| Michelino76 | 07.03.2015 20:07 |
Win 8.1 : Mozilla Tab-falsche Startseite und Chinesische Schriftzeichen, Windows-Start "Startmenü aktualisiert"
Hallo mit einander,
habe seit einigen Tagen folgende Probleme:
1. Starte ich Windows, kommt immer wieder die Meldung "Startmenü aktualisiert". Dachte Anfangs, dass dies von einem Windows-Update kommt, da kurz davor ein Update stattfand.
Diese Meldung taucht nicht im Admin-Profil auf.
2. Beim öffnen eines neuen Tabs im Firfox kommt anstatt meine eingestellte Startseite folgende Seite: "homepage-web.com/?s=acer&m=tab"
3. Weiterhin kommt des öfteren das Phänomen, dass im oberen Bereich des Firefox Chinesische Zeichen auftauchen. Habe da schon des öfteren gelesen (Quellen weiss ich nicht mehr), dass dies mit dem McAfee SiteAdvisor zusammen hängt. Kann ich aber urgendwie nicht glauben. Dieses Problem besteht schon seit längerem.
Durchgeführt habe ich eigentlich bisher nur einen Scan mit dem McAfee ohne Erfolg und dem Malwarebytes. Einen Bericht von McAfee fehlt, da ich nicht genau weiss wo ich diesen finden kann.
Ich sage schonmal im Voraus Danke für Eure Hilfe.
Gruß Michele Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Protection, 07.03.2015 17:35:48, SYSTEM, DAA-RECHNER, Protection, Malware Protection, Starting,
Protection, 07.03.2015 17:35:48, SYSTEM, DAA-RECHNER, Protection, Malware Protection, Started,
Protection, 07.03.2015 17:35:48, SYSTEM, DAA-RECHNER, Protection, Malicious Website Protection, Starting,
Protection, 07.03.2015 17:35:49, SYSTEM, DAA-RECHNER, Protection, Malicious Website Protection, Started,
Update, 07.03.2015 17:35:55, SYSTEM, DAA-RECHNER, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1,
Update, 07.03.2015 17:35:55, SYSTEM, DAA-RECHNER, Manual, Rootkit Database, 2014.11.18.1, 2015.2.25.1,
Update, 07.03.2015 17:35:59, SYSTEM, DAA-RECHNER, Manual, Malware Database, 2014.11.20.6, 2015.3.7.3,
Protection, 07.03.2015 17:35:59, SYSTEM, DAA-RECHNER, Protection, Refresh, Starting,
Protection, 07.03.2015 17:35:59, SYSTEM, DAA-RECHNER, Protection, Malicious Website Protection, Stopping,
Protection, 07.03.2015 17:35:59, SYSTEM, DAA-RECHNER, Protection, Malicious Website Protection, Stopped,
Protection, 07.03.2015 17:36:10, SYSTEM, DAA-RECHNER, Protection, Refresh, Success,
Protection, 07.03.2015 17:36:10, SYSTEM, DAA-RECHNER, Protection, Malicious Website Protection, Starting,
Protection, 07.03.2015 17:36:11, SYSTEM, DAA-RECHNER, Protection, Malicious Website Protection, Started,
Protection, 07.03.2015 18:57:02, SYSTEM, DAA-RECHNER, Protection, Malware Protection, Starting,
Protection, 07.03.2015 18:57:02, SYSTEM, DAA-RECHNER, Protection, Malware Protection, Started,
Protection, 07.03.2015 18:57:05, SYSTEM, DAA-RECHNER, Protection, Malicious Website Protection, Starting,
Protection, 07.03.2015 18:57:07, SYSTEM, DAA-RECHNER, Protection, Malicious Website Protection, Started,
Update, 07.03.2015 19:06:24, SYSTEM, DAA-RECHNER, Scheduler, Malware Database, 2015.3.7.3, 2015.3.7.4,
Protection, 07.03.2015 19:06:24, SYSTEM, DAA-RECHNER, Protection, Refresh, Starting,
Protection, 07.03.2015 19:06:24, SYSTEM, DAA-RECHNER, Protection, Malicious Website Protection, Stopping,
Protection, 07.03.2015 19:06:24, SYSTEM, DAA-RECHNER, Protection, Malicious Website Protection, Stopped,
Protection, 07.03.2015 19:06:37, SYSTEM, DAA-RECHNER, Protection, Refresh, Success,
Protection, 07.03.2015 19:06:37, SYSTEM, DAA-RECHNER, Protection, Malicious Website Protection, Starting,
Protection, 07.03.2015 19:06:37, SYSTEM, DAA-RECHNER, Protection, Malicious Website Protection, Started,
(end)
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:03 on 07/03/2015 (Admin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2015 01
Ran by Admin (administrator) on DAA-RECHNER on 07-03-2015 18:06:58
Running from C:\Users\Michele\Desktop
Loaded Profiles: Michele & Admin & (Available profiles: Michele & Admin)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAB950.tmp
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Pokki) C:\Users\Michele\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(acer) C:\Program Files (x86)\Acer\abFiles\abFilesTrayIcon.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Pokki) C:\Users\Michele\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\Michele\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\Michele\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(TODO: <Company name>) C:\Program Files\Acer\User Experience Improvement Program\Plugin\AppMonitor\AppMonitorPlugIn.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-21] (Realtek Semiconductor)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2014-12-19] (Acer Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-05-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90880 2014-12-19] ()
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4239702700-454491485-42177012-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-4239702700-454491485-42177012-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2480384 2014-12-19] (Acer)
HKU\S-1-5-21-4239702700-454491485-42177012-1001\...\Run: [RemoteFilesTrayIcon] => C:\Program Files (x86)\Acer\abFiles\abFilesTrayIcon.exe [1969408 2015-01-09] (acer)
HKU\S-1-5-21-4239702700-454491485-42177012-1001\...\MountPoints2: {887b27b4-7bff-11e4-8269-f8a963e13a61} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-4239702700-454491485-42177012-1001\...\MountPoints2: {887b2c80-7bff-11e4-8269-f8a963e13a61} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-4239702700-454491485-42177012-1001\...\MountPoints2: {887b2c8d-7bff-11e4-8269-f8a963e13a61} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-4239702700-454491485-42177012-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-4239702700-454491485-42177012-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2480384 2014-12-19] (Acer)
HKU\S-1-5-21-4239702700-454491485-42177012-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RemoteFilesTrayIcon] => C:\Program Files (x86)\Acer\abFiles\abFilesTrayIcon.exe [1969408 2015-01-09] (acer)
HKU\S-1-5-21-4239702700-454491485-42177012-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {887b27b4-7bff-11e4-8269-f8a963e13a61} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-4239702700-454491485-42177012-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {887b2c80-7bff-11e4-8269-f8a963e13a61} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-4239702700-454491485-42177012-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {887b2c8d-7bff-11e4-8269-f8a963e13a61} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-4239702700-454491485-42177012-1004\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-4239702700-454491485-42177012-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [ACloudSyncedRF] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncedSF] -> {5D5F18B7-D59B-4B18-A3E9-0A4BDCCCB699} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4239702700-454491485-42177012-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage-web.com/?s=acer&m=start
HKU\S-1-5-21-4239702700-454491485-42177012-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-4239702700-454491485-42177012-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage-web.com/?s=acer&m=start
HKU\S-1-5-21-4239702700-454491485-42177012-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-4239702700-454491485-42177012-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4239702700-454491485-42177012-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-4239702700-454491485-42177012-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4239702700-454491485-42177012-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4239702700-454491485-42177012-1001 -> DefaultScope {4249F157-AF80-11E4-8272-F8A963E13A61} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4239702700-454491485-42177012-1001 -> {4249F157-AF80-11E4-8272-F8A963E13A61} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4239702700-454491485-42177012-1001 -> {798EF1C4-DA59-4FCB-B238-DC3A50E07B88} URL =
SearchScopes: HKU\S-1-5-21-4239702700-454491485-42177012-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4239702700-454491485-42177012-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {4249F157-AF80-11E4-8272-F8A963E13A61} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4239702700-454491485-42177012-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {4249F157-AF80-11E4-8272-F8A963E13A61} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4239702700-454491485-42177012-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {798EF1C4-DA59-4FCB-B238-DC3A50E07B88} URL =
SearchScopes: HKU\S-1-5-21-4239702700-454491485-42177012-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-20] (Oracle Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-20] (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-01-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-01-13] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f8z79lcl.default
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-20] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-10-13]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-10-13]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-26]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-26]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 0098621425674950mcinstcleanup; C:\Windows\TEMP\009862~1.EXE [851136 2014-08-08] (McAfee, Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-14] (Broadcom Corporation.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2713856 2014-12-19] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 HPSLPSVC; C:\Users\Michele\AppData\Local\Temp\7zS77B2\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [93408 2015-02-08] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-06-09] ()
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [466664 2014-06-10] (Acer Incorporate)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-02-19] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-01-13] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2015-01-07] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-06-26] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-06-26] (Acer Incorporate)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-04-16] (Advanced Micro Devices, Inc.)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [234240 2014-07-15] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-04-16] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-12] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-04-16] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-19] (Advanced Micro Devices)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-14] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7549616 2014-02-25] (Broadcom Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [76064 2014-09-11] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2014-10-30] (Intel Corporation)
R3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2014-10-30] (Intel Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [476888 2014-03-21] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
R3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-07 18:06 - 2015-03-07 18:08 - 00026968 _____ () C:\Users\Michele\Desktop\FRST.txt
2015-03-07 18:05 - 2015-03-07 18:07 - 00000000 ____D () C:\FRST
2015-03-07 18:04 - 2015-03-07 18:04 - 02094592 _____ (Farbar) C:\Users\Michele\Desktop\FRST64.exe
2015-03-07 18:03 - 2015-03-07 18:03 - 00000472 _____ () C:\Users\Michele\Desktop\defogger_disable.log
2015-03-07 18:03 - 2015-03-07 18:03 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2015-03-07 18:02 - 2015-03-07 18:02 - 00050477 _____ () C:\Users\Michele\Desktop\Defogger.exe
2015-03-07 17:35 - 2015-03-07 17:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-07 17:35 - 2015-03-07 17:35 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-07 17:35 - 2015-03-07 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-07 17:34 - 2015-03-07 17:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-07 17:34 - 2015-03-07 17:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-07 17:34 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-07 17:34 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-07 17:34 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-07 17:33 - 2015-03-07 17:33 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Michele\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-06 13:57 - 2015-03-06 13:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-03 21:59 - 2015-03-03 21:59 - 00000000 ____D () C:\Users\Michele\AppData\Roaming\elsterformular
2015-03-03 19:02 - 2015-03-03 19:02 - 00001480 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2015-03-03 19:02 - 2015-03-03 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2015-03-03 19:02 - 2015-03-03 19:02 - 00000000 ____D () C:\ProgramData\elsterformular
2015-03-03 19:00 - 2015-03-03 19:00 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2015-03-03 18:57 - 2015-03-03 18:58 - 105817152 _____ (Landesfinanzdirektion Thüringen) C:\Users\Michele\Downloads\ElsterFormular-16.0.20150211p.exe
2015-03-02 21:41 - 2015-03-02 21:43 - 00000000 ____D () C:\Users\Michele\AppData\Roaming\Ahnenblatt
2015-03-02 21:41 - 2015-03-02 21:41 - 00000000 ____D () C:\Users\Michele\Documents\Ahnenblatt
2015-03-02 21:40 - 2015-03-02 21:40 - 00001937 _____ () C:\Users\Public\Desktop\Ahnenblatt.lnk
2015-03-02 21:40 - 2015-03-02 21:40 - 00000000 ____D () C:\Users\Admin\Documents\Ahnenblatt
2015-03-02 21:40 - 2015-03-02 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ahnenblatt
2015-03-02 21:39 - 2015-03-02 21:40 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Ahnenblatt
2015-03-02 21:39 - 2015-03-02 21:40 - 00000000 ____D () C:\Program Files (x86)\Ahnenblatt
2015-03-02 21:39 - 2015-03-02 21:39 - 06602464 _____ (Dirk Böttcher ) C:\Users\Admin\Downloads\absetup.exe
2015-03-02 21:35 - 2015-03-02 21:35 - 06602464 _____ (Dirk Böttcher ) C:\Users\Michele\Downloads\absetup.exe
2015-03-01 22:18 - 2015-03-01 22:19 - 39739064 _____ (Microsoft Corporation) C:\Users\Michele\Downloads\Windows-KB890830-x64-V5.21.exe
2015-03-01 18:32 - 2015-03-02 16:38 - 00003718 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2015-03-01 18:32 - 2015-03-02 16:38 - 00000000 ____D () C:\ProgramData\Intel
2015-03-01 18:32 - 2015-03-01 18:32 - 00003476 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2015-03-01 18:32 - 2015-03-01 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-03-01 18:32 - 2015-03-01 18:32 - 00000000 ____D () C:\ProgramData\Intel(R) Update Manager
2015-03-01 18:32 - 2015-03-01 18:32 - 00000000 ____D () C:\Program Files\Intel Corporation
2015-03-01 18:32 - 2015-03-01 18:32 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-03-01 16:35 - 2014-11-11 01:39 - 22290560 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-01 16:35 - 2014-11-11 01:17 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-01 16:35 - 2014-10-31 01:51 - 18823168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-03-01 16:35 - 2014-10-31 01:10 - 15158784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-03-01 16:34 - 2014-11-15 20:05 - 00801584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-01 16:34 - 2014-11-15 07:29 - 00962216 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-01 16:34 - 2014-11-14 15:36 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-03-01 16:34 - 2014-11-14 08:10 - 03558400 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-03-01 16:34 - 2014-11-14 07:58 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-03-01 16:34 - 2014-11-14 07:57 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2015-03-01 16:34 - 2014-11-14 07:57 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-03-01 16:34 - 2014-11-14 07:54 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-03-01 16:34 - 2014-11-14 07:54 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-03-01 16:34 - 2014-11-14 07:53 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-03-01 16:34 - 2014-11-14 07:52 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-03-01 16:34 - 2014-11-14 06:04 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-03-01 16:34 - 2014-11-14 06:03 - 00885760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2015-03-01 16:34 - 2014-11-14 06:03 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-03-01 16:34 - 2014-11-14 06:01 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-03-01 16:34 - 2014-11-14 06:01 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-03-01 16:34 - 2014-11-10 19:06 - 02485056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-03-01 16:34 - 2014-11-10 19:06 - 00473408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-03-01 16:34 - 2014-11-10 19:06 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-03-01 16:34 - 2014-11-10 19:06 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2015-03-01 16:34 - 2014-11-10 03:57 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2015-03-01 16:34 - 2014-11-10 02:37 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-03-01 16:34 - 2014-11-10 02:34 - 01084416 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-03-01 16:34 - 2014-11-10 02:26 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-03-01 16:34 - 2014-11-10 02:20 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2015-03-01 16:34 - 2014-11-10 02:09 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-03-01 16:34 - 2014-11-10 02:08 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2015-03-01 16:34 - 2014-11-10 02:06 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-03-01 16:34 - 2014-11-10 01:57 - 00624640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2015-03-01 16:34 - 2014-11-10 01:57 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-03-01 16:34 - 2014-11-08 11:42 - 01390928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-01 16:34 - 2014-11-08 11:23 - 01127976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-01 16:34 - 2014-11-08 05:00 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2015-03-01 16:34 - 2014-11-08 05:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2015-03-01 16:34 - 2014-11-08 04:58 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2015-03-01 16:34 - 2014-11-08 04:58 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2015-03-01 16:34 - 2014-11-08 04:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2015-03-01 16:34 - 2014-11-08 04:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2015-03-01 16:34 - 2014-11-08 04:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2015-03-01 16:34 - 2014-11-08 04:24 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2015-03-01 16:34 - 2014-11-08 04:13 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2015-03-01 16:34 - 2014-11-08 04:13 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2015-03-01 16:34 - 2014-11-08 04:13 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2015-03-01 16:34 - 2014-11-08 03:48 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2015-03-01 16:34 - 2014-11-08 03:38 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2015-03-01 16:34 - 2014-11-08 03:17 - 00143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2015-03-01 16:34 - 2014-11-08 03:09 - 00182784 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2015-03-01 16:34 - 2014-11-08 03:03 - 00733696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2015-03-01 16:34 - 2014-11-08 02:59 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2015-03-01 16:34 - 2014-11-08 02:58 - 04837376 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2015-03-01 16:34 - 2014-11-08 02:49 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2015-03-01 16:34 - 2014-11-07 04:58 - 00952896 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2015-03-01 16:34 - 2014-11-07 04:20 - 00786120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2015-03-01 16:34 - 2014-11-05 03:12 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\QSHVHOST.DLL
2015-03-01 16:34 - 2014-11-05 03:12 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\QSVRMGMT.DLL
2015-03-01 16:34 - 2014-11-05 03:06 - 00514048 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2015-03-01 16:34 - 2014-11-05 02:44 - 00657920 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-03-01 16:34 - 2014-11-05 02:43 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2015-03-01 16:34 - 2014-11-05 02:41 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-03-01 16:34 - 2014-11-05 02:39 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSHVHOST.DLL
2015-03-01 16:34 - 2014-11-05 02:39 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSVRMGMT.DLL
2015-03-01 16:34 - 2014-11-05 02:33 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2015-03-01 16:34 - 2014-11-05 02:21 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2015-03-01 16:34 - 2014-11-05 02:20 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-03-01 16:34 - 2014-11-05 02:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2015-03-01 16:34 - 2014-11-05 02:14 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2015-03-01 16:34 - 2014-11-05 02:06 - 00555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2015-03-01 16:34 - 2014-11-04 20:33 - 00058176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2015-03-01 16:34 - 2014-11-04 20:25 - 00059712 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2015-03-01 16:34 - 2014-11-04 20:25 - 00051008 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
2015-03-01 16:34 - 2014-11-04 07:55 - 00026112 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
2015-03-01 16:34 - 2014-11-04 07:54 - 00108544 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
2015-03-01 16:34 - 2014-11-04 07:54 - 00032256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2015-03-01 16:34 - 2014-11-04 07:54 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2015-03-01 16:34 - 2014-11-04 07:27 - 00128512 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2015-03-01 16:34 - 2014-11-04 06:01 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2015-03-01 16:34 - 2014-10-29 04:05 - 00551232 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-03-01 16:34 - 2014-10-29 02:55 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2015-03-01 16:34 - 2014-10-29 02:13 - 00169984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2015-03-01 16:34 - 2014-10-21 02:59 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\eventcls.dll
2015-03-01 16:34 - 2014-10-21 02:19 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eventcls.dll
2015-03-01 16:34 - 2014-10-21 01:50 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll
2015-03-01 16:34 - 2014-10-21 01:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2015-03-01 16:34 - 2014-10-21 01:31 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll
2015-03-01 16:34 - 2014-10-21 01:30 - 01454080 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2015-03-01 16:34 - 2014-10-21 01:20 - 01142272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2015-03-01 16:34 - 2014-10-17 05:56 - 00238912 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-03-01 16:34 - 2014-10-17 05:56 - 00153920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-03-01 16:34 - 2014-10-17 05:56 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2015-03-01 16:34 - 2014-10-17 04:35 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2015-03-01 16:28 - 2015-03-01 16:28 - 00000000 ____D () C:\Users\Admin\Documents\HTC
2015-03-01 16:28 - 2015-03-01 16:28 - 00000000 ____D () C:\Users\Admin\.android
2015-03-01 16:21 - 2014-11-17 21:17 - 00672984 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2015-03-01 16:21 - 2014-11-17 21:17 - 00273240 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2015-03-01 16:21 - 2014-11-14 07:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2015-03-01 16:21 - 2014-11-14 07:54 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2015-03-01 16:21 - 2014-11-14 07:46 - 02171904 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2015-03-01 16:21 - 2014-11-14 07:46 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-03-01 16:21 - 2014-11-14 07:39 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-03-01 16:21 - 2014-11-14 05:53 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-02-28 13:59 - 2015-02-28 13:59 - 00243576 _____ () C:\Users\Michele\Downloads\Firefox Setup Stub 36.0.exe
2015-02-25 19:12 - 2015-02-25 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-02-25 19:12 - 2015-02-25 19:12 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2015-02-24 20:51 - 2014-12-13 22:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-24 20:51 - 2014-12-13 22:28 - 00513488 _____ () C:\Windows\system32\locale.nls
2015-02-24 20:51 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-02-24 20:51 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2015-02-24 20:51 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-02-24 20:51 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-02-23 19:10 - 2015-02-23 19:10 - 00000000 ____D () C:\Users\Michele\Documents\Eigene Scans
2015-02-15 18:01 - 2015-02-15 18:01 - 18457202 _____ () C:\Users\Michele\Documents\test.wmf
2015-02-15 17:19 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-15 17:19 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-13 19:43 - 2015-02-13 19:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft WSE
2015-02-13 19:42 - 2015-02-15 01:31 - 00000000 ____D () C:\ProgramData\Netzmanager
2015-02-13 19:42 - 2015-02-13 19:42 - 00001025 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Netzmanager.lnk
2015-02-13 19:42 - 2015-02-13 19:42 - 00001019 _____ () C:\Users\Public\Desktop\Netzmanager.lnk
2015-02-13 19:42 - 2015-02-13 19:42 - 00000000 __HDC () C:\ProgramData\{BA58D0EE-89D1-4191-9F19-B6AD920B04F7}
2015-02-13 19:42 - 2015-02-13 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netzmanager
2015-02-13 19:42 - 2015-02-13 19:42 - 00000000 ____D () C:\Program Files\Netzmanager
2015-02-13 19:41 - 2015-02-13 19:41 - 10995296 _____ (Deutsche Telekom AG, Marmiko IT-Solutions GmbH ) C:\Users\Michele\Downloads\netzmanager_setup.exe
2015-02-13 19:41 - 2015-02-13 19:41 - 00000000 ____D () C:\Users\Admin\AppData\Local\PackageAware
2015-02-13 15:19 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-13 15:19 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-13 15:19 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-13 15:19 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-13 15:19 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-13 15:19 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-13 15:19 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-13 15:19 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-13 15:19 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-13 15:19 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-13 15:19 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-13 15:19 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-13 15:19 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-13 15:19 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-13 15:19 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-13 15:19 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-13 15:19 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-13 15:19 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-13 15:19 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-13 15:19 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-13 15:19 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-13 15:19 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-13 15:19 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-13 15:19 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-13 15:19 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-13 15:19 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-13 15:18 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-13 15:18 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-13 15:18 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-13 15:18 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-13 15:18 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-13 15:18 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-13 15:18 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-13 15:18 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-13 15:18 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-13 15:18 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-13 15:18 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-13 15:18 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-13 15:18 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-13 15:18 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-13 15:18 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-13 15:18 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-13 15:18 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-13 15:18 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-13 15:18 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-13 15:18 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-13 15:18 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-13 15:18 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-13 15:18 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-13 15:18 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-13 15:18 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-13 15:18 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-13 15:18 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-13 15:18 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-13 15:18 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-13 15:18 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-13 15:18 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-13 15:18 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-13 15:18 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-13 15:18 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-13 15:18 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-13 15:18 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-13 15:18 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-13 15:18 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-13 15:18 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-13 15:18 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-13 15:18 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-13 15:18 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-13 15:18 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-13 15:18 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-13 15:18 - 2014-12-09 00:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-13 14:28 - 2015-03-06 21:37 - 00001557 _____ () C:\Users\Michele\Desktop\abBox.lnk
2015-02-10 17:28 - 2015-03-01 16:28 - 00000000 ____D () C:\Users\Admin\AppData\Local\HTC MediaHub
2015-02-10 17:28 - 2015-02-10 17:28 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\HTC
2015-02-10 17:28 - 2015-02-10 17:28 - 00000000 ____D () C:\Users\Admin\AppData\Local\Apple Computer
2015-02-08 23:29 - 2015-02-08 23:33 - 538050560 _____ () C:\Users\Michele\Downloads\strieplanv3710055.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-07 18:03 - 2014-10-05 12:34 - 00000000 ____D () C:\Users\Admin
2015-03-07 18:01 - 2014-08-26 10:04 - 01656711 _____ () C:\Windows\WindowsUpdate.log
2015-03-07 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-03-07 17:40 - 2014-09-19 09:54 - 00003592 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4239702700-454491485-42177012-1001
2015-03-07 17:23 - 2014-09-21 08:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-07 16:30 - 2014-09-19 10:07 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CB9B120B-79D7-45F9-8B68-F33D18048BFD}
2015-03-07 10:16 - 2014-09-19 09:53 - 00000000 ____D () C:\Users\Michele\AppData\Local\CrashDumps
2015-03-07 10:14 - 2014-09-19 09:48 - 00000000 ____D () C:\Users\Michele\AppData\Local\Pokki
2015-03-06 21:48 - 2014-10-13 16:56 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-03-06 21:48 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-03-06 21:38 - 2014-09-19 09:53 - 00000000 ____D () C:\Users\Michele\OneDrive
2015-03-06 21:37 - 2014-10-13 19:52 - 00000000 __RSD () C:\Users\Michele\Documents\McAfee-Tresore
2015-03-06 14:52 - 2014-09-20 22:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-06 14:31 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-03-06 13:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-03 19:01 - 2014-07-25 22:21 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-02 21:40 - 2014-10-13 16:58 - 00000000 __RSD () C:\Users\Admin\Documents\McAfee-Tresore
2015-03-02 21:38 - 2014-10-05 12:34 - 00000000 ____D () C:\Users\Admin\AppData\Local\Pokki
2015-03-02 04:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-03-01 22:07 - 2014-08-26 18:18 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2015-03-01 22:07 - 2014-08-26 18:18 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2015-03-01 22:07 - 2014-03-18 11:03 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-01 22:06 - 2013-08-22 15:46 - 00032960 _____ () C:\Windows\setupact.log
2015-03-01 18:25 - 2014-12-09 23:12 - 00000000 ____D () C:\Users\Michele\AppData\Local\HTC MediaHub
2015-03-01 18:23 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-01 18:23 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-03-01 18:04 - 2014-08-26 09:23 - 01006654 _____ () C:\Windows\SysWOW64\rootpa.e2e
2015-03-01 18:00 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2015-03-01 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2015-03-01 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\setup
2015-03-01 16:40 - 2014-10-05 12:41 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4239702700-454491485-42177012-1004
2015-03-01 16:35 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-01 16:31 - 2014-10-05 12:39 - 00002331 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-03-01 16:27 - 2014-03-18 10:54 - 00037808 _____ () C:\Windows\PFRO.log
2015-03-01 16:24 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-02-28 14:01 - 2014-09-20 22:51 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-28 14:01 - 2014-09-20 22:45 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-27 10:55 - 2014-09-19 09:48 - 00000000 ____D () C:\Users\Michele\AppData\Local\VirtualStore
2015-02-27 10:44 - 2014-09-19 09:52 - 00002333 _____ () C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-02-22 23:44 - 2014-09-20 21:26 - 00000000 ____D () C:\Users\Michele\Desktop\1_WichtigeDaten
2015-02-15 17:07 - 2013-08-22 15:44 - 00371648 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-15 01:36 - 2014-09-21 12:24 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-13 15:40 - 2014-12-12 01:09 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-13 15:40 - 2014-09-21 15:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-10 17:49 - 2014-12-09 23:12 - 00002051 _____ () C:\Users\Public\Desktop\HTC Sync Manager.lnk
2015-02-10 17:48 - 2014-12-09 23:10 - 00000000 ____D () C:\Users\Admin\AppData\Local\Downloaded Installations
2015-02-10 17:28 - 2014-10-05 12:37 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Apple Computer
==================== Files in the root of some directories =======
2014-08-26 09:18 - 2014-08-26 09:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-09-20 20:44 - 2014-09-20 21:15 - 0002311 _____ () C:\ProgramData\hpzinstall.log
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\Intel_Technology_Access_Software.exe
C:\Users\Admin\AppData\Local\Temp\oct4824.tmp.exe
C:\Users\Admin\AppData\Local\Temp\octC6CD.tmp.exe
C:\Users\Michele\AppData\Local\Temp\HPInstaller.exe
C:\Users\Michele\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Michele\AppData\Local\Temp\oct31A0.tmp.exe
C:\Users\Michele\AppData\Local\Temp\oct39DD.tmp.exe
C:\Users\Michele\AppData\Local\Temp\oct52F3.tmp.exe
C:\Users\Michele\AppData\Local\Temp\oct5E64.tmp.exe
C:\Users\Michele\AppData\Local\Temp\oct74ED.tmp.exe
C:\Users\Michele\AppData\Local\Temp\oct7D7A.tmp.exe
C:\Users\Michele\AppData\Local\Temp\oct878F.tmp.exe
C:\Users\Michele\AppData\Local\Temp\oct99C.tmp.exe
C:\Users\Michele\AppData\Local\Temp\octA2A7.tmp.exe
C:\Users\Michele\AppData\Local\Temp\octC262.tmp.exe
C:\Users\Michele\AppData\Local\Temp\octEB2.tmp.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-07 15:13
==================== End Of Log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-03-2015 01
Ran by Admin at 2015-03-07 18:09:38
Running from C:\Users\Michele\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.05.2005 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.01.2005 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.06.2003.0 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.01.2005.1 - Acer Incorporated)
Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3008 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8107 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.04.2002 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8105 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3016.0 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8108 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3005 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3005 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2005.0 - Acer Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Ahnenblatt 2.87 (HKLM-x32\...\Ahnenblatt_is1) (Version: 2.87.0.1 - Dirk Böttcher)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{E043161E-A691-B3C2-E60C-2FBBD8CFF720}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.04.2001.2 - Acer Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.234 - Broadcom Corporation)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.4218 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DIG-CAD 4.0 (HKLM-x32\...\DIG-CAD 4.0) (Version: - )
DJ_AIO_06_F4500_SW_MIN (x32 Version: 140.0.851.000 - Hewlett-Packard) Hidden
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.0.20150211 - Landesfinanzdirektion Thüringen)
F4500 (x32 Version: 140.0.851.000 - Hewlett-Packard) Hidden
Farm to Fork Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Foxit PhantomPDF (HKLM-x32\...\{D4DF5498-C95C-4A02-9951-725FB2D7BC0D}) (Version: 6.0.121.624 - Foxit Corporation)
FreeMind (HKLM-x32\...\{B991B020-2968-11D8-AF23-444553540000}_is1) (Version: 0.7.1 - )
Game Explorer Categories - genres (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 11.0.0.7 - WildTangent, Inc.)
Game Explorer Categories - main (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 11.0.0.7 - WildTangent, Inc.)
Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Host App Service (HKU\S-1-5-21-4239702700-454491485-42177012-1001\...\Pokki) (Version: 0.269.7.513 - Pokki)
Host App Service (HKU\S-1-5-21-4239702700-454491485-42177012-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Pokki) (Version: 0.269.7.513 - Pokki)
Host App Service (HKU\S-1-5-21-4239702700-454491485-42177012-1004\...\Pokki) (Version: 0.269.7.513 - Pokki)
Host App Service (HKU\S-1-5-21-4239702700-454491485-42177012-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Pokki) (Version: 0.269.7.513 - Pokki)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{FD126052-310E-4364-937B-6B5564F24578}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.37.2 - HTC)
Intel(R) Technology Access (HKLM-x32\...\{1c3caad7-d0ad-4f7c-87e0-f47627304993}) (Version: 1.3.3.1036 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{43FA4AC8-46F8-423F-96FD-9A7D67048F1C}) (Version: 2.5.1634 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Maxima 5.21.1 (HKLM-x32\...\Maxima-5.21.1_is1) (Version: 5.21.1 - The Maxima Development Team)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.194 - McAfee, Inc.)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 13.6.1529 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Netzmanager (HKLM-x32\...\Netzmanager) (Version: 1.081 - Deutsche Telekom AG)
Netzmanager (Version: 1.081 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
OEM Application Profile (HKLM-x32\...\{C01EB132-6707-740E-6ED9-EAC3943918DB}) (Version: 1.00.0000 - Ihr Firmenname)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.59 - WildTangent) Hidden
Pokki Start Menu (HKU\S-1-5-21-4239702700-454491485-42177012-1001\...\Pokki_Start_Menu) (Version: 0.269.7.513 - Pokki)
Pokki Start Menu (HKU\S-1-5-21-4239702700-454491485-42177012-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Pokki_Start_Menu) (Version: 0.269.7.513 - Pokki)
Pokki Start Menu (HKU\S-1-5-21-4239702700-454491485-42177012-1004\...\Pokki_Start_Menu) (Version: 0.269.7.513 - Pokki)
Pokki Start Menu (HKU\S-1-5-21-4239702700-454491485-42177012-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Pokki_Start_Menu) (Version: 0.269.7.513 - Pokki)
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
PSP Application (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21250 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7209 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.51 - WildTangent) Hidden
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9350 - Broadcom Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.13 - WildTangent) Hidden
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-5 - Bitnami)
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
18-02-2015 16:23:30 Windows Update
24-02-2015 22:40:05 Windows Update
01-03-2015 16:22:09 Windows Update
03-03-2015 19:01:16 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {010CBFEA-1ADB-4773-8ADA-048B20EE1BFF} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-06-12] (Acer Incorporated)
Task: {2923779E-6EEB-48BE-A74D-8C074541E151} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2014-08-29] ()
Task: {34B19F3A-05F6-4C12-9701-5EF2F542686B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-06-09] ()
Task: {4621F24C-2B09-4415-A9B5-59E80B23B1ED} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2014-08-29] ()
Task: {46F055D7-5D33-4BD1-A0E2-836081E88E27} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {491EEE46-E23D-41C9-8B72-93384EB5E01C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-29] (Microsoft Corporation)
Task: {6C21E010-DF86-4D4F-A483-21628F1B27AC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {7CC3A020-2B4B-420B-B12D-B45BF4A1101B} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-06-17] (Acer Incorporated)
Task: {9F7BE4E0-B37C-4502-9BB3-D6F101F7D3CC} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {AA9F1F0F-147D-4013-A93A-B1C5D81C0680} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2014-06-09] (Acer Incorporated)
Task: {C00D7891-BF6D-486C-B3E5-449648BF03B9} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-06-10] (Acer Incorporate)
Task: {C69550BE-6F38-4DAF-B8FB-63418BE25812} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-06-09] ()
Task: {DCA8BD11-21FB-4BA5-9C32-63C9EA13A018} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {EEC8EDEC-13BB-464B-A78B-BA3F0C0E0642} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2014-12-19] (Acer)
Task: {F69239AC-BF10-463C-8CAE-7FD508923AE7} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-13] (TODO: <Company name>)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) ==============
2014-02-18 19:02 - 2014-02-18 19:02 - 00049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2010-10-19 08:31 - 2010-10-19 08:31 - 00205312 _____ () C:\Program Files\Netzmanager\NMInfraIS2\driver64\SoftplugLib.DLL
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-07-25 22:23 - 2012-04-24 11:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-03-13 00:00 - 2014-03-13 00:00 - 00055528 _____ () C:\Program Files\Acer\User Experience Improvement Program\Framework\AcrHttp.dll
2015-02-08 11:06 - 2015-02-08 11:06 - 00087552 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\libglog.dll
2015-02-08 11:20 - 2015-02-08 11:20 - 01793248 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\cpprest120_1_4.dll
2015-02-08 11:20 - 2015-02-08 11:20 - 00355040 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\JsonCpp.dll
2014-07-25 22:27 - 2014-07-01 22:13 - 00111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2014-12-19 21:59 - 2014-12-19 21:59 - 00090880 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
2014-12-19 21:59 - 2014-12-19 21:59 - 00089344 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2014-08-26 09:18 - 2013-10-01 10:09 - 00078880 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2014-11-03 11:04 - 2014-11-03 11:04 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-12-18 15:08 - 2014-12-18 15:08 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-11-03 11:06 - 2014-11-03 11:06 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-11-03 11:07 - 2014-11-03 11:07 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2014-12-19 21:48 - 2014-12-19 21:48 - 00203008 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2014-12-19 21:48 - 2014-12-19 21:48 - 00119552 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2015-01-09 13:47 - 2015-01-09 13:47 - 00203008 _____ () C:\Program Files (x86)\Acer\abFiles\curllib.dll
2015-01-09 13:48 - 2015-01-09 13:48 - 00119552 _____ () C:\Program Files (x86)\Acer\abFiles\OpenLDAP.dll
2015-01-09 16:57 - 2015-01-09 16:57 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2014-12-19 21:16 - 2014-12-19 21:16 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2014-12-29 13:25 - 2014-12-29 13:25 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2014-12-29 13:26 - 2014-12-29 13:26 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2014-12-29 13:26 - 2014-12-29 13:26 - 00630528 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2014-12-29 13:26 - 2014-12-29 13:26 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2014-12-19 21:10 - 2014-12-19 21:10 - 00277096 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2014-12-19 22:00 - 2014-12-19 22:00 - 00279296 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll
2015-01-04 05:06 - 2015-01-04 05:06 - 00569856 _____ () C:\Users\Michele\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2015-01-04 05:06 - 2015-01-04 05:06 - 01400846 _____ () C:\Users\Michele\AppData\Local\Pokki\Engine\avcodec-54.dll
2015-01-04 05:06 - 2015-01-04 05:06 - 00151054 _____ () C:\Users\Michele\AppData\Local\Pokki\Engine\avutil-51.dll
2015-01-04 05:06 - 2015-01-04 05:06 - 00222734 _____ () C:\Users\Michele\AppData\Local\Pokki\Engine\avformat-54.dll
2014-07-25 22:27 - 2014-07-01 22:13 - 00090368 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Michele\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4239702700-454491485-42177012-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
HKU\S-1-5-21-4239702700-454491485-42177012-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
HKU\S-1-5-21-4239702700-454491485-42177012-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
HKU\S-1-5-21-4239702700-454491485-42177012-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Admin (S-1-5-21-4239702700-454491485-42177012-1004 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-4239702700-454491485-42177012-500 - Administrator - Disabled)
Gast (S-1-5-21-4239702700-454491485-42177012-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4239702700-454491485-42177012-1003 - Limited - Enabled)
Michele (S-1-5-21-4239702700-454491485-42177012-1001 - Limited - Enabled) => C:\Users\Michele
==================== Faulty Device Manager Devices =============
Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/07/2015 02:33:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BackgroundAgent.exe, Version: 1.0.1.6, Zeitstempel: 0x5494253a
Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.8387, Zeitstempel: 0x51ea24a5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00056b1d
ID des fehlerhaften Prozesses: 0x2604
Startzeit der fehlerhaften Anwendung: 0xBackgroundAgent.exe0
Pfad der fehlerhaften Anwendung: BackgroundAgent.exe1
Pfad des fehlerhaften Moduls: BackgroundAgent.exe2
Berichtskennung: BackgroundAgent.exe3
Vollständiger Name des fehlerhaften Pakets: BackgroundAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BackgroundAgent.exe5
Error: (03/06/2015 10:18:46 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (03/06/2015 09:39:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AcerPortal.exe, Version: 3.0.4.2002, Zeitstempel: 0x54942c87
Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.3.9600.17485, Zeitstempel: 0x54600f68
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00226d3b
ID des fehlerhaften Prozesses: 0x1bec
Startzeit der fehlerhaften Anwendung: 0xAcerPortal.exe0
Pfad der fehlerhaften Anwendung: AcerPortal.exe1
Pfad des fehlerhaften Moduls: AcerPortal.exe2
Berichtskennung: AcerPortal.exe3
Vollständiger Name des fehlerhaften Pakets: AcerPortal.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AcerPortal.exe5
Error: (03/06/2015 09:37:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 227c
Startzeit: 01d0584d501e9229
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 93d84faf-c440-11e4-8279-f8a963e13a61
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (03/06/2015 02:50:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_Net Driver HPZ12, Version: 6.3.9600.16384, Zeitstempel: 0x5215dfe3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0e17a
Ausnahmecode: 0xc0000008
Fehleroffset: 0x0000000000092d1a
ID des fehlerhaften Prozesses: 0x2168
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_Net Driver HPZ120
Pfad der fehlerhaften Anwendung: svchost.exe_Net Driver HPZ121
Pfad des fehlerhaften Moduls: svchost.exe_Net Driver HPZ122
Berichtskennung: svchost.exe_Net Driver HPZ123
Vollständiger Name des fehlerhaften Pakets: svchost.exe_Net Driver HPZ124
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_Net Driver HPZ125
Error: (03/06/2015 02:02:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_Net Driver HPZ12, Version: 6.3.9600.16384, Zeitstempel: 0x5215dfe3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0e17a
Ausnahmecode: 0xc0000008
Fehleroffset: 0x0000000000092d1a
ID des fehlerhaften Prozesses: 0x171c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_Net Driver HPZ120
Pfad der fehlerhaften Anwendung: svchost.exe_Net Driver HPZ121
Pfad des fehlerhaften Moduls: svchost.exe_Net Driver HPZ122
Berichtskennung: svchost.exe_Net Driver HPZ123
Vollständiger Name des fehlerhaften Pakets: svchost.exe_Net Driver HPZ124
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_Net Driver HPZ125
Error: (03/06/2015 01:31:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_Net Driver HPZ12, Version: 6.3.9600.16384, Zeitstempel: 0x5215dfe3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0e17a
Ausnahmecode: 0xc0000008
Fehleroffset: 0x0000000000092d1a
ID des fehlerhaften Prozesses: 0x199c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_Net Driver HPZ120
Pfad der fehlerhaften Anwendung: svchost.exe_Net Driver HPZ121
Pfad des fehlerhaften Moduls: svchost.exe_Net Driver HPZ122
Berichtskennung: svchost.exe_Net Driver HPZ123
Vollständiger Name des fehlerhaften Pakets: svchost.exe_Net Driver HPZ124
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_Net Driver HPZ125
Error: (03/06/2015 01:31:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BackgroundAgent.exe, Version: 1.0.1.6, Zeitstempel: 0x5494253a
Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.8387, Zeitstempel: 0x51ea24a5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00056b1d
ID des fehlerhaften Prozesses: 0x20cc
Startzeit der fehlerhaften Anwendung: 0xBackgroundAgent.exe0
Pfad der fehlerhaften Anwendung: BackgroundAgent.exe1
Pfad des fehlerhaften Moduls: BackgroundAgent.exe2
Berichtskennung: BackgroundAgent.exe3
Vollständiger Name des fehlerhaften Pakets: BackgroundAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BackgroundAgent.exe5
Error: (03/06/2015 01:20:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AcerPortal.exe, Version: 3.0.4.2002, Zeitstempel: 0x54942c87
Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.3.9600.17485, Zeitstempel: 0x54600f68
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00226d3b
ID des fehlerhaften Prozesses: 0x168c
Startzeit der fehlerhaften Anwendung: 0xAcerPortal.exe0
Pfad der fehlerhaften Anwendung: AcerPortal.exe1
Pfad des fehlerhaften Moduls: AcerPortal.exe2
Berichtskennung: AcerPortal.exe3
Vollständiger Name des fehlerhaften Pakets: AcerPortal.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AcerPortal.exe5
Error: (03/06/2015 01:19:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Encrypt.exe, Version: 1.0.3000.0, Zeitstempel: 0x53a48b48
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb460
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00012f71
ID des fehlerhaften Prozesses: 0x1470
Startzeit der fehlerhaften Anwendung: 0xEncrypt.exe0
Pfad der fehlerhaften Anwendung: Encrypt.exe1
Pfad des fehlerhaften Moduls: Encrypt.exe2
Berichtskennung: Encrypt.exe3
Vollständiger Name des fehlerhaften Pakets: Encrypt.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Encrypt.exe5
System errors:
=============
Error: (03/07/2015 11:07:06 AM) (Source: DCOM) (EventID: 10016) (User: DAA-Rechner)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}DAA-RechnerMicheleS-1-5-21-4239702700-454491485-42177012-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (03/06/2015 09:50:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
%%1
Error: (03/06/2015 09:50:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Proxy Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (03/06/2015 09:50:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Proxy Service erreicht.
Error: (03/06/2015 09:50:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Personal Firewall Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (03/06/2015 09:50:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Personal Firewall Service erreicht.
Error: (03/06/2015 09:49:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Proxy Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (03/06/2015 09:49:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Proxy Service erreicht.
Error: (03/06/2015 09:49:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Personal Firewall Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (03/06/2015 09:49:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Personal Firewall Service erreicht.
Microsoft Office Sessions:
=========================
Error: (03/07/2015 02:33:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: BackgroundAgent.exe1.0.1.65494253aMSVCR90.dll9.0.30729.838751ea24a5c000000500056b1d260401d0584d5aa34c0fC:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_5094ca96bcb6b2bb\MSVCR90.dll0214d7b4-c46a-11e4-8279-f8a963e13a61
Error: (03/06/2015 10:18:46 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (03/06/2015 09:39:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AcerPortal.exe3.0.4.200254942c87SHELL32.dll6.3.9600.1748554600f68c000000500226d3b1bec01d0584d95deac7fC:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exeC:\Windows\SYSTEM32\SHELL32.dlld3f8b125-c440-11e4-8279-f8a963e13a61
Error: (03/06/2015 09:37:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689227c01d0584d501e92294294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe93d84faf-c440-11e4-8279-f8a963e13a61microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (03/06/2015 02:50:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_Net Driver HPZ126.3.9600.163845215dfe3ntdll.dll6.3.9600.1763054b0e17ac00000080000000000092d1a216801d0580dd668915cC:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dllb9bc9204-c407-11e4-8279-f8a963e13a61
Error: (03/06/2015 02:02:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_Net Driver HPZ126.3.9600.163845215dfe3ntdll.dll6.3.9600.1763054b0e17ac00000080000000000092d1a171c01d05809ddbbf3ccC:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll11d4a981-c401-11e4-8279-f8a963e13a61
Error: (03/06/2015 01:31:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_Net Driver HPZ126.3.9600.163845215dfe3ntdll.dll6.3.9600.1763054b0e17ac00000080000000000092d1a199c01d05807d686e94cC:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dllc5e8da1b-c3fc-11e4-8279-f8a963e13a61
Error: (03/06/2015 01:31:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BackgroundAgent.exe1.0.1.65494253aMSVCR90.dll9.0.30729.838751ea24a5c000000500056b1d20cc01d05807c3c63d59C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_5094ca96bcb6b2bb\MSVCR90.dllac335751-c3fc-11e4-8279-f8a963e13a61
Error: (03/06/2015 01:20:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AcerPortal.exe3.0.4.200254942c87SHELL32.dll6.3.9600.1748554600f68c000000500226d3b168c01d05807fef321c8C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exeC:\Windows\SYSTEM32\SHELL32.dll3cd58413-c3fb-11e4-8279-f8a963e13a61
Error: (03/06/2015 01:19:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Encrypt.exe1.0.3000.053a48b48KERNELBASE.dll6.3.9600.1727853eeb460e043435200012f71147001d05807b12b21a2C:\Program Files\Acer\User Experience Improvement Program\Plugin\AppMonitor\Encrypt.exeC:\Windows\SYSTEM32\KERNELBASE.dllfbd5d99c-c3fa-11e4-8279-f8a963e13a61
==================== Memory info ===========================
Processor: AMD A6-6310 APU with AMD Radeon R4 Graphics
Percentage of memory in use: 75%
Total physical RAM: 3288.23 MB
Available physical RAM: 819.5 MB
Total Pagefile: 4056.03 MB
Available Pagefile: 610.13 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:915.09 GB) (Free:867.3 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: AFDBF7B7)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-07 19:38:42
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000023 WDC_WD10JPVX-22JC3T0 rev.01.01A01 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Admin\AppData\Local\Temp\pxlcqaow.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\atiesrxx.exe[1020] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb32c8169a 4 bytes [C8, 32, FB, 7F]
.text C:\Windows\system32\atiesrxx.exe[1020] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb32c816a2 4 bytes [C8, 32, FB, 7F]
.text C:\Windows\system32\atiesrxx.exe[1020] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb32c8181a 4 bytes [C8, 32, FB, 7F]
.text C:\Windows\system32\atiesrxx.exe[1020] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb32c81832 4 bytes [C8, 32, FB, 7F]
.text C:\Windows\system32\mfevtps.exe[1260] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffb32c8169a 4 bytes [C8, 32, FB, 7F]
.text C:\Windows\system32\mfevtps.exe[1260] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffb32c816a2 4 bytes [C8, 32, FB, 7F]
.text C:\Windows\system32\mfevtps.exe[1260] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ffb32c8181a 4 bytes [C8, 32, FB, 7F]
.text C:\Windows\system32\mfevtps.exe[1260] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ffb32c81832 4 bytes [C8, 32, FB, 7F]
.text C:\Windows\System32\svchost.exe[840] c:\windows\system32\WSOCK32.dll!setsockopt + 194 00007ffb29931f6a 4 bytes [93, 29, FB, 7F]
.text C:\Windows\System32\svchost.exe[840] c:\windows\system32\WSOCK32.dll!setsockopt + 218 00007ffb29931f82 4 bytes [93, 29, FB, 7F]
.text C:\Windows\System32\svchost.exe[2972] c:\windows\system32\WSOCK32.dll!setsockopt + 194 00007ffb29931f6a 4 bytes [93, 29, FB, 7F]
.text C:\Windows\System32\svchost.exe[2972] c:\windows\system32\WSOCK32.dll!setsockopt + 218 00007ffb29931f82 4 bytes [93, 29, FB, 7F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2120] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb32c8169a 4 bytes [C8, 32, FB, 7F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2120] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb32c816a2 4 bytes [C8, 32, FB, 7F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2120] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb32c8181a 4 bytes [C8, 32, FB, 7F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2120] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb32c81832 4 bytes [C8, 32, FB, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3108] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb32c8169a 4 bytes [C8, 32, FB, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3108] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb32c816a2 4 bytes [C8, 32, FB, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3108] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb32c8181a 4 bytes [C8, 32, FB, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3108] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb32c81832 4 bytes [C8, 32, FB, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[7956] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb32c8169a 4 bytes [C8, 32, FB, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[7956] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb32c816a2 4 bytes [C8, 32, FB, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[7956] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb32c8181a 4 bytes [C8, 32, FB, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[7956] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb32c81832 4 bytes [C8, 32, FB, 7F]
.text C:\Windows\system32\atieclxx.exe[3848] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb32c8169a 4 bytes [C8, 32, FB, 7F]
.text C:\Windows\system32\atieclxx.exe[3848] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb32c816a2 4 bytes [C8, 32, FB, 7F]
.text C:\Windows\system32\atieclxx.exe[3848] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb32c8181a 4 bytes [C8, 32, FB, 7F]
.text C:\Windows\system32\atieclxx.exe[3848] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb32c81832 4 bytes [C8, 32, FB, 7F]
.text C:\Users\Michele\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe[2316] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb32c8169a 4 bytes [C8, 32, FB, 7F]
.text C:\Users\Michele\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe[2316] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb32c816a2 4 bytes [C8, 32, FB, 7F]
.text C:\Users\Michele\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe[2316] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb32c8181a 4 bytes [C8, 32, FB, 7F]
.text C:\Users\Michele\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe[2316] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb32c81832 4 bytes [C8, 32, FB, 7F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[7744] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb32c8169a 4 bytes [C8, 32, FB, 7F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[7744] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb32c816a2 4 bytes [C8, 32, FB, 7F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[7744] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb32c8181a 4 bytes [C8, 32, FB, 7F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[7744] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb32c81832 4 bytes [C8, 32, FB, 7F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[7744] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffb29931f6a 4 bytes [93, 29, FB, 7F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[7744] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffb29931f82 4 bytes [93, 29, FB, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe[7832] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb32c8169a 4 bytes [C8, 32, FB, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe[7832] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb32c816a2 4 bytes [C8, 32, FB, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe[7832] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb32c8181a 4 bytes [C8, 32, FB, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe[7832] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb32c81832 4 bytes [C8, 32, FB, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerTray.exe[6780] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb32c8169a 4 bytes [C8, 32, FB, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerTray.exe[6780] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb32c816a2 4 bytes [C8, 32, FB, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerTray.exe[6780] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb32c8181a 4 bytes [C8, 32, FB, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerTray.exe[6780] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb32c81832 4 bytes [C8, 32, FB, 7F]
.text C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe[800] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffb32c8169a 4 bytes [C8, 32, FB, 7F]
.text C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe[800] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffb32c816a2 4 bytes [C8, 32, FB, 7F]
.text C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe[800] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ffb32c8181a 4 bytes [C8, 32, FB, 7F]
.text C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe[800] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ffb32c81832 4 bytes [C8, 32, FB, 7F]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [6868:7508] fffff96000809b90
Thread C:\Windows\System32\SettingSyncHost.exe [6924:2812] 00007ffb23984b30
---- Processes - GMER 2.1 ----
Library c:\users\michele\appdata\local\temp\7zs77b2\hpslpsvc64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [3576] (HP Network Devices Support/Hewlett-Packard Co.)(2014-09-20 19:37:49) 0000000180000000
Library C:\Users\Michele\AppData\Local\Pokki\Engine\libPokki.dll (*** suspicious ***) @ C:\Users\Michele\AppData\Local\Pokki\Engine\HostAppService.exe [5920] (Chromium/The Chromium Authors)(2015-02-25 18:17:02) 0000000060e60000
Library C:\Users\Michele\AppData\Local\Pokki\Engine\icudt.dll (*** suspicious ***) @ C:\Users\Michele\AppData\Local\Pokki\Engine\HostAppService.exe [5920] (ICU Data DLL/The ICU Project)(2015-01-04 04:06:14) 0000000060230000
Library C:\Users\Michele\AppData\Local\Pokki\Engine\libPokki.dll (*** suspicious ***) @ C:\Users\Michele\AppData\Local\Pokki\Engine\HostAppService.exe [8456] (Chromium/The Chromium Authors)(2015-02-25 18:17:02) 0000000060e60000
Library C:\Users\Michele\AppData\Local\Pokki\Engine\icudt.dll (*** suspicious ***) @ C:\Users\Michele\AppData\Local\Pokki\Engine\HostAppService.exe [8456] (ICU Data DLL/The ICU Project)(2015-01-04 04:06:14) 0000000060230000
Library C:\Users\Michele\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll (*** suspicious ***) @ C:\Users\Michele\AppData\Local\Pokki\Engine\HostAppService.exe [8456](2015-01-04 04:06:14) 000000005fab0000
Library C:\Users\Michele\AppData\Local\Pokki\Engine\avcodec-54.dll (*** suspicious ***) @ C:\Users\Michele\AppData\Local\Pokki\Engine\HostAppService.exe [8456](2015-01-04 04:06:14) 000000005f8b0000
Library C:\Users\Michele\AppData\Local\Pokki\Engine\avutil-51.dll (*** suspicious ***) @ C:\Users\Michele\AppData\Local\Pokki\Engine\HostAppService.exe [8456](2015-01-04 04:06:14) 000000005f880000
Library C:\Users\Michele\AppData\Local\Pokki\Engine\avformat-54.dll (*** suspicious ***) @ C:\Users\Michele\AppData\Local\Pokki\Engine\HostAppService.exe [8456](2015-01-04 04:06:14) 000000005f840000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
AdwCleaner auf deinen Desktop.
SecurityCheck und:
