x32\...\Cinema Tycoon 2) (Version: - INTENIUM GmbH) Combat Arms EU (HKLM-x32\...\Combat Arms EU) (Version: - ) Command & Conquer™ Alarmstufe Rot 3 (HKLM-x32\...\{296D8550-CB06-48E4-9A8B-E5034FB64715}) (Version: - Electronic Arts) concept/design onlineTV 10 (HKLM-x32\...\{DCAB9AAC-1D1C-4B94-99B7-AA7D2617BD64}_is1) (Version: - concept/design GmbH) Cyberfox Web Browser (HKLM\...\{5EFB52C0-4EC9-46B4-80EB-8432C6599641}_is1) (Version: - 8pecxstudios) CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.) CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.0720 - CyberLink Corp.) DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive) DC Universe Online (HKLM-x32\...\Steam App 24200) (Version: - Sony Online Entertainment) DC Universe Online Live (HKU\S-1-5-21-2989272098-668564025-1038308632-1002\...\SOE-DC Universe Online Live) (Version: - Sony Online Entertainment) Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: - Electronic Arts) Defiance (HKLM-x32\...\Steam App 224600) (Version: - Trion Worlds, Inc.) Delicious - Emily's Honeymoon Cruise (HKLM-x32\...\37a9e322478ad928b108ecf42de3c631) (Version: - Zylom) Delicious Promo (HKLM-x32\...\8b567f6f25e6a3d6abf028aeb1d36a31) (Version: - Zylom) Delicious: Emily und der Duft des Erfolgs (HKLM-x32\...\Delicious: Emily und der Duft des Erfolgs) (Version: - INTENIUM GmbH) Delicious: Emily's True Love Premium Edition (x32 Version: - WildTangent) Hidden Der bartlose Zauberer (HKLM-x32\...\Der bartlose Zauberer) (Version: - INTENIUM GmbH) Deutschland Spielt - Spiele Post (HKLM-x32\...\Deutschland Spielt - Spiele Post) (Version: - INTENIUM GmbH) DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: - INTENIUM GmbH) Die Abenteuer von Robinson Crusoe (HKLM-x32\...\Die Abenteuer von Robinson Crusoe) (Version: - INTENIUM GmbH) Die Siedler II - Die nächste Generation (HKLM-x32\...\S2TNG) (Version: - ) DivX 4.02 Codec (HKLM-x32\...\DivXCodec) (Version: - ) Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.13 - Dolby Laboratories Inc) Dream Hills: Gestohlene Magie (HKLM-x32\...\Dream Hills: Gestohlene Magie) (Version: - INTENIUM GmbH) Duel of Champions (HKU\S-1-5-21-2989272098-668564025-1038308632-1002\...\MMDoC-PDCLive) (Version: - Ubisoft) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version: - SCS Software) Euro Truck Simulator 2 Multiplayer 0.1.4 R3 Alpha (HKLM-x32\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.1.4 R3 Alpha - ETS2MP Team) Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 0976 - Ezvid, inc.) F1 2013 (HKLM-x32\...\Steam App 223670) (Version: - Codemasters Birmingham) Fakturama 1.6.7 (HKLM\...\5723-2630-1175-8368) (Version: 1.6.7 - Fakturama.org) Fall of the New Age: Im Bann der Sekte Sammleredition (HKLM-x32\...\Fall of the New Age: Im Bann der Sekte Sammleredition) (Version: - INTENIUM GmbH) FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.) Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: - MAGIX AG) Firefall (HKLM-x32\...\Steam App 227700) (Version: - Red 5 Studios) Free YouTube Download Manager (HKLM-x32\...\{60e0155b-9898-42a1-ab0a-c33353e03705}) (Version: - Freetec) Free YouTube Download Manager (x32 Version: - Freetec) Hidden Frozen Hearth (HKLM-x32\...\Steam App 257890) (Version: - Epiphany Games) FUSSBALL MANAGER 13 (HKLM-x32\...\{80AF0300-866F-400F-A350-D53E3C3E34E0}) (Version: - Electronic Arts) Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit) Gameforge Live 2.0.6 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.6 - Gameforge) GamersFirst LIVE! (HKU\S-1-5-21-2989272098-668564025-1038308632-1002\...\GamersFirst LIVE!) (Version: - GamersFirst) Geheime Fälle: Auf den Spuren von Casanova (HKLM-x32\...\Geheime Fälle: Auf den Spuren von Casanova) (Version: - INTENIUM GmbH) Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.) Goldrausch: Die Schatzsuche (HKLM-x32\...\Goldrausch: Die Schatzsuche) (Version: - INTENIUM GmbH) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.) Google Update Helper (x32 Version: - Google Inc.) Hidden Google Update Helper (x32 Version: - Google Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: - WildTangent) Hidden GTR Evolution (HKLM-x32\...\Steam App 8660) (Version: - SimBin) Happy Cloud Client (HKU\S-1-5-21-2989272098-668564025-1038308632-1002\...\HappyCloud) (Version: 4.28 - Happy Cloud, Inc.) Happy Wars (HKLM-x32\...\Steam App 246280) (Version: - Toylogic inc.) Heart's Medicine: Ärztin mit Herz (HKLM-x32\...\Heart's Medicine: Ärztin mit Herz) (Version: - INTENIUM GmbH) Hospital Hustle Deluxe (HKLM-x32\...\023c03038d1e8d0dd5b29cacacce04d0) (Version: - Zylom) Hotel-Manager (HKLM-x32\...\SagaGamesHotelManager2_is1) (Version: - Saga-Games) Icy Tower v1.5 (HKLM-x32\...\Icy Tower v1.5_is1) (Version: - Free Lunch Design) Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated) Image Converter (HKLM-x32\...\Image Converter Image Converter) (Version: 1.0.0 - Image Converter) IncrediMail (x32 Version: - IncrediMail) Hidden IncrediMail 2.5 (HKLM-x32\...\IncrediMail) (Version: - IncrediMail Ltd.) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation) Island Tribe (x32 Version: - WildTangent) Hidden IsoBuster 3.2 (HKLM-x32\...\IsoBuster_is1) (Version: 3.2 - Smart Projects) Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation) Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation) Jewel Match 3 (x32 Version: - WildTangent) Hidden John Deere Drive Green (x32 Version: - WildTangent) Hidden JTL-Wawi (HKLM-x32\...\JTL-Wawi_is1) (Version: 0.99923 - ) Jurassic Park Operation Genesis (x32 Version: 1.00.0000 - Universal Interactive) Hidden Landwirtschafts Simulator 2011 (HKLM-x32\...\FarmingSimulator2011DE_is1) (Version: 1.0 - GIANTS Software) Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.5 - Acer Inc.) Lawn & Order 2: Die Gartenverschwörung (HKLM-x32\...\Lawn & Order 2: Die Gartenverschwörung) (Version: - INTENIUM GmbH) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden Legends of Solitaire: Die verlorenen Karten (HKLM-x32\...\Legends of Solitaire: Die verlorenen Karten) (Version: - INTENIUM GmbH) LG Bluetooth Drivers (HKLM-x32\...\{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}) (Version: 1.1 - LG Electronics) LG PC Suite IV (HKLM-x32\...\LG PC Suite IV) (Version: - LG Electronics) Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Acer Incorporated) Lost Lands - Dark Overlord Platinum Edition (HKLM-x32\...\9b264bb29bdb57d30fcff344d51d815b) (Version: - Zylom) Magic Academy (x32 Version: - WildTangent) Hidden MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: - MAGIX Software GmbH) MAGIX Goya burnR (MSI) (HKLM-x32\...\MX.{4745C004-7D5D-42BB-816A-79BF29C3A65C}) (Version: - MAGIX Software GmbH) MAGIX Goya burnR (MSI) (Version: - MAGIX Software GmbH) Hidden MAGIX Music Maker 2013 (Demosongs) (HKLM-x32\...\MX.{4913C631-0363-496A-9E24-1A260205AB9D}) (Version: - MAGIX Software GmbH) MAGIX Music Maker 2013 (Demosongs) (Version: - MAGIX Software GmbH) Hidden MAGIX Music Maker 2013 (HKLM-x32\...\MX.{E7F7CA64-C0FC-4499-BC4D-C764E24CA67B}) (Version: - MAGIX Software GmbH) MAGIX Music Maker 2013 (Synthesizer und Effekte) (HKLM-x32\...\MX.{AD409A65-BD38-4322-8765-492DD4E72DBF}) (Version: - MAGIX Software GmbH) MAGIX Music Maker 2013 (Synthesizer und Effekte) (Version: - MAGIX Software GmbH) Hidden MAGIX Music Maker 2013 (Version: - MAGIX Software GmbH) Hidden MAGIX Music Maker 2013 (Visuals) (HKLM-x32\...\MX.{86516976-CC47-4787-B9FD-720500EC1759}) (Version: - MAGIX Software GmbH) MAGIX Music Maker 2013 (Visuals) (Version: - MAGIX Software GmbH) Hidden MAGIX Music Maker 2013 Soundpools (Version: - MAGIX Software GmbH) Hidden Malwarebytes Anti-Malware Version (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: - Malwarebytes Corporation) MarkSpace Outlook Server Version 1.0 (HKLM-x32\...\{050F5BE0-A8F6-48E1-9815-97322C1C1DC5}_is1) (Version: 1.0 - Mark/Space, Inc.) Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{3bcf8c72-b231-4d28-9f39-3405c22d8b5a}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) msxml4 (HKLM-x32\...\{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}) (Version: 1.0.0 - Default Company Name) MyWinLocker (Version: - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: - Egis Technology Inc.) MyWinLocker Suite (x32 Version: - Egis Technology Inc.) Hidden NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: - NTI Corporation) NTI Media Maker 9 (x32 Version: - NTI Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) Octoshape Streaming Services (HKU\S-1-5-21-2989272098-668564025-1038308632-1002\...\Octoshape Streaming Services) (Version: - Octoshape ApS) OMSI 2 (HKLM-x32\...\Steam App 252530) (Version: - MR-Software GbR) Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenLibraries (HKLM-x32\...\OpenLibraries) (Version: - ) OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) Origin (HKLM-x32\...\Origin) (Version: - Electronic Arts, Inc.) Paragon Partition Manager™ 2014 Free (HKLM-x32\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software) Penguins! (x32 Version: - WildTangent) Hidden Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: - Electronic Arts, Inc.) ph (x32 Version: 1.0.0 - Your Company Name) Hidden Plants vs. Zombies - Game of the Year (x32 Version: - WildTangent) Hidden Pokémon Trading Card Game Online (HKLM-x32\...\{496D7B7E-EBDC-4E2B-B021-4FF03B188B69}) (Version: 1.0.0 - The Pokémon Company International) Polar Bowler (x32 Version: - WildTangent) Hidden Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64) PureWare (HKLM-x32\...\PureWare) (Version: - Stefan Pape) PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: - Electronic Arts) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: - Ihr Firmenname) Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.05 - Qualcomm Atheros) QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: - Apple Inc.) RACE 07 (HKLM-x32\...\Steam App 8600) (Version: - SimBin) RaceRoom Racing Experience (HKLM-x32\...\Steam App 211500) (Version: - SimBin Studios AB) RaceRoom Racing Experience Launcher (HKLM-x32\...\{1FD9F07F-7BBF-4C91-B3F0-A23714A3A913}_is1) (Version: 1.0 - SimBin) Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 3.6 - Razer USA Ltd) RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden Really Big Sky (HKLM-x32\...\Steam App 201570) (Version: - Boss Baddie) RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Ricky`s Restaurant (HKLM-x32\...\Ricky`s Restaurant) (Version: - ) Risen 2 - Dark Waters (HKLM-x32\...\Steam App 40390) (Version: - Piranha Bytes) Ritter Arthur 4 (HKLM-x32\...\Ritter Arthur 4) (Version: - INTENIUM GmbH) Sam & Max All-Zeit Bereit (HKLM-x32\...\Sam und Max All-Zeit Bereit) (Version: - Telltale Games) Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version: - Coffee Stain Studios) Shop it Up! Deluxe (HKLM-x32\...\266cd93b236c46d9e3a0a44ddaf12961) (Version: - Zylom) Should I Remove It (HKU\S-1-5-21-2989272098-668564025-1038308632-1002\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.) Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden Shredder (Version: - Egis Technology Inc.) Hidden Shredder (x32 Version: - Egis Technology Inc.) Hidden SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: - Electronic Arts) Ski Challenge 15 (HKU\S-1-5-21-2989272098-668564025-1038308632-1002\...\sc15-GAMETWIST_MAIN) (Version: - ) Sky High Farm Deluxe (HKLM-x32\...\92dfa5216d9c72682019916b3be098cf) (Version: - Zylom) SlimComputer (HKLM-x32\...\{574BF026-4487-4051-BCE5-83C4E40AAF6D}) (Version: 1.3.30878 - SlimWare Utilities, Inc.) SpaceChem (HKLM-x32\...\Steam App 92800) (Version: - Zachtronics) Spooky Mall (HKLM-x32\...\Spooky Mall) (Version: - INTENIUM GmbH) Spotify (HKLM-x32\...\Spotify) (Version: - Spotify AB) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) Stand O'Food Deluxe (HKLM-x32\...\b18451a1aab4b749ac384387f5fa24ff) (Version: - Zylom) Starbound (HKLM-x32\...\Steam App 211820) (Version: - ) Startfenster (HKLM-x32\...\Startfenster) (Version: - Startfenster) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Steganos Safe 15 (HKLM-x32\...\{D3FB0B73-11DF-41EE-9B6D-C7198079A88E}) (Version: 15.2.1 - Steganos Software GmbH) Stronghold AntiMalware (HKLM-x32\...\Stronghold AntiMalware_is1) (Version: 1.0 - Security Stronghold) Stronghold Kingdoms (HKLM-x32\...\Steam App 47410) (Version: - FireFly Studios) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com) Supermarket Management (HKLM-x32\...\08d71c43d7ba8e543f0215bcab884209) (Version: - Zylom) swMSM (x32 Version: - Adobe Systems, Inc) Hidden Tales of Lagoona (x32 Version: - WildTangent) Hidden TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 28 - Gameforge Productions GmbH) Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: - Magix Development GmbH) The Island - Castaway 2 Deluxe (HKLM-x32\...\64ce3775e2b476d3c34210a5a9d238dc) (Version: - Zylom) The Island - Castaway Deluxe (HKLM-x32\...\0bd27f65980f021b19a2ee12501961b1) (Version: - Zylom) The Island: Castaway (HKLM-x32\...\The Island: Castaway) (Version: - INTENIUM GmbH) The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: - Electronic Arts) The Whispered World (HKLM-x32\...\Steam App 18490) (Version: - Daedalic Entertainment) The Whispered World Special Edition (HKLM-x32\...\Steam App 268540) (Version: - Daedalic Entertainment) Tony Tough 2 - Patch (HKLM-x32\...\Tony Tough 2 - A Rake's Progress_is1) (Version: - dtp AG) Treasure Island (HKLM-x32\...\Treasure Island) (Version: - ) TreeSize Free V3.3.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3.2 - JAM Software) Trend Micro Titanium (Version: 7.0 - Trend Micro Inc.) Hidden TrojanHunter 5.6 (HKLM-x32\...\TrojanHunter_is1) (Version: 5.6 - Bytelayer AB) Tropico 3 - Steam Special Edition (HKLM-x32\...\Steam App 23490) (Version: - Haemimont Games) Tropico 5 (HKLM-x32\...\Steam App 245620) (Version: - Haemimont Games) TumblRipper (HKLM-x32\...\{39CCA8F3-19C1-4246-B4BA-8174D665407C}_is1) (Version: 2.07 - TumblRipper) TV Farm 2: Bauer total (HKLM-x32\...\TV Farm 2: Bauer total) (Version: - INTENIUM GmbH) Unity Web Player (HKU\S-1-5-21-2989272098-668564025-1038308632-1002\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Villagers and Heroes (HKLM-x32\...\Steam App 263540) (Version: - Mad Otter Games) Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) Vita 2 (Version: - MAGIX Software GmbH) Hidden Vita Rock Drums (Version: - MAGIX Software GmbH) Hidden Vita String Ensemble (Version: - MAGIX Software GmbH) Hidden VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) W&G - Der Hummelfluch (HKLM-x32\...\Der Hummelfluch) (Version: - Daedalic Entertainment) W&G - Urlaub Unter Tage (HKLM-x32\...\Urlaub Unter Tage) (Version: - Daedalic Entertainment) WAKFU (HKLM-x32\...\Steam App 215080) (Version: - Ankama Studio) Wakfu (HKU\S-1-5-21-2989272098-668564025-1038308632-1002\...\1F4715F1-86E7-4450-AA9A-13ADBF14BED1-2) (Version: - Ankama) Welcome Home To Windows Phone Version 2.0 (HKLM-x32\...\{4B5EBB2A-A55C-40E9-A48F-AEBFBAA90EC1}_is1) (Version: 2.0 - ) Wiggles 1.0.844 (HKLM-x32\...\Wiggles_is1) (Version: - ) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: - WildTangent) WildTangent Games App (x32 Version: - WildTangent) Hidden Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: - Microsoft Corporation) Windows Phone app for desktop (HKLM-x32\...\{19773614-FC22-4ACC-AAA3-E6BDA81ACF92}) (Version: 1.1.2726.0 - Microsoft Corporation) WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: - Riverbed Technology, Inc.) WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) Wise Care 365 Version 2.92 (HKLM-x32\...\{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1) (Version: 2.9.7 - WiseCleaner.com, Inc.) Wise Game Booster 1.12 (HKLM-x32\...\Wise Game Booster_is1) (Version: 1.12 - WiseCleaner.com, Inc.) Wise Program Uninstaller 1.63 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: 1.63 - WiseCleaner.com, Inc.) Youda Farmer 3: Jahreszeiten (HKLM-x32\...\Youda Farmer 3: Jahreszeiten) (Version: - INTENIUM GmbH) Zoner Photo Studio 16 (HKLM\...\ZonerPhotoStudio16_DE_is1) (Version: - ZONER software) Zuma's Revenge (x32 Version: - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 29-03-2015 17:23:42 avast! antivirus system restore point 29-03-2015 19:11:15 Removed Windows Phone app for desktop 29-03-2015 19:47:16 Command & Conquer™ Alarmstufe Rot 3 entfernt 29-03-2015 20:57:22 Wiederherstellungsvorgang ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {15D106A9-71BB-422A-9312-7849CDEB54C9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {27949D9D-ABF9-436E-A568-6B88DBF87C2B} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink) Task: {2A212780-89AB-422B-A6A1-D6F5602B4315} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {47601272-BDBC-48E1-A7F9-677AC601A168} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated) Task: {4D02C09C-7EC1-4366-89F4-A63219B60ED6} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-23] () Task: {4ED699E5-7F56-4C13-BA5D-F1EC53AD797D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd) Task: {56DCFCB8-515A-48E2-AB4D-616F207516D9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {595243BD-BBA6-4B18-87BC-6F4D6577E32E} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION Task: {6686092E-253C-4C55-BDDD-FC665BE582A0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {69AC89AD-0274-4668-8047-BEEAA6D194B4} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.) Task: {82B33C67-F329-458D-B9FC-BD1FEDEC1E40} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-23] () Task: {8D71B8DF-2A46-4C7B-90D9-CCFC5BFDBD95} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe Task: {C703205A-43B4-4BA8-BE26-689C183D6346} - System32\Tasks\SUPERAntiSpyware Scheduled Task 0a987c32-62a3-40d4-aa67-81ba20521631 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com) Task: {C84F8A44-9FD3-4273-930B-E488674D2812} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe Task: {E1B05872-096B-4A14-9C5A-CEECFFCEB7FB} - System32\Tasks\SUPERAntiSpyware Scheduled Task 7424bd66-51c5-4583-a26e-7b347b56d73e => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com) Task: {F1B0B509-9478-4AB2-A8CD-A6E9BE3E7C90} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0a987c32-62a3-40d4-aa67-81ba20521631.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7424bd66-51c5-4583-a26e-7b347b56d73e.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\Windows\Tasks\Wise Care 365.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe Task: C:\Windows\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe ==================== Loaded Modules (whitelisted) ============== 2014-11-05 01:57 - 2014-10-30 06:53 - 00012104 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2014-11-05 02:00 - 2014-10-30 04:10 - 00117064 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-08-30 10:01 - 2013-08-30 10:01 - 03358064 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll 2013-12-13 02:18 - 2014-02-17 21:04 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 2015-03-29 11:49 - 2015-03-29 11:49 - 00248832 _____ () C:\Users\Dominik Engl\AppData\Local\5DE05E1C-1427629776-E211-B636-B888E3AA6D9A\snsoC004.tmp 2013-10-09 23:05 - 2012-12-14 05:45 - 00061440 ___OT () C:\Windows\SysWOW64\secpro.exe 2015-03-29 11:49 - 2015-03-29 11:49 - 00116224 _____ () C:\Users\Dominik Engl\AppData\Local\5DE05E1C-1427629762-E211-B636-B888E3AA6D9A\cnsi8B4A.tmp 2015-03-29 11:59 - 2015-03-29 11:59 - 00079360 _____ () C:\Users\Dominik Engl\AppData\Local\5DE05E1C-1427630375-E211-B636-B888E3AA6D9A\insgE757.tmp 2014-10-23 21:19 - 2014-10-23 21:19 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2012-08-23 00:04 - 2012-08-23 00:04 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe 2012-08-23 00:04 - 2012-08-23 00:04 - 00044176 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe 2012-08-23 08:26 - 2012-08-23 08:26 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll 2012-08-23 08:25 - 2012-08-23 08:25 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll 2012-08-23 08:26 - 2012-08-23 08:26 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll 2012-08-23 08:25 - 2012-08-23 08:25 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll 2012-08-23 08:25 - 2012-08-23 08:25 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll 2012-08-23 08:25 - 2012-08-23 08:25 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll 2012-08-23 08:26 - 2012-08-23 08:26 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll 2014-10-28 19:33 - 2014-05-13 13:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-10-28 19:33 - 2014-05-13 13:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-10-28 19:33 - 2014-05-13 13:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2014-10-28 19:33 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2012-12-15 20:42 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2014-10-28 19:33 - 2014-04-25 15:11 - 02972112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\NotificationSpreader.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:2CB9631F AlternateDataStreams: C:\ProgramData\Temp:82F50D1C AlternateDataStreams: C:\ProgramData\Temp:8927A071 AlternateDataStreams: C:\ProgramData\Temp:BC1F7CAE ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VCL => ""="service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2989272098-668564025-1038308632-1002\Control Panel\Desktop\\Wallpaper -> c:\zylom games\lost lands - dark overlord platinum edition\DataUnpackCE\Wallpapers\Lost_Lands_Dark_Overlord_wallpaper_06_1366x768.jpg HKU\S-1-5-21-2989272098-668564025-1038308632-1007\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg DNS Servers: ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "boincmgr" HKLM\...\StartupApproved\Run: => "boinctray" HKLM\...\StartupApproved\Run: => "Trend Micro Client Framework" HKLM\...\StartupApproved\Run: => "Zune Launcher" HKLM\...\StartupApproved\Run: => "AdAwareTray" HKLM\...\StartupApproved\Run32: => "CanonSolutionMenu" HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager" HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "Aeria Ignite" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "QuickTime Task" HKLM\...\StartupApproved\Run32: => "TkBellExe" HKLM\...\StartupApproved\Run32: => "SearchProtectAll" HKLM\...\StartupApproved\Run32: => "avgnt" HKLM\...\StartupApproved\Run32: => "TrojanScanner" HKLM\...\StartupApproved\Run32: => "Trend Micro RUBotted V2.0 Beta" HKU\S-1-5-21-2989272098-668564025-1038308632-1002\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk" HKU\S-1-5-21-2989272098-668564025-1038308632-1002\...\StartupApproved\StartupFolder: => "GamersFirst LIVE!.lnk" HKU\S-1-5-21-2989272098-668564025-1038308632-1002\...\StartupApproved\StartupFolder: => "IMVU.lnk" HKU\S-1-5-21-2989272098-668564025-1038308632-1002\...\StartupApproved\Run: => "Overwolf" HKU\S-1-5-21-2989272098-668564025-1038308632-1002\...\StartupApproved\Run: => "SearchProtect" HKU\S-1-5-21-2989272098-668564025-1038308632-1002\...\StartupApproved\Run: => "Messenger (Yahoo!)" HKU\S-1-5-21-2989272098-668564025-1038308632-1002\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_B143B59CBBABFF0D5550FB4B6874B240" HKU\S-1-5-21-2989272098-668564025-1038308632-1002\...\StartupApproved\Run: => "FreeAC" ==================== Accounts: ============================= Administrator (S-1-5-21-2989272098-668564025-1038308632-500 - Administrator - Disabled) Dominik Engl (S-1-5-21-2989272098-668564025-1038308632-1002 - Administrator - Enabled) => C:\Users\Dominik Engl Games (S-1-5-21-2989272098-668564025-1038308632-1007 - Administrator - Enabled) => C:\Users\Games Gast (S-1-5-21-2989272098-668564025-1038308632-501 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= Name: Bluetooth USB Module Description: Bluetooth USB Module Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Qualcomm Atheros Communications Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (03/30/2015 09:36:10 AM) (Source: MsiInstaller) (EventID: 11706) (User: Dominik) Description: Product: Shredder -- Error 1706.No valid source could be found for product Shredder. The Windows Installer cannot continue. Error: (03/30/2015 09:35:55 AM) (Source: MsiInstaller) (EventID: 11706) (User: Dominik) Description: Product: AdAwareInstaller -- Error 1706. No valid source could be found for product AdAwareInstaller. The Windows Installer cannot continue. Error: (03/30/2015 08:51:58 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (03/30/2015 08:51:44 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version=""1". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version=""" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (03/30/2015 08:47:24 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (03/30/2015 08:45:09 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version=""1". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version=""" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (03/30/2015 02:17:41 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: SDScan.exe, Version:, Zeitstempel: 0x535a5179 Name des fehlerhaften Moduls: unknown, Version:, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x30ec4b66 ID des fehlerhaften Prozesses: 0x810 Startzeit der fehlerhaften Anwendung: 0xSDScan.exe0 Pfad der fehlerhaften Anwendung: SDScan.exe1 Pfad des fehlerhaften Moduls: SDScan.exe2 Berichtskennung: SDScan.exe3 Vollständiger Name des fehlerhaften Pakets: SDScan.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SDScan.exe5 Error: (03/30/2015 01:58:42 AM) (Source: MsiInstaller) (EventID: 11706) (User: Dominik) Description: Product: Shredder -- Error 1706.No valid source could be found for product Shredder. The Windows Installer cannot continue. Error: (03/30/2015 01:49:49 AM) (Source: MsiInstaller) (EventID: 11706) (User: Dominik) Description: Product: AdAwareInstaller -- Error 1706. No valid source could be found for product AdAwareInstaller. The Windows Installer cannot continue. Error: (03/30/2015 01:33:58 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Revouninstaller.exe, Version kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 11d0 Startzeit: 01d06a77cd4cc7e5 Endzeit: 15 Anwendungspfad: C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe Berichts-ID: 10198e48-d66c-11e4-bf48-b888e3aa6d9a Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: System errors: ============= Error: (03/30/2015 02:19:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "楗敳䈠潯⁴獁楳瑳湡tĚ" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (03/30/2015 02:19:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Wise Boot Assistant" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (03/30/2015 02:19:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht. Error: (03/30/2015 01:58:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "楗敳䈠潯⁴獁楳瑳湡tĚ" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (03/30/2015 01:58:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Wise Boot Assistant" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (03/30/2015 01:58:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "GB Indent" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (03/30/2015 01:58:02 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht. Error: (03/29/2015 10:27:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "楗敳䈠潯⁴獁楳瑳湡tĚ" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (03/29/2015 10:27:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Wise Boot Assistant" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (03/29/2015 10:27:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht. Microsoft Office Sessions: ========================= Error: (03/30/2015 09:36:10 AM) (Source: MsiInstaller) (EventID: 11706) (User: Dominik) Description: Product: Shredder -- Error 1706.No valid source could be found for product Shredder. The Windows Installer cannot continue.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (03/30/2015 09:35:55 AM) (Source: MsiInstaller) (EventID: 11706) (User: Dominik) Description: Product: AdAwareInstaller -- Error 1706. No valid source could be found for product AdAwareInstaller. The Windows Installer cannot continue.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (03/30/2015 08:51:58 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (03/30/2015 08:51:44 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version=""C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe Error: (03/30/2015 08:47:24 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (03/30/2015 08:45:09 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version=""C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe Error: (03/30/2015 02:17:41 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: SDScan.exe2.4.40.181535a5179unknown0.0.0.000000000c000000530ec4b6681001d06a7c81d8cc78C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exeunknown2d661ed2-d672-11e4-bf49-b888e3aa6d9a Error: (03/30/2015 01:58:42 AM) (Source: MsiInstaller) (EventID: 11706) (User: Dominik) Description: Product: Shredder -- Error 1706.No valid source could be found for product Shredder. The Windows Installer cannot continue.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (03/30/2015 01:49:49 AM) (Source: MsiInstaller) (EventID: 11706) (User: Dominik) Description: Product: AdAwareInstaller -- Error 1706. No valid source could be found for product AdAwareInstaller. The Windows Installer cannot continue.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (03/30/2015 01:33:58 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Revouninstaller.exe1.9.5.011d001d06a77cd4cc7e515C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe10198e48-d66c-11e4-bf48-b888e3aa6d9a ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz Percentage of memory in use: 41% Total physical RAM: 8007.27 MB Available physical RAM: 4686.55 MB Total Pagefile: 9415.27 MB Available Pagefile: 6191.72 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:446.19 GB) (Free:191.52 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: E8D686E1) Partition: GPT Partition Type. ==================== End Of Log ============================ |
![]() | #5 |
/// the machine /// TB-Ausbilder ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Manche Programme kein Internetzugriff zum Updaten hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
![]() |
Themen zu Manche Programme kein Internetzugriff zum Updaten |
adobe, adobe flash player, akamai, avast, bho, defender, error, escan, euro, explorer, flash player, format, geforce, homepage, install.exe, launch, league of legends, logfile, malwarebytes, microsoft, nvpciflt.sys, opera, programme, refresh, registry, revo uninstaller, rundll, security, software, tower, updates, windows |