| |
| |||||||
Log-Analyse und Auswertung: Gdata läßt sich nicht öffnen !Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
02.09.2014, 12:47
| #1 |
 |  Gdata läßt sich nicht öffnen ! Liebe Trojaner-Jäger, aufmerksam wurde ich auf mein Problem, als ich die "BOX" von Telekom installiert habe, dieses Programm aber nicht auf dem Desktop erschien und sich auch nicht aktivieren ließ. Erst da merkte ich, daß Gdata aus meiner Taskleiste verschwunden ist. Beim Nachaktivieren bekam ich die Nachricht:"Dieses Programm wurde durch eine Gruppenrichtlinie blockiert." Da ich im Forum nachgelesen habe, einige Sachen nur nach Anleitung durchzuführen, habe ich gemäß der Anleitung für Hilfesuchende einige logs gesammelt und füge sie an. Viele Grüße |
|
02.09.2014, 12:48
| #2 |
| /// the machine /// TB-Ausbilder    | Gdata läßt sich nicht öffnen ! Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
02.09.2014, 17:29
| #3 |
| | Gdata läßt sich nicht öffnen ! O.K. ich teile auf
__________________Teil 1 FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by Acer (administrator) on ACER-PC on 02-09-2014 12:10:54
Running from C:\Users\Downloads\First
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\lync.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(GP Software) C:\Program Files\GPSoftware\Directory Opus\dopus.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2189416 2011-03-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [G Data ASM] => C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [431224 2013-12-19] (G Data Software AG)
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1724728 2013-12-19] (G Data Software AG)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\G DATA <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\G DATA <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\G DATA <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe,
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\.DEFAULT\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-3406220267-2230971110-2032019791-1000\...\Run: [Lync] => C:\Program Files\Microsoft Office 15\root\office15\lync.exe [18999456 2014-08-26] (Microsoft Corporation)
HKU\S-1-5-21-3406220267-2230971110-2032019791-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-3406220267-2230971110-2032019791-1000\...\MountPoints2: E - E:\start.exe
HKU\S-1-5-21-3406220267-2230971110-2032019791-1000\...\MountPoints2: {14b69d58-438c-11e1-af19-b870f4a73d11} - I:\setup.exe
HKU\S-1-5-21-3406220267-2230971110-2032019791-1000\...\MountPoints2: {f7a9be31-2ef4-11e1-ba4e-b870f4a73d11} - J:\TING.EXE
HKU\S-1-5-21-3406220267-2230971110-2032019791-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk
ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: 01UnsuppModule -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\Acer\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: 02SyncingModule -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\Acer\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: 03SyncedModule -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\Acer\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: AcronisSyncError -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: AcronisSyncInProgress -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: AcronisSyncOk -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: No Name -> {5114DD3B-516D-EF4E-E0F7-1DA15B707DB5} -> No File
BHO: No Name -> {7C11799F-052C-9921-E37C-6015BD7BAD44} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: No Name -> {5114DD3B-516D-EF4E-E0F7-1DA15B707DB5} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {7C11799F-052C-9921-E37C-6015BD7BAD44} -> No File
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM - No Name - !{9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No File
Toolbar: HKLM - No Name - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - No File
Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Program Files (x86)\FireShot for Internet Explorer\fsaddin64-0.983.dll (getfireshot.com)
Toolbar: HKLM-x32 - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM-x32 - No Name - !{9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No File
Toolbar: HKLM-x32 - No Name - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - No File
Toolbar: HKLM-x32 - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Program Files (x86)\FireShot for Internet Explorer\fsaddin-0.983.dll (getfireshot.com)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [1571456 2014-07-04] (GP Software)
ShellExecuteHooks-x32: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll [343128 2014-07-04] (GP Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hes6phug.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Soda PDF 6 -> C:\Program Files (x86)\Soda PDF 6\np-previewer.dll (LULU SOFTWARE LIMITED)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hes6phug.default\Extensions\2020Player_IKEA@2020Technologies.com [2014-02-22]
FF Extension: FireShot - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hes6phug.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-07-26]
FF Extension: Firebug - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hes6phug.default\Extensions\firebug@software.joehewitt.com.xpi [2014-02-08]
FF Extension: FireFTP - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hes6phug.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2014-02-08]
FF Extension: Web Developer - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hes6phug.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2014-02-08]
FF Extension: Adblock Plus - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hes6phug.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-19]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2014-07-24]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2014-07-24]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-07-24]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-05-12]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
Chrome:
=======
CHR HomePage: Default ->
CHR NewTab: Default -> "chrome-extension://pelmeidfhdlhlbjimpabfcbnnojbboma/index.html"
CHR DefaultSearchKeyword: Default -> omiga-plus
CHR DefaultSearchProvider: Default -> omiga-plus
CHR DefaultSearchURL: Default -> hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1406193805&from=kmp&uid=INTELXSSDSA2BW120G3A_CVPR119603T8120LGN&q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-02]
CHR Extension: (No Name) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc [2014-07-24]
CHR Extension: (Google Wallet) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-18]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-07-02]
CHR HKLM-x32\...\Chrome\Extension: [fmlpgkiekchdonifafhpbchlkhacllpf] - C:\ProgramData\Download and Sa\fmlpgkiekchdonifafhpbchlkhacllpf.crx []
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
S2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2723400 2014-03-25] (G Data Software AG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
S4 CLKMSVC10_34E30CCC; C:\Program Files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe [242664 2012-04-17] (CyberLink)
S4 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S4 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated) [File not signed]
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-11-12] () [File not signed]
S4 LaCieDesktopManagerService; C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe [1227776 2012-03-16] () [File not signed]
S3 LULU Software CrashHandler; C:\Program Files (x86)\Soda PDF 6\crash-handler-ws.exe [744800 2014-06-20] (LULU SOFTWARE LIMITED)
S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S4 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-04-07] (Native Instruments GmbH) [File not signed]
S4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
S4 O&O CleverCache; C:\Program Files\OO Software\CleverCache\ooccag.exe [844616 2009-12-09] (O&O Software GmbH)
S4 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2572072 2013-10-23] (O&O Software GmbH)
S4 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [1922600 2013-07-08] (Pandora.TV)
S4 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
S4 Soda PDF 6; C:\Program Files (x86)\Soda PDF 6\ws.exe [1655136 2014-06-20] (LULU SOFTWARE LIMITED)
S4 Soda PDF 6 Creator; C:\Program Files (x86)\Soda PDF 6\creator-ws.exe [621408 2014-06-20] (LULU SOFTWARE LIMITED)
S4 Virtual CDAudio Service; C:\Program Files (x86)\Audials\Audials 10\VCDWriter\64\VCDAudioService.exe [179464 2013-06-27] (RapidSolution Software AG)
S4 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed]
S4 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] ()
S4 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
S3 AsapiW2K; C:\Windows\SysWOW64\drivers\Asapiw2k.sys [11264 2002-04-17] (VOB Computersysteme GmbH) [File not signed]
R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
R1 cdrblock; C:\Windows\System32\DRIVERS\cdrblock.sys [37704 2013-04-25] (Grass Valley K.K.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-23] (DT Soft Ltd)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [125304 2012-09-10] (Focusrite Audio Engineering Limited.)
R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2014-07-07] (G Data Software AG)
S3 L6GX; C:\Windows\System32\Drivers\L6GX64.sys [772864 2013-06-26] (Line 6)
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 OXSDIDRV_x64; C:\Windows\System32\DRIVERS\OXSDIDRV_x64.sys [51760 2009-09-28] ()
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-06-27] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-06-27] (RapidSolution Software AG)
R3 rsvcdwdr; C:\Windows\System32\DRIVERS\rsvcdwdr.sys [45192 2013-06-27] (RapidSolution Software AG)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [1093256 2012-10-02] (Acronis)
S0 TPkd; C:\Windows\SysWow64\Drivers\TPkd.sys [68928 2012-01-16] (PACE Anti-Piracy, Inc.) [File not signed]
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [166024 2012-10-02] (Acronis)
R3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2011-11-17] (Wondershare)
S3 ZMGHPAudioSrv; C:\Windows\System32\drivers\zmghpau.sys [45568 2013-05-22] (ZOOM)
S0 GDBehave; system32\drivers\GDBehave.sys [X]
S1 GDMnIcpt; \??\C:\Windows\system32\drivers\MiniIcpt.sys [X]
S1 HookCentre; \??\C:\Windows\system32\drivers\HookCentre.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-02 12:08 - 2014-09-02 12:08 - 00000470 _____ () C:\Users\Downloads\defogger_disable.log
2014-09-02 12:03 - 2014-09-02 12:03 - 00002018 _____ () C:\Users\Public\Desktop\G Data InternetSecurity.lnk
2014-09-02 12:03 - 2014-09-02 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity
2014-09-02 11:54 - 2014-09-02 11:54 - 00380416 _____ () C:\Users\Downloads\Gmer-19357.exe
2014-09-02 11:47 - 2014-09-02 11:47 - 00000000 _____ () C:\Users\Acer\defogger_reenable
2014-09-02 11:46 - 2014-09-02 11:46 - 00050477 _____ () C:\Users\Downloads\Defogger.exe
2014-09-02 11:22 - 2014-09-02 11:23 - 00000000 ____D () C:\Users\Downloads\Service scan
2014-09-02 11:11 - 2014-09-02 12:10 - 00000000 ____D () C:\Users\Downloads\First
2014-09-02 11:11 - 2014-09-02 11:12 - 00000000 ____D () C:\Users\Downloads\Gdata
2014-09-02 10:50 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-02 10:19 - 2014-09-02 12:10 - 00000000 ____D () C:\FRST
2014-08-31 00:29 - 2014-09-02 10:56 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-08-31 00:29 - 2014-08-31 00:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-31 00:29 - 2014-08-31 00:29 - 00707354 _____ () C:\Windows\unins000.exe
2014-08-31 00:29 - 2014-08-31 00:29 - 00001529 _____ () C:\Windows\unins000.dat
2014-08-31 00:29 - 2014-08-31 00:29 - 00000000 ____D () C:\Windows\SysWOW64\GPBAK
2014-08-31 00:29 - 2008-04-14 02:11 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgr.dll
2014-08-31 00:29 - 2001-08-23 13:00 - 00034871 _____ () C:\Windows\SysWOW64\gpedit.msc
2014-08-31 00:29 - 2001-08-23 13:00 - 00034871 _____ () C:\Windows\system32\gpedit.msc
2014-08-31 00:27 - 2014-08-31 00:27 - 00875012 _____ () C:\Users\Downloads\group_policy.zip
2014-08-30 23:53 - 2014-08-30 23:53 - 00000000 ____D () C:\Users\Downloads\406874_intl_x64_zip
2014-08-30 22:01 - 2014-08-30 22:01 - 00000000 ____D () C:\bootmedium
2014-08-30 20:48 - 2014-09-02 10:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-30 20:47 - 2014-08-30 20:47 - 00001070 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-30 20:47 - 2014-08-30 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-30 20:47 - 2014-08-30 20:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-30 20:47 - 2014-08-30 20:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-30 20:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-30 20:47 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-30 20:47 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-30 20:21 - 2014-08-30 22:50 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Nico Mak Computing
2014-08-30 12:31 - 2014-08-30 12:37 - 226580480 _____ () C:\Users\Downloads\GDBootMedium_2014.iso
2014-08-30 09:41 - 2014-08-30 09:45 - 00000000 ____D () C:\Users\Acer\AppData\OICE_15_974FA576_32C1D314_F3B
2014-08-29 17:01 - 2014-08-30 10:03 - 00000000 ____D () C:\Users\Downloads\piwik
2014-08-29 16:48 - 2014-08-29 16:48 - 00022789 _____ () C:\Users\Downloads\Contao_PiwikTrackingTag_20030029_6.zip
2014-08-28 12:41 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 12:41 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 12:41 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-25 18:59 - 2014-08-25 18:59 - 00000000 _____ () C:\Users\Acer\Desktop\Neues Textdokument (2).txt
2014-08-24 18:35 - 2013-08-10 16:39 - 01839104 _____ () C:\Users\Downloads\memtest86+-5.01.iso
2014-08-24 13:29 - 2014-08-24 13:29 - 00007817 _____ () C:\Windows\BROMJ245.INI
2014-08-23 13:47 - 2014-08-23 13:47 - 00002103 _____ () C:\Users\Acer\Desktop\Skype.lnk
2014-08-23 10:46 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-23 10:46 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-23 10:46 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-23 10:46 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-23 10:46 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-23 10:46 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-23 10:46 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-23 10:46 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-23 10:46 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-23 10:46 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-23 10:46 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-23 10:46 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-23 10:46 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-23 10:46 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-15 10:01 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 10:01 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 10:01 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 10:01 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 10:01 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 10:01 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 10:01 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 10:01 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 09:54 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 09:54 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 09:54 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 09:54 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 09:54 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 09:54 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 09:54 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 09:54 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 09:54 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 09:54 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 09:54 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 09:54 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 09:54 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 09:54 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 09:54 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 09:54 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 09:54 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 09:54 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 09:54 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 09:54 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 09:54 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 09:54 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 09:54 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 09:54 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 09:54 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 09:54 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 09:54 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 09:54 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 09:54 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 09:54 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 09:54 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 09:54 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 09:54 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 09:54 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 09:54 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 09:54 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 09:54 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 09:54 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 09:54 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 09:54 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 09:54 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 09:54 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 09:54 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 09:54 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 09:54 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 09:54 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 09:54 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 09:54 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 09:54 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 09:54 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 09:54 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 09:54 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 09:54 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 09:54 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 09:54 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 09:54 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 09:54 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 09:54 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 09:54 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-15 09:54 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-15 09:54 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-15 09:54 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-15 09:54 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-15 09:54 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-15 09:54 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-15 09:54 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-15 09:54 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-15 09:54 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-15 09:54 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-15 09:54 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-15 09:54 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 09:54 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 09:54 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 09:54 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 09:54 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 09:54 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 09:54 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 09:54 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 09:54 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 09:54 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 09:53 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 09:53 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 09:53 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 09:53 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-04 16:28 - 2014-08-04 16:28 - 00001986 _____ () C:\Users\Acer\Documents\solo6_playback_solo_dr_b.xsc
2014-08-03 17:32 - 2014-08-30 09:34 - 00073356 _____ () C:\nospam.log
2014-08-03 17:32 - 2014-08-30 09:34 - 00033612 _____ () C:\spam.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-02 12:10 - 2014-09-02 11:11 - 00000000 ____D () C:\Users\Downloads\First
2014-09-02 12:10 - 2014-09-02 10:19 - 00000000 ____D () C:\FRST
2014-09-02 12:10 - 2011-07-06 07:32 - 00703230 _____ () C:\Windows\system32\perfh007.dat
2014-09-02 12:10 - 2011-07-06 07:32 - 00150838 _____ () C:\Windows\system32\perfc007.dat
2014-09-02 12:10 - 2009-07-14 07:13 - 01629444 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-02 12:08 - 2014-09-02 12:08 - 00000470 _____ () C:\Users\Downloads\defogger_disable.log
2014-09-02 12:08 - 2011-07-05 21:38 - 01684313 _____ () C:\Windows\WindowsUpdate.log
2014-09-02 12:05 - 2014-02-19 22:30 - 00005128 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Acer-PC-Acer Acer-PC
2014-09-02 12:05 - 2013-12-08 23:04 - 00032938 _____ () C:\Windows\setupact.log
2014-09-02 12:05 - 2013-11-11 15:29 - 00000198 _____ () C:\Windows\Tasks\AutoKMS.job
2014-09-02 12:05 - 2012-09-09 15:12 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-02 12:05 - 2011-07-21 16:21 - 00000000 ____D () C:\Users\Acer\AppData\Local\CrashDumps
2014-09-02 12:05 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-02 12:03 - 2014-09-02 12:03 - 00002018 _____ () C:\Users\Public\Desktop\G Data InternetSecurity.lnk
2014-09-02 12:03 - 2014-09-02 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity
2014-09-02 12:03 - 2014-01-18 23:05 - 00032782 _____ () C:\Windows\DPINST.LOG
2014-09-02 12:03 - 2012-08-18 12:00 - 00000000 ____D () C:\ProgramData\G DATA
2014-09-02 12:02 - 2012-08-18 12:00 - 00000000 ____D () C:\Program Files (x86)\G Data
2014-09-02 11:54 - 2014-09-02 11:54 - 00380416 _____ () C:\Users\Downloads\Gmer-19357.exe
2014-09-02 11:47 - 2014-09-02 11:47 - 00000000 _____ () C:\Users\Acer\defogger_reenable
2014-09-02 11:47 - 2011-07-21 11:27 - 00000000 ____D () C:\Users\Acer
2014-09-02 11:46 - 2014-09-02 11:46 - 00050477 _____ () C:\Users\Downloads\Defogger.exe
2014-09-02 11:37 - 2014-04-29 18:01 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\gnupg
2014-09-02 11:33 - 2014-01-24 14:33 - 00000000 ____D () C:\Users\Acer\iPIN
2014-09-02 11:33 - 2012-09-09 15:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-02 11:31 - 2012-01-20 23:23 - 00000000 ____D () C:\Program Files (x86)\MusicLab
2014-09-02 11:30 - 2012-11-12 13:29 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2014-09-02 11:30 - 2011-08-07 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2014-09-02 11:26 - 2012-04-03 18:06 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-02 11:23 - 2014-09-02 11:22 - 00000000 ____D () C:\Users\Downloads\Service scan
2014-09-02 11:12 - 2014-09-02 11:11 - 00000000 ____D () C:\Users\Downloads\Gdata
2014-09-02 11:09 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-02 11:09 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-02 11:01 - 2013-11-20 21:55 - 00000000 ___RD () C:\Users\Acer\Dropbox
2014-09-02 11:01 - 2011-08-03 12:35 - 00000000 ____D () C:\Windows\pss
2014-09-02 10:57 - 2014-08-30 20:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-02 10:57 - 2013-12-08 23:04 - 01017986 _____ () C:\Windows\PFRO.log
2014-09-02 10:57 - 2013-11-20 21:43 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Dropbox
2014-09-02 10:57 - 2013-07-01 20:29 - 00000000 ___RD () C:\Users\Acer\CloudStation
2014-09-02 10:57 - 2013-07-01 20:20 - 00000000 ___RD () C:\Users\Acer\Cloud-2
2014-09-02 10:57 - 2012-04-03 18:04 - 00000015 _____ () C:\Windows\system32\deviceAppeared.txt
2014-09-02 10:56 - 2014-08-31 00:29 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-02 10:53 - 2013-12-06 11:40 - 00000000 ____D () C:\AdwCleaner
2014-09-02 10:16 - 2013-12-10 14:35 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-09-02 10:16 - 2011-07-21 15:41 - 00000000 ____D () C:\Users\Acer\AppData\Local\Adobe
2014-08-31 00:36 - 2014-08-31 00:29 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-31 00:29 - 2014-08-31 00:29 - 00707354 _____ () C:\Windows\unins000.exe
2014-08-31 00:29 - 2014-08-31 00:29 - 00001529 _____ () C:\Windows\unins000.dat
2014-08-31 00:29 - 2014-08-31 00:29 - 00000000 ____D () C:\Windows\SysWOW64\GPBAK
2014-08-31 00:27 - 2014-08-31 00:27 - 00875012 _____ () C:\Users\Downloads\group_policy.zip
2014-08-30 23:53 - 2014-08-30 23:53 - 00000000 ____D () C:\Users\Downloads\406874_intl_x64_zip
2014-08-30 22:52 - 2014-01-23 17:38 - 00000000 ____D () C:\ProgramData\Vexel
2014-08-30 22:52 - 2011-06-01 06:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-30 22:50 - 2014-08-30 20:21 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Nico Mak Computing
2014-08-30 22:01 - 2014-08-30 22:01 - 00000000 ____D () C:\bootmedium
2014-08-30 21:01 - 2013-11-11 15:29 - 00000202 _____ () C:\Windows\Tasks\AutoKMSDaily.job
2014-08-30 21:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Globalization
2014-08-30 20:47 - 2014-08-30 20:47 - 00001070 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-30 20:47 - 2014-08-30 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-30 20:47 - 2014-08-30 20:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-30 20:47 - 2014-08-30 20:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-30 20:12 - 2013-12-08 23:04 - 00110795 _____ () C:\Windows\AutoKMS.log
2014-08-30 20:12 - 2013-11-11 15:29 - 00002740 _____ () C:\Windows\System32\Tasks\AutoKMSDaily
2014-08-30 16:49 - 2012-02-22 19:38 - 00000166 ___SH () C:\ProgramData\.zreglib
2014-08-30 12:37 - 2014-08-30 12:31 - 226580480 _____ () C:\Users\Downloads\GDBootMedium_2014.iso
2014-08-30 12:26 - 2012-04-03 18:06 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-30 12:26 - 2012-04-03 18:06 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-30 12:26 - 2011-07-21 19:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-30 12:15 - 2013-11-20 21:44 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-30 10:03 - 2014-08-29 17:01 - 00000000 ____D () C:\Users\Downloads\piwik
2014-08-30 09:45 - 2014-08-30 09:41 - 00000000 ____D () C:\Users\Acer\AppData\OICE_15_974FA576_32C1D314_F3B
2014-08-30 09:34 - 2014-08-03 17:32 - 00073356 _____ () C:\nospam.log
2014-08-30 09:34 - 2014-08-03 17:32 - 00033612 _____ () C:\spam.log
2014-08-29 17:31 - 2013-10-06 22:10 - 00000000 ____D () C:\Program Files (x86)\The KMPlayer
2014-08-29 16:48 - 2014-08-29 16:48 - 00022789 _____ () C:\Users\Downloads\Contao_PiwikTrackingTag_20030029_6.zip
2014-08-29 10:09 - 2013-12-08 23:04 - 05254200 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 20:53 - 2012-10-15 12:08 - 00000000 ____D () C:\Users\Acer\Documents\Video Editoren
2014-08-26 21:17 - 2013-05-25 12:45 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-26 12:26 - 2014-03-02 22:59 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-25 18:59 - 2014-08-25 18:59 - 00000000 _____ () C:\Users\Acer\Desktop\Neues Textdokument (2).txt
2014-08-25 17:21 - 2009-07-14 04:34 - 00000718 _____ () C:\Windows\win.ini
2014-08-24 19:22 - 2013-12-21 23:56 - 00008101 _____ () C:\Windows\BRRBCOM.INI
2014-08-24 13:29 - 2014-08-24 13:29 - 00007817 _____ () C:\Windows\BROMJ245.INI
2014-08-23 14:50 - 2011-07-21 11:51 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Skype
2014-08-23 13:49 - 2013-06-15 10:13 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-23 13:49 - 2011-06-01 06:43 - 00000000 ____D () C:\ProgramData\Skype
2014-08-23 13:47 - 2014-08-23 13:47 - 00002103 _____ () C:\Users\Acer\Desktop\Skype.lnk
2014-08-23 13:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-23 10:43 - 2012-10-14 18:46 - 00000000 ____D () C:\Windows\system32\inf32
2014-08-23 04:07 - 2014-08-28 12:41 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 12:41 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 12:41 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-15 10:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 10:06 - 2013-08-15 10:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 10:03 - 2011-07-21 12:00 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-15 10:01 - 2014-05-06 17:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-07 04:06 - 2014-08-15 09:53 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-15 09:53 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 09:20 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-04 16:28 - 2014-08-04 16:28 - 00001986 _____ () C:\Users\Acer\Documents\solo6_playback_solo_dr_b.xsc
2014-08-04 11:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
Files to move or delete:
====================
C:\Users\Downloads\Defogger.exe
C:\Users\Downloads\Gmer-19357.exe
Some content of TEMP:
====================
C:\Users\Acer\AppData\Local\Temp\dotnetfx.exe
C:\Users\Acer\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzj4i2f.dll
C:\Users\Acer\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Acer\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Acer\AppData\Local\Temp\ICReinstall_FreeYouTubeDownload.exe
C:\Users\Acer\AppData\Local\Temp\KMP_3.9.0.126.exe
C:\Users\Acer\AppData\Local\Temp\libeay32.dll
C:\Users\Acer\AppData\Local\Temp\MB2014.exe
C:\Users\Acer\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Acer\AppData\Local\Temp\On4UD.dll
C:\Users\Acer\AppData\Local\Temp\Quarantine.exe
C:\Users\Acer\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Acer\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Acer\AppData\Local\Temp\setup.exe
C:\Users\Acer\AppData\Local\Temp\sfa_inst.exe
C:\Users\Acer\AppData\Local\Temp\shelper.dll
C:\Users\Acer\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Acer\AppData\Local\Temp\ssleay32.dll
C:\Users\Acer\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Acer\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Acer\AppData\Local\Temp\wusetup.exE
C:\Users\Acer\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Acer\AppData\Local\Temp\_is883A.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-27 11:30
==================== End Of Log ============================
|
|
02.09.2014, 17:30
| #4 |
| | Gdata läßt sich nicht öffnen ! Teil 2 Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014 02
Ran by Acer at 2014-09-02 12:11:17
Running from C:\Users\Downloads\First
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1710 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1710 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3007 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3501 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3502 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.1206.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.1.0.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (x32 Version: 12.1.0.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 2.5.684.213 - Advanced Micro Devices Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.60707.2331 - ATI Technologies Inc.) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.1.2.0 - SlySoft)
AP Tuner 3.08 (HKLM-x32\...\AP Tuner 3.08) (Version: - )
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{83D663BF-E9AF-0C6B-D278-BB8F90EDA304}) (Version: 3.0.833.0 - ATI Technologies, Inc.)
Audials (HKLM-x32\...\{2F27EAE9-0245-444A-8698-9832AFC3F1F8}) (Version: 10.2.27600.0 - Audials AG)
Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
BenVista PhotoZoom Pro 4.1 (HKCU\...\PhotoZoom Pro 4) (Version: 4.1 - BenVista Ltd.)
BestPractice (remove only) (HKLM-x32\...\BestPractice) (Version: - )
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Box Sync (x32 Version: 4.0.5204.0 - Box Inc.) Hidden
calibre 64bit (HKLM\...\{91CF16EE-876D-4409-9E3F-030BCDED616F}) (Version: 1.6.0 - Kovid Goyal)
capella reader (HKLM-x32\...\{EB66730F-E787-464E-89BA-71EDB7DD0162}) (Version: 7.1.8 - capella software AG)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center (x32 Version: 2011.0707.2346.40825 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0707.2346.40825 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0707.2346.40825 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0707.2346.40825 - ATI) Hidden
CCC Help English (x32 Version: 2011.0707.2345.40825 - ATI) Hidden
ccc-utility64 (Version: 2011.0707.2346.40825 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4255 - CDBurnerXP)
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.3318.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.2921_44380 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.3318.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.9023 - CyberLink Corp.) Hidden
CloneCD (HKLM-x32\...\CloneCD) (Version: - SlySoft)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
concept/design onlineTV 8 (HKLM-x32\...\{D2AC7034-15AC-4F62-85BD-1E48021E45D6}_is1) (Version: 8.5.0.20 - concept/design GmbH)
concept/design Video Jukebox (HKLM-x32\...\{37569A10-CB38-4615-8B32-0BF9FF5D887D}_is1) (Version: 1.3.0.0 - concept/design GmbH)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.0.6904 - CyberLink Corp.)
CyberLink PhotoNow (x32 Version: 1.1.0.6904 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 9.0.0.2930 - CyberLink Corp.)
CyberLink PowerDirector (Version: 9.0.0.2930 - CyberLink Corp.) Hidden
CyberLink WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.2407 - CyberLink Corp.)
CyberLink WaveEditor (x32 Version: 1.0.1.2407 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.3.0297 - DT Soft Ltd)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.41 - DivX, LLC)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
DVD-Cover Printmaster 1.4 (HKLM-x32\...\{38AFE2B1-19DB-432A-BA4A-410BFBA78DCE}) (Version: 1.4 - biu software)
EDIUS (HKLM-x32\...\{E778FC49-5FE7-486E-AB18-0F418BE97189}) (Version: 6.54 - Grass Valley K.K.)
EDIUS Codec Option 6.54 (HKLM-x32\...\{E7EE42CB-C5A2-46C5-93AC-EA285F86C022}) (Version: 6.54 - Grass Valley K.K.)
eDocPrintPro v3.17.4 (HKLM\...\{6F3FD6DA-35AA-4310-A59A-CA63590F3651}) (Version: 3.17.4 - MAY-Computer)
Elements 12 Organizer (x32 Version: 12.0 - Ihr Firmenname) Hidden
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.6.6.2138 - Steinberg Media Technologies GmbH)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
FairUse Wizard 3D (HKLM-x32\...\FairUse Wizard 3D) (Version: 1.0 - FairUse Wizard)
FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
Filmmaker's Toolkit for Studio (HKLM-x32\...\InstallShield_{4CF172C5-F121-41FA-B0B0-0D49840BF003}) (Version: 1.00.0000 - Red Giant)
Filmmaker's Toolkit for Studio (x32 Version: 1.00.0000 - Red Giant) Hidden
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Flip Words (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}) (Version: - Oberon Media)
Focusrite USB 2.0 Audio Driver 2.4 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.4 - Focusrite Audio Engineering Limited.)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
FRANZIS onlineTV 8 (HKLM-x32\...\{CBC88F0E-1960-4AC3-8C38-8BAD44E3F6E3}_is1) (Version: 8.5.0.4 - FRANZIS Verlag GmbH)
Free YouTube Download version 3.2.34.430 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.34.430 - DVDVideoSoft Ltd.)
FreeCAD 0.13 (HKLM-x32\...\{2B2B5D2B-0F01-410B-843B-8F437FD75FBF}) (Version: 0.13.1828 - Juergen Riegel (FreeCAD@juergen-riegel.net))
G Data InternetSecurity (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.1.2 - G Data Software AG)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
GNU Solfege 3.22.1 (HKLM-x32\...\GNU Solfege_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version: - Richard)
Gpg4win (2.2.1) (HKLM-x32\...\GPG4Win) (Version: 2.2.1 - The Gpg4win Project)
GPSoftware Directory Opus (HKLM-x32\...\{5D4F167D-CCC8-413E-A6EE-F2FABBBBF50D}) (Version: 11.5 - GPSoftware)
G-Series_ASIO64 (HKLM\...\{1E03D44C-B430-45FF-94E9-9622B383321C}) (Version: 2.0.0 - ZOOM)
GST 2.3.8.4 (HKLM-x32\...\GuitarSpeedTrainer_is1) (Version: - GuitarSpeed.com)
Guitar Explorer 1.1 (HKLM-x32\...\Guitar Explorer 1.1) (Version: - )
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music)
GV LicenseManager 1.04 (HKLM-x32\...\{EE256B6B-7F66-409B-9CF2-CE9B64947CBC}) (Version: 1.04 - Grass Valley K.K.)
Hitbase 2010 (HKLM-x32\...\{9B432783-74CE-44D9-8274-25B17E1867BC}) (Version: 12.0.0 - Big 3 Software)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Inkscape 0.48.2 (HKLM-x32\...\Inkscape) (Version: 0.48.2 - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
iPIN Version 1.3 (HKLM-x32\...\{4C06EC4F-11A4-40DD-818B-58005B91A02A}_is1) (Version: 1.3 - IBILITIES, INC.)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 7.1.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.1.0 - )
KMP Service (HKLM-x32\...\4F6D5E84-5826-4394-9F40-3A9A19165651_is1) (Version: - KMP)
LaCie Desktop Manager 1.4.3 (HKLM\...\{3845209F-142E-4F48-B61A-AA34D2DB54BB}_is1) (Version: 1.4.3 - LaCie)
LaCie Network Assistant 1.5.9.67 (HKLM\...\{BA94B525-1469-4E00-AFE4-50ADEB8B3993}_is1) (Version: 1.5.9.67 - LaCie)
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version: - )
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version: - Line 6)
Magic DVD Copier V6.0.0 (HKLM-x32\...\Magic DVD Copier_is1) (Version: - Magic DVD Software, Inc.)
Magic DVD Ripper V6.0.0 (HKLM-x32\...\Magic DVD Ripper_is1) (Version: - Magic DVD Software, Inc.)
MAGIX Analogue Modelling Suite Plus (HKLM\...\MX.{F485F2FE-1D3D-4F6D-AD4E-13FA5FB22A88}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Analogue Modelling Suite Plus (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Audio Cleaning Lab 2013 (HKLM-x32\...\MAGIX_{97E2116F-CC11-4EDA-B179-78CB6A89D836}) (Version: 19.0.0.10 - MAGIX AG)
MAGIX Audio Cleaning Lab 2013 (Version: 19.0.0.10 - MAGIX AG) Hidden
MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)
MAGIX essentialFX Suite (HKLM\...\MX.{CB7B17F4-3833-4699-890B-52C5D0AB926D}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX essentialFX Suite (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Guitar Backing Maker (HKLM-x32\...\MAGIX_MSI_Guitar_Backing_Maker) (Version: 17.0.3.2 - MAGIX AG)
MAGIX Guitar Backing Maker (x32 Version: 17.0.3.2 - MAGIX AG) Hidden
MAGIX Samplitude Music Studio MX Download-Version (Vita Pack 1) (HKLM-x32\...\{DF19D073-4CA9-4C0F-A299-9C362F65681F}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Samplitude Music Studio MX Download-Version (Vita Pack 2) (HKLM-x32\...\{BCA71703-D3D3-4951-A380-AC1C4A9E90C9}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Samplitude Music Studio MX Download-Version (Vita Pack 3) (HKLM-x32\...\{B2F03F69-C14F-43FB-B8D3-785F933D994B}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Samplitude Music Studio MX Download-Version (VST PlugIns) (HKLM-x32\...\{3175697C-2EC7-46F9-A223-8D954B6C6870}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Screenshare (HKLM-x32\...\MAGIX_{EE79A8D3-6676-41FF-967C-242017CEC0F2}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (x32 Version: 4.3.6.1987 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{368FDD4C-1D79-44B6-9E86-6A1FF6D1496E}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Vandal VST-PlugIn (HKLM\...\MX.{24F96DED-7B99-49C4-B877-CDCDC37762FA}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Vandal VST-PlugIn (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX VariVerb II VST-PlugIn (HKLM\...\MX.{7A97538C-6D3F-4BB5-B2A1-D0ECFB199A4C}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX VariVerb II VST-PlugIn (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 Premium (Designelemente) (HKLM-x32\...\MX.{4DA6F550-872E-4C3A-8C9C-FFD79207D4DB}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2014 Premium (Designelemente) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 Premium (Filmvorlagen) (HKLM-x32\...\MX.{BD329C68-4F9A-4ACD-A2D0-D6D59380E6E7}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2014 Premium (Filmvorlagen) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 Premium (Fotoshow Maker-Stile 1) (HKLM-x32\...\MX.{7A45419D-1A34-413B-9A67-9E65AB513AF9}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2014 Premium (Fotoshow Maker-Stile 1) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 Premium (Fotoshow Maker-Stile 2) (HKLM-x32\...\MX.{94E7DFD0-F398-4AA6-843F-199DBB3BCF34}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2014 Premium (Fotoshow Maker-Stile 2) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 Premium (HKLM-x32\...\MX.{FBCA50BE-C022-45DA-9261-10230EC1012E}) (Version: 13.0.0.30 - MAGIX AG)
MAGIX Video deluxe 2014 Premium (Individuelle Menüvorlagen) (HKLM-x32\...\MX.{CC60A2A8-FD80-471E-89AF-4CFCBD6964E8}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2014 Premium (Individuelle Menüvorlagen) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 Premium (Menüvorlagen 1) (HKLM-x32\...\MX.{17BCC3D6-6414-482F-8EE3-1C3324604198}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2014 Premium (Menüvorlagen 1) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 Premium (Menüvorlagen 2) (HKLM-x32\...\MX.{7A8A6B7D-D368-44C8-9B31-ABB31FEF130F}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2014 Premium (Menüvorlagen 2) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 Premium (NewBlueFX ColorFast) (HKLM-x32\...\MX.{D9D24F5F-1E36-48BE-9419-CF97B34AB063}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2014 Premium (NewBlueFX ColorFast) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 Premium (proDAD Heroglyph 4.0) (HKLM-x32\...\MX.{CFD52E6D-2AF5-495C-87E3-4D243FE202E7}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2014 Premium (proDAD Heroglyph 4.0) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 Premium (Soundtrack Maker-Stile) (HKLM-x32\...\MX.{4ED07AA5-C9F9-424E-9CC6-E490129886F4}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2014 Premium (Soundtrack Maker-Stile) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 Premium (Titeleffekte) (HKLM-x32\...\MX.{D958ED91-0308-404E-9455-F7EE9BAAC70C}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2014 Premium (Titeleffekte) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 Premium (Überblendeffekte) (HKLM-x32\...\MX.{3B812D22-B8EC-4060-B909-FF822FE7612B}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2014 Premium (Überblendeffekte) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 Premium (Version: 13.0.0.30 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 Premium Update (Version: 13.0.5.4 - MAGIX AG) Hidden
MAGIX Workshop (Fortgeschrittene Videobearbeitung) (HKLM-x32\...\MX.{D8FF1E4E-01A8-4DA5-A666-44B44C37FACD}) (Version: 2.1.0.0 - MAGIX AG)
MAGIX Workshop (Fortgeschrittene Videobearbeitung) (Version: 2.1.0.0 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MediaInfo 0.7.61 (HKLM\...\MediaInfo) (Version: 0.7.61 - MediaArea.net)
MEDION GoPal Assistant (HKLM-x32\...\{B42F42E6-E0C3-402D-B71E-B4403F78CD4A}) (Version: 6.3.4.12974 - MEDION)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microlife BPA 3.2.5 German (HKLM-x32\...\InstallShield_{2F13B922-A593-4BFE-B863-D6F531D2B0FC}) (Version: 3.2.5 - Microlife)
Microlife BPA 3.2.5 German (x32 Version: 3.2.5 - Microlife) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 Small Business Premium - de-de (HKLM\...\O365SmallBusPremRetail - de-de) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Motion Graphics Toolkit for Studio (HKLM-x32\...\InstallShield_{178D71F4-DFB1-40EC-9D95-326FD8A3E7A0}) (Version: 1.00.0000 - Red Giant)
Motion Graphics Toolkit for Studio (x32 Version: 1.00.0000 - Red Giant) Hidden
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Firefox Packages (HKCU\...\Mozilla Firefox Packages) (Version: - ) <==== ATTENTION
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Mp3tag v2.57 (HKLM-x32\...\Mp3tag) (Version: v2.57 - Florian Heidenreich)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
mySongBook Player (HKLM-x32\...\{42F6B687-F7B1-41A8-87CB-043FBBE4621D}_is1) (Version: - Arobas Music)
MyWinLocker (Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker Suite (x32 Version: 4.0.14.15 - Egis Technology Inc.) Hidden
Native Instruments Controller Editor (Version: 1.3.5.667 - Native Instruments) Hidden
Native Instruments Guitar Rig 5 (Version: 5.0.1.2447 - Native Instruments) Hidden
Native Instruments Massive (Version: 1.1.4.1901 - Native Instruments) Hidden
Native Instruments Service Center (Version: 2.2.6.676 - Native Instruments) Hidden
Neat Video v3.3.0 Pro plug-in for Edius (32-bit) (HKLM-x32\...\Neat Video for Edius (32-bit)_is1) (Version: - Neat Video team, ABSoft)
NewBlue ColorFast for Magix (HKLM-x32\...\NewBlue ColorFast for Magix) (Version: 1.4 - NewBlue)
NewBlueFX Light Blends (HKLM-x32\...\NewBlueFX Light Blends) (Version: 1.4 - NewBlue)
No23 Recorder (HKLM-x32\...\No23 Recorder) (Version: 2.1.0.3 - No23)
No23 Recorder (x32 Version: 2.1.0.3 - No23) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden
O&O CleverCache (HKLM\...\{E520EB70-A071-4A1A-9BD2-B28CC6D9DB22}) (Version: 7.1.2737 - O&O Software GmbH)
O&O Defrag Professional (HKLM\...\{0E1123D5-18D1-4ED9-8ECB-0949F1ADB133}) (Version: 16.0.367 - O&O Software GmbH)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 9.0 - PlotSoft LLC)
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.2.00.03250 - Sony Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PowerDirector (Version: 9.00.0000 - CyberLink Corp.) Hidden
proDAD Adorage 3.0 (HKLM-x32\...\proDAD-Adorage-3.0) (Version: 3.0.92 - proDAD GmbH)
proDAD Heroglyph 2.5 (HKLM-x32\...\proDAD-Heroglyph-2.5) (Version: - )
proDAD Heroglyph 4.0 (HKLM-x32\...\proDAD-Heroglyph-4.0) (Version: 4.0.189.1 - proDAD GmbH)
proDAD Mercalli 2.1 (HKLM-x32\...\proDAD-Mercalli-2.1) (Version: 2.1.4402 - proDAD GmbH)
proDAD Vitascene 1.0 (HKLM-x32\...\proDAD-Vitascene-1.0) (Version: - )
proDAD Vitascene 2.0 (HKLM-x32\...\proDAD-Vitascene-2.0) (Version: 2.0.186 - proDAD GmbH)
PSTScanner (HKLM\...\{AD39F8BE-AB2E-4160-80D9-D9150E65A294}_is1) (Version: 2.5.0.10 - )
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6329 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
RemoteComms driver (HKLM-x32\...\{43BEEE26-01A8-4EEE-8632-2353261E3B55}) (Version: 1.25.0000 - Oxford Semiconductor)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software)
Samplitude Music Studio 2014 (HKLM-x32\...\MX.{0C51DFA2-BF25-4665-924F-3C2BE387DF88}) (Version: 20.0.1.14 - MAGIX AG)
Samplitude Music Studio 2014 (Objekt-Synthesizer) (HKLM-x32\...\MX.{4E38261C-B47F-459F-9476-4D05C8A1E804}) (Version: 1.0.0.0 - MAGIX AG)
Samplitude Music Studio 2014 (Objekt-Synthesizer) (Version: 1.0.0.0 - MAGIX AG) Hidden
Samplitude Music Studio 2014 (Solo Jam-Session & Easy-Recording Content) (HKLM-x32\...\MX.{EE7438D5-B907-4E11-90F0-E3C655C19B54}) (Version: 1.0.0.0 - MAGIX AG)
Samplitude Music Studio 2014 (Solo Jam-Session & Easy-Recording Content) (Version: 1.0.0.0 - MAGIX AG) Hidden
Samplitude Music Studio 2014 (Version: 20.0.1.14 - MAGIX AG) Hidden
Samplitude Music Studio 2014 Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
Samplitude Music Studio 2014 Update (Version: 20.0.2.16 - MAGIX AG) Hidden
Samplitude Music Studio MX Content Pack (HKLM-x32\...\{0647EF1A-62FF-499C-8F2D-D3FFAF6FDE03}) (Version: 1.0.0.0 - MAGIX AG)
Samplitude Music Studio MX Download-Version (x32 Version: 18.0.0.43 - MAGIX AG) Hidden
Scarlett Plug-in Suite 1.4 (HKLM-x32\...\{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1) (Version: 1.4 - Focusrite)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Smart File Advisor 1.1.3 (HKLM-x32\...\Smart File Advisor_is1) (Version: 1.1.3 - Filefacts.net)
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden
Soda PDF 6 (HKLM-x32\...\Soda6) (Version: 6.0.82.13912 - LULU Software Limited)
Soda PDF 6 Asian Fonts Pack (HKLM-x32\...\{7CF635DE-5292-4C36-9356-B21CEF4A6CF8}) (Version: 6.3.8.17473 - LULU Software Limited)
Soda PDF 6 Convert Module (HKLM-x32\...\{05F9C506-5880-4D36-861F-41E46A9F8D28}) (Version: 6.3.8.17473 - LULU Software Limited)
Soda PDF 6 Create Module (HKLM-x32\...\{006415DD-2FED-485A-96BF-6F47778E5818}) (Version: 6.3.8.17473 - LULU Software Limited)
Soda PDF 6 Edit Module (HKLM-x32\...\{768776D3-A3FC-4BE5-AA7F-9585B3462799}) (Version: 6.3.8.17473 - LULU Software Limited)
Soda PDF 6 Forms Module (HKLM-x32\...\{8D65F9DF-C23C-4E63-9E24-2AFB9C7E9448}) (Version: 6.3.8.17473 - LULU Software Limited)
Soda PDF 6 Insert Module (HKLM-x32\...\{D6231430-046E-416E-9A63-6009D800C824}) (Version: 6.3.8.17473 - LULU Software Limited)
Soda PDF 6 OCR Module (x32 Version: 6.3.8.17473 - LULU Software Limited) Hidden
Soda PDF 6 Review Module (HKLM-x32\...\{0E5BED18-13C0-4CB4-98B8-4737B931503C}) (Version: 6.3.8.17473 - LULU Software Limited)
Soda PDF 6 Secure Module (HKLM-x32\...\{AA787745-E7B4-45F5-B6CB-48D76343379F}) (Version: 6.3.8.17473 - LULU Software Limited)
Soda PDF 6 View Module (HKLM-x32\...\{1D568381-5001-403E-8D65-4A0D6E2ACC03}) (Version: 6.3.8.17473 - LULU Software Limited)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Drum Set (HKLM-x32\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Set (HKLM-x32\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg Sequel LE 2 (HKLM-x32\...\{7146D087-B853-4E00-BB52-883DCE99F155}) (Version: 2.0.5 - Steinberg Media Technologies GmbH)
streamWriter (HKLM-x32\...\streamWriter_is1) (Version: - )
Synology Cloud Station (remove only) (HKCU\...\Synology CloudStation) (Version: - )
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.0.126 - PandoraTV)
Transcribe! 8.31 (HKLM-x32\...\Transcribe!_is1) (Version: 8.31 - Seventh String Software)
TreeSize Free V3.0.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.0.1 - JAM Software)
True Image 2013 (HKLM-x32\...\{59F3D2AC-5F1F-4A93-8F23-6FD4F029D9A9}Visible) (Version: 16.0.5551 - Acronis)
True Image 2013 (x32 Version: 16.0.5551 - Acronis) Hidden
TVCenter (HKLM\...\{18F703C3-32EC-4E5C-BC3C-C1BD72D35F5B}) (Version: 6.4.2.880 - PCTV Systems)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Vita 2 (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita 2 Zusatzcontent (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Electric Piano (Version: 1.0.2.0 - MAGIX AG) Hidden
Vita Electric Piano Update (Version: 1.0.2.0 - MAGIX AG) Hidden
Vita Pop Brass (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Power Guitar (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Vintage Organ (Version: 1.0.1.0 - MAGIX AG) Hidden
Vita Vintage Organ Update (Version: 1.0.1.0 - MAGIX AG) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WD SmartWare (HKLM\...\{07179D37-D5FE-4373-90D9-A25B992EFB3E}) (Version: 1.4.5.5 - Western Digital)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3501 - Acer Incorporated)
Winamp (HKLM-x32\...\Winamp) (Version: 5.64 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Home Server-CD zum Wiederherstellen von Heimcomputern (Dual-Boot-Version) (HKLM-x32\...\{E98E2A33-05D1-476B-B81B-40F4BD957056}) (Version: 1 - Microsoft Corporation)
Windows Live Argazki Galeria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (07/07/2011 15.32.4.883) (HKLM\...\F4B837225347AABC4F4DB6067C4D5642AF04B34C) (Version: 07/07/2011 15.32.4.883 - Focusrite)
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (09/10/2012 2.4.128.0) (HKLM\...\4214A1CFC1A368A5078729BFD4B211F0CDB5CEC5) (Version: 09/10/2012 2.4.128.0 - Focusrite)
WinRAR (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Wondershare Audio Converter(Build 4.2.1.0) (HKLM-x32\...\Wondershare Audio Converter_is1) (Version: - Wondershare Software)
Wondershare Media Converter(Build 1.3.5.0) (HKLM-x32\...\Wondershare Media Converter_is1) (Version: - Wondershare Software)
Wondershare Streaming Audio Recorder(Build 2.0.3.3) (HKLM-x32\...\Wondershare Streaming Audio Recorder_is1) (Version: 2.0.3.3 - Wondershare Software Co.,Ltd.)
Wondershare TunesGo ( Version 4.1.0 ) (HKLM-x32\...\{0B31C808-8274-460D-8846-C711D40544A0}_is1) (Version: 4.1.0 - Wondershare)
XAMPP 1.8.1 (HKLM-x32\...\xampp) (Version: - )
ZOOM Edit&Share for Windows (HKLM-x32\...\{E99B8E1C-262D-49E6-9A84-D2AC486B2648}) (Version: 5.00.0000 - ZOOM Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3406220267-2230971110-2032019791-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3406220267-2230971110-2032019791-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Acer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3406220267-2230971110-2032019791-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Acer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3406220267-2230971110-2032019791-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Acer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3406220267-2230971110-2032019791-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Acer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3406220267-2230971110-2032019791-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Acer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3406220267-2230971110-2032019791-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3406220267-2230971110-2032019791-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3406220267-2230971110-2032019791-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3406220267-2230971110-2032019791-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3406220267-2230971110-2032019791-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3406220267-2230971110-2032019791-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3406220267-2230971110-2032019791-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3406220267-2230971110-2032019791-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
30-08-2014 20:52:14 Removed VisTitle 2.5.0.0 Trial Version
02-09-2014 08:08:55 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2011-11-19 12:11 - 00001310 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {07E00443-50BE-422C-824C-A84860072B0C} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Acer-PC-Acer Acer-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-08-26] (Microsoft Corporation)
Task: {37391D44-CCE2-40CA-A013-014F3D356298} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-30] (Adobe Systems Incorporated)
Task: {43894F2E-F21C-4BA5-9226-8A5E91E28522} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {46F2A758-F165-450F-8B65-F77497135543} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {4BC1C821-F461-4817-BDFD-17F2C4F5721A} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {926B6AAB-3C36-418C-A335-D4F8CE018830} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-08-26] (Microsoft Corporation)
Task: {963B7582-AF59-477D-A990-C0FF2FCC5F80} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {A1E863E7-86BC-4799-954E-B874873908B9} - System32\Tasks\AdobeAAMUpdater-1.0-Acer-PC-Acer => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {A8483671-4CA4-4245-BF00-EB58F947C001} - System32\Tasks\4560 => Wscript.exe C:\Users\Acer\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {B3A0B8C9-EDC6-44AD-8587-AFBD3589FCB4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
Task: {B6BD9906-49F5-444E-B3B7-846461E87ABA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-09] (Google Inc.)
Task: {B8CC046C-DA6A-4DF6-95EF-55335461CD77} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2012-09-18] (CyberLink Corp.)
Task: {D2456E92-F1DF-4BD3-A06F-FAAE38D311DF} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS.exe
Task: {E6CFF045-3493-46DB-ACC4-AD17396FEC61} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2012-09-18] (CyberLink)
Task: {F2D6A187-3B12-4519-8FB6-7E55B0803ABF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {F5DD7FD8-EAB1-4D51-99ED-DC27CFCF3D93} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-09] (Google Inc.)
Task: {FA486233-DA24-4010-BA06-C1B1A88C2A0C} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2012-09-18] (Acer Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-03-02 22:59 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-10-30 09:34 - 2007-09-02 14:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-01-28 21:13 - 2011-10-26 18:41 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2011-08-13 19:23 - 2010-03-15 12:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2009-01-22 01:45 - 2009-01-22 01:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-02 22:59 - 2014-06-11 11:23 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2012-10-14 13:03 - 2007-09-02 14:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2014-03-02 22:59 - 2014-03-19 10:52 - 00022696 _____ () C:\Program Files\Microsoft Office 15\root\office15\lynchtmlconvpxy.dll
2014-03-02 22:59 - 2014-06-11 11:23 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2012-09-18 14:24 - 2012-09-18 14:24 - 00208080 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows:A7BD40D6F706587B
AlternateDataStreams: C:\Users\Acer\AppData\Roaming\Durch Trennzeichen getrennte Werte.EML:OECustomProperty
AlternateDataStreams: C:\ProgramData\Temp:37A3705D
AlternateDataStreams: C:\ProgramData\Temp:8173A019
AlternateDataStreams: C:\ProgramData\Temp:BF31A799
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AcrSch2Svc => 2
MSCONFIG\Services: AdobeActiveFileMonitor12.0 => 2
MSCONFIG\Services: afcdpsrv => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: Browser Manager => 2
MSCONFIG\Services: CLKMSVC10_34E30CCC => 2
MSCONFIG\Services: DirMngr => 2
MSCONFIG\Services: DsiWMIService => 2
MSCONFIG\Services: EgisTec Ticket Service => 3
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: GREGService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LaCieDesktopManagerService => 2
MSCONFIG\Services: Live Updater Service => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MySQL => 2
MSCONFIG\Services: NIHardwareService => 2
MSCONFIG\Services: NTI IScheduleSvc => 2
MSCONFIG\Services: O&O CleverCache => 2
MSCONFIG\Services: OODefragAgent => 2
MSCONFIG\Services: PanService => 2
MSCONFIG\Services: PMBDeviceInfoProvider => 2
MSCONFIG\Services: RichVideo64 => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Soda PDF 6 => 3
MSCONFIG\Services: Soda PDF 6 Creator => 2
MSCONFIG\Services: syncagentsrv => 2
MSCONFIG\Services: TeamViewer8 => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\Services: TurboBoost => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: Update WebConnect => 2
MSCONFIG\Services: UpdaterService => 2
MSCONFIG\Services: Virtual CDAudio Service => 2
MSCONFIG\Services: vToolbarUpdater12.1.5 => 2
MSCONFIG\Services: WajamUpdater => 2
MSCONFIG\Services: WDDMService => 2
MSCONFIG\Services: WDFME => 2
MSCONFIG\Services: WDSC => 2
MSCONFIG\Services: Web Assistant Updater => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GV LicenseManager.lnk => C:\Windows\pss\GV LicenseManager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nach Updates suchen.lnk => C:\Windows\pss\Nach Updates suchen.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^O&O Defrag Tray.lnk => C:\Windows\pss\O&O Defrag Tray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^simplicheck.lnk => C:\Windows\pss\simplicheck.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk => C:\Windows\pss\WDDMStatus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Acer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Canon IJ Status Monitor Canon MG5300 series Printer WS.lnk => C:\Windows\pss\Canon IJ Status Monitor Canon MG5300 series Printer WS.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Acer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CloudStation.lnk => C:\Windows\pss\CloudStation.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Acer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Acer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher =>
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AnyDVD => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
MSCONFIG\startupreg: ApplyEsf-eDocPrintPro =>
MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: CAHeadless => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
MSCONFIG\startupreg: CloneCDTray => "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DATAMNGR =>
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Dolby Advanced Audio v2 => "C:\Dolby PCEE4\pcee4.exe" -autostart
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: Google Update => "C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IntelTBRunOnce => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LaCie Desktop Manager Launcher =>
MSCONFIG\startupreg: LaCie Desktop Manager Startup => "C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe"
MSCONFIG\startupreg: LaCie Ethernet Agent Startup => "C:\Program Files\LaCie\Network Assistant\LaCie Network Assistant.exe" silent
MSCONFIG\startupreg: LightScribe Control Panel =>
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: ooccctrl.exe => C:\Program Files\OO Software\CleverCache\ooccctrl.exe /tasktray
MSCONFIG\startupreg: OODefragTray => C:\Program Files\OO Software\Defrag\oodtray.exe
MSCONFIG\startupreg: Path => "C:\Program Files (x86)\ZOOM\Edit_Share\bin\ZOOM Edit&Share startup.exe"
MSCONFIG\startupreg: PixelPlanet PdfPrinter-Monitor => "C:\Program Files (x86)\Common Files\PixelPlanet\PdfPrinter 7\PdfPrinterMonitor.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: Power Management => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
MSCONFIG\startupreg: PSDrvCheck => C:\Windows\system32\PSDrvCheck.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RocketDock => "C:\Program Files (x86)\RocketDock\RocketDock.exe"
MSCONFIG\startupreg: SkyDrive => "C:\Users\Acer\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Smart File Advisor => "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /checkassoc
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: system32 => "%Windir%\system32.exe"
MSCONFIG\startupreg: TrayServer => C:\PROGRA~2\MAGIX\VIDEO_~2\TrayServer_de.exe
MSCONFIG\startupreg: vProt =>
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
MSCONFIG\startupreg: Wondershare Helper Compact => "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: ZortamMp3MediaStudio =>
==================== Faulty Device Manager Devices =============
Name: Atheros AR5B97 Wireless Network Adapter
Description: Atheros AR5B97 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: GDMnIcpt
Description: GDMnIcpt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: GDMnIcpt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: HookCentre
Description: HookCentre
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: HookCentre
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/02/2014 00:07:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/02/2014 00:05:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc6b7
Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.1.7601.18532, Zeitstempel: 0x53c3352a
Ausnahmecode: 0xc0020043
Fehleroffset: 0x0005d111
ID des fehlerhaften Prozesses: 0xed4
Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0
Pfad der fehlerhaften Anwendung: DllHost.exe1
Pfad des fehlerhaften Moduls: DllHost.exe2
Berichtskennung: DllHost.exe3
Error: (09/02/2014 00:05:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc6b7
Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.1.7601.18532, Zeitstempel: 0x53c3352a
Ausnahmecode: 0xc0020043
Fehleroffset: 0x0005d111
ID des fehlerhaften Prozesses: 0xc3c
Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0
Pfad der fehlerhaften Anwendung: DllHost.exe1
Pfad des fehlerhaften Moduls: DllHost.exe2
Berichtskennung: DllHost.exe3
Error: (09/02/2014 00:05:40 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1". Fehler in Manifest- oder Richtliniendatei "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" in Zeile UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (09/02/2014 00:03:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc6b7
Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.1.7601.18532, Zeitstempel: 0x53c3352a
Ausnahmecode: 0xc0020043
Fehleroffset: 0x0005d111
ID des fehlerhaften Prozesses: 0x1434
Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0
Pfad der fehlerhaften Anwendung: DllHost.exe1
Pfad des fehlerhaften Moduls: DllHost.exe2
Berichtskennung: DllHost.exe3
Error: (09/02/2014 00:03:18 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1". Fehler in Manifest- oder Richtliniendatei "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" in Zeile UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (09/02/2014 11:52:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Video_Pro_X.exe, Version: 0.0.0.0, Zeitstempel: 0x52f3f5ac
Name des fehlerhaften Moduls: Video_Pro_X.exe, Version: 0.0.0.0, Zeitstempel: 0x52f3f5ac
Ausnahmecode: 0xc000041d
Fehleroffset: 0x0000000000c482e5
ID des fehlerhaften Prozesses: 0xbd8
Startzeit der fehlerhaften Anwendung: 0xVideo_Pro_X.exe0
Pfad der fehlerhaften Anwendung: Video_Pro_X.exe1
Pfad des fehlerhaften Moduls: Video_Pro_X.exe2
Berichtskennung: Video_Pro_X.exe3
Error: (09/02/2014 11:51:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Video_Pro_X.exe, Version: 0.0.0.0, Zeitstempel: 0x52f3f5ac
Name des fehlerhaften Moduls: Video_Pro_X.exe, Version: 0.0.0.0, Zeitstempel: 0x52f3f5ac
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000c482e5
ID des fehlerhaften Prozesses: 0xbd8
Startzeit der fehlerhaften Anwendung: 0xVideo_Pro_X.exe0
Pfad der fehlerhaften Anwendung: Video_Pro_X.exe1
Pfad des fehlerhaften Moduls: Video_Pro_X.exe2
Berichtskennung: Video_Pro_X.exe3
Error: (09/02/2014 11:06:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc6b7
Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.1.7601.18532, Zeitstempel: 0x53c3352a
Ausnahmecode: 0xc0020043
Fehleroffset: 0x0005d111
ID des fehlerhaften Prozesses: 0xe44
Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0
Pfad der fehlerhaften Anwendung: DllHost.exe1
Pfad des fehlerhaften Moduls: DllHost.exe2
Berichtskennung: DllHost.exe3
Error: (09/02/2014 11:06:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc6b7
Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.1.7601.18532, Zeitstempel: 0x53c3352a
Ausnahmecode: 0xc0020043
Fehleroffset: 0x0005d111
ID des fehlerhaften Prozesses: 0x250
Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0
Pfad der fehlerhaften Anwendung: DllHost.exe1
Pfad des fehlerhaften Moduls: DllHost.exe2
Berichtskennung: DllHost.exe3
System errors:
=============
Error: (09/02/2014 00:05:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
GDBehave
GDMnIcpt
HookCentre
TPkd
Error: (09/02/2014 00:05:35 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "G Data Dateisystem Wächter" ist von folgendem Dienst abhängig: GDScan. Dieser Dienst ist eventuell nicht installiert.
Error: (09/02/2014 00:05:28 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (09/02/2014 00:04:14 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "G Data Dateisystem Wächter" ist von folgendem Dienst abhängig: GDScan. Dieser Dienst ist eventuell nicht installiert.
Error: (09/02/2014 00:04:14 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "G Data Dateisystem Wächter" ist von folgendem Dienst abhängig: GDScan. Dieser Dienst ist eventuell nicht installiert.
Error: (09/02/2014 11:02:05 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
GDBehave
GDMnIcpt
HookCentre
TPkd
Error: (09/02/2014 11:01:55 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (09/02/2014 10:57:20 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
GDBehave
GDMnIcpt
HookCentre
TPkd
Error: (09/02/2014 10:57:05 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (09/02/2014 10:53:58 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
GDBehave
GDMnIcpt
HookCentre
TPkd
Microsoft Office Sessions:
=========================
Error: (09/02/2014 00:07:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/02/2014 00:05:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.1.7600.163854a5bc6b7RPCRT4.dll6.1.7601.1853253c3352ac00200430005d111ed401cfc6957c0a8461C:\Windows\SysWOW64\DllHost.exeC:\Windows\syswow64\RPCRT4.dllb9bbd202-3288-11e4-bb74-b870f4a73d11
Error: (09/02/2014 00:05:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.1.7600.163854a5bc6b7RPCRT4.dll6.1.7601.1853253c3352ac00200430005d111c3c01cfc695734526d3C:\Windows\SysWOW64\DllHost.exeC:\Windows\syswow64\RPCRT4.dllb15d1dc1-3288-11e4-bb74-b870f4a73d11
Error: (09/02/2014 00:05:40 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
Error: (09/02/2014 00:03:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.1.7600.163854a5bc6b7RPCRT4.dll6.1.7601.1853253c3352ac00200430005d111143401cfc6951e926b48C:\Windows\SysWOW64\DllHost.exeC:\Windows\syswow64\RPCRT4.dll5d5b7263-3288-11e4-972f-b870f4a73d11
Error: (09/02/2014 00:03:18 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
Error: (09/02/2014 11:52:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Video_Pro_X.exe0.0.0.052f3f5acVideo_Pro_X.exe0.0.0.052f3f5acc000041d0000000000c482e5bd801cfc68fe4c9c25dD:\Program Files\MAGIX\Video Pro X6\Video_Pro_X.exeD:\Program Files\MAGIX\Video Pro X6\Video_Pro_X.execf639ca9-3286-11e4-972f-b870f4a73d11
Error: (09/02/2014 11:51:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Video_Pro_X.exe0.0.0.052f3f5acVideo_Pro_X.exe0.0.0.052f3f5acc00000050000000000c482e5bd801cfc68fe4c9c25dD:\Program Files\MAGIX\Video Pro X6\Video_Pro_X.exeD:\Program Files\MAGIX\Video Pro X6\Video_Pro_X.exec6435b94-3286-11e4-972f-b870f4a73d11
Error: (09/02/2014 11:06:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.1.7600.163854a5bc6b7RPCRT4.dll6.1.7601.1853253c3352ac00200430005d111e4401cfc68d3ef9fab9C:\Windows\SysWOW64\DllHost.exeC:\Windows\syswow64\RPCRT4.dll7cab0223-3280-11e4-972f-b870f4a73d11
Error: (09/02/2014 11:06:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.1.7600.163854a5bc6b7RPCRT4.dll6.1.7601.1853253c3352ac00200430005d11125001cfc68c92252b27C:\Windows\SysWOW64\DllHost.exeC:\Windows\syswow64\RPCRT4.dll7369cb12-3280-11e4-972f-b870f4a73d11
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 25%
Total physical RAM: 8173.86 MB
Available physical RAM: 6118.62 MB
Total Pagefile: 8172.04 MB
Available Pagefile: 6116.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:95.69 GB) (Free:21.7 GB) NTFS
Drive d: (DATA) (Fixed) (Total:698.63 GB) (Free:454.95 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: EAE7E913)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=95.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: EAE7E925)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
02.09.2014, 17:40
| #5 |
| | Gdata läßt sich nicht öffnen ! Teil 3 u. 4a[CODE]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014 02 Ran by Acer at 2014-09-02 12:11:17 Running from C:\Users\Downloads\First Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation) Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1710 - CyberLink Corp.) Acer Crystal Eye Webcam (x32 Version: 1.0.1710 - CyberLink Corp.) Hidden Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3007 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3501 - Acer Incorporated) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3502 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.1206.2010 - Acer Incorporated) Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.1.0.0 - Adobe Systems Incorporated) Adobe Photoshop Elements 12 (x32 Version: 12.1.0.0 - Adobe Systems Incorporated) Hidden Adobe Reader X (10.1.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated) AMD APP SDK Runtime (Version: 2.5.684.213 - Advanced Micro Devices Inc.) Hidden AMD Media Foundation Decoders (Version: 1.0.60707.2331 - ATI Technologies Inc.) Hidden AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.1.2.0 - SlySoft) AP Tuner 3.08 (HKLM-x32\...\AP Tuner 3.08) (Version: - ) Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.) ATI Catalyst Install Manager (HKLM\...\{83D663BF-E9AF-0C6B-D278-BB8F90EDA304}) (Version: 3.0.833.0 - ATI Technologies, Inc.) Audials (HKLM-x32\...\{2F27EAE9-0245-444A-8698-9832AFC3F1F8}) (Version: 10.2.27600.0 - Audials AG) Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber) Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden BenVista PhotoZoom Pro 4.1 (HKCU\...\PhotoZoom Pro 4) (Version: 4.1 - BenVista Ltd.) BestPractice (remove only) (HKLM-x32\...\BestPractice) (Version: - ) Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Box Sync (x32 Version: 4.0.5204.0 - Box Inc.) Hidden calibre 64bit (HKLM\...\{91CF16EE-876D-4409-9E3F-030BCDED616F}) (Version: 1.6.0 - Kovid Goyal) capella reader (HKLM-x32\...\{EB66730F-E787-464E-89BA-71EDB7DD0162}) (Version: 7.1.8 - capella software AG) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center (x32 Version: 2011.0707.2346.40825 - Ihr Firmenname) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0707.2346.40825 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2011.0707.2346.40825 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2011.0707.2346.40825 - ATI) Hidden CCC Help English (x32 Version: 2011.0707.2345.40825 - ATI) Hidden ccc-utility64 (Version: 2011.0707.2346.40825 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4255 - CDBurnerXP) clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.3318.00 - CyberLink Corp.) clear.fi (x32 Version: 1.0.2921_44380 - CyberLink Corp.) Hidden clear.fi (x32 Version: 1.0.3318.00 - CyberLink Corp.) Hidden clear.fi (x32 Version: 9.0.9023 - CyberLink Corp.) Hidden CloneCD (HKLM-x32\...\CloneCD) (Version: - SlySoft) CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes) concept/design onlineTV 8 (HKLM-x32\...\{D2AC7034-15AC-4F62-85BD-1E48021E45D6}_is1) (Version: 8.5.0.20 - concept/design GmbH) concept/design Video Jukebox (HKLM-x32\...\{37569A10-CB38-4615-8B32-0BF9FF5D887D}_is1) (Version: 1.3.0.0 - concept/design GmbH) CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.0.6904 - CyberLink Corp.) CyberLink PhotoNow (x32 Version: 1.1.0.6904 - CyberLink Corp.) Hidden CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 9.0.0.2930 - CyberLink Corp.) CyberLink PowerDirector (Version: 9.0.0.2930 - CyberLink Corp.) Hidden CyberLink WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.2407 - CyberLink Corp.) CyberLink WaveEditor (x32 Version: 1.0.1.2407 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.3.0297 - DT Soft Ltd) DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.41 - DivX, LLC) Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.4 - Dolby Laboratories Inc) Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.) DVD-Cover Printmaster 1.4 (HKLM-x32\...\{38AFE2B1-19DB-432A-BA4A-410BFBA78DCE}) (Version: 1.4 - biu software) EDIUS (HKLM-x32\...\{E778FC49-5FE7-486E-AB18-0F418BE97189}) (Version: 6.54 - Grass Valley K.K.) EDIUS Codec Option 6.54 (HKLM-x32\...\{E7EE42CB-C5A2-46C5-93AC-EA285F86C022}) (Version: 6.54 - Grass Valley K.K.) eDocPrintPro v3.17.4 (HKLM\...\{6F3FD6DA-35AA-4310-A59A-CA63590F3651}) (Version: 3.17.4 - MAY-Computer) Elements 12 Organizer (x32 Version: 12.0 - Ihr Firmenname) Hidden eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.6.6.2138 - Steinberg Media Technologies GmbH) erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden FairUse Wizard 3D (HKLM-x32\...\FairUse Wizard 3D) (Version: 1.0 - FairUse Wizard) FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse) Filmmaker's Toolkit for Studio (HKLM-x32\...\InstallShield_{4CF172C5-F121-41FA-B0B0-0D49840BF003}) (Version: 1.00.0000 - Red Giant) Filmmaker's Toolkit for Studio (x32 Version: 1.00.0000 - Red Giant) Hidden Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG) Flip Words (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}) (Version: - Oberon Media) Focusrite USB 2.0 Audio Driver 2.4 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.4 - Focusrite Audio Engineering Limited.) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden FRANZIS onlineTV 8 (HKLM-x32\...\{CBC88F0E-1960-4AC3-8C38-8BAD44E3F6E3}_is1) (Version: 8.5.0.4 - FRANZIS Verlag GmbH) Free YouTube Download version 3.2.34.430 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.34.430 - DVDVideoSoft Ltd.) FreeCAD 0.13 (HKLM-x32\...\{2B2B5D2B-0F01-410B-843B-8F437FD75FBF}) (Version: 0.13.1828 - Juergen Riegel (FreeCAD@juergen-riegel.net)) G Data InternetSecurity (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.1.2 - G Data Software AG) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team) GNU Solfege 3.22.1 (HKLM-x32\...\GNU Solfege_is1) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version: - Richard) Gpg4win (2.2.1) (HKLM-x32\...\GPG4Win) (Version: 2.2.1 - The Gpg4win Project) GPSoftware Directory Opus (HKLM-x32\...\{5D4F167D-CCC8-413E-A6EE-F2FABBBBF50D}) (Version: 11.5 - GPSoftware) G-Series_ASIO64 (HKLM\...\{1E03D44C-B430-45FF-94E9-9622B383321C}) (Version: 2.0.0 - ZOOM) GST 2.3.8.4 (HKLM-x32\...\GuitarSpeedTrainer_is1) (Version: - GuitarSpeed.com) Guitar Explorer 1.1 (HKLM-x32\...\Guitar Explorer 1.1) (Version: - ) Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music) GV LicenseManager 1.04 (HKLM-x32\...\{EE256B6B-7F66-409B-9CF2-CE9B64947CBC}) (Version: 1.04 - Grass Valley K.K.) Hitbase 2010 (HKLM-x32\...\{9B432783-74CE-44D9-8274-25B17E1867BC}) (Version: 12.0.0 - Big 3 Software) Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation) iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!) Inkscape 0.48.2 (HKLM-x32\...\Inkscape) (Version: 0.48.2 - ) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation) iPIN Version 1.3 (HKLM-x32\...\{4C06EC4F-11A4-40DD-818B-58005B91A02A}_is1) (Version: 1.3 - IBILITIES, INC.) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan) iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.) Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden K-Lite Mega Codec Pack 7.1.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.1.0 - ) KMP Service (HKLM-x32\...\4F6D5E84-5826-4394-9F40-3A9A19165651_is1) (Version: - KMP) LaCie Desktop Manager 1.4.3 (HKLM\...\{3845209F-142E-4F48-B61A-AA34D2DB54BB}_is1) (Version: 1.4.3 - LaCie) LaCie Network Assistant 1.5.9.67 (HKLM\...\{BA94B525-1469-4E00-AFE4-50ADEB8B3993}_is1) (Version: 1.5.9.67 - LaCie) LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version: - ) Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.) Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version: - Line 6) Magic DVD Copier V6.0.0 (HKLM-x32\...\Magic DVD Copier_is1) (Version: - Magic DVD Software, Inc.) Magic DVD Ripper V6.0.0 (HKLM-x32\...\Magic DVD Ripper_is1) (Version: - Magic DVD Software, Inc.) MAGIX Analogue Modelling Suite Plus (HKLM\...\MX.{F485F2FE-1D3D-4F6D-AD4E-13FA5FB22A88}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Analogue Modelling Suite Plus (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Audio Cleaning Lab 2013 (HKLM-x32\...\MAGIX_{97E2116F-CC11-4EDA-B179-78CB6A89D836}) (Version: 19.0.0.10 - MAGIX AG) MAGIX Audio Cleaning Lab 2013 (Version: 19.0.0.10 - MAGIX AG) Hidden MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG) MAGIX essentialFX Suite (HKLM\...\MX.{CB7B17F4-3833-4699-890B-52C5D0AB926D}) (Version: 1.0.0.0 - MAGIX AG) MAGIX essentialFX Suite (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Guitar Backing Maker (HKLM-x32\...\MAGIX_MSI_Guitar_Backing_Maker) (Version: 17.0.3.2 - MAGIX AG) MAGIX Guitar Backing Maker (x32 Version: 17.0.3.2 - MAGIX AG) Hidden MAGIX Samplitude Music Studio MX Download-Version (Vita Pack 1) (HKLM-x32\...\{DF19D073-4CA9-4C0F-A299-9C362F65681F}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Samplitude Music Studio MX Download-Version (Vita Pack 2) (HKLM-x32\...\{BCA71703-D3D3-4951-A380-AC1C4A9E90C9}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Samplitude Music Studio MX Download-Version (Vita Pack 3) (HKLM-x32\...\{B2F03F69-C14F-43FB-B8D3-785F933D994B}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Samplitude Music Studio MX Download-Version (VST PlugIns) (HKLM-x32\...\{3175697C-2EC7-46F9-A223-8D954B6C6870}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Screenshare (HKLM-x32\...\MAGIX_{EE79A8D3-6676-41FF-967C-242017CEC0F2}) (Version: 4.3.6.1987 - MAGIX AG) MAGIX Screenshare (x32 Version: 4.3.6.1987 - MAGIX AG) Hidden MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{368FDD4C-1D79-44B6-9E86-6A1FF6D1496E}) (Version: 7.0.2.6 - MAGIX AG) MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden MAGIX Vandal VST-PlugIn (HKLM\...\MX.{24F96DED-7B99-49C4-B877-CDCDC37762FA}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Vandal VST-PlugIn (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX VariVerb II VST-PlugIn (HKLM\...\MX.{7A97538C-6D3F-4BB5-B2A1-D0ECFB199A4C}) (Version: 1.0.0.0 - MAGIX AG) MAGIX VariVerb II VST-PlugIn (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Video deluxe 2014 Premium (Designelemente) (HKLM-x32\...\MX.{4DA6F550-872E-4C3A-8C9C-FFD79207D4DB}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Video deluxe 2014 Premium (Designelemente) (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Video deluxe 2014 Premium (Filmvorlagen) (HKLM-x32\...\MX.{BD329C68-4F9A-4ACD-A2D0-D6D59380E6E7}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Video deluxe 2014 Premium (Filmvorlagen) (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Video deluxe 2014 Premium (Fotoshow Maker-Stile 1) (HKLM-x32\...\MX.{7A45419D-1A34-413B-9A67-9E65AB513AF9}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Video deluxe 2014 Premium (Fotoshow Maker-Stile 1) (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Video deluxe 2014 Premium (Fotoshow Maker-Stile 2) (HKLM-x32\...\MX.{94E7DFD0-F398-4AA6-843F-199DBB3BCF34}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Video deluxe 2014 Premium (Fotoshow Maker-Stile 2) (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Video deluxe 2014 Premium (HKLM-x32\...\MX.{FBCA50BE-C022-45DA-9261-10230EC1012E}) (Version: 13.0.0.30 - MAGIX AG) MAGIX Video deluxe 2014 Premium (Individuelle Menüvorlagen) (HKLM-x32\...\MX.{CC60A2A8-FD80-471E-89AF-4CFCBD6964E8}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Video deluxe 2014 Premium (Individuelle Menüvorlagen) (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Video deluxe 2014 Premium (Menüvorlagen 1) (HKLM-x32\...\MX.{17BCC3D6-6414-482F-8EE3-1C3324604198}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Video deluxe 2014 Premium (Menüvorlagen 1) (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Video deluxe 2014 Premium (Menüvorlagen 2) (HKLM-x32\...\MX.{7A8A6B7D-D368-44C8-9B31-ABB31FEF130F}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Video deluxe 2014 Premium (Menüvorlagen 2) (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Video deluxe 2014 Premium (NewBlueFX ColorFast) (HKLM-x32\...\MX.{D9D24F5F-1E36-48BE-9419-CF97B34AB063}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Video deluxe 2014 Premium (NewBlueFX ColorFast) (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Video deluxe 2014 Premium (proDAD Heroglyph 4.0) (HKLM-x32\...\MX.{CFD52E6D-2AF5-495C-87E3-4D243FE202E7}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Video deluxe 2014 Premium (proDAD Heroglyph 4.0) (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Video deluxe 2014 Premium (Soundtrack Maker-Stile) (HKLM-x32\...\MX.{4ED07AA5-C9F9-424E-9CC6-E490129886F4}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Video deluxe 2014 Premium (Soundtrack Maker-Stile) (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Video deluxe 2014 Premium (Titeleffekte) (HKLM-x32\...\MX.{D958ED91-0308-404E-9455-F7EE9BAAC70C}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Video deluxe 2014 Premium (Titeleffekte) (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Video deluxe 2014 Premium (Überblendeffekte) (HKLM-x32\...\MX.{3B812D22-B8EC-4060-B909-FF822FE7612B}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Video deluxe 2014 Premium (Überblendeffekte) (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Video deluxe 2014 Premium (Version: 13.0.0.30 - MAGIX AG) Hidden MAGIX Video deluxe 2014 Premium Update (Version: 13.0.5.4 - MAGIX AG) Hidden MAGIX Workshop (Fortgeschrittene Videobearbeitung) (HKLM-x32\...\MX.{D8FF1E4E-01A8-4DA5-A666-44B44C37FACD}) (Version: 2.1.0.0 - MAGIX AG) MAGIX Workshop (Fortgeschrittene Videobearbeitung) (Version: 2.1.0.0 - MAGIX AG) Hidden Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) MediaInfo 0.7.61 (HKLM\...\MediaInfo) (Version: 0.7.61 - MediaArea.net) MEDION GoPal Assistant (HKLM-x32\...\{B42F42E6-E0C3-402D-B71E-B4403F78CD4A}) (Version: 6.3.4.12974 - MEDION) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microlife BPA 3.2.5 German (HKLM-x32\...\InstallShield_{2F13B922-A593-4BFE-B863-D6F531D2B0FC}) (Version: 3.2.5 - Microlife) Microlife BPA 3.2.5 German (x32 Version: 3.2.5 - Microlife) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 365 Small Business Premium - de-de (HKLM\...\O365SmallBusPremRetail - de-de) (Version: 15.0.4641.1003 - Microsoft Corporation) Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Motion Graphics Toolkit for Studio (HKLM-x32\...\InstallShield_{178D71F4-DFB1-40EC-9D95-326FD8A3E7A0}) (Version: 1.00.0000 - Red Giant) Motion Graphics Toolkit for Studio (x32 Version: 1.00.0000 - Red Giant) Hidden MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek) Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla) Mozilla Firefox Packages (HKCU\...\Mozilla Firefox Packages) (Version: - ) <==== ATTENTION Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla) Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla) Mp3tag v2.57 (HKLM-x32\...\Mp3tag) (Version: v2.57 - Florian Heidenreich) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) mySongBook Player (HKLM-x32\...\{42F6B687-F7B1-41A8-87CB-043FBBE4621D}_is1) (Version: - Arobas Music) MyWinLocker (Version: 4.0.14.25 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.25 - Egis Technology Inc.) Hidden MyWinLocker Suite (x32 Version: 4.0.14.15 - Egis Technology Inc.) Hidden Native Instruments Controller Editor (Version: 1.3.5.667 - Native Instruments) Hidden Native Instruments Guitar Rig 5 (Version: 5.0.1.2447 - Native Instruments) Hidden Native Instruments Massive (Version: 1.1.4.1901 - Native Instruments) Hidden Native Instruments Service Center (Version: 2.2.6.676 - Native Instruments) Hidden Neat Video v3.3.0 Pro plug-in for Edius (32-bit) (HKLM-x32\...\Neat Video for Edius (32-bit)_is1) (Version: - Neat Video team, ABSoft) NewBlue ColorFast for Magix (HKLM-x32\...\NewBlue ColorFast for Magix) (Version: 1.4 - NewBlue) NewBlueFX Light Blends (HKLM-x32\...\NewBlueFX Light Blends) (Version: 1.4 - NewBlue) No23 Recorder (HKLM-x32\...\No23 Recorder) (Version: 2.1.0.3 - No23) No23 Recorder (x32 Version: 2.1.0.3 - No23) Hidden Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team) NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden O&O CleverCache (HKLM\...\{E520EB70-A071-4A1A-9BD2-B28CC6D9DB22}) (Version: 7.1.2737 - O&O Software GmbH) O&O Defrag Professional (HKLM\...\{0E1123D5-18D1-4ED9-8ECB-0949F1ADB133}) (Version: 16.0.367 - O&O Software GmbH) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 9.0 - PlotSoft LLC) Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.2.00.03250 - Sony Corporation) Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden PowerDirector (Version: 9.00.0000 - CyberLink Corp.) Hidden proDAD Adorage 3.0 (HKLM-x32\...\proDAD-Adorage-3.0) (Version: 3.0.92 - proDAD GmbH) proDAD Heroglyph 2.5 (HKLM-x32\...\proDAD-Heroglyph-2.5) (Version: - ) proDAD Heroglyph 4.0 (HKLM-x32\...\proDAD-Heroglyph-4.0) (Version: 4.0.189.1 - proDAD GmbH) proDAD Mercalli 2.1 (HKLM-x32\...\proDAD-Mercalli-2.1) (Version: 2.1.4402 - proDAD GmbH) proDAD Vitascene 1.0 (HKLM-x32\...\proDAD-Vitascene-1.0) (Version: - ) proDAD Vitascene 2.0 (HKLM-x32\...\proDAD-Vitascene-2.0) (Version: 2.0.186 - proDAD GmbH) PSTScanner (HKLM\...\{AD39F8BE-AB2E-4160-80D9-D9150E65A294}_is1) (Version: 2.5.0.10 - ) PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - ) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6329 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.) RemoteComms driver (HKLM-x32\...\{43BEEE26-01A8-4EEE-8632-2353261E3B55}) (Version: 1.25.0000 - Oxford Semiconductor) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software) Samplitude Music Studio 2014 (HKLM-x32\...\MX.{0C51DFA2-BF25-4665-924F-3C2BE387DF88}) (Version: 20.0.1.14 - MAGIX AG) Samplitude Music Studio 2014 (Objekt-Synthesizer) (HKLM-x32\...\MX.{4E38261C-B47F-459F-9476-4D05C8A1E804}) (Version: 1.0.0.0 - MAGIX AG) Samplitude Music Studio 2014 (Objekt-Synthesizer) (Version: 1.0.0.0 - MAGIX AG) Hidden Samplitude Music Studio 2014 (Solo Jam-Session & Easy-Recording Content) (HKLM-x32\...\MX.{EE7438D5-B907-4E11-90F0-E3C655C19B54}) (Version: 1.0.0.0 - MAGIX AG) Samplitude Music Studio 2014 (Solo Jam-Session & Easy-Recording Content) (Version: 1.0.0.0 - MAGIX AG) Hidden Samplitude Music Studio 2014 (Version: 20.0.1.14 - MAGIX AG) Hidden Samplitude Music Studio 2014 Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden Samplitude Music Studio 2014 Update (Version: 20.0.2.16 - MAGIX AG) Hidden Samplitude Music Studio MX Content Pack (HKLM-x32\...\{0647EF1A-62FF-499C-8F2D-D3FFAF6FDE03}) (Version: 1.0.0.0 - MAGIX AG) Samplitude Music Studio MX Download-Version (x32 Version: 18.0.0.43 - MAGIX AG) Hidden Scarlett Plug-in Suite 1.4 (HKLM-x32\...\{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1) (Version: 1.4 - Focusrite) Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.) Smart File Advisor 1.1.3 (HKLM-x32\...\Smart File Advisor_is1) (Version: 1.1.3 - Filefacts.net) SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.) SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden Soda PDF 6 (HKLM-x32\...\Soda6) (Version: 6.0.82.13912 - LULU Software Limited) Soda PDF 6 Asian Fonts Pack (HKLM-x32\...\{7CF635DE-5292-4C36-9356-B21CEF4A6CF8}) (Version: 6.3.8.17473 - LULU Software Limited) Soda PDF 6 Convert Module (HKLM-x32\...\{05F9C506-5880-4D36-861F-41E46A9F8D28}) (Version: 6.3.8.17473 - LULU Software Limited) Soda PDF 6 Create Module (HKLM-x32\...\{006415DD-2FED-485A-96BF-6F47778E5818}) (Version: 6.3.8.17473 - LULU Software Limited) Soda PDF 6 Edit Module (HKLM-x32\...\{768776D3-A3FC-4BE5-AA7F-9585B3462799}) (Version: 6.3.8.17473 - LULU Software Limited) Soda PDF 6 Forms Module (HKLM-x32\...\{8D65F9DF-C23C-4E63-9E24-2AFB9C7E9448}) (Version: 6.3.8.17473 - LULU Software Limited) Soda PDF 6 Insert Module (HKLM-x32\...\{D6231430-046E-416E-9A63-6009D800C824}) (Version: 6.3.8.17473 - LULU Software Limited) Soda PDF 6 OCR Module (x32 Version: 6.3.8.17473 - LULU Software Limited) Hidden Soda PDF 6 Review Module (HKLM-x32\...\{0E5BED18-13C0-4CB4-98B8-4737B931503C}) (Version: 6.3.8.17473 - LULU Software Limited) Soda PDF 6 Secure Module (HKLM-x32\...\{AA787745-E7B4-45F5-B6CB-48D76343379F}) (Version: 6.3.8.17473 - LULU Software Limited) Soda PDF 6 View Module (HKLM-x32\...\{1D568381-5001-403E-8D65-4A0D6E2ACC03}) (Version: 6.3.8.17473 - LULU Software Limited) Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH) Steinberg HALionOne GM Drum Set (HKLM-x32\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH) Steinberg HALionOne GM Set (HKLM-x32\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH) Steinberg Sequel LE 2 (HKLM-x32\...\{7146D087-B853-4E00-BB52-883DCE99F155}) (Version: 2.0.5 - Steinberg Media Technologies GmbH) streamWriter (HKLM-x32\...\streamWriter_is1) (Version: - ) Synology Cloud Station (remove only) (HKCU\...\Synology CloudStation) (Version: - ) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer) TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version: - Code Sector) The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.0.126 - PandoraTV) Transcribe! 8.31 (HKLM-x32\...\Transcribe!_is1) (Version: 8.31 - Seventh String Software) TreeSize Free V3.0.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.0.1 - JAM Software) True Image 2013 (HKLM-x32\...\{59F3D2AC-5F1F-4A93-8F23-6FD4F029D9A9}Visible) (Version: 16.0.5551 - Acronis) True Image 2013 (x32 Version: 16.0.5551 - Acronis) Hidden TVCenter (HKLM\...\{18F703C3-32EC-4E5C-BC3C-C1BD72D35F5B}) (Version: 6.4.2.880 - PCTV Systems) Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.) Vita 2 (Version: 1.0.0.0 - MAGIX AG) Hidden Vita 2 Zusatzcontent (Version: 1.0.0.0 - MAGIX AG) Hidden Vita Electric Piano (Version: 1.0.2.0 - MAGIX AG) Hidden Vita Electric Piano Update (Version: 1.0.2.0 - MAGIX AG) Hidden Vita Pop Brass (Version: 1.0.0.0 - MAGIX AG) Hidden Vita Power Guitar (Version: 1.0.0.0 - MAGIX AG) Hidden Vita Vintage Organ (Version: 1.0.1.0 - MAGIX AG) Hidden Vita Vintage Organ Update (Version: 1.0.1.0 - MAGIX AG) Hidden VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) WD SmartWare (HKLM\...\{07179D37-D5FE-4373-90D9-A25B992EFB3E}) (Version: 1.4.5.5 - Western Digital) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3501 - Acer Incorporated) Winamp (HKLM-x32\...\Winamp) (Version: 5.64 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Home Server-CD zum Wiederherstellen von Heimcomputern (Dual-Boot-Version) (HKLM-x32\...\{E98E2A33-05D1-476B-B81B-40F4BD957056}) (Version: 1 - Microsoft Corporation) Windows Live Argazki Galeria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation) Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation) Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (07/07/2011 15.32.4.883) (HKLM\...\F4B837225347AABC4F4DB6067C4D5642AF04B34C) (Version: 07/07/2011 15.32.4.883 - Focusrite) Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (09/10/2012 2.4.128.0) (HKLM\...\4214A1CFC1A368A5078729BFD4B211F0CDB5CEC5) (Version: 09/10/2012 2.4.128.0 - Focusrite) WinRAR (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH) Wondershare Audio Converter(Build 4.2.1.0) (HKLM-x32\...\Wondershare Audio Converter_is1) (Version: - Wondershare Software) Wondershare Media Converter(Build 1.3.5.0) (HKLM-x32\...\Wondershare Media Converter_is1) (Version: - Wondershare Software) Wondershare Streaming Audio Recorder(Build 2.0.3.3) (HKLM-x32\...\Wondershare Streaming Audio Recorder_is1) (Version: 2.0.3.3 - Wondershare Software Co.,Ltd.) Wondershare TunesGo ( Version 4.1.0 ) (HKLM-x32\...\{0B31C808-8274-460D-8846-C711D40544A0}_is1) (Version: 4.1.0 - Wondershare) XAMPP 1.8.1 (HKLM-x32\...\xampp) (Version: - ) ZOOM Edit&Share for Windows (HKLM-x32\...\{E99B8E1C-262D-49E6-9A84-D2AC486B2648}) (Version: 5.00.0000 - ZOOM Corporation) Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3406220267-2230971110-2032019791-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3406220267-2230971110-2032019791-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Acer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3406220267-2230971110-2032019791-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Acer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3406220267-2230971110-2032019791-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Acer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3406220267-2230971110-2032019791-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Acer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3406220267-2230971110-2032019791-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Acer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3406220267-2230971110-2032019791-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3406220267-2230971110-2032019791-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3406220267-2230971110-2032019791-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3406220267-2230971110-2032019791-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3406220267-2230971110-2032019791-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3406220267-2230971110-2032019791-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3406220267-2230971110-2032019791-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3406220267-2230971110-2032019791-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 30-08-2014 20:52:14 Removed VisTitle 2.5.0.0 Trial Version 02-09-2014 08:08:55 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2011-11-19 12:11 - 00001310 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {07E00443-50BE-422C-824C-A84860072B0C} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Acer-PC-Acer Acer-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-08-26] (Microsoft Corporation) Task: {37391D44-CCE2-40CA-A013-014F3D356298} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-30] (Adobe Systems Incorporated) Task: {43894F2E-F21C-4BA5-9226-8A5E91E28522} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {46F2A758-F165-450F-8B65-F77497135543} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {4BC1C821-F461-4817-BDFD-17F2C4F5721A} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe Task: {926B6AAB-3C36-418C-A335-D4F8CE018830} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-08-26] (Microsoft Corporation) Task: {963B7582-AF59-477D-A990-C0FF2FCC5F80} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {A1E863E7-86BC-4799-954E-B874873908B9} - System32\Tasks\AdobeAAMUpdater-1.0-Acer-PC-Acer => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated) Task: {A8483671-4CA4-4245-BF00-EB58F947C001} - System32\Tasks\4560 => Wscript.exe C:\Users\Acer\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {B3A0B8C9-EDC6-44AD-8587-AFBD3589FCB4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation) Task: {B6BD9906-49F5-444E-B3B7-846461E87ABA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-09] (Google Inc.) Task: {B8CC046C-DA6A-4DF6-95EF-55335461CD77} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2012-09-18] (CyberLink Corp.) Task: {D2456E92-F1DF-4BD3-A06F-FAAE38D311DF} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS.exe Task: {E6CFF045-3493-46DB-ACC4-AD17396FEC61} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2012-09-18] (CyberLink) Task: {F2D6A187-3B12-4519-8FB6-7E55B0803ABF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd) Task: {F5DD7FD8-EAB1-4D51-99ED-DC27CFCF3D93} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-09] (Google Inc.) Task: {FA486233-DA24-4010-BA06-C1B1A88C2A0C} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2012-09-18] (Acer Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2014-03-02 22:59 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2012-10-30 09:34 - 2007-09-02 14:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe 2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll 2013-01-28 21:13 - 2011-10-26 18:41 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll 2011-08-13 19:23 - 2010-03-15 12:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll 2009-01-22 01:45 - 2009-01-22 01:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll 2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-03-02 22:59 - 2014-06-11 11:23 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2012-10-14 13:03 - 2007-09-02 14:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll 2014-03-02 22:59 - 2014-03-19 10:52 - 00022696 _____ () C:\Program Files\Microsoft Office 15\root\office15\lynchtmlconvpxy.dll 2014-03-02 22:59 - 2014-06-11 11:23 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll 2012-09-18 14:24 - 2012-09-18 14:24 - 00208080 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Windows:A7BD40D6F706587B AlternateDataStreams: C:\Users\Acer\AppData\Roaming\Durch Trennzeichen getrennte Werte.EML:OECustomProperty AlternateDataStreams: C:\ProgramData\Temp:37A3705D AlternateDataStreams: C:\ProgramData\Temp:8173A019 AlternateDataStreams: C:\ProgramData\Temp:BF31A799 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: AcrSch2Svc => 2 MSCONFIG\Services: AdobeActiveFileMonitor12.0 => 2 MSCONFIG\Services: afcdpsrv => 2 MSCONFIG\Services: AMD External Events Utility => 2 MSCONFIG\Services: AtherosSvc => 2 MSCONFIG\Services: Browser Manager => 2 MSCONFIG\Services: CLKMSVC10_34E30CCC => 2 MSCONFIG\Services: DirMngr => 2 MSCONFIG\Services: DsiWMIService => 2 MSCONFIG\Services: EgisTec Ticket Service => 3 MSCONFIG\Services: FirebirdServerMAGIXInstance => 3 MSCONFIG\Services: GREGService => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: IAStorDataMgrSvc => 2 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: LaCieDesktopManagerService => 2 MSCONFIG\Services: Live Updater Service => 2 MSCONFIG\Services: MBAMScheduler => 2 MSCONFIG\Services: MBAMService => 2 MSCONFIG\Services: McComponentHostService => 3 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: MySQL => 2 MSCONFIG\Services: NIHardwareService => 2 MSCONFIG\Services: NTI IScheduleSvc => 2 MSCONFIG\Services: O&O CleverCache => 2 MSCONFIG\Services: OODefragAgent => 2 MSCONFIG\Services: PanService => 2 MSCONFIG\Services: PMBDeviceInfoProvider => 2 MSCONFIG\Services: RichVideo64 => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Soda PDF 6 => 3 MSCONFIG\Services: Soda PDF 6 Creator => 2 MSCONFIG\Services: syncagentsrv => 2 MSCONFIG\Services: TeamViewer8 => 2 MSCONFIG\Services: TeamViewer9 => 2 MSCONFIG\Services: TomTomHOMEService => 2 MSCONFIG\Services: TurboBoost => 3 MSCONFIG\Services: UNS => 2 MSCONFIG\Services: Update WebConnect => 2 MSCONFIG\Services: UpdaterService => 2 MSCONFIG\Services: Virtual CDAudio Service => 2 MSCONFIG\Services: vToolbarUpdater12.1.5 => 2 MSCONFIG\Services: WajamUpdater => 2 MSCONFIG\Services: WDDMService => 2 MSCONFIG\Services: WDFME => 2 MSCONFIG\Services: WDSC => 2 MSCONFIG\Services: Web Assistant Updater => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GV LicenseManager.lnk => C:\Windows\pss\GV LicenseManager.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nach Updates suchen.lnk => C:\Windows\pss\Nach Updates suchen.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^O&O Defrag Tray.lnk => C:\Windows\pss\O&O Defrag Tray.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^simplicheck.lnk => C:\Windows\pss\simplicheck.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk => C:\Windows\pss\WDDMStatus.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Acer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Canon IJ Status Monitor Canon MG5300 series Printer WS.lnk => C:\Windows\pss\Canon IJ Status Monitor Canon MG5300 series Printer WS.lnk.Startup MSCONFIG\startupfolder: C:^Users^Acer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CloudStation.lnk => C:\Windows\pss\CloudStation.lnk.Startup MSCONFIG\startupfolder: C:^Users^Acer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupfolder: C:^Users^Acer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AnyDVD => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe MSCONFIG\startupreg: ApplyEsf-eDocPrintPro => MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k MSCONFIG\startupreg: CAHeadless => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe MSCONFIG\startupreg: CloneCDTray => "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: DATAMNGR => MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: Dolby Advanced Audio v2 => "C:\Dolby PCEE4\pcee4.exe" -autostart MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d MSCONFIG\startupreg: Google Update => "C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe MSCONFIG\startupreg: IntelTBRunOnce => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: LaCie Desktop Manager Launcher => MSCONFIG\startupreg: LaCie Desktop Manager Startup => "C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe" MSCONFIG\startupreg: LaCie Ethernet Agent Startup => "C:\Program Files\LaCie\Network Assistant\LaCie Network Assistant.exe" silent MSCONFIG\startupreg: LightScribe Control Panel => MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch MSCONFIG\startupreg: ooccctrl.exe => C:\Program Files\OO Software\CleverCache\ooccctrl.exe /tasktray MSCONFIG\startupreg: OODefragTray => C:\Program Files\OO Software\Defrag\oodtray.exe MSCONFIG\startupreg: Path => "C:\Program Files (x86)\ZOOM\Edit_Share\bin\ZOOM Edit&Share startup.exe" MSCONFIG\startupreg: PixelPlanet PdfPrinter-Monitor => "C:\Program Files (x86)\Common Files\PixelPlanet\PdfPrinter 7\PdfPrinterMonitor.exe" MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe MSCONFIG\startupreg: Power Management => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe MSCONFIG\startupreg: PSDrvCheck => C:\Windows\system32\PSDrvCheck.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RocketDock => "C:\Program Files (x86)\RocketDock\RocketDock.exe" MSCONFIG\startupreg: SkyDrive => "C:\Users\Acer\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: Smart File Advisor => "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /checkassoc MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe MSCONFIG\startupreg: system32 => "%Windir%\system32.exe" MSCONFIG\startupreg: TrayServer => C:\PROGRA~2\MAGIX\VIDEO_~2\TrayServer_de.exe MSCONFIG\startupreg: vProt => MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe" MSCONFIG\startupreg: Wondershare Helper Compact => "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe MSCONFIG\startupreg: ZortamMp3MediaStudio => ==================== Faulty Device Manager Devices ============= Name: Atheros AR5B97 Wireless Network Adapter Description: Atheros AR5B97 Wireless Network Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Atheros Communications Inc. Service: athr Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: GDMnIcpt Description: GDMnIcpt Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: GDMnIcpt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: HookCentre Description: HookCentre Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: HookCentre Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= |
|
02.09.2014, 17:51
| #6 |
| |  Gdata läßt sich nicht öffnen ! Teil 4b Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-02 13:11:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 INTEL_SS rev.4PC1 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Acer\AppData\Local\Temp\kwldrpob.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007791f9e0 5 bytes JMP 0000000170bcf270
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey 000000007791fa28 5 bytes JMP 0000000170bcf8d2
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007791fa40 5 bytes JMP 0000000170bce00d
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtQueryKey 000000007791fa90 5 bytes JMP 0000000170bcdb69
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 000000007791faa8 5 bytes JMP 0000000170bcde5a
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey 000000007791fb40 5 bytes JMP 0000000170bcfb12
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007791fc38 5 bytes JMP 0000000170bdaccc
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateKey 000000007791fd4c 5 bytes JMP 0000000170bcd9b1
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007791fd64 5 bytes JMP 0000000170bda2ee
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007791fd98 5 bytes JMP 0000000170bda5e9
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007791fe44 5 bytes JMP 0000000170bcee45
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 000000007791fe5c 5 bytes JMP 0000000170bda417
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779200b4 5 bytes JMP 0000000170bda133
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000779201c4 5 bytes JMP 0000000170bce1b5
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtCreateKeyTransacted 0000000077920754 5 bytes JMP 0000000170bcfbb4
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtDeleteFile 00000000779209e4 5 bytes JMP 0000000170bda32b
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtDeleteKey 00000000779209fc 5 bytes JMP 0000000170bcd785
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077920a44 5 bytes JMP 0000000170bce36b
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtFlushKey 0000000077920b80 5 bytes JMP 0000000170bcd89b
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeKey 0000000077920f70 5 bytes JMP 0000000170bce7f8
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077920f88 5 bytes JMP 0000000170bce994
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx 0000000077921018 5 bytes JMP 0000000170bcf95f
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyTransacted 0000000077921030 5 bytes JMP 0000000170bcfa82
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyTransactedEx 0000000077921048 5 bytes JMP 0000000170bcf9ef
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 000000007792133c 5 bytes JMP 0000000170bda500
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey 000000007792147c 5 bytes JMP 0000000170bce66b
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtQuerySecurityObject 0000000077921528 5 bytes JMP 0000000170bceb58
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey 0000000077921718 5 bytes JMP 0000000170bce4e3
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationKey 0000000077921a58 5 bytes JMP 0000000170bcdd12
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject 0000000077921b9c 5 bytes JMP 0000000170bcecda
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000076a3103d 5 bytes JMP 0000000170bb35da
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076a31072 5 bytes JMP 0000000170bb3a3e
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076a5c9b5 5 bytes JMP 0000000170bb36f4
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076ab2ff1 5 bytes JMP 0000000170bb3938
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075442642 5 bytes JMP 0000000170bb3c4b
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 00000000770f9ebd 5 bytes JMP 000000016b0b61bd
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 0000000077100afa 5 bytes JMP 000000016b0bac1d
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000077101361 5 bytes JMP 000000016b0c9197
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\USER32.dll!ValidateRect 0000000077107849 5 bytes JMP 000000016b2272cf
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\SHELL32.dll!SHParseDisplayName 0000000075937edb 5 bytes JMP 000000016b1806a2
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076ca6143 5 bytes JMP 000000016b7fec5c
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\ole32.dll!CoResumeClassObjects + 7 0000000076caea09 7 bytes JMP 0000000170bee7f9
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\ole32.dll!OleRun 0000000076cb07de 5 bytes JMP 0000000170bee338
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\ole32.dll!CoRegisterClassObject 0000000076cb21e1 5 bytes JMP 0000000170bf1c0c
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\ole32.dll!OleUninitialize 0000000076cbeba1 6 bytes JMP 0000000170bee2af
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\ole32.dll!OleInitialize 0000000076cbefd7 5 bytes JMP 0000000170bee267
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\ole32.dll!CoGetClassObject 0000000076cd54ad 5 bytes JMP 0000000170bf0282
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\ole32.dll!CoInitializeEx 0000000076ce09ad 5 bytes JMP 0000000170bee207
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\ole32.dll!CoUninitialize 0000000076ce86d3 5 bytes JMP 0000000170bf0c96
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076ce9d0b 5 bytes JMP 0000000170bf19b3
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076ce9d4e 5 bytes JMP 0000000170bef891
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\ole32.dll!CoSuspendClassObjects + 7 0000000076d0bb09 7 bytes JMP 0000000170bee380
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\ole32.dll!CoRevokeClassObject 0000000076d2eacf 5 bytes JMP 0000000170beff46
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\ole32.dll!CoGetInstanceFromFile 0000000076d6340b 5 bytes JMP 0000000170bf0d96
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\ole32.dll!OleRegEnumFormatEtc 0000000076dacfd9 5 bytes JMP 0000000170bee2f0
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000077473e59 5 bytes JMP 000000016b0f3c00
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000077473eae 5 bytes JMP 000000016b109071
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000077474731 5 bytes JMP 000000016b112760
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000077475dee 5 bytes JMP 000000016b18abb1
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\OLEAUT32.dll!RegisterActiveObject 00000000774a279e 1 byte JMP 0000000170bf08a2
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\OLEAUT32.dll!RegisterActiveObject + 2 00000000774a27a0 3 bytes {JMP RAX}
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\OLEAUT32.dll!RevokeActiveObject 00000000774a3294 5 bytes JMP 0000000170bee1bf
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\OLEAUT32.dll!GetActiveObject 00000000774b8f40 5 bytes JMP 0000000170bf0a36
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000754b1465 2 bytes [4B, 75]
.text C:\Program Files\Microsoft Office 15\root\office15\lync.exe[2624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754b14bb 2 bytes [4B, 75]
.text ... * 2
.text C:\Program Files (x86)\RocketDock\RocketDock.exe[2656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000754b1465 2 bytes [4B, 75]
.text C:\Program Files (x86)\RocketDock\RocketDock.exe[2656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754b14bb 2 bytes [4B, 75]
.text ... * 2
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007791f9e0 5 bytes JMP 0000000170bcf270
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey 000000007791fa28 5 bytes JMP 0000000170bcf8d2
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007791fa40 5 bytes JMP 0000000170bce00d
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!NtQueryKey 000000007791fa90 5 bytes JMP 0000000170bcdb69
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 000000007791faa8 5 bytes JMP 0000000170bcde5a
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey 000000007791fb40 5 bytes JMP 0000000170bcfb12
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007791fc38 5 bytes JMP 0000000170bdaccc
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateKey 000000007791fd4c 5 bytes JMP 0000000170bcd9b1
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007791fd64 5 bytes JMP 0000000170bda2ee
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007791fd98 5 bytes JMP 0000000170bda5e9
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007791fe44 5 bytes JMP 0000000170bcee45
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 000000007791fe5c 5 bytes JMP 0000000170bda417
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779200b4 5 bytes JMP 0000000170bda133
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000779201c4 5 bytes JMP 0000000170bce1b5
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!NtCreateKeyTransacted 0000000077920754 5 bytes JMP 0000000170bcfbb4
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!NtDeleteFile 00000000779209e4 5 bytes JMP 0000000170bda32b
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!NtDeleteKey 00000000779209fc 5 bytes JMP 0000000170bcd785
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077920a44 5 bytes JMP 0000000170bce36b
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!NtFlushKey 0000000077920b80 5 bytes JMP 0000000170bcd89b
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeKey 0000000077920f70 5 bytes JMP 0000000170bce7f8
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077920f88 5 bytes JMP 0000000170bce994
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx 0000000077921018 5 bytes JMP 0000000170bcf95f
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyTransacted 0000000077921030 5 bytes JMP 0000000170bcfa82
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyTransactedEx 0000000077921048 5 bytes JMP 0000000170bcf9ef
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 000000007792133c 5 bytes JMP 0000000170bda500
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey 000000007792147c 5 bytes JMP 0000000170bce66b
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!NtQuerySecurityObject 0000000077921528 5 bytes JMP 0000000170bceb58
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey 0000000077921718 5 bytes JMP 0000000170bce4e3
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationKey 0000000077921a58 5 bytes JMP 0000000170bcdd12
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject 0000000077921b9c 5 bytes JMP 0000000170bcecda
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000076a3103d 5 bytes JMP 0000000170bb35da
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076a31072 5 bytes JMP 0000000170bb3a3e
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076a38791 5 bytes JMP 000000016b0999e5
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076a5c9b5 5 bytes JMP 0000000170bb36f4
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076ab2ff1 5 bytes JMP 0000000170bb3938
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075442642 5 bytes JMP 0000000170bb3c4b
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 00000000770f9ebd 5 bytes JMP 000000016b0b61bd
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 0000000077100afa 5 bytes JMP 000000016b0bac1d
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000077101361 5 bytes JMP 000000016b0c9197
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\USER32.dll!ValidateRect 0000000077107849 5 bytes JMP 000000016b2272cf
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\SHELL32.dll!SHParseDisplayName 0000000075937edb 5 bytes JMP 000000016b1806a2
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076ca6143 5 bytes JMP 000000016b7fec5c
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\ole32.dll!CoResumeClassObjects + 7 0000000076caea09 7 bytes JMP 0000000170bee7f9
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\ole32.dll!OleRun 0000000076cb07de 5 bytes JMP 0000000170bee338
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\ole32.dll!CoRegisterClassObject 0000000076cb21e1 5 bytes JMP 0000000170bf1c0c
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\ole32.dll!OleUninitialize 0000000076cbeba1 6 bytes JMP 0000000170bee2af
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\ole32.dll!OleInitialize 0000000076cbefd7 5 bytes JMP 0000000170bee267
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\ole32.dll!CoGetClassObject 0000000076cd54ad 5 bytes JMP 0000000170bf0282
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\ole32.dll!CoInitializeEx 0000000076ce09ad 5 bytes JMP 0000000170bee207
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\ole32.dll!CoUninitialize 0000000076ce86d3 5 bytes JMP 0000000170bf0c96
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076ce9d0b 5 bytes JMP 0000000170bf19b3
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076ce9d4e 5 bytes JMP 0000000170bef891
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\ole32.dll!CoSuspendClassObjects + 7 0000000076d0bb09 7 bytes JMP 0000000170bee380
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\ole32.dll!CoRevokeClassObject 0000000076d2eacf 5 bytes JMP 0000000170beff46
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\ole32.dll!CoGetInstanceFromFile 0000000076d6340b 5 bytes JMP 0000000170bf0d96
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\ole32.dll!OleRegEnumFormatEtc 0000000076dacfd9 5 bytes JMP 0000000170bee2f0
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000077473e59 5 bytes JMP 000000016b0f3c00
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000077473eae 5 bytes JMP 000000016b109071
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000077474731 5 bytes JMP 000000016b112760
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000077475dee 5 bytes JMP 000000016b18abb1
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\OLEAUT32.dll!RegisterActiveObject 00000000774a279e 1 byte JMP 0000000170bf08a2
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\OLEAUT32.dll!RegisterActiveObject + 2 00000000774a27a0 3 bytes {JMP RAX}
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\OLEAUT32.dll!RevokeActiveObject 00000000774a3294 5 bytes JMP 0000000170bee1bf
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\OLEAUT32.dll!GetActiveObject 00000000774b8f40 5 bytes JMP 0000000170bf0a36
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000754b1465 2 bytes [4B, 75]
.text C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE[2756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754b14bb 2 bytes [4B, 75]
.text ... * 2
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007791f9e0 5 bytes JMP 000000016264f270
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey 000000007791fa28 5 bytes JMP 000000016264f8d2
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007791fa40 5 bytes JMP 000000016264e00d
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtQueryKey 000000007791fa90 5 bytes JMP 000000016264db69
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 000000007791faa8 5 bytes JMP 000000016264de5a
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey 000000007791fb40 5 bytes JMP 000000016264fb12
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007791fc38 5 bytes JMP 000000016265accc
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateKey 000000007791fd4c 5 bytes JMP 000000016264d9b1
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007791fd64 5 bytes JMP 000000016265a2ee
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007791fd98 5 bytes JMP 000000016265a5e9
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007791fe44 5 bytes JMP 000000016264ee45
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 000000007791fe5c 5 bytes JMP 000000016265a417
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779200b4 5 bytes JMP 000000016265a133
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000779201c4 5 bytes JMP 000000016264e1b5
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtCreateKeyTransacted 0000000077920754 5 bytes JMP 000000016264fbb4
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtDeleteFile 00000000779209e4 5 bytes JMP 000000016265a32b
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtDeleteKey 00000000779209fc 5 bytes JMP 000000016264d785
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077920a44 5 bytes JMP 000000016264e36b
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtFlushKey 0000000077920b80 5 bytes JMP 000000016264d89b
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeKey 0000000077920f70 5 bytes JMP 000000016264e7f8
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077920f88 5 bytes JMP 000000016264e994
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx 0000000077921018 5 bytes JMP 000000016264f95f
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyTransacted 0000000077921030 5 bytes JMP 000000016264fa82
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyTransactedEx 0000000077921048 5 bytes JMP 000000016264f9ef
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 000000007792133c 5 bytes JMP 000000016265a500
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey 000000007792147c 5 bytes JMP 000000016264e66b
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtQuerySecurityObject 0000000077921528 5 bytes JMP 000000016264eb58
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey 0000000077921718 5 bytes JMP 000000016264e4e3
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationKey 0000000077921a58 5 bytes JMP 000000016264dd12
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject 0000000077921b9c 5 bytes JMP 000000016264ecda
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000076a3103d 5 bytes JMP 00000001626335da
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076a31072 5 bytes JMP 0000000162633a3e
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076a5c9b5 5 bytes JMP 00000001626336f4
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076ab2ff1 5 bytes JMP 0000000162633938
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075442642 5 bytes JMP 0000000162633c4b
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 00000000770f9ebd 5 bytes JMP 000000016b0b61bd
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 0000000077100afa 5 bytes JMP 000000016b0bac1d
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000077101361 5 bytes JMP 000000016b0c9197
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\USER32.dll!ValidateRect 0000000077107849 5 bytes JMP 000000016b2272cf
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\SHELL32.dll!SHParseDisplayName 0000000075937edb 5 bytes JMP 000000016b1806a2
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076ca6143 5 bytes JMP 000000016b7fec5c
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\ole32.dll!CoResumeClassObjects + 7 0000000076caea09 7 bytes JMP 000000016266e7f9
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\ole32.dll!OleRun 0000000076cb07de 5 bytes JMP 000000016266e338
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\ole32.dll!CoRegisterClassObject 0000000076cb21e1 5 bytes JMP 0000000162671c0c
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\ole32.dll!OleUninitialize 0000000076cbeba1 6 bytes JMP 000000016266e2af
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\ole32.dll!OleInitialize 0000000076cbefd7 5 bytes JMP 000000016266e267
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\ole32.dll!CoGetClassObject 0000000076cd54ad 5 bytes JMP 0000000162670282
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\ole32.dll!CoInitializeEx 0000000076ce09ad 5 bytes JMP 000000016266e207
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\ole32.dll!CoUninitialize 0000000076ce86d3 5 bytes JMP 0000000162670c96
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076ce9d0b 5 bytes JMP 00000001626719b3
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076ce9d4e 5 bytes JMP 000000016266f891
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\ole32.dll!CoSuspendClassObjects + 7 0000000076d0bb09 7 bytes JMP 000000016266e380
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\ole32.dll!CoRevokeClassObject 0000000076d2eacf 5 bytes JMP 000000016266ff46
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\ole32.dll!CoGetInstanceFromFile 0000000076d6340b 5 bytes JMP 0000000162670d96
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\ole32.dll!OleRegEnumFormatEtc 0000000076dacfd9 5 bytes JMP 000000016266e2f0
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\oleaut32.dll!SysFreeString 0000000077473e59 5 bytes JMP 000000016b0f3c00
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\oleaut32.dll!VariantClear 0000000077473eae 5 bytes JMP 000000016b109071
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\oleaut32.dll!SysAllocStringByteLen 0000000077474731 5 bytes JMP 000000016b112760
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\oleaut32.dll!VariantChangeType 0000000077475dee 5 bytes JMP 000000016b18abb1
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\oleaut32.dll!RegisterActiveObject 00000000774a279e 1 byte JMP 00000001626708a2
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\oleaut32.dll!RegisterActiveObject + 2 00000000774a27a0 3 bytes {JMP RAX}
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\oleaut32.dll!RevokeActiveObject 00000000774a3294 5 bytes JMP 000000016266e1bf
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\oleaut32.dll!GetActiveObject 00000000774b8f40 5 bytes JMP 0000000162670a36
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000754b1465 2 bytes [4B, 75]
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754b14bb 2 bytes [4B, 75]
.text ... * 2
.text C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000754b1465 2 bytes [4B, 75]
.text C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754b14bb 2 bytes [4B, 75]
.text ... * 2
.text C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000754b1465 2 bytes [4B, 75]
.text C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754b14bb 2 bytes [4B, 75]
.text ... * 2
.text C:\Users\Downloads\Gmer-19357.exe[4756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000754b1465 2 bytes [4B, 75]
.text C:\Users\Downloads\Gmer-19357.exe[4756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754b14bb 2 bytes [4B, 75]
.text ... * 2
---- Processes - GMER 2.1 ----
Library C:\Users\Acer\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2016] (TODO: <File description>/TODO: <Company name>)(2013-04-12 11:40:10) 0000000010000000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\lync.exe [2624] 000000006b090000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\riched20.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\lync.exe [2624] 0000000063c10000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\MSOIDCLIL.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\lync.exe [2624] 0000000073c50000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE [2756] 000000006b090000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\csi.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE [2756] 0000000074dd0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE [2756] 00000000748e0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACECORE.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE [2756] 0000000074100000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\1031\ACEWSTR.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE [2756] 0000000074020000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACEES.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE [2756] 0000000073f80000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\VBAJET32.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE [2756] 0000000063e00000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\expsrv.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE [2756] 0000000063da0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACEERR.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE [2756] 0000000062920000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [3168] 000000006b090000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\riched20.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [3168] 0000000063c10000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\MSPTLS.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [3168] 0000000061fc0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\csi.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [3168] 0000000074dd0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [3168] 00000000748e0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACECORE.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [3168] 0000000074100000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\1031\ACEWSTR.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [3168] 0000000074020000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACEES.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [3168] 0000000073f80000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\VBAJET32.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [3168] 0000000063e00000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\expsrv.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [3168] 0000000063da0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACEERR.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [3168] 0000000062920000
Library C:\Users\Acer\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll (*** suspicious ***) @ C:\Program Files\GPSoftware\Directory Opus\dopus.exe [5076] (TODO: <File description>/TODO: <Company name>)(2013-04-12 11:40:10) 0000000010000000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot@OfficeODC ?????????????????????????????????t???{??noupper??????????????u???????v??? ???????v???????????l?:????????h????????:??\SystemRoot\system32\drivers\stexstor.sys?????X??u?????????????????????????????????????????????????????????v???v?:??? ???????v?????v?????n?:????????????????e???? ???????{?????u???????,??L?????????&?????????????????????????V????????????n?????????=???=???v?v?v???v??? ???????v???????????l?:????????h?????????????????????????????????T??v??????????????SCSI Miniport???????????????????????????????????????????? ???????v???????????4?:????????h????????:??system32\DRIVERS\umbus.sys?s\umbus.sys??????????????ad??Microsoft????????v???|??????iaStor??????????p??????v???v?:???????w???;???????????;???????w??????p????????????|???????o???????????????????????????v???y??????????@%SystemRoot%\system32\tcpipcfg.dll,-50004???????????f???????????e??? ??!????c?????380???????w???<?????????n?<???????w???;??????????? ???????{?????u???????,????????????&???????????????????????????????????????????????????t????????w???<?????????
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf7879fc5d
Reg HKLM\SYSTEM\ControlSet002\Control\BackupRestore\FilesNotToSnapshot@OfficeODC ???{?????h?h?????????????????r????????????H??????????????????????????????????p?p?p?p?p?p?p??????????????????????????150 -500?????????????p????????????N??p????????D?&???? ???p??????????????????????????t???{8ECC055D-047F-11D1-A537-0000F8753ED1}??????LegacyDriver??????$??p??????p???????????? ???????p?????p??????????H?????????????????? ???????p???????????p????????,? ???$????????????????????????? ??p?????????e????SMK QuatroPulse???????????????????D??????????p?????????e????TwoPPM???????????p??????????LSBFirst????450 -250????????.??????????s????????.??????????s????150 -750?????p???????p???????????????????????p??????????????????150 -1050???150??????????p????????????n??????????p????????????x?????450 -550?????????p???????????????p???????p????????????n??????????p????????????x?????450 -800????? ??????????????????450?????150 -1300????????p??????????????450 -1100????????p???????????????????p?p?p???????p??????????????????800 -450?????????p??????????????????300 -666????1200 -150????????p?????????????????????????????????????
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf7879fc5d (not active ControlSet)
---- EOF - GMER 2.1 ----
|
|
03.09.2014, 10:40
| #7 |
| /// the machine /// TB-Ausbilder | Gdata läßt sich nicht öffnen ! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\G DATA <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\G DATA <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\G DATA <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.09.2014, 13:08
| #8 |
| | Gdata läßt sich nicht öffnen ! Hallo Schrauber, hier die logs. Gruß [CODE]Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02 Ran by Acer at 2014-09-03 13:36:17 Run:1 Running from C:\Users\Downloads\First Boot Mode: Normal ============================================== Content of fixlist: ***************** Group Policy restriction on software: C:\Program Files (x86)\Common Files\G DATA <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files (x86)\G DATA <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\G DATA <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION ***************** HKCU => Group Policy Restriction on software not found. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. ==== End of Fixlog ==== Code:
ATTFilter ComboFix 14-08-31.01 - Acer 03.09.2014 13:42:50.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8174.6110 [GMT 2:00]
ausgeführt von:: c:\users\Acer\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Acer\AppData\Local\Adobe\gccheck.exe
c:\users\Acer\AppData\Local\Adobe\gtbcheck.exe
c:\users\Acer\AppData\Local\Adobe\SecurityScan_Release.exe
c:\users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C7981FE8-E81E-4EC2-A265-1731B9CD94AD}.xps
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hes6phug.default\search-metadata.json
c:\users\Downloads\ComboFix.exe
c:\users\Downloads\Defogger.exe
c:\users\Downloads\Gmer-19357.exe
c:\windows\Icon_1.ico
c:\windows\SysWow64\Chip.dll
c:\windows\SysWow64\cseDVH.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-08-03 bis 2014-09-03 ))))))))))))))))))))))))))))))
.
.
2014-09-03 11:48 . 2014-09-03 11:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-02 10:02 . 2014-09-02 10:02 -------- d-----w- c:\program files (x86)\Common Files\G Data
2014-09-02 09:22 . 2014-09-02 09:23 -------- d-----w- c:\users\Downloads\Service scan
2014-09-02 09:11 . 2014-09-02 09:12 -------- d-----w- c:\users\Downloads\Gdata
2014-09-02 09:11 . 2014-09-03 11:36 -------- d-----w- c:\users\Downloads\First
2014-09-02 08:57 . 2014-09-02 08:57 -------- d-----w- c:\windows\SysWow64\wbem\Logs
2014-09-02 08:50 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-09-02 08:19 . 2014-09-03 11:36 -------- d-----w- C:\FRST
2014-09-02 08:09 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B1D5087-6D7B-4FEF-A822-5A2FE3D56966}\mpengine.dll
2014-08-30 22:29 . 2014-09-02 21:02 -------- d-----w- c:\windows\SysWow64\GroupPolicy
2014-08-30 22:29 . 2014-08-30 22:36 -------- d--h--w- c:\windows\system32\GroupPolicy
2014-08-30 22:29 . 2014-08-30 22:29 -------- d-----w- c:\windows\SysWow64\GPBAK
2014-08-30 22:29 . 2008-04-14 00:11 295936 ----a-w- c:\windows\SysWow64\appmgr.dll
2014-08-30 22:29 . 2014-08-30 22:29 707354 ----a-w- c:\windows\unins000.exe
2014-08-30 21:53 . 2014-08-30 21:53 -------- d-----w- c:\users\Downloads\406874_intl_x64_zip
2014-08-30 20:01 . 2014-08-30 20:01 -------- d---a-w- C:\bootmedium
2014-08-30 18:48 . 2014-09-02 08:57 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-30 18:47 . 2014-08-30 18:47 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2014-08-30 18:47 . 2014-08-30 18:47 -------- d-----w- c:\programdata\Malwarebytes
2014-08-30 18:47 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-30 18:47 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-30 18:47 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-30 18:21 . 2014-08-30 20:50 -------- d-----w- c:\users\Acer\AppData\Roaming\Nico Mak Computing
2014-08-29 15:01 . 2014-08-30 08:03 -------- d-----w- c:\users\Downloads\piwik
2014-08-28 10:41 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-28 10:41 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-28 10:41 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-23 11:49 . 2014-08-23 11:49 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-08-15 08:01 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-15 08:01 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-15 08:01 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-15 08:01 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-15 08:01 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-15 08:01 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-15 08:01 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-15 08:01 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-15 07:53 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-15 07:53 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-15 07:53 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-15 07:53 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-14 20:28 . 2014-08-14 20:28 189128 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\LICLUA.EXE
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-30 10:26 . 2012-04-03 16:06 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-30 10:26 . 2011-07-21 17:41 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-29 15:09 . 2010-06-24 18:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-26 08:36 . 2014-03-02 21:08 590536 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-08-15 08:03 . 2011-07-21 10:00 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-08-05 07:20 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-07-07 11:32 . 2014-07-07 11:19 20992 ----a-w- c:\windows\system32\drivers\GDKBFlt64.sys
2014-06-26 22:52 . 2014-06-26 22:52 829264 ----a-w- c:\windows\system32\msvcr100.dll
2014-06-26 22:52 . 2014-06-26 22:52 608080 ----a-w- c:\windows\system32\msvcp100.dll
2014-06-26 21:32 . 2014-06-26 21:32 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll
2014-06-26 21:32 . 2014-06-26 21:32 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2014-06-18 02:18 . 2014-07-10 11:49 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-10 11:49 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-06 10:10 . 2014-07-10 11:49 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-10 11:49 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-10 11:48 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-10 11:48 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-10 11:48 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-08-01 09:58 233128 ----a-w- c:\users\Acer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-08-01 09:58 233128 ----a-w- c:\users\Acer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-08-01 09:58 233128 ----a-w- c:\users\Acer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-08-26 08:39 1730256 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-08-26 08:39 1730256 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-08-26 08:39 1730256 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lync"="c:\program files\Microsoft Office 15\root\office15\lync.exe" [2014-08-26 18999456]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-03 43816]
"G Data ASM"="c:\program files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe" [2013-12-19 431224]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2013-12-19 1724728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneDrive for Business.lnk - c:\program files\Microsoft Office 15\root\office15\GROOVE.EXE /RunFolderSync /TrayOnly [2014-8-26 8596664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EE761688-C137-4b04-8FAB-3C9CDF0886F0}"= "c:\program files\GPSoftware\Directory Opus\dopuslib32.dll" [2014-07-04 343128]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"AcronisTibMounterMonitor"=c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"Wondershare Helper Compact"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
"Wondershare Helper Compact.exe"=c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
.
R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys;c:\windows\SYSNATIVE\drivers\GDBehave.sys [x]
R1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys;c:\windows\SYSNATIVE\drivers\MiniIcpt.sys [x]
R1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys;c:\windows\SYSNATIVE\drivers\HookCentre.sys [x]
R2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 ffusb2audio;Focusrite USB 2.0 Audio Driver;c:\windows\system32\DRIVERS\ffusb2audio.sys;c:\windows\SYSNATIVE\DRIVERS\ffusb2audio.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 L6GX;Service - Line 6 GX;c:\windows\system32\Drivers\L6GX64.sys;c:\windows\SYSNATIVE\Drivers\L6GX64.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
R3 LULU Software CrashHandler;LULU Software CrashHandler;c:\program files (x86)\Soda PDF 6\crash-handler-ws.exe;c:\program files (x86)\Soda PDF 6\crash-handler-ws.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 OXSDIDRV_x64;Oxford Semi eSATA Filter (x64);c:\windows\system32\DRIVERS\OXSDIDRV_x64.sys;c:\windows\SYSNATIVE\DRIVERS\OXSDIDRV_x64.sys [x]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys;c:\windows\SYSNATIVE\DRIVERS\RTL2832U_IRHID.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
R3 Soda PDF 6;Soda PDF 6;c:\program files (x86)\Soda PDF 6\ws.exe;c:\program files (x86)\Soda PDF 6\ws.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R3 ZMGHPAudioSrv;ZOOM G Series High Performance Audio Driver Service;c:\windows\system32\drivers\zmghpau.sys;c:\windows\SYSNATIVE\drivers\zmghpau.sys [x]
R4 AdobeActiveFileMonitor12.0;Adobe Active File Monitor V12;c:\program files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [x]
R4 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
R4 CLKMSVC10_34E30CCC;CyberLink Product - 2012/10/13 18:19;c:\program files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe;c:\program files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe [x]
R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
R4 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 LaCieDesktopManagerService;LaCieDesktopManagerService;c:\program files\LaCie\Desktop Manager\lacie_dm_service.exe;c:\program files\LaCie\Desktop Manager\lacie_dm_service.exe [x]
R4 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
R4 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R4 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
R4 O&O CleverCache;O&O CleverCache ;c:\program files\OO Software\CleverCache\ooccag.exe;c:\program files\OO Software\CleverCache\ooccag.exe [x]
R4 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe;c:\program files\OO Software\Defrag\oodag.exe [x]
R4 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\KMPService.exe;c:\program files (x86)\PANDORA.TV\PanService\KMPService.exe [x]
R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
R4 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
R4 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
R4 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R4 Virtual CDAudio Service;Virtual CDAudio Service;c:\program files (x86)\Audials\Audials 10\VCDWriter\64\VCDAudioService.exe;c:\program files (x86)\Audials\Audials 10\VCDWriter\64\VCDAudioService.exe [x]
R4 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
R4 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [x]
R4 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\drivers\PxHlpa64.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
S1 cdrblock;cdrblock;c:\windows\system32\DRIVERS\cdrblock.sys;c:\windows\SYSNATIVE\DRIVERS\cdrblock.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 GDKBFlt;G Data GDKBFlt Driver;c:\windows\system32\drivers\GDKBFlt64.sys;c:\windows\SYSNATIVE\drivers\GDKBFlt64.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 Soda PDF 6 Creator;Soda PDF 6 Creator;c:\program files (x86)\Soda PDF 6\creator-ws.exe;c:\program files (x86)\Soda PDF 6\creator-ws.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys;c:\windows\SYSNATIVE\DRIVERS\azvusb.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
S3 rsvcdwdr;rsvcdwdr;c:\windows\system32\DRIVERS\rsvcdwdr.sys;c:\windows\SYSNATIVE\DRIVERS\rsvcdwdr.sys [x]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(1).sys [x]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(2).sys [x]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(3).sys [x]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(4).sys [x]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(5).sys [x]
S3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);c:\windows\system32\drivers\WsAudioDevice_383S(1).sys;c:\windows\SYSNATIVE\drivers\WsAudioDevice_383S(1).sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-15 09:36 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 10:26]
.
2014-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-09 13:12]
.
2014-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-09 13:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-08-01 09:58 260776 ----a-w- c:\users\Acer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-08-01 09:58 260776 ----a-w- c:\users\Acer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-08-01 09:58 260776 ----a-w- c:\users\Acer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-08-26 08:39 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-08-26 08:39 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-08-26 08:39 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01UnsuppModule]
@="{AEB16659-2125-4ADA-A4AB-45EE21E86469}"
[HKEY_CLASSES_ROOT\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}]
2013-04-12 11:40 2327552 ----a-w- c:\users\Acer\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02SyncingModule]
@="{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}"
[HKEY_CLASSES_ROOT\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}]
2013-04-12 11:40 2327552 ----a-w- c:\users\Acer\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03SyncedModule]
@="{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}"
[HKEY_CLASSES_ROOT\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}]
2013-04-12 11:40 2327552 ----a-w- c:\users\Acer\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2012-08-23 01:51 2741024 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2012-08-23 01:51 2741024 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2012-08-23 01:51 2741024 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-09 2189416]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}"= "c:\program files\GPSoftware\Directory Opus\dopuslib.dll" [2014-07-04 1571456]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office15\ONBttnIE.dll/105
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office15\EXCEL.EXE/3000
Trusted Zone: sharepoint.com\eventambulanz
Trusted Zone: sharepoint.com\eventambulanz-my
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hes6phug.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{5114DD3B-516D-EF4E-E0F7-1DA15B707DB5} - (no file)
BHO-{7C11799F-052C-9921-E37C-6015BD7BAD44} - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-!{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-!{9E131A93-EED7-4BEB-B015-A0ADB30B5646} - (no file)
Toolbar-!{F9639E4A-801B-4843-AEE3-03D9DA199E77} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{5114DD3B-516D-EF4E-E0F7-1DA15B707DB5} - (no file)
BHO-{7C11799F-052C-9921-E37C-6015BD7BAD44} - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-!{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
.
.
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_‡\00\00‡\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~‡\00\00‡\00\00\00\00~\00\00\00\00\00\00\00\00‘’“"
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3406220267-2230971110-2032019791-1000\Control Panel\International\Time]
@Denied: (A) (Everyone)
"{7EB348D2-86FD-4FA3-B17A-BCFBA9436034}"=hex:d2,48,b3,7e,fd,86,a3,4f,b1,7a,bc,
fb,a9,43,60,34,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{D3185195-2A22-4D87-AAB3-05785BD51713}"=hex:95,51,18,d3,22,2a,87,4d,aa,b3,05,
78,5b,d5,17,13,31,3c,5f,40,51,25,51,5b,5b,5e,4b,23,57,22,5b,42,59,39,26,47,\
"{4C66AD6C-C209-427F-82DD-600DED84834F}"=hex:6c,ad,66,4c,09,c2,7f,42,82,dd,60,
0d,ed,84,83,4f,50,52,30,51,4b,25,4b,39,3c,41,4b,23,47,27,43,46,24,39,52,2e,\
"{C9DF34E6-E244-42A9-AD79-BAD999C2EE53}"=hex:e6,34,df,c9,44,e2,a9,42,ad,79,ba,
d9,99,c2,ee,53,3b,3d,36,51,55,25,5f,41,38,3f,49,23,41,58,59,41,5d,39,40,58,\
"{1BFA98B6-26E2-4DBE-9B16-C807912256F0}"=hex:b6,98,fa,1b,e2,26,be,4d,9b,16,c8,
07,91,22,56,f0,56,54,33,52,42,25,4b,5d,53,5b,46,23,45,5e,49,2a,52,39,59,40,\
"{D1BE0BF4-7BA2-4E3F-BAE0-400FDB9B3509}"=hex:f4,0b,be,d1,a2,7b,3f,4e,ba,e0,40,
0f,db,9b,35,09,4d,51,50,33,41,25,3c,5e,3e,49,45,23,5d,40,55,5e,56,39,2d,2f,\
"{DA342750-B9D4-4EBA-96CC-12AE786F9111}"=hex:50,27,34,da,d4,b9,ba,4e,96,cc,12,
ae,78,6f,91,11,44,4e,4d,51,5e,25,5e,33,47,59,46,23,56,43,24,53,4b,39,58,2f,\
"{DDC7763B-9027-4057-B91D-466AE8102C73}"=hex:3b,76,c7,dd,27,90,57,40,b9,1d,46,
6a,e8,10,2c,73,52,57,5c,30,41,25,42,5a,53,3e,58,23,49,5d,40,57,4a,39,4c,2f,\
"{DA77225D-2537-4889-B368-02C8B86FFD6E}"=hex:5d,22,77,da,37,25,89,48,b3,68,02,
c8,b8,6f,fd,6e,49,50,51,4c,51,25,31,52,4f,4d,4f,23,39,48,5a,50,43,39,47,42,\
"{8B98B199-3D11-421B-9720-5FFCBDE5BFF0}"=hex:99,b1,98,8b,11,3d,1b,42,97,20,5f,
fc,bd,e5,bf,f0,55,46,46,5c,3f,25,3f,47,53,59,3f,23,59,4a,47,45,20,39,26,41,\
"{737D08E8-F188-421F-9BC3-57BABB9F75F2}"=hex:e8,08,7d,73,88,f1,1f,42,9b,c3,57,
ba,bb,9f,75,f2,50,40,55,4b,55,25,41,5d,5d,44,59,23,3b,41,56,42,5e,39,46,51,\
"{AAC1E739-C4D5-4C78-A6B7-2920E1CC065F}"=hex:39,e7,c1,aa,d5,c4,78,4c,a6,b7,29,
20,e1,cc,06,5f,5b,31,46,32,45,25,48,33,48,5f,39,23,43,46,5b,5c,46,39,56,5b,\
"{C31467FA-3E70-4037-B152-576513D362F5}"=hex:fa,67,14,c3,70,3e,37,40,b1,52,57,
65,13,d3,62,f5,48,33,40,54,3f,25,50,40,5a,40,35,23,3b,25,5c,5f,2b,39,4f,45,\
"{6C23012C-136E-47F8-871C-A1BF3C31AB2D}"=hex:2c,01,23,6c,6e,13,f8,47,87,1c,a1,
bf,3c,31,ab,2d,4b,57,43,33,53,25,5c,4d,38,58,3f,23,58,5d,40,59,25,39,59,45,\
"{8D7ED0D8-5007-43E4-90EB-00E6CCCE2BC4}"=hex:d8,d0,7e,8d,07,50,e4,43,90,eb,00,
e6,cc,ce,2b,c4,3b,3c,3d,52,41,25,50,4c,45,40,58,23,5b,5d,42,25,50,39,57,43,\
"{82E38E24-510F-4984-9AF4-407EE1B236D1}"=hex:24,8e,e3,82,0f,51,84,49,9a,f4,40,
7e,e1,b2,36,d1,4f,42,3d,42,5d,25,4c,33,4c,46,3e,23,5a,48,5f,44,5d,39,52,58,\
"{B3D9559F-0DE1-4989-86A7-A00014EFDECA}"=hex:9f,55,d9,b3,e1,0d,89,49,86,a7,a0,
00,14,ef,de,ca,4e,3c,4e,40,54,25,50,42,5f,44,54,23,58,26,53,4b,50,39,50,55,\
"{F9651F0A-8FA8-4621-AC8D-C26461D22F03}"=hex:0a,1f,65,f9,a8,8f,21,46,ac,8d,c2,
64,61,d2,2f,03,31,4a,32,3e,49,25,4a,4f,4c,4d,59,23,38,57,44,56,56,39,57,4c,\
"{77E8358A-83E8-487A-AA29-34A3EE377282}"=hex:8a,35,e8,77,e8,83,7a,48,aa,29,34,
a3,ee,37,72,82,5b,53,55,55,45,25,4c,39,4c,4a,4f,23,5b,5b,56,25,47,39,54,44,\
"{626DD72B-B99E-47CB-AD8E-EEE5A7A8F57F}"=hex:2b,d7,6d,62,9e,b9,cb,47,ad,8e,ee,
e5,a7,a8,f5,7f,42,48,42,5f,40,25,4a,32,5f,46,3a,23,44,27,25,50,47,39,58,20,\
"{A152FFC0-2C97-4656-B8B4-6D703BDFAB65}"=hex:c0,ff,52,a1,97,2c,56,46,b8,b4,6d,
70,3b,df,ab,65,55,4c,57,55,4c,25,53,38,41,5d,5a,23,44,23,24,59,42,39,23,53,\
"{F6194513-A305-42B0-9BD8-70D86B60C214}"=hex:13,45,19,f6,05,a3,b0,42,9b,d8,70,
d8,6b,60,c2,14,48,37,5f,53,57,25,4d,3f,4d,5c,4a,23,4b,53,5d,57,50,39,26,5d,\
"{1713C21C-5C9F-4D11-BCD9-0AA0A921176C}"=hex:1c,c2,13,17,9f,5c,11,4d,bc,d9,0a,
a0,a9,21,17,6c,31,55,53,40,5e,25,30,4e,5d,5b,39,23,5b,52,24,42,59,39,53,51,\
"{17D5D2DE-5F7A-4534-A32D-FDB06C478AF2}"=hex:de,d2,d5,17,7a,5f,34,45,a3,2d,fd,
b0,6c,47,8a,f2,5b,5d,40,4b,44,25,58,33,3c,4e,5b,23,37,5c,27,26,56,39,58,25,\
"{CA949C10-4A8F-4588-B074-1987C93A4697}"=hex:10,9c,94,ca,8f,4a,88,45,b0,74,19,
87,c9,3a,46,97,49,48,4d,40,34,25,3d,5e,3f,5f,4e,23,3b,43,47,58,59,39,40,55,\
"{AD292F6B-607C-46CE-95BF-BAE533AA42DE}"=hex:6b,2f,29,ad,7c,60,ce,46,95,bf,ba,
e5,33,aa,42,de,50,4f,56,40,53,25,43,4b,33,40,4a,23,39,48,49,26,5f,39,26,5b,\
"{B054797C-2043-4492-8BE0-07750E5185D6}"=hex:7c,79,54,b0,43,20,92,44,8b,e0,07,
75,0e,51,85,d6,5b,46,54,48,31,25,53,50,47,5f,49,23,39,58,40,5f,56,39,4d,22,\
"{ABD95B56-AD2D-48CF-97AC-52454CA2A189}"=hex:56,5b,d9,ab,2d,ad,cf,48,97,ac,52,
45,4c,a2,a1,89,4f,43,36,45,33,25,4f,53,5b,4f,5d,23,44,54,57,54,43,39,44,5c,\
"{C923B916-D879-4877-8D18-3028ACAAC031}"=hex:16,b9,23,c9,79,d8,77,48,8d,18,30,
28,ac,aa,c0,31,52,4f,50,50,46,25,3d,48,3f,38,5d,23,3c,53,50,24,59,39,56,52,\
"{C7CADF72-8655-42EB-B366-85440EE826A7}"=hex:72,df,ca,c7,55,86,eb,42,b3,66,85,
44,0e,e8,26,a7,41,48,4b,4d,3e,25,45,5c,47,4d,58,23,47,57,28,43,24,39,5b,41,\
"{7B22CC68-0DB6-4351-ACA5-4BB6C4D6C0A4}"=hex:68,cc,22,7b,b6,0d,51,43,ac,a5,4b,
b6,c4,d6,c0,a4,46,53,49,51,31,25,41,3d,43,49,34,23,3d,5e,23,59,41,39,54,4f,\
"{645C2825-7EC2-44E0-A562-25C7302C383B}"=hex:25,28,5c,64,c2,7e,e0,44,a5,62,25,
c7,30,2c,38,3b,34,51,33,35,55,25,3e,4b,5d,54,5c,23,43,28,29,2b,5b,39,58,2f,\
"{8EF6DF92-F74C-4980-9E6A-BFCD2AF56232}"=hex:92,df,f6,8e,4c,f7,80,49,9e,6a,bf,
cd,2a,f5,62,32,40,51,36,53,41,25,3c,5d,33,5c,4a,23,3b,56,49,20,59,39,5e,25,\
"{20F9B915-9567-4C22-85C5-AF0F9CE28DBD}"=hex:15,b9,f9,20,67,95,22,4c,85,c5,af,
0f,9c,e2,8d,bd,59,46,4e,33,46,25,4f,39,32,58,45,23,5d,51,5f,45,2b,39,4c,42,\
"{AA257AE4-D550-43E6-AD53-763EB8DEC707}"=hex:e4,7a,25,aa,50,d5,e6,43,ad,53,76,
3e,b8,de,c7,07,52,3d,40,4d,41,25,48,3c,4c,5e,4f,23,3b,24,26,59,40,39,5f,2f,\
"{DB8D0EB1-6002-4D3F-98F9-3117EBAB5D4E}"=hex:b1,0e,8d,db,02,60,3f,4d,98,f9,31,
17,eb,ab,5d,4e,52,4e,4d,51,4c,25,47,38,4d,4a,46,23,3b,25,50,26,47,39,53,4f,\
"{30106E1E-318E-4A3E-ADCC-FA5B569F1F2E}"=hex:1e,6e,10,30,8e,31,3e,4a,ad,cc,fa,
5b,56,9f,1f,2e,55,53,57,52,5f,25,59,48,52,3e,40,23,39,29,56,4b,49,39,52,5a,\
"{93F40CAD-B170-4706-ABA8-2AA713D9250D}"=hex:ad,0c,f4,93,70,b1,06,47,ab,a8,2a,
a7,13,d9,25,0d,55,42,41,4b,44,25,4e,44,47,5b,4f,23,5b,22,5d,25,58,39,4c,42,\
"{FBBE5791-607E-4A02-9D11-FC68C2B24084}"=hex:91,57,be,fb,7e,60,02,4a,9d,11,fc,
68,c2,b2,40,84,36,56,32,3e,40,25,43,46,3e,49,54,23,3b,58,52,48,46,39,44,23,\
"{089DBEC3-5646-4BFF-8D70-2EF1922E2F93}"=hex:c3,be,9d,08,46,56,ff,4b,8d,70,2e,
f1,92,2e,2f,93,5b,5e,44,35,52,25,44,4d,4f,3f,39,23,43,52,55,5c,2b,39,59,5e,\
"{0C66B612-A79E-421A-BA0B-C4A18A40FD16}"=hex:12,b6,66,0c,9e,a7,1a,42,ba,0b,c4,
a1,8a,40,fd,16,49,5d,4e,34,4d,25,59,46,5e,49,46,23,48,24,47,2a,5f,39,26,4f,\
"{67B48C75-8BE7-45FF-B64A-A347CB79E68C}"=hex:75,8c,b4,67,e7,8b,ff,45,b6,4a,a3,
47,cb,79,e6,8c,56,55,5c,33,30,25,4a,38,41,3a,38,23,5d,5d,5c,55,43,39,45,20,\
"{5B73420A-B228-4569-9CAB-23239A05D666}"=hex:0a,42,73,5b,28,b2,69,45,9c,ab,23,
23,9a,05,d6,66,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{BB026D19-6E77-4CFE-B034-A5FD1C674CA5}"=hex:19,6d,02,bb,77,6e,fe,4c,b0,34,a5,
fd,1c,67,4c,a5,41,47,52,3e,5f,25,58,3f,3d,59,45,23,45,25,24,54,5f,39,4c,5e,\
"{B242D7F9-D327-4220-807D-8CB94F0F77CC}"=hex:f9,d7,42,b2,27,d3,20,42,80,7d,8c,
b9,4f,0f,77,cc,4f,31,50,3e,57,25,4e,3e,3e,55,45,23,58,47,24,26,55,39,47,5d,\
"{95F498A4-9414-48A8-86EB-B288EB8A19BF}"=hex:a4,98,f4,95,14,94,a8,48,86,eb,b2,
88,eb,8a,19,bf,40,31,56,3f,45,25,59,48,51,3f,3e,23,37,51,46,2a,27,39,51,24,\
"{5B39719E-E171-4498-BB48-7CCC9FF915B1}"=hex:9e,71,39,5b,71,e1,98,44,bb,48,7c,
cc,9f,f9,15,b1,41,31,46,50,30,25,4e,38,3e,39,4e,23,4a,26,5d,40,56,39,51,21,\
"{F3F27AE0-0A51-4D5B-A341-1D43DD94A149}"=hex:e0,7a,f2,f3,51,0a,5b,4d,a3,41,1d,
43,dd,94,a1,49,45,40,4e,4a,4d,25,42,4b,5f,55,43,23,4a,48,5c,2a,58,39,43,45,\
"{F6FF3B20-BD4C-4047-BC2F-2DEAEE1D7EE2}"=hex:20,3b,ff,f6,4c,bd,47,40,bc,2f,2d,
ea,ee,1d,7e,e2,41,57,56,4d,4c,25,5d,33,3f,35,4a,23,37,57,47,48,44,39,4f,25,\
"{D620B56E-7DAF-4D49-822F-E4383ACD303D}"=hex:6e,b5,20,d6,af,7d,49,4d,82,2f,e4,
38,3a,cd,30,3d,46,48,37,3f,46,25,3a,47,5b,5a,38,23,56,26,5b,2a,45,39,4d,5e,\
"{A6586C3B-EDEB-4A0D-9D11-A209CCDDF9EB}"=hex:3b,6c,58,a6,eb,ed,0d,4a,9d,11,a2,
09,cc,dd,f9,eb,46,55,51,45,49,25,5b,4d,47,4a,5d,23,5e,5e,40,51,5f,39,56,24,\
"{93BF7EFF-8971-4C5B-8616-0FD76D787777}"=hex:ff,7e,bf,93,71,89,5b,4c,86,16,0f,
d7,6d,78,77,77,37,42,5c,4e,4a,25,3b,5f,43,47,35,23,39,40,5b,43,47,39,45,5a,\
"{7B73C823-0ABC-43AB-B45A-B3CB5E23EB0D}"=hex:23,c8,73,7b,bc,0a,ab,43,b4,5a,b3,
cb,5e,23,eb,0d,4d,30,36,40,5f,25,3b,48,46,42,4f,23,37,51,44,51,57,39,23,50,\
"{B02C6AF1-C57B-4A2A-B4F8-F5F39D144227}"=hex:f1,6a,2c,b0,7b,c5,2a,4a,b4,f8,f5,
f3,9d,14,42,27,37,41,49,4a,43,25,41,5c,3c,56,4c,23,4e,42,5d,2b,5d,39,45,4f,\
"{6AA5CAF4-D49D-4AB5-BEB8-D17BA61F1A61}"=hex:f4,ca,a5,6a,9d,d4,b5,4a,be,b8,d1,
7b,a6,1f,1a,61,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{79141476-CB8D-44AD-A56E-0D76FC53B006}"=hex:76,14,14,79,8d,cb,ad,44,a5,6e,0d,
76,fc,53,b0,06,46,50,3c,33,5d,25,41,52,5c,5f,5f,23,45,5e,28,41,57,39,42,52,\
"{070057DA-0223-4D7E-B886-7CF38806F044}"=hex:da,57,00,07,23,02,7e,4d,b8,86,7c,
f3,88,06,f0,44,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{0246C9DF-D76B-478C-8555-1129BF363020}"=hex:df,c9,46,02,6b,d7,8c,47,85,55,11,
29,bf,36,30,20,51,4c,56,4d,49,25,4a,40,47,5d,40,23,43,23,26,5f,25,39,4f,22,\
"{2DF1219B-27C2-4D27-B0B5-A0C975A5239D}"=hex:9b,21,f1,2d,c2,27,27,4d,b0,b5,a0,
c9,75,a5,23,9d,31,42,43,33,4b,25,3a,47,52,4b,4a,23,41,5a,45,25,56,39,2c,21,\
"{34BD3747-6CC2-4831-9AA7-24BED07CEE44}"=hex:47,37,bd,34,c2,6c,31,48,9a,a7,24,
be,d0,7c,ee,44,5a,3d,5f,31,4b,25,3a,5b,5c,5a,3b,23,4b,5a,54,42,5e,39,21,24,\
"{0FA4093D-7EF8-4F5E-9D34-E50739EC80C5}"=hex:3d,09,a4,0f,f8,7e,5e,4f,9d,34,e5,
07,39,ec,80,c5,50,5c,55,51,4f,25,58,33,45,35,4a,23,3a,55,40,55,58,39,56,45,\
"{964D7706-6201-4EB4-B262-16E98F1223D5}"=hex:06,77,4d,96,01,62,b4,4e,b2,62,16,
e9,8f,12,23,d5,35,46,32,4b,3e,25,45,4c,3c,3e,5e,23,3d,49,26,45,5e,39,50,43,\
"{0D2874A2-B851-46CE-8F11-32F8F16A8833}"=hex:a2,74,28,0d,51,b8,ce,46,8f,11,32,
f8,f1,6a,88,33,57,5c,44,4d,49,25,30,42,4c,46,45,23,5e,5b,46,27,52,39,51,52,\
"{1DC33A06-3CF8-460A-9F3B-95157BEE328B}"=hex:06,3a,c3,1d,f8,3c,0a,46,9f,3b,95,
15,7b,ee,32,8b,44,30,51,56,41,25,59,3f,45,4e,5e,23,5a,53,22,44,5f,39,40,2f,\
"{2A8CCF8D-046C-40F7-A934-DB800F8E8622}"=hex:8d,cf,8c,2a,6c,04,f7,40,a9,34,db,
80,0f,8e,86,22,42,49,5d,41,56,25,5e,46,32,5d,45,23,37,5d,4b,53,50,39,58,4f,\
"{B22C6851-2792-4A99-9755-E5932B45117E}"=hex:51,68,2c,b2,92,27,99,4a,97,55,e5,
93,2b,45,11,7e,56,53,4e,33,4a,25,3e,5d,4c,47,41,23,4d,29,57,54,44,39,21,4e,\
"{D0B06C5A-8110-47C7-8670-69ABF2BA5DD4}"=hex:5a,6c,b0,d0,10,81,c7,47,86,70,69,
ab,f2,ba,5d,d4,4d,42,51,31,45,25,5b,5d,52,39,5e,23,37,52,47,45,52,39,5f,4c,\
.
[HKEY_USERS\S-1-5-21-3406220267-2230971110-2032019791-1000\Software\Microsoft\Metro\AppCompat]
@Denied: (A) (Everyone)
"{C9DF34E6-E244-42A9-AD79-BAD999C2EE53}"=hex:e6,34,df,c9,44,e2,a9,42,ad,79,ba,
d9,99,c2,ee,53,3b,3d,36,51,55,25,5f,41,38,3f,49,23,41,58,59,41,5d,39,40,58,\
"{1BFA98B6-26E2-4DBE-9B16-C807912256F0}"=hex:b6,98,fa,1b,e2,26,be,4d,9b,16,c8,
07,91,22,56,f0,56,54,33,52,42,25,4b,5d,53,5b,46,23,45,5e,49,2a,52,39,59,40,\
"{D1BE0BF4-7BA2-4E3F-BAE0-400FDB9B3509}"=hex:f4,0b,be,d1,a2,7b,3f,4e,ba,e0,40,
0f,db,9b,35,09,4d,51,50,33,41,25,3c,5e,3e,49,45,23,5d,40,55,5e,56,39,2d,2f,\
"{DA342750-B9D4-4EBA-96CC-12AE786F9111}"=hex:50,27,34,da,d4,b9,ba,4e,96,cc,12,
ae,78,6f,91,11,44,4e,4d,51,5e,25,5e,33,47,59,46,23,56,43,24,53,4b,39,58,2f,\
"{DDC7763B-9027-4057-B91D-466AE8102C73}"=hex:3b,76,c7,dd,27,90,57,40,b9,1d,46,
6a,e8,10,2c,73,52,57,5c,30,41,25,42,5a,53,3e,58,23,49,5d,40,57,4a,39,4c,2f,\
"{DA77225D-2537-4889-B368-02C8B86FFD6E}"=hex:5d,22,77,da,37,25,89,48,b3,68,02,
c8,b8,6f,fd,6e,49,50,51,4c,51,25,31,52,4f,4d,4f,23,39,48,5a,50,43,39,47,42,\
"{8B98B199-3D11-421B-9720-5FFCBDE5BFF0}"=hex:99,b1,98,8b,11,3d,1b,42,97,20,5f,
fc,bd,e5,bf,f0,55,46,46,5c,3f,25,3f,47,53,59,3f,23,59,4a,47,45,20,39,26,41,\
"{737D08E8-F188-421F-9BC3-57BABB9F75F2}"=hex:e8,08,7d,73,88,f1,1f,42,9b,c3,57,
ba,bb,9f,75,f2,50,40,55,4b,55,25,41,5d,5d,44,59,23,3b,41,56,42,5e,39,46,51,\
"{AAC1E739-C4D5-4C78-A6B7-2920E1CC065F}"=hex:39,e7,c1,aa,d5,c4,78,4c,a6,b7,29,
20,e1,cc,06,5f,5b,31,46,32,45,25,48,33,48,5f,39,23,43,46,5b,5c,46,39,56,5b,\
"{C31467FA-3E70-4037-B152-576513D362F5}"=hex:fa,67,14,c3,70,3e,37,40,b1,52,57,
65,13,d3,62,f5,48,33,40,54,3f,25,50,40,5a,40,35,23,3b,25,5c,5f,2b,39,4f,45,\
"{6C23012C-136E-47F8-871C-A1BF3C31AB2D}"=hex:2c,01,23,6c,6e,13,f8,47,87,1c,a1,
bf,3c,31,ab,2d,4b,57,43,33,53,25,5c,4d,38,58,3f,23,58,5d,40,59,25,39,59,45,\
"{8D7ED0D8-5007-43E4-90EB-00E6CCCE2BC4}"=hex:d8,d0,7e,8d,07,50,e4,43,90,eb,00,
e6,cc,ce,2b,c4,3b,3c,3d,52,41,25,50,4c,45,40,58,23,5b,5d,42,25,50,39,57,43,\
"{82E38E24-510F-4984-9AF4-407EE1B236D1}"=hex:24,8e,e3,82,0f,51,84,49,9a,f4,40,
7e,e1,b2,36,d1,4f,42,3d,42,5d,25,4c,33,4c,46,3e,23,5a,48,5f,44,5d,39,52,58,\
"{B3D9559F-0DE1-4989-86A7-A00014EFDECA}"=hex:9f,55,d9,b3,e1,0d,89,49,86,a7,a0,
00,14,ef,de,ca,4e,3c,4e,40,54,25,50,42,5f,44,54,23,58,26,53,4b,50,39,50,55,\
"{F9651F0A-8FA8-4621-AC8D-C26461D22F03}"=hex:0a,1f,65,f9,a8,8f,21,46,ac,8d,c2,
64,61,d2,2f,03,31,4a,32,3e,49,25,4a,4f,4c,4d,59,23,38,57,44,56,56,39,57,4c,\
"{77E8358A-83E8-487A-AA29-34A3EE377282}"=hex:8a,35,e8,77,e8,83,7a,48,aa,29,34,
a3,ee,37,72,82,5b,53,55,55,45,25,4c,39,4c,4a,4f,23,5b,5b,56,25,47,39,54,44,\
"{626DD72B-B99E-47CB-AD8E-EEE5A7A8F57F}"=hex:2b,d7,6d,62,9e,b9,cb,47,ad,8e,ee,
e5,a7,a8,f5,7f,42,48,42,5f,40,25,4a,32,5f,46,3a,23,44,27,25,50,47,39,58,20,\
"{A152FFC0-2C97-4656-B8B4-6D703BDFAB65}"=hex:c0,ff,52,a1,97,2c,56,46,b8,b4,6d,
70,3b,df,ab,65,55,4c,57,55,4c,25,53,38,41,5d,5a,23,44,23,24,59,42,39,23,53,\
"{F6194513-A305-42B0-9BD8-70D86B60C214}"=hex:13,45,19,f6,05,a3,b0,42,9b,d8,70,
d8,6b,60,c2,14,48,37,5f,53,57,25,4d,3f,4d,5c,4a,23,4b,53,5d,57,50,39,26,5d,\
"{1713C21C-5C9F-4D11-BCD9-0AA0A921176C}"=hex:1c,c2,13,17,9f,5c,11,4d,bc,d9,0a,
a0,a9,21,17,6c,31,55,53,40,5e,25,30,4e,5d,5b,39,23,5b,52,24,42,59,39,53,51,\
"{17D5D2DE-5F7A-4534-A32D-FDB06C478AF2}"=hex:de,d2,d5,17,7a,5f,34,45,a3,2d,fd,
b0,6c,47,8a,f2,5b,5d,40,4b,44,25,58,33,3c,4e,5b,23,37,5c,27,26,56,39,58,25,\
"{CA949C10-4A8F-4588-B074-1987C93A4697}"=hex:10,9c,94,ca,8f,4a,88,45,b0,74,19,
87,c9,3a,46,97,49,48,4d,40,34,25,3d,5e,3f,5f,4e,23,3b,43,47,58,59,39,40,55,\
"{AD292F6B-607C-46CE-95BF-BAE533AA42DE}"=hex:6b,2f,29,ad,7c,60,ce,46,95,bf,ba,
e5,33,aa,42,de,50,4f,56,40,53,25,43,4b,33,40,4a,23,39,48,49,26,5f,39,26,5b,\
"{B054797C-2043-4492-8BE0-07750E5185D6}"=hex:7c,79,54,b0,43,20,92,44,8b,e0,07,
75,0e,51,85,d6,5b,46,54,48,31,25,53,50,47,5f,49,23,39,58,40,5f,56,39,4d,22,\
"{ABD95B56-AD2D-48CF-97AC-52454CA2A189}"=hex:56,5b,d9,ab,2d,ad,cf,48,97,ac,52,
45,4c,a2,a1,89,4f,43,36,45,33,25,4f,53,5b,4f,5d,23,44,54,57,54,43,39,44,5c,\
"{C923B916-D879-4877-8D18-3028ACAAC031}"=hex:16,b9,23,c9,79,d8,77,48,8d,18,30,
28,ac,aa,c0,31,52,4f,50,50,46,25,3d,48,3f,38,5d,23,3c,53,50,24,59,39,56,52,\
"{C7CADF72-8655-42EB-B366-85440EE826A7}"=hex:72,df,ca,c7,55,86,eb,42,b3,66,85,
44,0e,e8,26,a7,41,48,4b,4d,3e,25,45,5c,47,4d,58,23,47,57,28,43,24,39,5b,41,\
"{7B22CC68-0DB6-4351-ACA5-4BB6C4D6C0A4}"=hex:68,cc,22,7b,b6,0d,51,43,ac,a5,4b,
b6,c4,d6,c0,a4,46,53,49,51,31,25,41,3d,43,49,34,23,3d,5e,23,59,41,39,54,4f,\
"{645C2825-7EC2-44E0-A562-25C7302C383B}"=hex:25,28,5c,64,c2,7e,e0,44,a5,62,25,
c7,30,2c,38,3b,34,51,33,35,55,25,3e,4b,5d,54,5c,23,43,28,29,2b,5b,39,58,2f,\
"{8EF6DF92-F74C-4980-9E6A-BFCD2AF56232}"=hex:92,df,f6,8e,4c,f7,80,49,9e,6a,bf,
cd,2a,f5,62,32,40,51,36,53,41,25,3c,5d,33,5c,4a,23,3b,56,49,20,59,39,5e,25,\
"{20F9B915-9567-4C22-85C5-AF0F9CE28DBD}"=hex:15,b9,f9,20,67,95,22,4c,85,c5,af,
0f,9c,e2,8d,bd,59,46,4e,33,46,25,4f,39,32,58,45,23,5d,51,5f,45,2b,39,4c,42,\
"{AA257AE4-D550-43E6-AD53-763EB8DEC707}"=hex:e4,7a,25,aa,50,d5,e6,43,ad,53,76,
3e,b8,de,c7,07,52,3d,40,4d,41,25,48,3c,4c,5e,4f,23,3b,24,26,59,40,39,5f,2f,\
"{DB8D0EB1-6002-4D3F-98F9-3117EBAB5D4E}"=hex:b1,0e,8d,db,02,60,3f,4d,98,f9,31,
17,eb,ab,5d,4e,52,4e,4d,51,4c,25,47,38,4d,4a,46,23,3b,25,50,26,47,39,53,4f,\
"{30106E1E-318E-4A3E-ADCC-FA5B569F1F2E}"=hex:1e,6e,10,30,8e,31,3e,4a,ad,cc,fa,
5b,56,9f,1f,2e,55,53,57,52,5f,25,59,48,52,3e,40,23,39,29,56,4b,49,39,52,5a,\
"{93F40CAD-B170-4706-ABA8-2AA713D9250D}"=hex:ad,0c,f4,93,70,b1,06,47,ab,a8,2a,
a7,13,d9,25,0d,55,42,41,4b,44,25,4e,44,47,5b,4f,23,5b,22,5d,25,58,39,4c,42,\
"{FBBE5791-607E-4A02-9D11-FC68C2B24084}"=hex:91,57,be,fb,7e,60,02,4a,9d,11,fc,
68,c2,b2,40,84,36,56,32,3e,40,25,43,46,3e,49,54,23,3b,58,52,48,46,39,44,23,\
"{089DBEC3-5646-4BFF-8D70-2EF1922E2F93}"=hex:c3,be,9d,08,46,56,ff,4b,8d,70,2e,
f1,92,2e,2f,93,5b,5e,44,35,52,25,44,4d,4f,3f,39,23,43,52,55,5c,2b,39,59,5e,\
"{0C66B612-A79E-421A-BA0B-C4A18A40FD16}"=hex:12,b6,66,0c,9e,a7,1a,42,ba,0b,c4,
a1,8a,40,fd,16,49,5d,4e,34,4d,25,59,46,5e,49,46,23,48,24,47,2a,5f,39,26,4f,\
"{67B48C75-8BE7-45FF-B64A-A347CB79E68C}"=hex:75,8c,b4,67,e7,8b,ff,45,b6,4a,a3,
47,cb,79,e6,8c,56,55,5c,33,30,25,4a,38,41,3a,38,23,5d,5d,5c,55,43,39,45,20,\
"{5B73420A-B228-4569-9CAB-23239A05D666}"=hex:0a,42,73,5b,28,b2,69,45,9c,ab,23,
23,9a,05,d6,66,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{BB026D19-6E77-4CFE-B034-A5FD1C674CA5}"=hex:19,6d,02,bb,77,6e,fe,4c,b0,34,a5,
fd,1c,67,4c,a5,41,47,52,3e,5f,25,58,3f,3d,59,45,23,45,25,24,54,5f,39,4c,5e,\
"{B242D7F9-D327-4220-807D-8CB94F0F77CC}"=hex:f9,d7,42,b2,27,d3,20,42,80,7d,8c,
b9,4f,0f,77,cc,4f,31,50,3e,57,25,4e,3e,3e,55,45,23,58,47,24,26,55,39,47,5d,\
"{95F498A4-9414-48A8-86EB-B288EB8A19BF}"=hex:a4,98,f4,95,14,94,a8,48,86,eb,b2,
88,eb,8a,19,bf,40,31,56,3f,45,25,59,48,51,3f,3e,23,37,51,46,2a,27,39,51,24,\
"{5B39719E-E171-4498-BB48-7CCC9FF915B1}"=hex:9e,71,39,5b,71,e1,98,44,bb,48,7c,
cc,9f,f9,15,b1,41,31,46,50,30,25,4e,38,3e,39,4e,23,4a,26,5d,40,56,39,51,21,\
"{F3F27AE0-0A51-4D5B-A341-1D43DD94A149}"=hex:e0,7a,f2,f3,51,0a,5b,4d,a3,41,1d,
43,dd,94,a1,49,45,40,4e,4a,4d,25,42,4b,5f,55,43,23,4a,48,5c,2a,58,39,43,45,\
"{F6FF3B20-BD4C-4047-BC2F-2DEAEE1D7EE2}"=hex:20,3b,ff,f6,4c,bd,47,40,bc,2f,2d,
ea,ee,1d,7e,e2,41,57,56,4d,4c,25,5d,33,3f,35,4a,23,37,57,47,48,44,39,4f,25,\
"{D620B56E-7DAF-4D49-822F-E4383ACD303D}"=hex:6e,b5,20,d6,af,7d,49,4d,82,2f,e4,
38,3a,cd,30,3d,46,48,37,3f,46,25,3a,47,5b,5a,38,23,56,26,5b,2a,45,39,4d,5e,\
"{A6586C3B-EDEB-4A0D-9D11-A209CCDDF9EB}"=hex:3b,6c,58,a6,eb,ed,0d,4a,9d,11,a2,
09,cc,dd,f9,eb,46,55,51,45,49,25,5b,4d,47,4a,5d,23,5e,5e,40,51,5f,39,56,24,\
"{93BF7EFF-8971-4C5B-8616-0FD76D787777}"=hex:ff,7e,bf,93,71,89,5b,4c,86,16,0f,
d7,6d,78,77,77,37,42,5c,4e,4a,25,3b,5f,43,47,35,23,39,40,5b,43,47,39,45,5a,\
"{7B73C823-0ABC-43AB-B45A-B3CB5E23EB0D}"=hex:23,c8,73,7b,bc,0a,ab,43,b4,5a,b3,
cb,5e,23,eb,0d,4d,30,36,40,5f,25,3b,48,46,42,4f,23,37,51,44,51,57,39,23,50,\
"{B02C6AF1-C57B-4A2A-B4F8-F5F39D144227}"=hex:f1,6a,2c,b0,7b,c5,2a,4a,b4,f8,f5,
f3,9d,14,42,27,37,41,49,4a,43,25,41,5c,3c,56,4c,23,4e,42,5d,2b,5d,39,45,4f,\
"{6AA5CAF4-D49D-4AB5-BEB8-D17BA61F1A61}"=hex:f4,ca,a5,6a,9d,d4,b5,4a,be,b8,d1,
7b,a6,1f,1a,61,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{79141476-CB8D-44AD-A56E-0D76FC53B006}"=hex:76,14,14,79,8d,cb,ad,44,a5,6e,0d,
76,fc,53,b0,06,46,50,3c,33,5d,25,41,52,5c,5f,5f,23,45,5e,28,41,57,39,42,52,\
"{070057DA-0223-4D7E-B886-7CF38806F044}"=hex:da,57,00,07,23,02,7e,4d,b8,86,7c,
f3,88,06,f0,44,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{0246C9DF-D76B-478C-8555-1129BF363020}"=hex:df,c9,46,02,6b,d7,8c,47,85,55,11,
29,bf,36,30,20,51,4c,56,4d,49,25,4a,40,47,5d,40,23,43,23,26,5f,25,39,4f,22,\
"{2DF1219B-27C2-4D27-B0B5-A0C975A5239D}"=hex:9b,21,f1,2d,c2,27,27,4d,b0,b5,a0,
c9,75,a5,23,9d,31,42,43,33,4b,25,3a,47,52,4b,4a,23,41,5a,45,25,56,39,2c,21,\
"{34BD3747-6CC2-4831-9AA7-24BED07CEE44}"=hex:47,37,bd,34,c2,6c,31,48,9a,a7,24,
be,d0,7c,ee,44,5a,3d,5f,31,4b,25,3a,5b,5c,5a,3b,23,4b,5a,54,42,5e,39,21,24,\
"{0FA4093D-7EF8-4F5E-9D34-E50739EC80C5}"=hex:3d,09,a4,0f,f8,7e,5e,4f,9d,34,e5,
07,39,ec,80,c5,50,5c,55,51,4f,25,58,33,45,35,4a,23,3a,55,40,55,58,39,56,45,\
"{964D7706-6201-4EB4-B262-16E98F1223D5}"=hex:06,77,4d,96,01,62,b4,4e,b2,62,16,
e9,8f,12,23,d5,35,46,32,4b,3e,25,45,4c,3c,3e,5e,23,3d,49,26,45,5e,39,50,43,\
"{0D2874A2-B851-46CE-8F11-32F8F16A8833}"=hex:a2,74,28,0d,51,b8,ce,46,8f,11,32,
f8,f1,6a,88,33,57,5c,44,4d,49,25,30,42,4c,46,45,23,5e,5b,46,27,52,39,51,52,\
"{1DC33A06-3CF8-460A-9F3B-95157BEE328B}"=hex:06,3a,c3,1d,f8,3c,0a,46,9f,3b,95,
15,7b,ee,32,8b,44,30,51,56,41,25,59,3f,45,4e,5e,23,5a,53,22,44,5f,39,40,2f,\
"{2A8CCF8D-046C-40F7-A934-DB800F8E8622}"=hex:8d,cf,8c,2a,6c,04,f7,40,a9,34,db,
80,0f,8e,86,22,42,49,5d,41,56,25,5e,46,32,5d,45,23,37,5d,4b,53,50,39,58,4f,\
"{B22C6851-2792-4A99-9755-E5932B45117E}"=hex:51,68,2c,b2,92,27,99,4a,97,55,e5,
93,2b,45,11,7e,56,53,4e,33,4a,25,3e,5d,4c,47,41,23,4d,29,57,54,44,39,21,4e,\
"{D0B06C5A-8110-47C7-8670-69ABF2BA5DD4}"=hex:5a,6c,b0,d0,10,81,c7,47,86,70,69,
ab,f2,ba,5d,d4,4d,42,51,31,45,25,5b,5d,52,39,5e,23,37,52,47,45,52,39,5f,4c,\
.
[HKEY_USERS\S-1-5-21-3406220267-2230971110-2032019791-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\DlgInfo]
@Denied: (A) (Everyone)
"{C9DF34E6-E244-42A9-AD79-BAD999C2EE53}"=hex:e6,34,df,c9,44,e2,a9,42,ad,79,ba,
d9,99,c2,ee,53,3b,3d,36,51,55,25,5f,41,38,3f,49,23,41,58,59,41,5d,39,40,58,\
"{1BFA98B6-26E2-4DBE-9B16-C807912256F0}"=hex:b6,98,fa,1b,e2,26,be,4d,9b,16,c8,
07,91,22,56,f0,56,54,33,52,42,25,4b,5d,53,5b,46,23,45,5e,49,2a,52,39,59,40,\
"{D1BE0BF4-7BA2-4E3F-BAE0-400FDB9B3509}"=hex:f4,0b,be,d1,a2,7b,3f,4e,ba,e0,40,
0f,db,9b,35,09,4d,51,50,33,41,25,3c,5e,3e,49,45,23,5d,40,55,5e,56,39,2d,2f,\
"{DA342750-B9D4-4EBA-96CC-12AE786F9111}"=hex:50,27,34,da,d4,b9,ba,4e,96,cc,12,
ae,78,6f,91,11,44,4e,4d,51,5e,25,5e,33,47,59,46,23,56,43,24,53,4b,39,58,2f,\
"{DDC7763B-9027-4057-B91D-466AE8102C73}"=hex:3b,76,c7,dd,27,90,57,40,b9,1d,46,
6a,e8,10,2c,73,52,57,5c,30,41,25,42,5a,53,3e,58,23,49,5d,40,57,4a,39,4c,2f,\
"{DA77225D-2537-4889-B368-02C8B86FFD6E}"=hex:5d,22,77,da,37,25,89,48,b3,68,02,
c8,b8,6f,fd,6e,49,50,51,4c,51,25,31,52,4f,4d,4f,23,39,48,5a,50,43,39,47,42,\
"{8B98B199-3D11-421B-9720-5FFCBDE5BFF0}"=hex:99,b1,98,8b,11,3d,1b,42,97,20,5f,
fc,bd,e5,bf,f0,55,46,46,5c,3f,25,3f,47,53,59,3f,23,59,4a,47,45,20,39,26,41,\
"{737D08E8-F188-421F-9BC3-57BABB9F75F2}"=hex:e8,08,7d,73,88,f1,1f,42,9b,c3,57,
ba,bb,9f,75,f2,50,40,55,4b,55,25,41,5d,5d,44,59,23,3b,41,56,42,5e,39,46,51,\
"{AAC1E739-C4D5-4C78-A6B7-2920E1CC065F}"=hex:39,e7,c1,aa,d5,c4,78,4c,a6,b7,29,
20,e1,cc,06,5f,5b,31,46,32,45,25,48,33,48,5f,39,23,43,46,5b,5c,46,39,56,5b,\
"{C31467FA-3E70-4037-B152-576513D362F5}"=hex:fa,67,14,c3,70,3e,37,40,b1,52,57,
65,13,d3,62,f5,48,33,40,54,3f,25,50,40,5a,40,35,23,3b,25,5c,5f,2b,39,4f,45,\
"{6C23012C-136E-47F8-871C-A1BF3C31AB2D}"=hex:2c,01,23,6c,6e,13,f8,47,87,1c,a1,
bf,3c,31,ab,2d,4b,57,43,33,53,25,5c,4d,38,58,3f,23,58,5d,40,59,25,39,59,45,\
"{8D7ED0D8-5007-43E4-90EB-00E6CCCE2BC4}"=hex:d8,d0,7e,8d,07,50,e4,43,90,eb,00,
e6,cc,ce,2b,c4,3b,3c,3d,52,41,25,50,4c,45,40,58,23,5b,5d,42,25,50,39,57,43,\
"{82E38E24-510F-4984-9AF4-407EE1B236D1}"=hex:24,8e,e3,82,0f,51,84,49,9a,f4,40,
7e,e1,b2,36,d1,4f,42,3d,42,5d,25,4c,33,4c,46,3e,23,5a,48,5f,44,5d,39,52,58,\
"{B3D9559F-0DE1-4989-86A7-A00014EFDECA}"=hex:9f,55,d9,b3,e1,0d,89,49,86,a7,a0,
00,14,ef,de,ca,4e,3c,4e,40,54,25,50,42,5f,44,54,23,58,26,53,4b,50,39,50,55,\
"{F9651F0A-8FA8-4621-AC8D-C26461D22F03}"=hex:0a,1f,65,f9,a8,8f,21,46,ac,8d,c2,
64,61,d2,2f,03,31,4a,32,3e,49,25,4a,4f,4c,4d,59,23,38,57,44,56,56,39,57,4c,\
"{77E8358A-83E8-487A-AA29-34A3EE377282}"=hex:8a,35,e8,77,e8,83,7a,48,aa,29,34,
a3,ee,37,72,82,5b,53,55,55,45,25,4c,39,4c,4a,4f,23,5b,5b,56,25,47,39,54,44,\
"{626DD72B-B99E-47CB-AD8E-EEE5A7A8F57F}"=hex:2b,d7,6d,62,9e,b9,cb,47,ad,8e,ee,
e5,a7,a8,f5,7f,42,48,42,5f,40,25,4a,32,5f,46,3a,23,44,27,25,50,47,39,58,20,\
"{A152FFC0-2C97-4656-B8B4-6D703BDFAB65}"=hex:c0,ff,52,a1,97,2c,56,46,b8,b4,6d,
70,3b,df,ab,65,55,4c,57,55,4c,25,53,38,41,5d,5a,23,44,23,24,59,42,39,23,53,\
"{F6194513-A305-42B0-9BD8-70D86B60C214}"=hex:13,45,19,f6,05,a3,b0,42,9b,d8,70,
d8,6b,60,c2,14,48,37,5f,53,57,25,4d,3f,4d,5c,4a,23,4b,53,5d,57,50,39,26,5d,\
"{1713C21C-5C9F-4D11-BCD9-0AA0A921176C}"=hex:1c,c2,13,17,9f,5c,11,4d,bc,d9,0a,
a0,a9,21,17,6c,31,55,53,40,5e,25,30,4e,5d,5b,39,23,5b,52,24,42,59,39,53,51,\
"{17D5D2DE-5F7A-4534-A32D-FDB06C478AF2}"=hex:de,d2,d5,17,7a,5f,34,45,a3,2d,fd,
b0,6c,47,8a,f2,5b,5d,40,4b,44,25,58,33,3c,4e,5b,23,37,5c,27,26,56,39,58,25,\
"{CA949C10-4A8F-4588-B074-1987C93A4697}"=hex:10,9c,94,ca,8f,4a,88,45,b0,74,19,
87,c9,3a,46,97,49,48,4d,40,34,25,3d,5e,3f,5f,4e,23,3b,43,47,58,59,39,40,55,\
"{AD292F6B-607C-46CE-95BF-BAE533AA42DE}"=hex:6b,2f,29,ad,7c,60,ce,46,95,bf,ba,
e5,33,aa,42,de,50,4f,56,40,53,25,43,4b,33,40,4a,23,39,48,49,26,5f,39,26,5b,\
"{B054797C-2043-4492-8BE0-07750E5185D6}"=hex:7c,79,54,b0,43,20,92,44,8b,e0,07,
75,0e,51,85,d6,5b,46,54,48,31,25,53,50,47,5f,49,23,39,58,40,5f,56,39,4d,22,\
"{ABD95B56-AD2D-48CF-97AC-52454CA2A189}"=hex:56,5b,d9,ab,2d,ad,cf,48,97,ac,52,
45,4c,a2,a1,89,4f,43,36,45,33,25,4f,53,5b,4f,5d,23,44,54,57,54,43,39,44,5c,\
"{C923B916-D879-4877-8D18-3028ACAAC031}"=hex:16,b9,23,c9,79,d8,77,48,8d,18,30,
28,ac,aa,c0,31,52,4f,50,50,46,25,3d,48,3f,38,5d,23,3c,53,50,24,59,39,56,52,\
"{C7CADF72-8655-42EB-B366-85440EE826A7}"=hex:72,df,ca,c7,55,86,eb,42,b3,66,85,
44,0e,e8,26,a7,41,48,4b,4d,3e,25,45,5c,47,4d,58,23,47,57,28,43,24,39,5b,41,\
"{7B22CC68-0DB6-4351-ACA5-4BB6C4D6C0A4}"=hex:68,cc,22,7b,b6,0d,51,43,ac,a5,4b,
b6,c4,d6,c0,a4,46,53,49,51,31,25,41,3d,43,49,34,23,3d,5e,23,59,41,39,54,4f,\
"{645C2825-7EC2-44E0-A562-25C7302C383B}"=hex:25,28,5c,64,c2,7e,e0,44,a5,62,25,
c7,30,2c,38,3b,34,51,33,35,55,25,3e,4b,5d,54,5c,23,43,28,29,2b,5b,39,58,2f,\
"{8EF6DF92-F74C-4980-9E6A-BFCD2AF56232}"=hex:92,df,f6,8e,4c,f7,80,49,9e,6a,bf,
cd,2a,f5,62,32,40,51,36,53,41,25,3c,5d,33,5c,4a,23,3b,56,49,20,59,39,5e,25,\
"{20F9B915-9567-4C22-85C5-AF0F9CE28DBD}"=hex:15,b9,f9,20,67,95,22,4c,85,c5,af,
0f,9c,e2,8d,bd,59,46,4e,33,46,25,4f,39,32,58,45,23,5d,51,5f,45,2b,39,4c,42,\
"{AA257AE4-D550-43E6-AD53-763EB8DEC707}"=hex:e4,7a,25,aa,50,d5,e6,43,ad,53,76,
3e,b8,de,c7,07,52,3d,40,4d,41,25,48,3c,4c,5e,4f,23,3b,24,26,59,40,39,5f,2f,\
"{DB8D0EB1-6002-4D3F-98F9-3117EBAB5D4E}"=hex:b1,0e,8d,db,02,60,3f,4d,98,f9,31,
17,eb,ab,5d,4e,52,4e,4d,51,4c,25,47,38,4d,4a,46,23,3b,25,50,26,47,39,53,4f,\
"{30106E1E-318E-4A3E-ADCC-FA5B569F1F2E}"=hex:1e,6e,10,30,8e,31,3e,4a,ad,cc,fa,
5b,56,9f,1f,2e,55,53,57,52,5f,25,59,48,52,3e,40,23,39,29,56,4b,49,39,52,5a,\
"{93F40CAD-B170-4706-ABA8-2AA713D9250D}"=hex:ad,0c,f4,93,70,b1,06,47,ab,a8,2a,
a7,13,d9,25,0d,55,42,41,4b,44,25,4e,44,47,5b,4f,23,5b,22,5d,25,58,39,4c,42,\
"{FBBE5791-607E-4A02-9D11-FC68C2B24084}"=hex:91,57,be,fb,7e,60,02,4a,9d,11,fc,
68,c2,b2,40,84,36,56,32,3e,40,25,43,46,3e,49,54,23,3b,58,52,48,46,39,44,23,\
"{089DBEC3-5646-4BFF-8D70-2EF1922E2F93}"=hex:c3,be,9d,08,46,56,ff,4b,8d,70,2e,
f1,92,2e,2f,93,5b,5e,44,35,52,25,44,4d,4f,3f,39,23,43,52,55,5c,2b,39,59,5e,\
"{0C66B612-A79E-421A-BA0B-C4A18A40FD16}"=hex:12,b6,66,0c,9e,a7,1a,42,ba,0b,c4,
a1,8a,40,fd,16,49,5d,4e,34,4d,25,59,46,5e,49,46,23,48,24,47,2a,5f,39,26,4f,\
"{67B48C75-8BE7-45FF-B64A-A347CB79E68C}"=hex:75,8c,b4,67,e7,8b,ff,45,b6,4a,a3,
47,cb,79,e6,8c,56,55,5c,33,30,25,4a,38,41,3a,38,23,5d,5d,5c,55,43,39,45,20,\
"{5B73420A-B228-4569-9CAB-23239A05D666}"=hex:0a,42,73,5b,28,b2,69,45,9c,ab,23,
23,9a,05,d6,66,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{BB026D19-6E77-4CFE-B034-A5FD1C674CA5}"=hex:19,6d,02,bb,77,6e,fe,4c,b0,34,a5,
fd,1c,67,4c,a5,41,47,52,3e,5f,25,58,3f,3d,59,45,23,45,25,24,54,5f,39,4c,5e,\
"{B242D7F9-D327-4220-807D-8CB94F0F77CC}"=hex:f9,d7,42,b2,27,d3,20,42,80,7d,8c,
b9,4f,0f,77,cc,4f,31,50,3e,57,25,4e,3e,3e,55,45,23,58,47,24,26,55,39,47,5d,\
"{95F498A4-9414-48A8-86EB-B288EB8A19BF}"=hex:a4,98,f4,95,14,94,a8,48,86,eb,b2,
88,eb,8a,19,bf,40,31,56,3f,45,25,59,48,51,3f,3e,23,37,51,46,2a,27,39,51,24,\
"{5B39719E-E171-4498-BB48-7CCC9FF915B1}"=hex:9e,71,39,5b,71,e1,98,44,bb,48,7c,
cc,9f,f9,15,b1,41,31,46,50,30,25,4e,38,3e,39,4e,23,4a,26,5d,40,56,39,51,21,\
"{F3F27AE0-0A51-4D5B-A341-1D43DD94A149}"=hex:e0,7a,f2,f3,51,0a,5b,4d,a3,41,1d,
43,dd,94,a1,49,45,40,4e,4a,4d,25,42,4b,5f,55,43,23,4a,48,5c,2a,58,39,43,45,\
"{F6FF3B20-BD4C-4047-BC2F-2DEAEE1D7EE2}"=hex:20,3b,ff,f6,4c,bd,47,40,bc,2f,2d,
ea,ee,1d,7e,e2,41,57,56,4d,4c,25,5d,33,3f,35,4a,23,37,57,47,48,44,39,4f,25,\
"{D620B56E-7DAF-4D49-822F-E4383ACD303D}"=hex:6e,b5,20,d6,af,7d,49,4d,82,2f,e4,
38,3a,cd,30,3d,46,48,37,3f,46,25,3a,47,5b,5a,38,23,56,26,5b,2a,45,39,4d,5e,\
"{A6586C3B-EDEB-4A0D-9D11-A209CCDDF9EB}"=hex:3b,6c,58,a6,eb,ed,0d,4a,9d,11,a2,
09,cc,dd,f9,eb,46,55,51,45,49,25,5b,4d,47,4a,5d,23,5e,5e,40,51,5f,39,56,24,\
"{93BF7EFF-8971-4C5B-8616-0FD76D787777}"=hex:ff,7e,bf,93,71,89,5b,4c,86,16,0f,
d7,6d,78,77,77,37,42,5c,4e,4a,25,3b,5f,43,47,35,23,39,40,5b,43,47,39,45,5a,\
"{7B73C823-0ABC-43AB-B45A-B3CB5E23EB0D}"=hex:23,c8,73,7b,bc,0a,ab,43,b4,5a,b3,
cb,5e,23,eb,0d,4d,30,36,40,5f,25,3b,48,46,42,4f,23,37,51,44,51,57,39,23,50,\
"{B02C6AF1-C57B-4A2A-B4F8-F5F39D144227}"=hex:f1,6a,2c,b0,7b,c5,2a,4a,b4,f8,f5,
f3,9d,14,42,27,37,41,49,4a,43,25,41,5c,3c,56,4c,23,4e,42,5d,2b,5d,39,45,4f,\
"{6AA5CAF4-D49D-4AB5-BEB8-D17BA61F1A61}"=hex:f4,ca,a5,6a,9d,d4,b5,4a,be,b8,d1,
7b,a6,1f,1a,61,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{79141476-CB8D-44AD-A56E-0D76FC53B006}"=hex:76,14,14,79,8d,cb,ad,44,a5,6e,0d,
76,fc,53,b0,06,46,50,3c,33,5d,25,41,52,5c,5f,5f,23,45,5e,28,41,57,39,42,52,\
"{070057DA-0223-4D7E-B886-7CF38806F044}"=hex:da,57,00,07,23,02,7e,4d,b8,86,7c,
f3,88,06,f0,44,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{0246C9DF-D76B-478C-8555-1129BF363020}"=hex:df,c9,46,02,6b,d7,8c,47,85,55,11,
29,bf,36,30,20,51,4c,56,4d,49,25,4a,40,47,5d,40,23,43,23,26,5f,25,39,4f,22,\
"{2DF1219B-27C2-4D27-B0B5-A0C975A5239D}"=hex:9b,21,f1,2d,c2,27,27,4d,b0,b5,a0,
c9,75,a5,23,9d,31,42,43,33,4b,25,3a,47,52,4b,4a,23,41,5a,45,25,56,39,2c,21,\
"{34BD3747-6CC2-4831-9AA7-24BED07CEE44}"=hex:47,37,bd,34,c2,6c,31,48,9a,a7,24,
be,d0,7c,ee,44,5a,3d,5f,31,4b,25,3a,5b,5c,5a,3b,23,4b,5a,54,42,5e,39,21,24,\
"{0FA4093D-7EF8-4F5E-9D34-E50739EC80C5}"=hex:3d,09,a4,0f,f8,7e,5e,4f,9d,34,e5,
07,39,ec,80,c5,50,5c,55,51,4f,25,58,33,45,35,4a,23,3a,55,40,55,58,39,56,45,\
"{964D7706-6201-4EB4-B262-16E98F1223D5}"=hex:06,77,4d,96,01,62,b4,4e,b2,62,16,
e9,8f,12,23,d5,35,46,32,4b,3e,25,45,4c,3c,3e,5e,23,3d,49,26,45,5e,39,50,43,\
"{0D2874A2-B851-46CE-8F11-32F8F16A8833}"=hex:a2,74,28,0d,51,b8,ce,46,8f,11,32,
f8,f1,6a,88,33,57,5c,44,4d,49,25,30,42,4c,46,45,23,5e,5b,46,27,52,39,51,52,\
"{1DC33A06-3CF8-460A-9F3B-95157BEE328B}"=hex:06,3a,c3,1d,f8,3c,0a,46,9f,3b,95,
15,7b,ee,32,8b,44,30,51,56,41,25,59,3f,45,4e,5e,23,5a,53,22,44,5f,39,40,2f,\
"{2A8CCF8D-046C-40F7-A934-DB800F8E8622}"=hex:8d,cf,8c,2a,6c,04,f7,40,a9,34,db,
80,0f,8e,86,22,42,49,5d,41,56,25,5e,46,32,5d,45,23,37,5d,4b,53,50,39,58,4f,\
"{B22C6851-2792-4A99-9755-E5932B45117E}"=hex:51,68,2c,b2,92,27,99,4a,97,55,e5,
93,2b,45,11,7e,56,53,4e,33,4a,25,3e,5d,4c,47,41,23,4d,29,57,54,44,39,21,4e,\
"{D0B06C5A-8110-47C7-8670-69ABF2BA5DD4}"=hex:5a,6c,b0,d0,10,81,c7,47,86,70,69,
ab,f2,ba,5d,d4,4d,42,51,31,45,25,5b,5d,52,39,5e,23,37,52,47,45,52,39,5f,4c,\
.
[HKEY_USERS\S-1-5-21-3406220267-2230971110-2032019791-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\NPRE-CP]
@Denied: (A) (Everyone)
"{C9DF34E6-E244-42A9-AD79-BAD999C2EE53}"=hex:e6,34,df,c9,44,e2,a9,42,ad,79,ba,
d9,99,c2,ee,53,3b,3d,36,51,55,25,5f,41,38,3f,49,23,41,58,59,41,5d,39,40,58,\
"{1BFA98B6-26E2-4DBE-9B16-C807912256F0}"=hex:b6,98,fa,1b,e2,26,be,4d,9b,16,c8,
07,91,22,56,f0,56,54,33,52,42,25,4b,5d,53,5b,46,23,45,5e,49,2a,52,39,59,40,\
"{D1BE0BF4-7BA2-4E3F-BAE0-400FDB9B3509}"=hex:f4,0b,be,d1,a2,7b,3f,4e,ba,e0,40,
0f,db,9b,35,09,4d,51,50,33,41,25,3c,5e,3e,49,45,23,5d,40,55,5e,56,39,2d,2f,\
"{DA342750-B9D4-4EBA-96CC-12AE786F9111}"=hex:50,27,34,da,d4,b9,ba,4e,96,cc,12,
ae,78,6f,91,11,44,4e,4d,51,5e,25,5e,33,47,59,46,23,56,43,24,53,4b,39,58,2f,\
"{DDC7763B-9027-4057-B91D-466AE8102C73}"=hex:3b,76,c7,dd,27,90,57,40,b9,1d,46,
6a,e8,10,2c,73,52,57,5c,30,41,25,42,5a,53,3e,58,23,49,5d,40,57,4a,39,4c,2f,\
"{DA77225D-2537-4889-B368-02C8B86FFD6E}"=hex:5d,22,77,da,37,25,89,48,b3,68,02,
c8,b8,6f,fd,6e,49,50,51,4c,51,25,31,52,4f,4d,4f,23,39,48,5a,50,43,39,47,42,\
"{8B98B199-3D11-421B-9720-5FFCBDE5BFF0}"=hex:99,b1,98,8b,11,3d,1b,42,97,20,5f,
fc,bd,e5,bf,f0,55,46,46,5c,3f,25,3f,47,53,59,3f,23,59,4a,47,45,20,39,26,41,\
"{737D08E8-F188-421F-9BC3-57BABB9F75F2}"=hex:e8,08,7d,73,88,f1,1f,42,9b,c3,57,
ba,bb,9f,75,f2,50,40,55,4b,55,25,41,5d,5d,44,59,23,3b,41,56,42,5e,39,46,51,\
"{AAC1E739-C4D5-4C78-A6B7-2920E1CC065F}"=hex:39,e7,c1,aa,d5,c4,78,4c,a6,b7,29,
20,e1,cc,06,5f,5b,31,46,32,45,25,48,33,48,5f,39,23,43,46,5b,5c,46,39,56,5b,\
"{C31467FA-3E70-4037-B152-576513D362F5}"=hex:fa,67,14,c3,70,3e,37,40,b1,52,57,
65,13,d3,62,f5,48,33,40,54,3f,25,50,40,5a,40,35,23,3b,25,5c,5f,2b,39,4f,45,\
"{6C23012C-136E-47F8-871C-A1BF3C31AB2D}"=hex:2c,01,23,6c,6e,13,f8,47,87,1c,a1,
bf,3c,31,ab,2d,4b,57,43,33,53,25,5c,4d,38,58,3f,23,58,5d,40,59,25,39,59,45,\
"{8D7ED0D8-5007-43E4-90EB-00E6CCCE2BC4}"=hex:d8,d0,7e,8d,07,50,e4,43,90,eb,00,
e6,cc,ce,2b,c4,3b,3c,3d,52,41,25,50,4c,45,40,58,23,5b,5d,42,25,50,39,57,43,\
"{82E38E24-510F-4984-9AF4-407EE1B236D1}"=hex:24,8e,e3,82,0f,51,84,49,9a,f4,40,
7e,e1,b2,36,d1,4f,42,3d,42,5d,25,4c,33,4c,46,3e,23,5a,48,5f,44,5d,39,52,58,\
"{B3D9559F-0DE1-4989-86A7-A00014EFDECA}"=hex:9f,55,d9,b3,e1,0d,89,49,86,a7,a0,
00,14,ef,de,ca,4e,3c,4e,40,54,25,50,42,5f,44,54,23,58,26,53,4b,50,39,50,55,\
"{F9651F0A-8FA8-4621-AC8D-C26461D22F03}"=hex:0a,1f,65,f9,a8,8f,21,46,ac,8d,c2,
64,61,d2,2f,03,31,4a,32,3e,49,25,4a,4f,4c,4d,59,23,38,57,44,56,56,39,57,4c,\
"{77E8358A-83E8-487A-AA29-34A3EE377282}"=hex:8a,35,e8,77,e8,83,7a,48,aa,29,34,
a3,ee,37,72,82,5b,53,55,55,45,25,4c,39,4c,4a,4f,23,5b,5b,56,25,47,39,54,44,\
"{626DD72B-B99E-47CB-AD8E-EEE5A7A8F57F}"=hex:2b,d7,6d,62,9e,b9,cb,47,ad,8e,ee,
e5,a7,a8,f5,7f,42,48,42,5f,40,25,4a,32,5f,46,3a,23,44,27,25,50,47,39,58,20,\
"{A152FFC0-2C97-4656-B8B4-6D703BDFAB65}"=hex:c0,ff,52,a1,97,2c,56,46,b8,b4,6d,
70,3b,df,ab,65,55,4c,57,55,4c,25,53,38,41,5d,5a,23,44,23,24,59,42,39,23,53,\
"{F6194513-A305-42B0-9BD8-70D86B60C214}"=hex:13,45,19,f6,05,a3,b0,42,9b,d8,70,
d8,6b,60,c2,14,48,37,5f,53,57,25,4d,3f,4d,5c,4a,23,4b,53,5d,57,50,39,26,5d,\
"{1713C21C-5C9F-4D11-BCD9-0AA0A921176C}"=hex:1c,c2,13,17,9f,5c,11,4d,bc,d9,0a,
a0,a9,21,17,6c,31,55,53,40,5e,25,30,4e,5d,5b,39,23,5b,52,24,42,59,39,53,51,\
"{17D5D2DE-5F7A-4534-A32D-FDB06C478AF2}"=hex:de,d2,d5,17,7a,5f,34,45,a3,2d,fd,
b0,6c,47,8a,f2,5b,5d,40,4b,44,25,58,33,3c,4e,5b,23,37,5c,27,26,56,39,58,25,\
"{CA949C10-4A8F-4588-B074-1987C93A4697}"=hex:10,9c,94,ca,8f,4a,88,45,b0,74,19,
87,c9,3a,46,97,49,48,4d,40,34,25,3d,5e,3f,5f,4e,23,3b,43,47,58,59,39,40,55,\
"{AD292F6B-607C-46CE-95BF-BAE533AA42DE}"=hex:6b,2f,29,ad,7c,60,ce,46,95,bf,ba,
e5,33,aa,42,de,50,4f,56,40,53,25,43,4b,33,40,4a,23,39,48,49,26,5f,39,26,5b,\
"{B054797C-2043-4492-8BE0-07750E5185D6}"=hex:7c,79,54,b0,43,20,92,44,8b,e0,07,
75,0e,51,85,d6,5b,46,54,48,31,25,53,50,47,5f,49,23,39,58,40,5f,56,39,4d,22,\
"{ABD95B56-AD2D-48CF-97AC-52454CA2A189}"=hex:56,5b,d9,ab,2d,ad,cf,48,97,ac,52,
45,4c,a2,a1,89,4f,43,36,45,33,25,4f,53,5b,4f,5d,23,44,54,57,54,43,39,44,5c,\
"{C923B916-D879-4877-8D18-3028ACAAC031}"=hex:16,b9,23,c9,79,d8,77,48,8d,18,30,
28,ac,aa,c0,31,52,4f,50,50,46,25,3d,48,3f,38,5d,23,3c,53,50,24,59,39,56,52,\
"{C7CADF72-8655-42EB-B366-85440EE826A7}"=hex:72,df,ca,c7,55,86,eb,42,b3,66,85,
44,0e,e8,26,a7,41,48,4b,4d,3e,25,45,5c,47,4d,58,23,47,57,28,43,24,39,5b,41,\
"{7B22CC68-0DB6-4351-ACA5-4BB6C4D6C0A4}"=hex:68,cc,22,7b,b6,0d,51,43,ac,a5,4b,
b6,c4,d6,c0,a4,46,53,49,51,31,25,41,3d,43,49,34,23,3d,5e,23,59,41,39,54,4f,\
"{645C2825-7EC2-44E0-A562-25C7302C383B}"=hex:25,28,5c,64,c2,7e,e0,44,a5,62,25,
c7,30,2c,38,3b,34,51,33,35,55,25,3e,4b,5d,54,5c,23,43,28,29,2b,5b,39,58,2f,\
"{8EF6DF92-F74C-4980-9E6A-BFCD2AF56232}"=hex:92,df,f6,8e,4c,f7,80,49,9e,6a,bf,
cd,2a,f5,62,32,40,51,36,53,41,25,3c,5d,33,5c,4a,23,3b,56,49,20,59,39,5e,25,\
"{20F9B915-9567-4C22-85C5-AF0F9CE28DBD}"=hex:15,b9,f9,20,67,95,22,4c,85,c5,af,
0f,9c,e2,8d,bd,59,46,4e,33,46,25,4f,39,32,58,45,23,5d,51,5f,45,2b,39,4c,42,\
"{AA257AE4-D550-43E6-AD53-763EB8DEC707}"=hex:e4,7a,25,aa,50,d5,e6,43,ad,53,76,
3e,b8,de,c7,07,52,3d,40,4d,41,25,48,3c,4c,5e,4f,23,3b,24,26,59,40,39,5f,2f,\
"{DB8D0EB1-6002-4D3F-98F9-3117EBAB5D4E}"=hex:b1,0e,8d,db,02,60,3f,4d,98,f9,31,
17,eb,ab,5d,4e,52,4e,4d,51,4c,25,47,38,4d,4a,46,23,3b,25,50,26,47,39,53,4f,\
"{30106E1E-318E-4A3E-ADCC-FA5B569F1F2E}"=hex:1e,6e,10,30,8e,31,3e,4a,ad,cc,fa,
5b,56,9f,1f,2e,55,53,57,52,5f,25,59,48,52,3e,40,23,39,29,56,4b,49,39,52,5a,\
"{93F40CAD-B170-4706-ABA8-2AA713D9250D}"=hex:ad,0c,f4,93,70,b1,06,47,ab,a8,2a,
a7,13,d9,25,0d,55,42,41,4b,44,25,4e,44,47,5b,4f,23,5b,22,5d,25,58,39,4c,42,\
"{FBBE5791-607E-4A02-9D11-FC68C2B24084}"=hex:91,57,be,fb,7e,60,02,4a,9d,11,fc,
68,c2,b2,40,84,36,56,32,3e,40,25,43,46,3e,49,54,23,3b,58,52,48,46,39,44,23,\
"{089DBEC3-5646-4BFF-8D70-2EF1922E2F93}"=hex:c3,be,9d,08,46,56,ff,4b,8d,70,2e,
f1,92,2e,2f,93,5b,5e,44,35,52,25,44,4d,4f,3f,39,23,43,52,55,5c,2b,39,59,5e,\
"{0C66B612-A79E-421A-BA0B-C4A18A40FD16}"=hex:12,b6,66,0c,9e,a7,1a,42,ba,0b,c4,
a1,8a,40,fd,16,49,5d,4e,34,4d,25,59,46,5e,49,46,23,48,24,47,2a,5f,39,26,4f,\
"{67B48C75-8BE7-45FF-B64A-A347CB79E68C}"=hex:75,8c,b4,67,e7,8b,ff,45,b6,4a,a3,
47,cb,79,e6,8c,56,55,5c,33,30,25,4a,38,41,3a,38,23,5d,5d,5c,55,43,39,45,20,\
"{5B73420A-B228-4569-9CAB-23239A05D666}"=hex:0a,42,73,5b,28,b2,69,45,9c,ab,23,
23,9a,05,d6,66,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{BB026D19-6E77-4CFE-B034-A5FD1C674CA5}"=hex:19,6d,02,bb,77,6e,fe,4c,b0,34,a5,
fd,1c,67,4c,a5,41,47,52,3e,5f,25,58,3f,3d,59,45,23,45,25,24,54,5f,39,4c,5e,\
"{B242D7F9-D327-4220-807D-8CB94F0F77CC}"=hex:f9,d7,42,b2,27,d3,20,42,80,7d,8c,
b9,4f,0f,77,cc,4f,31,50,3e,57,25,4e,3e,3e,55,45,23,58,47,24,26,55,39,47,5d,\
"{95F498A4-9414-48A8-86EB-B288EB8A19BF}"=hex:a4,98,f4,95,14,94,a8,48,86,eb,b2,
88,eb,8a,19,bf,40,31,56,3f,45,25,59,48,51,3f,3e,23,37,51,46,2a,27,39,51,24,\
"{5B39719E-E171-4498-BB48-7CCC9FF915B1}"=hex:9e,71,39,5b,71,e1,98,44,bb,48,7c,
cc,9f,f9,15,b1,41,31,46,50,30,25,4e,38,3e,39,4e,23,4a,26,5d,40,56,39,51,21,\
"{F3F27AE0-0A51-4D5B-A341-1D43DD94A149}"=hex:e0,7a,f2,f3,51,0a,5b,4d,a3,41,1d,
43,dd,94,a1,49,45,40,4e,4a,4d,25,42,4b,5f,55,43,23,4a,48,5c,2a,58,39,43,45,\
"{F6FF3B20-BD4C-4047-BC2F-2DEAEE1D7EE2}"=hex:20,3b,ff,f6,4c,bd,47,40,bc,2f,2d,
ea,ee,1d,7e,e2,41,57,56,4d,4c,25,5d,33,3f,35,4a,23,37,57,47,48,44,39,4f,25,\
"{D620B56E-7DAF-4D49-822F-E4383ACD303D}"=hex:6e,b5,20,d6,af,7d,49,4d,82,2f,e4,
38,3a,cd,30,3d,46,48,37,3f,46,25,3a,47,5b,5a,38,23,56,26,5b,2a,45,39,4d,5e,\
"{A6586C3B-EDEB-4A0D-9D11-A209CCDDF9EB}"=hex:3b,6c,58,a6,eb,ed,0d,4a,9d,11,a2,
09,cc,dd,f9,eb,46,55,51,45,49,25,5b,4d,47,4a,5d,23,5e,5e,40,51,5f,39,56,24,\
"{93BF7EFF-8971-4C5B-8616-0FD76D787777}"=hex:ff,7e,bf,93,71,89,5b,4c,86,16,0f,
d7,6d,78,77,77,37,42,5c,4e,4a,25,3b,5f,43,47,35,23,39,40,5b,43,47,39,45,5a,\
"{7B73C823-0ABC-43AB-B45A-B3CB5E23EB0D}"=hex:23,c8,73,7b,bc,0a,ab,43,b4,5a,b3,
cb,5e,23,eb,0d,4d,30,36,40,5f,25,3b,48,46,42,4f,23,37,51,44,51,57,39,23,50,\
"{B02C6AF1-C57B-4A2A-B4F8-F5F39D144227}"=hex:f1,6a,2c,b0,7b,c5,2a,4a,b4,f8,f5,
f3,9d,14,42,27,37,41,49,4a,43,25,41,5c,3c,56,4c,23,4e,42,5d,2b,5d,39,45,4f,\
"{6AA5CAF4-D49D-4AB5-BEB8-D17BA61F1A61}"=hex:f4,ca,a5,6a,9d,d4,b5,4a,be,b8,d1,
7b,a6,1f,1a,61,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{79141476-CB8D-44AD-A56E-0D76FC53B006}"=hex:76,14,14,79,8d,cb,ad,44,a5,6e,0d,
76,fc,53,b0,06,46,50,3c,33,5d,25,41,52,5c,5f,5f,23,45,5e,28,41,57,39,42,52,\
"{070057DA-0223-4D7E-B886-7CF38806F044}"=hex:da,57,00,07,23,02,7e,4d,b8,86,7c,
f3,88,06,f0,44,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{0246C9DF-D76B-478C-8555-1129BF363020}"=hex:df,c9,46,02,6b,d7,8c,47,85,55,11,
29,bf,36,30,20,51,4c,56,4d,49,25,4a,40,47,5d,40,23,43,23,26,5f,25,39,4f,22,\
"{2DF1219B-27C2-4D27-B0B5-A0C975A5239D}"=hex:9b,21,f1,2d,c2,27,27,4d,b0,b5,a0,
c9,75,a5,23,9d,31,42,43,33,4b,25,3a,47,52,4b,4a,23,41,5a,45,25,56,39,2c,21,\
"{34BD3747-6CC2-4831-9AA7-24BED07CEE44}"=hex:47,37,bd,34,c2,6c,31,48,9a,a7,24,
be,d0,7c,ee,44,5a,3d,5f,31,4b,25,3a,5b,5c,5a,3b,23,4b,5a,54,42,5e,39,21,24,\
"{0FA4093D-7EF8-4F5E-9D34-E50739EC80C5}"=hex:3d,09,a4,0f,f8,7e,5e,4f,9d,34,e5,
07,39,ec,80,c5,50,5c,55,51,4f,25,58,33,45,35,4a,23,3a,55,40,55,58,39,56,45,\
"{964D7706-6201-4EB4-B262-16E98F1223D5}"=hex:06,77,4d,96,01,62,b4,4e,b2,62,16,
e9,8f,12,23,d5,35,46,32,4b,3e,25,45,4c,3c,3e,5e,23,3d,49,26,45,5e,39,50,43,\
"{0D2874A2-B851-46CE-8F11-32F8F16A8833}"=hex:a2,74,28,0d,51,b8,ce,46,8f,11,32,
f8,f1,6a,88,33,57,5c,44,4d,49,25,30,42,4c,46,45,23,5e,5b,46,27,52,39,51,52,\
"{1DC33A06-3CF8-460A-9F3B-95157BEE328B}"=hex:06,3a,c3,1d,f8,3c,0a,46,9f,3b,95,
15,7b,ee,32,8b,44,30,51,56,41,25,59,3f,45,4e,5e,23,5a,53,22,44,5f,39,40,2f,\
"{2A8CCF8D-046C-40F7-A934-DB800F8E8622}"=hex:8d,cf,8c,2a,6c,04,f7,40,a9,34,db,
80,0f,8e,86,22,42,49,5d,41,56,25,5e,46,32,5d,45,23,37,5d,4b,53,50,39,58,4f,\
"{B22C6851-2792-4A99-9755-E5932B45117E}"=hex:51,68,2c,b2,92,27,99,4a,97,55,e5,
93,2b,45,11,7e,56,53,4e,33,4a,25,3e,5d,4c,47,41,23,4d,29,57,54,44,39,21,4e,\
"{D0B06C5A-8110-47C7-8670-69ABF2BA5DD4}"=hex:5a,6c,b0,d0,10,81,c7,47,86,70,69,
ab,f2,ba,5d,d4,4d,42,51,31,45,25,5b,5d,52,39,5e,23,37,52,47,45,52,39,5f,4c,\
.
[HKEY_USERS\S-1-5-21-3406220267-2230971110-2032019791-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Disallowed]
@Denied: (A) (Everyone)
"{7EB348D2-86FD-4FA3-B17A-BCFBA9436034}"=hex:d2,48,b3,7e,fd,86,a3,4f,b1,7a,bc,
fb,a9,43,60,34,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{D3185195-2A22-4D87-AAB3-05785BD51713}"=hex:95,51,18,d3,22,2a,87,4d,aa,b3,05,
78,5b,d5,17,13,31,3c,5f,40,51,25,51,5b,5b,5e,4b,23,57,22,5b,42,59,39,26,47,\
"{4C66AD6C-C209-427F-82DD-600DED84834F}"=hex:6c,ad,66,4c,09,c2,7f,42,82,dd,60,
0d,ed,84,83,4f,50,52,30,51,4b,25,4b,39,3c,41,4b,23,47,27,43,46,24,39,52,2e,\
"{C9DF34E6-E244-42A9-AD79-BAD999C2EE53}"=hex:e6,34,df,c9,44,e2,a9,42,ad,79,ba,
d9,99,c2,ee,53,3b,3d,36,51,55,25,5f,41,38,3f,49,23,41,58,59,41,5d,39,40,58,\
"{1BFA98B6-26E2-4DBE-9B16-C807912256F0}"=hex:b6,98,fa,1b,e2,26,be,4d,9b,16,c8,
07,91,22,56,f0,56,54,33,52,42,25,4b,5d,53,5b,46,23,45,5e,49,2a,52,39,59,40,\
"{D1BE0BF4-7BA2-4E3F-BAE0-400FDB9B3509}"=hex:f4,0b,be,d1,a2,7b,3f,4e,ba,e0,40,
0f,db,9b,35,09,4d,51,50,33,41,25,3c,5e,3e,49,45,23,5d,40,55,5e,56,39,2d,2f,\
"{DA342750-B9D4-4EBA-96CC-12AE786F9111}"=hex:50,27,34,da,d4,b9,ba,4e,96,cc,12,
ae,78,6f,91,11,44,4e,4d,51,5e,25,5e,33,47,59,46,23,56,43,24,53,4b,39,58,2f,\
"{DDC7763B-9027-4057-B91D-466AE8102C73}"=hex:3b,76,c7,dd,27,90,57,40,b9,1d,46,
6a,e8,10,2c,73,52,57,5c,30,41,25,42,5a,53,3e,58,23,49,5d,40,57,4a,39,4c,2f,\
"{DA77225D-2537-4889-B368-02C8B86FFD6E}"=hex:5d,22,77,da,37,25,89,48,b3,68,02,
c8,b8,6f,fd,6e,49,50,51,4c,51,25,31,52,4f,4d,4f,23,39,48,5a,50,43,39,47,42,\
"{8B98B199-3D11-421B-9720-5FFCBDE5BFF0}"=hex:99,b1,98,8b,11,3d,1b,42,97,20,5f,
fc,bd,e5,bf,f0,55,46,46,5c,3f,25,3f,47,53,59,3f,23,59,4a,47,45,20,39,26,41,\
"{737D08E8-F188-421F-9BC3-57BABB9F75F2}"=hex:e8,08,7d,73,88,f1,1f,42,9b,c3,57,
ba,bb,9f,75,f2,50,40,55,4b,55,25,41,5d,5d,44,59,23,3b,41,56,42,5e,39,46,51,\
"{AAC1E739-C4D5-4C78-A6B7-2920E1CC065F}"=hex:39,e7,c1,aa,d5,c4,78,4c,a6,b7,29,
20,e1,cc,06,5f,5b,31,46,32,45,25,48,33,48,5f,39,23,43,46,5b,5c,46,39,56,5b,\
"{C31467FA-3E70-4037-B152-576513D362F5}"=hex:fa,67,14,c3,70,3e,37,40,b1,52,57,
65,13,d3,62,f5,48,33,40,54,3f,25,50,40,5a,40,35,23,3b,25,5c,5f,2b,39,4f,45,\
"{6C23012C-136E-47F8-871C-A1BF3C31AB2D}"=hex:2c,01,23,6c,6e,13,f8,47,87,1c,a1,
bf,3c,31,ab,2d,4b,57,43,33,53,25,5c,4d,38,58,3f,23,58,5d,40,59,25,39,59,45,\
"{8D7ED0D8-5007-43E4-90EB-00E6CCCE2BC4}"=hex:d8,d0,7e,8d,07,50,e4,43,90,eb,00,
e6,cc,ce,2b,c4,3b,3c,3d,52,41,25,50,4c,45,40,58,23,5b,5d,42,25,50,39,57,43,\
"{82E38E24-510F-4984-9AF4-407EE1B236D1}"=hex:24,8e,e3,82,0f,51,84,49,9a,f4,40,
7e,e1,b2,36,d1,4f,42,3d,42,5d,25,4c,33,4c,46,3e,23,5a,48,5f,44,5d,39,52,58,\
"{B3D9559F-0DE1-4989-86A7-A00014EFDECA}"=hex:9f,55,d9,b3,e1,0d,89,49,86,a7,a0,
00,14,ef,de,ca,4e,3c,4e,40,54,25,50,42,5f,44,54,23,58,26,53,4b,50,39,50,55,\
"{F9651F0A-8FA8-4621-AC8D-C26461D22F03}"=hex:0a,1f,65,f9,a8,8f,21,46,ac,8d,c2,
64,61,d2,2f,03,31,4a,32,3e,49,25,4a,4f,4c,4d,59,23,38,57,44,56,56,39,57,4c,\
"{77E8358A-83E8-487A-AA29-34A3EE377282}"=hex:8a,35,e8,77,e8,83,7a,48,aa,29,34,
a3,ee,37,72,82,5b,53,55,55,45,25,4c,39,4c,4a,4f,23,5b,5b,56,25,47,39,54,44,\
"{626DD72B-B99E-47CB-AD8E-EEE5A7A8F57F}"=hex:2b,d7,6d,62,9e,b9,cb,47,ad,8e,ee,
e5,a7,a8,f5,7f,42,48,42,5f,40,25,4a,32,5f,46,3a,23,44,27,25,50,47,39,58,20,\
"{A152FFC0-2C97-4656-B8B4-6D703BDFAB65}"=hex:c0,ff,52,a1,97,2c,56,46,b8,b4,6d,
70,3b,df,ab,65,55,4c,57,55,4c,25,53,38,41,5d,5a,23,44,23,24,59,42,39,23,53,\
"{F6194513-A305-42B0-9BD8-70D86B60C214}"=hex:13,45,19,f6,05,a3,b0,42,9b,d8,70,
d8,6b,60,c2,14,48,37,5f,53,57,25,4d,3f,4d,5c,4a,23,4b,53,5d,57,50,39,26,5d,\
"{1713C21C-5C9F-4D11-BCD9-0AA0A921176C}"=hex:1c,c2,13,17,9f,5c,11,4d,bc,d9,0a,
a0,a9,21,17,6c,31,55,53,40,5e,25,30,4e,5d,5b,39,23,5b,52,24,42,59,39,53,51,\
"{17D5D2DE-5F7A-4534-A32D-FDB06C478AF2}"=hex:de,d2,d5,17,7a,5f,34,45,a3,2d,fd,
b0,6c,47,8a,f2,5b,5d,40,4b,44,25,58,33,3c,4e,5b,23,37,5c,27,26,56,39,58,25,\
"{CA949C10-4A8F-4588-B074-1987C93A4697}"=hex:10,9c,94,ca,8f,4a,88,45,b0,74,19,
87,c9,3a,46,97,49,48,4d,40,34,25,3d,5e,3f,5f,4e,23,3b,43,47,58,59,39,40,55,\
"{AD292F6B-607C-46CE-95BF-BAE533AA42DE}"=hex:6b,2f,29,ad,7c,60,ce,46,95,bf,ba,
e5,33,aa,42,de,50,4f,56,40,53,25,43,4b,33,40,4a,23,39,48,49,26,5f,39,26,5b,\
"{B054797C-2043-4492-8BE0-07750E5185D6}"=hex:7c,79,54,b0,43,20,92,44,8b,e0,07,
75,0e,51,85,d6,5b,46,54,48,31,25,53,50,47,5f,49,23,39,58,40,5f,56,39,4d,22,\
"{ABD95B56-AD2D-48CF-97AC-52454CA2A189}"=hex:56,5b,d9,ab,2d,ad,cf,48,97,ac,52,
45,4c,a2,a1,89,4f,43,36,45,33,25,4f,53,5b,4f,5d,23,44,54,57,54,43,39,44,5c,\
"{C923B916-D879-4877-8D18-3028ACAAC031}"=hex:16,b9,23,c9,79,d8,77,48,8d,18,30,
28,ac,aa,c0,31,52,4f,50,50,46,25,3d,48,3f,38,5d,23,3c,53,50,24,59,39,56,52,\
"{C7CADF72-8655-42EB-B366-85440EE826A7}"=hex:72,df,ca,c7,55,86,eb,42,b3,66,85,
44,0e,e8,26,a7,41,48,4b,4d,3e,25,45,5c,47,4d,58,23,47,57,28,43,24,39,5b,41,\
"{7B22CC68-0DB6-4351-ACA5-4BB6C4D6C0A4}"=hex:68,cc,22,7b,b6,0d,51,43,ac,a5,4b,
b6,c4,d6,c0,a4,46,53,49,51,31,25,41,3d,43,49,34,23,3d,5e,23,59,41,39,54,4f,\
"{645C2825-7EC2-44E0-A562-25C7302C383B}"=hex:25,28,5c,64,c2,7e,e0,44,a5,62,25,
c7,30,2c,38,3b,34,51,33,35,55,25,3e,4b,5d,54,5c,23,43,28,29,2b,5b,39,58,2f,\
"{8EF6DF92-F74C-4980-9E6A-BFCD2AF56232}"=hex:92,df,f6,8e,4c,f7,80,49,9e,6a,bf,
cd,2a,f5,62,32,40,51,36,53,41,25,3c,5d,33,5c,4a,23,3b,56,49,20,59,39,5e,25,\
"{20F9B915-9567-4C22-85C5-AF0F9CE28DBD}"=hex:15,b9,f9,20,67,95,22,4c,85,c5,af,
0f,9c,e2,8d,bd,59,46,4e,33,46,25,4f,39,32,58,45,23,5d,51,5f,45,2b,39,4c,42,\
"{AA257AE4-D550-43E6-AD53-763EB8DEC707}"=hex:e4,7a,25,aa,50,d5,e6,43,ad,53,76,
3e,b8,de,c7,07,52,3d,40,4d,41,25,48,3c,4c,5e,4f,23,3b,24,26,59,40,39,5f,2f,\
"{DB8D0EB1-6002-4D3F-98F9-3117EBAB5D4E}"=hex:b1,0e,8d,db,02,60,3f,4d,98,f9,31,
17,eb,ab,5d,4e,52,4e,4d,51,4c,25,47,38,4d,4a,46,23,3b,25,50,26,47,39,53,4f,\
"{30106E1E-318E-4A3E-ADCC-FA5B569F1F2E}"=hex:1e,6e,10,30,8e,31,3e,4a,ad,cc,fa,
5b,56,9f,1f,2e,55,53,57,52,5f,25,59,48,52,3e,40,23,39,29,56,4b,49,39,52,5a,\
"{93F40CAD-B170-4706-ABA8-2AA713D9250D}"=hex:ad,0c,f4,93,70,b1,06,47,ab,a8,2a,
a7,13,d9,25,0d,55,42,41,4b,44,25,4e,44,47,5b,4f,23,5b,22,5d,25,58,39,4c,42,\
"{FBBE5791-607E-4A02-9D11-FC68C2B24084}"=hex:91,57,be,fb,7e,60,02,4a,9d,11,fc,
68,c2,b2,40,84,36,56,32,3e,40,25,43,46,3e,49,54,23,3b,58,52,48,46,39,44,23,\
"{089DBEC3-5646-4BFF-8D70-2EF1922E2F93}"=hex:c3,be,9d,08,46,56,ff,4b,8d,70,2e,
f1,92,2e,2f,93,5b,5e,44,35,52,25,44,4d,4f,3f,39,23,43,52,55,5c,2b,39,59,5e,\
"{0C66B612-A79E-421A-BA0B-C4A18A40FD16}"=hex:12,b6,66,0c,9e,a7,1a,42,ba,0b,c4,
a1,8a,40,fd,16,49,5d,4e,34,4d,25,59,46,5e,49,46,23,48,24,47,2a,5f,39,26,4f,\
"{67B48C75-8BE7-45FF-B64A-A347CB79E68C}"=hex:75,8c,b4,67,e7,8b,ff,45,b6,4a,a3,
47,cb,79,e6,8c,56,55,5c,33,30,25,4a,38,41,3a,38,23,5d,5d,5c,55,43,39,45,20,\
"{5B73420A-B228-4569-9CAB-23239A05D666}"=hex:0a,42,73,5b,28,b2,69,45,9c,ab,23,
23,9a,05,d6,66,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{BB026D19-6E77-4CFE-B034-A5FD1C674CA5}"=hex:19,6d,02,bb,77,6e,fe,4c,b0,34,a5,
fd,1c,67,4c,a5,41,47,52,3e,5f,25,58,3f,3d,59,45,23,45,25,24,54,5f,39,4c,5e,\
"{B242D7F9-D327-4220-807D-8CB94F0F77CC}"=hex:f9,d7,42,b2,27,d3,20,42,80,7d,8c,
b9,4f,0f,77,cc,4f,31,50,3e,57,25,4e,3e,3e,55,45,23,58,47,24,26,55,39,47,5d,\
"{95F498A4-9414-48A8-86EB-B288EB8A19BF}"=hex:a4,98,f4,95,14,94,a8,48,86,eb,b2,
88,eb,8a,19,bf,40,31,56,3f,45,25,59,48,51,3f,3e,23,37,51,46,2a,27,39,51,24,\
"{5B39719E-E171-4498-BB48-7CCC9FF915B1}"=hex:9e,71,39,5b,71,e1,98,44,bb,48,7c,
cc,9f,f9,15,b1,41,31,46,50,30,25,4e,38,3e,39,4e,23,4a,26,5d,40,56,39,51,21,\
"{F3F27AE0-0A51-4D5B-A341-1D43DD94A149}"=hex:e0,7a,f2,f3,51,0a,5b,4d,a3,41,1d,
43,dd,94,a1,49,45,40,4e,4a,4d,25,42,4b,5f,55,43,23,4a,48,5c,2a,58,39,43,45,\
"{F6FF3B20-BD4C-4047-BC2F-2DEAEE1D7EE2}"=hex:20,3b,ff,f6,4c,bd,47,40,bc,2f,2d,
ea,ee,1d,7e,e2,41,57,56,4d,4c,25,5d,33,3f,35,4a,23,37,57,47,48,44,39,4f,25,\
"{D620B56E-7DAF-4D49-822F-E4383ACD303D}"=hex:6e,b5,20,d6,af,7d,49,4d,82,2f,e4,
38,3a,cd,30,3d,46,48,37,3f,46,25,3a,47,5b,5a,38,23,56,26,5b,2a,45,39,4d,5e,\
"{A6586C3B-EDEB-4A0D-9D11-A209CCDDF9EB}"=hex:3b,6c,58,a6,eb,ed,0d,4a,9d,11,a2,
09,cc,dd,f9,eb,46,55,51,45,49,25,5b,4d,47,4a,5d,23,5e,5e,40,51,5f,39,56,24,\
"{93BF7EFF-8971-4C5B-8616-0FD76D787777}"=hex:ff,7e,bf,93,71,89,5b,4c,86,16,0f,
d7,6d,78,77,77,37,42,5c,4e,4a,25,3b,5f,43,47,35,23,39,40,5b,43,47,39,45,5a,\
"{7B73C823-0ABC-43AB-B45A-B3CB5E23EB0D}"=hex:23,c8,73,7b,bc,0a,ab,43,b4,5a,b3,
cb,5e,23,eb,0d,4d,30,36,40,5f,25,3b,48,46,42,4f,23,37,51,44,51,57,39,23,50,\
"{B02C6AF1-C57B-4A2A-B4F8-F5F39D144227}"=hex:f1,6a,2c,b0,7b,c5,2a,4a,b4,f8,f5,
f3,9d,14,42,27,37,41,49,4a,43,25,41,5c,3c,56,4c,23,4e,42,5d,2b,5d,39,45,4f,\
"{6AA5CAF4-D49D-4AB5-BEB8-D17BA61F1A61}"=hex:f4,ca,a5,6a,9d,d4,b5,4a,be,b8,d1,
7b,a6,1f,1a,61,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{79141476-CB8D-44AD-A56E-0D76FC53B006}"=hex:76,14,14,79,8d,cb,ad,44,a5,6e,0d,
76,fc,53,b0,06,46,50,3c,33,5d,25,41,52,5c,5f,5f,23,45,5e,28,41,57,39,42,52,\
"{070057DA-0223-4D7E-B886-7CF38806F044}"=hex:da,57,00,07,23,02,7e,4d,b8,86,7c,
f3,88,06,f0,44,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{0246C9DF-D76B-478C-8555-1129BF363020}"=hex:df,c9,46,02,6b,d7,8c,47,85,55,11,
29,bf,36,30,20,51,4c,56,4d,49,25,4a,40,47,5d,40,23,43,23,26,5f,25,39,4f,22,\
"{2DF1219B-27C2-4D27-B0B5-A0C975A5239D}"=hex:9b,21,f1,2d,c2,27,27,4d,b0,b5,a0,
c9,75,a5,23,9d,31,42,43,33,4b,25,3a,47,52,4b,4a,23,41,5a,45,25,56,39,2c,21,\
"{34BD3747-6CC2-4831-9AA7-24BED07CEE44}"=hex:47,37,bd,34,c2,6c,31,48,9a,a7,24,
be,d0,7c,ee,44,5a,3d,5f,31,4b,25,3a,5b,5c,5a,3b,23,4b,5a,54,42,5e,39,21,24,\
"{0FA4093D-7EF8-4F5E-9D34-E50739EC80C5}"=hex:3d,09,a4,0f,f8,7e,5e,4f,9d,34,e5,
07,39,ec,80,c5,50,5c,55,51,4f,25,58,33,45,35,4a,23,3a,55,40,55,58,39,56,45,\
"{964D7706-6201-4EB4-B262-16E98F1223D5}"=hex:06,77,4d,96,01,62,b4,4e,b2,62,16,
e9,8f,12,23,d5,35,46,32,4b,3e,25,45,4c,3c,3e,5e,23,3d,49,26,45,5e,39,50,43,\
"{0D2874A2-B851-46CE-8F11-32F8F16A8833}"=hex:a2,74,28,0d,51,b8,ce,46,8f,11,32,
f8,f1,6a,88,33,57,5c,44,4d,49,25,30,42,4c,46,45,23,5e,5b,46,27,52,39,51,52,\
"{1DC33A06-3CF8-460A-9F3B-95157BEE328B}"=hex:06,3a,c3,1d,f8,3c,0a,46,9f,3b,95,
15,7b,ee,32,8b,44,30,51,56,41,25,59,3f,45,4e,5e,23,5a,53,22,44,5f,39,40,2f,\
"{2A8CCF8D-046C-40F7-A934-DB800F8E8622}"=hex:8d,cf,8c,2a,6c,04,f7,40,a9,34,db,
80,0f,8e,86,22,42,49,5d,41,56,25,5e,46,32,5d,45,23,37,5d,4b,53,50,39,58,4f,\
"{B22C6851-2792-4A99-9755-E5932B45117E}"=hex:51,68,2c,b2,92,27,99,4a,97,55,e5,
93,2b,45,11,7e,56,53,4e,33,4a,25,3e,5d,4c,47,41,23,4d,29,57,54,44,39,21,4e,\
"{D0B06C5A-8110-47C7-8670-69ABF2BA5DD4}"=hex:5a,6c,b0,d0,10,81,c7,47,86,70,69,
ab,f2,ba,5d,d4,4d,42,51,31,45,25,5b,5d,52,39,5e,23,37,52,47,45,52,39,5f,4c,\
.
[HKEY_USERS\S-1-5-21-3406220267-2230971110-2032019791-1000\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Handlers]
@Denied: (A) (Everyone)
"{7EB348D2-86FD-4FA3-B17A-BCFBA9436034}"=hex:d2,48,b3,7e,fd,86,a3,4f,b1,7a,bc,
fb,a9,43,60,34,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{D3185195-2A22-4D87-AAB3-05785BD51713}"=hex:95,51,18,d3,22,2a,87,4d,aa,b3,05,
78,5b,d5,17,13,31,3c,5f,40,51,25,51,5b,5b,5e,4b,23,57,22,5b,42,59,39,26,47,\
"{4C66AD6C-C209-427F-82DD-600DED84834F}"=hex:6c,ad,66,4c,09,c2,7f,42,82,dd,60,
0d,ed,84,83,4f,50,52,30,51,4b,25,4b,39,3c,41,4b,23,47,27,43,46,24,39,52,2e,\
"{C9DF34E6-E244-42A9-AD79-BAD999C2EE53}"=hex:e6,34,df,c9,44,e2,a9,42,ad,79,ba,
d9,99,c2,ee,53,3b,3d,36,51,55,25,5f,41,38,3f,49,23,41,58,59,41,5d,39,40,58,\
"{1BFA98B6-26E2-4DBE-9B16-C807912256F0}"=hex:b6,98,fa,1b,e2,26,be,4d,9b,16,c8,
07,91,22,56,f0,56,54,33,52,42,25,4b,5d,53,5b,46,23,45,5e,49,2a,52,39,59,40,\
"{D1BE0BF4-7BA2-4E3F-BAE0-400FDB9B3509}"=hex:f4,0b,be,d1,a2,7b,3f,4e,ba,e0,40,
0f,db,9b,35,09,4d,51,50,33,41,25,3c,5e,3e,49,45,23,5d,40,55,5e,56,39,2d,2f,\
"{DA342750-B9D4-4EBA-96CC-12AE786F9111}"=hex:50,27,34,da,d4,b9,ba,4e,96,cc,12,
ae,78,6f,91,11,44,4e,4d,51,5e,25,5e,33,47,59,46,23,56,43,24,53,4b,39,58,2f,\
"{DDC7763B-9027-4057-B91D-466AE8102C73}"=hex:3b,76,c7,dd,27,90,57,40,b9,1d,46,
6a,e8,10,2c,73,52,57,5c,30,41,25,42,5a,53,3e,58,23,49,5d,40,57,4a,39,4c,2f,\
"{DA77225D-2537-4889-B368-02C8B86FFD6E}"=hex:5d,22,77,da,37,25,89,48,b3,68,02,
c8,b8,6f,fd,6e,49,50,51,4c,51,25,31,52,4f,4d,4f,23,39,48,5a,50,43,39,47,42,\
"{8B98B199-3D11-421B-9720-5FFCBDE5BFF0}"=hex:99,b1,98,8b,11,3d,1b,42,97,20,5f,
fc,bd,e5,bf,f0,55,46,46,5c,3f,25,3f,47,53,59,3f,23,59,4a,47,45,20,39,26,41,\
"{737D08E8-F188-421F-9BC3-57BABB9F75F2}"=hex:e8,08,7d,73,88,f1,1f,42,9b,c3,57,
ba,bb,9f,75,f2,50,40,55,4b,55,25,41,5d,5d,44,59,23,3b,41,56,42,5e,39,46,51,\
"{AAC1E739-C4D5-4C78-A6B7-2920E1CC065F}"=hex:39,e7,c1,aa,d5,c4,78,4c,a6,b7,29,
20,e1,cc,06,5f,5b,31,46,32,45,25,48,33,48,5f,39,23,43,46,5b,5c,46,39,56,5b,\
"{C31467FA-3E70-4037-B152-576513D362F5}"=hex:fa,67,14,c3,70,3e,37,40,b1,52,57,
65,13,d3,62,f5,48,33,40,54,3f,25,50,40,5a,40,35,23,3b,25,5c,5f,2b,39,4f,45,\
"{6C23012C-136E-47F8-871C-A1BF3C31AB2D}"=hex:2c,01,23,6c,6e,13,f8,47,87,1c,a1,
bf,3c,31,ab,2d,4b,57,43,33,53,25,5c,4d,38,58,3f,23,58,5d,40,59,25,39,59,45,\
"{8D7ED0D8-5007-43E4-90EB-00E6CCCE2BC4}"=hex:d8,d0,7e,8d,07,50,e4,43,90,eb,00,
e6,cc,ce,2b,c4,3b,3c,3d,52,41,25,50,4c,45,40,58,23,5b,5d,42,25,50,39,57,43,\
"{82E38E24-510F-4984-9AF4-407EE1B236D1}"=hex:24,8e,e3,82,0f,51,84,49,9a,f4,40,
7e,e1,b2,36,d1,4f,42,3d,42,5d,25,4c,33,4c,46,3e,23,5a,48,5f,44,5d,39,52,58,\
"{B3D9559F-0DE1-4989-86A7-A00014EFDECA}"=hex:9f,55,d9,b3,e1,0d,89,49,86,a7,a0,
00,14,ef,de,ca,4e,3c,4e,40,54,25,50,42,5f,44,54,23,58,26,53,4b,50,39,50,55,\
"{F9651F0A-8FA8-4621-AC8D-C26461D22F03}"=hex:0a,1f,65,f9,a8,8f,21,46,ac,8d,c2,
64,61,d2,2f,03,31,4a,32,3e,49,25,4a,4f,4c,4d,59,23,38,57,44,56,56,39,57,4c,\
"{77E8358A-83E8-487A-AA29-34A3EE377282}"=hex:8a,35,e8,77,e8,83,7a,48,aa,29,34,
a3,ee,37,72,82,5b,53,55,55,45,25,4c,39,4c,4a,4f,23,5b,5b,56,25,47,39,54,44,\
"{626DD72B-B99E-47CB-AD8E-EEE5A7A8F57F}"=hex:2b,d7,6d,62,9e,b9,cb,47,ad,8e,ee,
e5,a7,a8,f5,7f,42,48,42,5f,40,25,4a,32,5f,46,3a,23,44,27,25,50,47,39,58,20,\
"{A152FFC0-2C97-4656-B8B4-6D703BDFAB65}"=hex:c0,ff,52,a1,97,2c,56,46,b8,b4,6d,
70,3b,df,ab,65,55,4c,57,55,4c,25,53,38,41,5d,5a,23,44,23,24,59,42,39,23,53,\
"{F6194513-A305-42B0-9BD8-70D86B60C214}"=hex:13,45,19,f6,05,a3,b0,42,9b,d8,70,
d8,6b,60,c2,14,48,37,5f,53,57,25,4d,3f,4d,5c,4a,23,4b,53,5d,57,50,39,26,5d,\
"{1713C21C-5C9F-4D11-BCD9-0AA0A921176C}"=hex:1c,c2,13,17,9f,5c,11,4d,bc,d9,0a,
a0,a9,21,17,6c,31,55,53,40,5e,25,30,4e,5d,5b,39,23,5b,52,24,42,59,39,53,51,\
"{17D5D2DE-5F7A-4534-A32D-FDB06C478AF2}"=hex:de,d2,d5,17,7a,5f,34,45,a3,2d,fd,
b0,6c,47,8a,f2,5b,5d,40,4b,44,25,58,33,3c,4e,5b,23,37,5c,27,26,56,39,58,25,\
"{CA949C10-4A8F-4588-B074-1987C93A4697}"=hex:10,9c,94,ca,8f,4a,88,45,b0,74,19,
87,c9,3a,46,97,49,48,4d,40,34,25,3d,5e,3f,5f,4e,23,3b,43,47,58,59,39,40,55,\
"{AD292F6B-607C-46CE-95BF-BAE533AA42DE}"=hex:6b,2f,29,ad,7c,60,ce,46,95,bf,ba,
e5,33,aa,42,de,50,4f,56,40,53,25,43,4b,33,40,4a,23,39,48,49,26,5f,39,26,5b,\
"{B054797C-2043-4492-8BE0-07750E5185D6}"=hex:7c,79,54,b0,43,20,92,44,8b,e0,07,
75,0e,51,85,d6,5b,46,54,48,31,25,53,50,47,5f,49,23,39,58,40,5f,56,39,4d,22,\
"{ABD95B56-AD2D-48CF-97AC-52454CA2A189}"=hex:56,5b,d9,ab,2d,ad,cf,48,97,ac,52,
45,4c,a2,a1,89,4f,43,36,45,33,25,4f,53,5b,4f,5d,23,44,54,57,54,43,39,44,5c,\
"{C923B916-D879-4877-8D18-3028ACAAC031}"=hex:16,b9,23,c9,79,d8,77,48,8d,18,30,
28,ac,aa,c0,31,52,4f,50,50,46,25,3d,48,3f,38,5d,23,3c,53,50,24,59,39,56,52,\
"{C7CADF72-8655-42EB-B366-85440EE826A7}"=hex:72,df,ca,c7,55,86,eb,42,b3,66,85,
44,0e,e8,26,a7,41,48,4b,4d,3e,25,45,5c,47,4d,58,23,47,57,28,43,24,39,5b,41,\
"{7B22CC68-0DB6-4351-ACA5-4BB6C4D6C0A4}"=hex:68,cc,22,7b,b6,0d,51,43,ac,a5,4b,
b6,c4,d6,c0,a4,46,53,49,51,31,25,41,3d,43,49,34,23,3d,5e,23,59,41,39,54,4f,\
"{645C2825-7EC2-44E0-A562-25C7302C383B}"=hex:25,28,5c,64,c2,7e,e0,44,a5,62,25,
c7,30,2c,38,3b,34,51,33,35,55,25,3e,4b,5d,54,5c,23,43,28,29,2b,5b,39,58,2f,\
"{8EF6DF92-F74C-4980-9E6A-BFCD2AF56232}"=hex:92,df,f6,8e,4c,f7,80,49,9e,6a,bf,
cd,2a,f5,62,32,40,51,36,53,41,25,3c,5d,33,5c,4a,23,3b,56,49,20,59,39,5e,25,\
"{20F9B915-9567-4C22-85C5-AF0F9CE28DBD}"=hex:15,b9,f9,20,67,95,22,4c,85,c5,af,
0f,9c,e2,8d,bd,59,46,4e,33,46,25,4f,39,32,58,45,23,5d,51,5f,45,2b,39,4c,42,\
"{AA257AE4-D550-43E6-AD53-763EB8DEC707}"=hex:e4,7a,25,aa,50,d5,e6,43,ad,53,76,
3e,b8,de,c7,07,52,3d,40,4d,41,25,48,3c,4c,5e,4f,23,3b,24,26,59,40,39,5f,2f,\
"{DB8D0EB1-6002-4D3F-98F9-3117EBAB5D4E}"=hex:b1,0e,8d,db,02,60,3f,4d,98,f9,31,
17,eb,ab,5d,4e,52,4e,4d,51,4c,25,47,38,4d,4a,46,23,3b,25,50,26,47,39,53,4f,\
"{30106E1E-318E-4A3E-ADCC-FA5B569F1F2E}"=hex:1e,6e,10,30,8e,31,3e,4a,ad,cc,fa,
5b,56,9f,1f,2e,55,53,57,52,5f,25,59,48,52,3e,40,23,39,29,56,4b,49,39,52,5a,\
"{93F40CAD-B170-4706-ABA8-2AA713D9250D}"=hex:ad,0c,f4,93,70,b1,06,47,ab,a8,2a,
a7,13,d9,25,0d,55,42,41,4b,44,25,4e,44,47,5b,4f,23,5b,22,5d,25,58,39,4c,42,\
"{FBBE5791-607E-4A02-9D11-FC68C2B24084}"=hex:91,57,be,fb,7e,60,02,4a,9d,11,fc,
68,c2,b2,40,84,36,56,32,3e,40,25,43,46,3e,49,54,23,3b,58,52,48,46,39,44,23,\
"{089DBEC3-5646-4BFF-8D70-2EF1922E2F93}"=hex:c3,be,9d,08,46,56,ff,4b,8d,70,2e,
f1,92,2e,2f,93,5b,5e,44,35,52,25,44,4d,4f,3f,39,23,43,52,55,5c,2b,39,59,5e,\
"{0C66B612-A79E-421A-BA0B-C4A18A40FD16}"=hex:12,b6,66,0c,9e,a7,1a,42,ba,0b,c4,
a1,8a,40,fd,16,49,5d,4e,34,4d,25,59,46,5e,49,46,23,48,24,47,2a,5f,39,26,4f,\
"{67B48C75-8BE7-45FF-B64A-A347CB79E68C}"=hex:75,8c,b4,67,e7,8b,ff,45,b6,4a,a3,
47,cb,79,e6,8c,56,55,5c,33,30,25,4a,38,41,3a,38,23,5d,5d,5c,55,43,39,45,20,\
"{5B73420A-B228-4569-9CAB-23239A05D666}"=hex:0a,42,73,5b,28,b2,69,45,9c,ab,23,
23,9a,05,d6,66,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{BB026D19-6E77-4CFE-B034-A5FD1C674CA5}"=hex:19,6d,02,bb,77,6e,fe,4c,b0,34,a5,
fd,1c,67,4c,a5,41,47,52,3e,5f,25,58,3f,3d,59,45,23,45,25,24,54,5f,39,4c,5e,\
"{B242D7F9-D327-4220-807D-8CB94F0F77CC}"=hex:f9,d7,42,b2,27,d3,20,42,80,7d,8c,
b9,4f,0f,77,cc,4f,31,50,3e,57,25,4e,3e,3e,55,45,23,58,47,24,26,55,39,47,5d,\
"{95F498A4-9414-48A8-86EB-B288EB8A19BF}"=hex:a4,98,f4,95,14,94,a8,48,86,eb,b2,
88,eb,8a,19,bf,40,31,56,3f,45,25,59,48,51,3f,3e,23,37,51,46,2a,27,39,51,24,\
"{5B39719E-E171-4498-BB48-7CCC9FF915B1}"=hex:9e,71,39,5b,71,e1,98,44,bb,48,7c,
cc,9f,f9,15,b1,41,31,46,50,30,25,4e,38,3e,39,4e,23,4a,26,5d,40,56,39,51,21,\
"{F3F27AE0-0A51-4D5B-A341-1D43DD94A149}"=hex:e0,7a,f2,f3,51,0a,5b,4d,a3,41,1d,
43,dd,94,a1,49,45,40,4e,4a,4d,25,42,4b,5f,55,43,23,4a,48,5c,2a,58,39,43,45,\
"{F6FF3B20-BD4C-4047-BC2F-2DEAEE1D7EE2}"=hex:20,3b,ff,f6,4c,bd,47,40,bc,2f,2d,
ea,ee,1d,7e,e2,41,57,56,4d,4c,25,5d,33,3f,35,4a,23,37,57,47,48,44,39,4f,25,\
"{D620B56E-7DAF-4D49-822F-E4383ACD303D}"=hex:6e,b5,20,d6,af,7d,49,4d,82,2f,e4,
38,3a,cd,30,3d,46,48,37,3f,46,25,3a,47,5b,5a,38,23,56,26,5b,2a,45,39,4d,5e,\
"{A6586C3B-EDEB-4A0D-9D11-A209CCDDF9EB}"=hex:3b,6c,58,a6,eb,ed,0d,4a,9d,11,a2,
09,cc,dd,f9,eb,46,55,51,45,49,25,5b,4d,47,4a,5d,23,5e,5e,40,51,5f,39,56,24,\
"{93BF7EFF-8971-4C5B-8616-0FD76D787777}"=hex:ff,7e,bf,93,71,89,5b,4c,86,16,0f,
d7,6d,78,77,77,37,42,5c,4e,4a,25,3b,5f,43,47,35,23,39,40,5b,43,47,39,45,5a,\
"{7B73C823-0ABC-43AB-B45A-B3CB5E23EB0D}"=hex:23,c8,73,7b,bc,0a,ab,43,b4,5a,b3,
cb,5e,23,eb,0d,4d,30,36,40,5f,25,3b,48,46,42,4f,23,37,51,44,51,57,39,23,50,\
"{B02C6AF1-C57B-4A2A-B4F8-F5F39D144227}"=hex:f1,6a,2c,b0,7b,c5,2a,4a,b4,f8,f5,
f3,9d,14,42,27,37,41,49,4a,43,25,41,5c,3c,56,4c,23,4e,42,5d,2b,5d,39,45,4f,\
"{6AA5CAF4-D49D-4AB5-BEB8-D17BA61F1A61}"=hex:f4,ca,a5,6a,9d,d4,b5,4a,be,b8,d1,
7b,a6,1f,1a,61,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{79141476-CB8D-44AD-A56E-0D76FC53B006}"=hex:76,14,14,79,8d,cb,ad,44,a5,6e,0d,
76,fc,53,b0,06,46,50,3c,33,5d,25,41,52,5c,5f,5f,23,45,5e,28,41,57,39,42,52,\
"{070057DA-0223-4D7E-B886-7CF38806F044}"=hex:da,57,00,07,23,02,7e,4d,b8,86,7c,
f3,88,06,f0,44,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{0246C9DF-D76B-478C-8555-1129BF363020}"=hex:df,c9,46,02,6b,d7,8c,47,85,55,11,
29,bf,36,30,20,51,4c,56,4d,49,25,4a,40,47,5d,40,23,43,23,26,5f,25,39,4f,22,\
"{2DF1219B-27C2-4D27-B0B5-A0C975A5239D}"=hex:9b,21,f1,2d,c2,27,27,4d,b0,b5,a0,
c9,75,a5,23,9d,31,42,43,33,4b,25,3a,47,52,4b,4a,23,41,5a,45,25,56,39,2c,21,\
"{34BD3747-6CC2-4831-9AA7-24BED07CEE44}"=hex:47,37,bd,34,c2,6c,31,48,9a,a7,24,
be,d0,7c,ee,44,5a,3d,5f,31,4b,25,3a,5b,5c,5a,3b,23,4b,5a,54,42,5e,39,21,24,\
"{0FA4093D-7EF8-4F5E-9D34-E50739EC80C5}"=hex:3d,09,a4,0f,f8,7e,5e,4f,9d,34,e5,
07,39,ec,80,c5,50,5c,55,51,4f,25,58,33,45,35,4a,23,3a,55,40,55,58,39,56,45,\
"{964D7706-6201-4EB4-B262-16E98F1223D5}"=hex:06,77,4d,96,01,62,b4,4e,b2,62,16,
e9,8f,12,23,d5,35,46,32,4b,3e,25,45,4c,3c,3e,5e,23,3d,49,26,45,5e,39,50,43,\
"{0D2874A2-B851-46CE-8F11-32F8F16A8833}"=hex:a2,74,28,0d,51,b8,ce,46,8f,11,32,
f8,f1,6a,88,33,57,5c,44,4d,49,25,30,42,4c,46,45,23,5e,5b,46,27,52,39,51,52,\
"{1DC33A06-3CF8-460A-9F3B-95157BEE328B}"=hex:06,3a,c3,1d,f8,3c,0a,46,9f,3b,95,
15,7b,ee,32,8b,44,30,51,56,41,25,59,3f,45,4e,5e,23,5a,53,22,44,5f,39,40,2f,\
"{2A8CCF8D-046C-40F7-A934-DB800F8E8622}"=hex:8d,cf,8c,2a,6c,04,f7,40,a9,34,db,
80,0f,8e,86,22,42,49,5d,41,56,25,5e,46,32,5d,45,23,37,5d,4b,53,50,39,58,4f,\
"{B22C6851-2792-4A99-9755-E5932B45117E}"=hex:51,68,2c,b2,92,27,99,4a,97,55,e5,
93,2b,45,11,7e,56,53,4e,33,4a,25,3e,5d,4c,47,41,23,4d,29,57,54,44,39,21,4e,\
"{D0B06C5A-8110-47C7-8670-69ABF2BA5DD4}"=hex:5a,6c,b0,d0,10,81,c7,47,86,70,69,
ab,f2,ba,5d,d4,4d,42,51,31,45,25,5b,5d,52,39,5e,23,37,52,47,45,52,39,5f,4c,\
.
|
|
03.09.2014, 13:10
| #9 |
| | Gdata läßt sich nicht öffnen ! Teil 2 Code:
ATTFilter [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\GPSoftware\Directory Opus\Config\System\Data]
@Denied: (A) (Everyone)
"{7EB348D2-86FD-4FA3-B17A-BCFBA9436034}"=hex:d2,48,b3,7e,fd,86,a3,4f,b1,7a,bc,
fb,a9,43,60,34,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{D3185195-2A22-4D87-AAB3-05785BD51713}"=hex:95,51,18,d3,22,2a,87,4d,aa,b3,05,
78,5b,d5,17,13,31,3c,5f,40,51,25,51,5b,5b,5e,4b,23,57,22,5b,42,59,39,26,47,\
"{4C66AD6C-C209-427F-82DD-600DED84834F}"=hex:6c,ad,66,4c,09,c2,7f,42,82,dd,60,
0d,ed,84,83,4f,50,52,30,51,4b,25,4b,39,3c,41,4b,23,47,27,43,46,24,39,52,2e,\
"{C9DF34E6-E244-42A9-AD79-BAD999C2EE53}"=hex:e6,34,df,c9,44,e2,a9,42,ad,79,ba,
d9,99,c2,ee,53,3b,3d,36,51,55,25,5f,41,38,3f,49,23,41,58,59,41,5d,39,40,58,\
"{1BFA98B6-26E2-4DBE-9B16-C807912256F0}"=hex:b6,98,fa,1b,e2,26,be,4d,9b,16,c8,
07,91,22,56,f0,56,54,33,52,42,25,4b,5d,53,5b,46,23,45,5e,49,2a,52,39,59,40,\
"{D1BE0BF4-7BA2-4E3F-BAE0-400FDB9B3509}"=hex:f4,0b,be,d1,a2,7b,3f,4e,ba,e0,40,
0f,db,9b,35,09,4d,51,50,33,41,25,3c,5e,3e,49,45,23,5d,40,55,5e,56,39,2d,2f,\
"{DA342750-B9D4-4EBA-96CC-12AE786F9111}"=hex:50,27,34,da,d4,b9,ba,4e,96,cc,12,
ae,78,6f,91,11,44,4e,4d,51,5e,25,5e,33,47,59,46,23,56,43,24,53,4b,39,58,2f,\
"{DDC7763B-9027-4057-B91D-466AE8102C73}"=hex:3b,76,c7,dd,27,90,57,40,b9,1d,46,
6a,e8,10,2c,73,52,57,5c,30,41,25,42,5a,53,3e,58,23,49,5d,40,57,4a,39,4c,2f,\
"{DA77225D-2537-4889-B368-02C8B86FFD6E}"=hex:5d,22,77,da,37,25,89,48,b3,68,02,
c8,b8,6f,fd,6e,49,50,51,4c,51,25,31,52,4f,4d,4f,23,39,48,5a,50,43,39,47,42,\
"{8B98B199-3D11-421B-9720-5FFCBDE5BFF0}"=hex:99,b1,98,8b,11,3d,1b,42,97,20,5f,
fc,bd,e5,bf,f0,55,46,46,5c,3f,25,3f,47,53,59,3f,23,59,4a,47,45,20,39,26,41,\
"{737D08E8-F188-421F-9BC3-57BABB9F75F2}"=hex:e8,08,7d,73,88,f1,1f,42,9b,c3,57,
ba,bb,9f,75,f2,50,40,55,4b,55,25,41,5d,5d,44,59,23,3b,41,56,42,5e,39,46,51,\
"{AAC1E739-C4D5-4C78-A6B7-2920E1CC065F}"=hex:39,e7,c1,aa,d5,c4,78,4c,a6,b7,29,
20,e1,cc,06,5f,5b,31,46,32,45,25,48,33,48,5f,39,23,43,46,5b,5c,46,39,56,5b,\
"{C31467FA-3E70-4037-B152-576513D362F5}"=hex:fa,67,14,c3,70,3e,37,40,b1,52,57,
65,13,d3,62,f5,48,33,40,54,3f,25,50,40,5a,40,35,23,3b,25,5c,5f,2b,39,4f,45,\
"{6C23012C-136E-47F8-871C-A1BF3C31AB2D}"=hex:2c,01,23,6c,6e,13,f8,47,87,1c,a1,
bf,3c,31,ab,2d,4b,57,43,33,53,25,5c,4d,38,58,3f,23,58,5d,40,59,25,39,59,45,\
"{8D7ED0D8-5007-43E4-90EB-00E6CCCE2BC4}"=hex:d8,d0,7e,8d,07,50,e4,43,90,eb,00,
e6,cc,ce,2b,c4,3b,3c,3d,52,41,25,50,4c,45,40,58,23,5b,5d,42,25,50,39,57,43,\
"{82E38E24-510F-4984-9AF4-407EE1B236D1}"=hex:24,8e,e3,82,0f,51,84,49,9a,f4,40,
7e,e1,b2,36,d1,4f,42,3d,42,5d,25,4c,33,4c,46,3e,23,5a,48,5f,44,5d,39,52,58,\
"{B3D9559F-0DE1-4989-86A7-A00014EFDECA}"=hex:9f,55,d9,b3,e1,0d,89,49,86,a7,a0,
00,14,ef,de,ca,4e,3c,4e,40,54,25,50,42,5f,44,54,23,58,26,53,4b,50,39,50,55,\
"{F9651F0A-8FA8-4621-AC8D-C26461D22F03}"=hex:0a,1f,65,f9,a8,8f,21,46,ac,8d,c2,
64,61,d2,2f,03,31,4a,32,3e,49,25,4a,4f,4c,4d,59,23,38,57,44,56,56,39,57,4c,\
"{77E8358A-83E8-487A-AA29-34A3EE377282}"=hex:8a,35,e8,77,e8,83,7a,48,aa,29,34,
a3,ee,37,72,82,5b,53,55,55,45,25,4c,39,4c,4a,4f,23,5b,5b,56,25,47,39,54,44,\
"{626DD72B-B99E-47CB-AD8E-EEE5A7A8F57F}"=hex:2b,d7,6d,62,9e,b9,cb,47,ad,8e,ee,
e5,a7,a8,f5,7f,42,48,42,5f,40,25,4a,32,5f,46,3a,23,44,27,25,50,47,39,58,20,\
"{A152FFC0-2C97-4656-B8B4-6D703BDFAB65}"=hex:c0,ff,52,a1,97,2c,56,46,b8,b4,6d,
70,3b,df,ab,65,55,4c,57,55,4c,25,53,38,41,5d,5a,23,44,23,24,59,42,39,23,53,\
"{F6194513-A305-42B0-9BD8-70D86B60C214}"=hex:13,45,19,f6,05,a3,b0,42,9b,d8,70,
d8,6b,60,c2,14,48,37,5f,53,57,25,4d,3f,4d,5c,4a,23,4b,53,5d,57,50,39,26,5d,\
"{1713C21C-5C9F-4D11-BCD9-0AA0A921176C}"=hex:1c,c2,13,17,9f,5c,11,4d,bc,d9,0a,
a0,a9,21,17,6c,31,55,53,40,5e,25,30,4e,5d,5b,39,23,5b,52,24,42,59,39,53,51,\
"{17D5D2DE-5F7A-4534-A32D-FDB06C478AF2}"=hex:de,d2,d5,17,7a,5f,34,45,a3,2d,fd,
b0,6c,47,8a,f2,5b,5d,40,4b,44,25,58,33,3c,4e,5b,23,37,5c,27,26,56,39,58,25,\
"{CA949C10-4A8F-4588-B074-1987C93A4697}"=hex:10,9c,94,ca,8f,4a,88,45,b0,74,19,
87,c9,3a,46,97,49,48,4d,40,34,25,3d,5e,3f,5f,4e,23,3b,43,47,58,59,39,40,55,\
"{AD292F6B-607C-46CE-95BF-BAE533AA42DE}"=hex:6b,2f,29,ad,7c,60,ce,46,95,bf,ba,
e5,33,aa,42,de,50,4f,56,40,53,25,43,4b,33,40,4a,23,39,48,49,26,5f,39,26,5b,\
"{B054797C-2043-4492-8BE0-07750E5185D6}"=hex:7c,79,54,b0,43,20,92,44,8b,e0,07,
75,0e,51,85,d6,5b,46,54,48,31,25,53,50,47,5f,49,23,39,58,40,5f,56,39,4d,22,\
"{ABD95B56-AD2D-48CF-97AC-52454CA2A189}"=hex:56,5b,d9,ab,2d,ad,cf,48,97,ac,52,
45,4c,a2,a1,89,4f,43,36,45,33,25,4f,53,5b,4f,5d,23,44,54,57,54,43,39,44,5c,\
"{C923B916-D879-4877-8D18-3028ACAAC031}"=hex:16,b9,23,c9,79,d8,77,48,8d,18,30,
28,ac,aa,c0,31,52,4f,50,50,46,25,3d,48,3f,38,5d,23,3c,53,50,24,59,39,56,52,\
"{C7CADF72-8655-42EB-B366-85440EE826A7}"=hex:72,df,ca,c7,55,86,eb,42,b3,66,85,
44,0e,e8,26,a7,41,48,4b,4d,3e,25,45,5c,47,4d,58,23,47,57,28,43,24,39,5b,41,\
"{7B22CC68-0DB6-4351-ACA5-4BB6C4D6C0A4}"=hex:68,cc,22,7b,b6,0d,51,43,ac,a5,4b,
b6,c4,d6,c0,a4,46,53,49,51,31,25,41,3d,43,49,34,23,3d,5e,23,59,41,39,54,4f,\
"{645C2825-7EC2-44E0-A562-25C7302C383B}"=hex:25,28,5c,64,c2,7e,e0,44,a5,62,25,
c7,30,2c,38,3b,34,51,33,35,55,25,3e,4b,5d,54,5c,23,43,28,29,2b,5b,39,58,2f,\
"{8EF6DF92-F74C-4980-9E6A-BFCD2AF56232}"=hex:92,df,f6,8e,4c,f7,80,49,9e,6a,bf,
cd,2a,f5,62,32,40,51,36,53,41,25,3c,5d,33,5c,4a,23,3b,56,49,20,59,39,5e,25,\
"{20F9B915-9567-4C22-85C5-AF0F9CE28DBD}"=hex:15,b9,f9,20,67,95,22,4c,85,c5,af,
0f,9c,e2,8d,bd,59,46,4e,33,46,25,4f,39,32,58,45,23,5d,51,5f,45,2b,39,4c,42,\
"{AA257AE4-D550-43E6-AD53-763EB8DEC707}"=hex:e4,7a,25,aa,50,d5,e6,43,ad,53,76,
3e,b8,de,c7,07,52,3d,40,4d,41,25,48,3c,4c,5e,4f,23,3b,24,26,59,40,39,5f,2f,\
"{DB8D0EB1-6002-4D3F-98F9-3117EBAB5D4E}"=hex:b1,0e,8d,db,02,60,3f,4d,98,f9,31,
17,eb,ab,5d,4e,52,4e,4d,51,4c,25,47,38,4d,4a,46,23,3b,25,50,26,47,39,53,4f,\
"{30106E1E-318E-4A3E-ADCC-FA5B569F1F2E}"=hex:1e,6e,10,30,8e,31,3e,4a,ad,cc,fa,
5b,56,9f,1f,2e,55,53,57,52,5f,25,59,48,52,3e,40,23,39,29,56,4b,49,39,52,5a,\
"{93F40CAD-B170-4706-ABA8-2AA713D9250D}"=hex:ad,0c,f4,93,70,b1,06,47,ab,a8,2a,
a7,13,d9,25,0d,55,42,41,4b,44,25,4e,44,47,5b,4f,23,5b,22,5d,25,58,39,4c,42,\
"{FBBE5791-607E-4A02-9D11-FC68C2B24084}"=hex:91,57,be,fb,7e,60,02,4a,9d,11,fc,
68,c2,b2,40,84,36,56,32,3e,40,25,43,46,3e,49,54,23,3b,58,52,48,46,39,44,23,\
"{089DBEC3-5646-4BFF-8D70-2EF1922E2F93}"=hex:c3,be,9d,08,46,56,ff,4b,8d,70,2e,
f1,92,2e,2f,93,5b,5e,44,35,52,25,44,4d,4f,3f,39,23,43,52,55,5c,2b,39,59,5e,\
"{0C66B612-A79E-421A-BA0B-C4A18A40FD16}"=hex:12,b6,66,0c,9e,a7,1a,42,ba,0b,c4,
a1,8a,40,fd,16,49,5d,4e,34,4d,25,59,46,5e,49,46,23,48,24,47,2a,5f,39,26,4f,\
"{67B48C75-8BE7-45FF-B64A-A347CB79E68C}"=hex:75,8c,b4,67,e7,8b,ff,45,b6,4a,a3,
47,cb,79,e6,8c,56,55,5c,33,30,25,4a,38,41,3a,38,23,5d,5d,5c,55,43,39,45,20,\
"{5B73420A-B228-4569-9CAB-23239A05D666}"=hex:0a,42,73,5b,28,b2,69,45,9c,ab,23,
23,9a,05,d6,66,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{BB026D19-6E77-4CFE-B034-A5FD1C674CA5}"=hex:19,6d,02,bb,77,6e,fe,4c,b0,34,a5,
fd,1c,67,4c,a5,41,47,52,3e,5f,25,58,3f,3d,59,45,23,45,25,24,54,5f,39,4c,5e,\
"{B242D7F9-D327-4220-807D-8CB94F0F77CC}"=hex:f9,d7,42,b2,27,d3,20,42,80,7d,8c,
b9,4f,0f,77,cc,4f,31,50,3e,57,25,4e,3e,3e,55,45,23,58,47,24,26,55,39,47,5d,\
"{95F498A4-9414-48A8-86EB-B288EB8A19BF}"=hex:a4,98,f4,95,14,94,a8,48,86,eb,b2,
88,eb,8a,19,bf,40,31,56,3f,45,25,59,48,51,3f,3e,23,37,51,46,2a,27,39,51,24,\
"{5B39719E-E171-4498-BB48-7CCC9FF915B1}"=hex:9e,71,39,5b,71,e1,98,44,bb,48,7c,
cc,9f,f9,15,b1,41,31,46,50,30,25,4e,38,3e,39,4e,23,4a,26,5d,40,56,39,51,21,\
"{F3F27AE0-0A51-4D5B-A341-1D43DD94A149}"=hex:e0,7a,f2,f3,51,0a,5b,4d,a3,41,1d,
43,dd,94,a1,49,45,40,4e,4a,4d,25,42,4b,5f,55,43,23,4a,48,5c,2a,58,39,43,45,\
"{F6FF3B20-BD4C-4047-BC2F-2DEAEE1D7EE2}"=hex:20,3b,ff,f6,4c,bd,47,40,bc,2f,2d,
ea,ee,1d,7e,e2,41,57,56,4d,4c,25,5d,33,3f,35,4a,23,37,57,47,48,44,39,4f,25,\
"{D620B56E-7DAF-4D49-822F-E4383ACD303D}"=hex:6e,b5,20,d6,af,7d,49,4d,82,2f,e4,
38,3a,cd,30,3d,46,48,37,3f,46,25,3a,47,5b,5a,38,23,56,26,5b,2a,45,39,4d,5e,\
"{A6586C3B-EDEB-4A0D-9D11-A209CCDDF9EB}"=hex:3b,6c,58,a6,eb,ed,0d,4a,9d,11,a2,
09,cc,dd,f9,eb,46,55,51,45,49,25,5b,4d,47,4a,5d,23,5e,5e,40,51,5f,39,56,24,\
"{93BF7EFF-8971-4C5B-8616-0FD76D787777}"=hex:ff,7e,bf,93,71,89,5b,4c,86,16,0f,
d7,6d,78,77,77,37,42,5c,4e,4a,25,3b,5f,43,47,35,23,39,40,5b,43,47,39,45,5a,\
"{7B73C823-0ABC-43AB-B45A-B3CB5E23EB0D}"=hex:23,c8,73,7b,bc,0a,ab,43,b4,5a,b3,
cb,5e,23,eb,0d,4d,30,36,40,5f,25,3b,48,46,42,4f,23,37,51,44,51,57,39,23,50,\
"{B02C6AF1-C57B-4A2A-B4F8-F5F39D144227}"=hex:f1,6a,2c,b0,7b,c5,2a,4a,b4,f8,f5,
f3,9d,14,42,27,37,41,49,4a,43,25,41,5c,3c,56,4c,23,4e,42,5d,2b,5d,39,45,4f,\
"{6AA5CAF4-D49D-4AB5-BEB8-D17BA61F1A61}"=hex:f4,ca,a5,6a,9d,d4,b5,4a,be,b8,d1,
7b,a6,1f,1a,61,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{79141476-CB8D-44AD-A56E-0D76FC53B006}"=hex:76,14,14,79,8d,cb,ad,44,a5,6e,0d,
76,fc,53,b0,06,46,50,3c,33,5d,25,41,52,5c,5f,5f,23,45,5e,28,41,57,39,42,52,\
"{070057DA-0223-4D7E-B886-7CF38806F044}"=hex:da,57,00,07,23,02,7e,4d,b8,86,7c,
f3,88,06,f0,44,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{0246C9DF-D76B-478C-8555-1129BF363020}"=hex:df,c9,46,02,6b,d7,8c,47,85,55,11,
29,bf,36,30,20,51,4c,56,4d,49,25,4a,40,47,5d,40,23,43,23,26,5f,25,39,4f,22,\
"{2DF1219B-27C2-4D27-B0B5-A0C975A5239D}"=hex:9b,21,f1,2d,c2,27,27,4d,b0,b5,a0,
c9,75,a5,23,9d,31,42,43,33,4b,25,3a,47,52,4b,4a,23,41,5a,45,25,56,39,2c,21,\
"{34BD3747-6CC2-4831-9AA7-24BED07CEE44}"=hex:47,37,bd,34,c2,6c,31,48,9a,a7,24,
be,d0,7c,ee,44,5a,3d,5f,31,4b,25,3a,5b,5c,5a,3b,23,4b,5a,54,42,5e,39,21,24,\
"{0FA4093D-7EF8-4F5E-9D34-E50739EC80C5}"=hex:3d,09,a4,0f,f8,7e,5e,4f,9d,34,e5,
07,39,ec,80,c5,50,5c,55,51,4f,25,58,33,45,35,4a,23,3a,55,40,55,58,39,56,45,\
"{964D7706-6201-4EB4-B262-16E98F1223D5}"=hex:06,77,4d,96,01,62,b4,4e,b2,62,16,
e9,8f,12,23,d5,35,46,32,4b,3e,25,45,4c,3c,3e,5e,23,3d,49,26,45,5e,39,50,43,\
"{0D2874A2-B851-46CE-8F11-32F8F16A8833}"=hex:a2,74,28,0d,51,b8,ce,46,8f,11,32,
f8,f1,6a,88,33,57,5c,44,4d,49,25,30,42,4c,46,45,23,5e,5b,46,27,52,39,51,52,\
"{1DC33A06-3CF8-460A-9F3B-95157BEE328B}"=hex:06,3a,c3,1d,f8,3c,0a,46,9f,3b,95,
15,7b,ee,32,8b,44,30,51,56,41,25,59,3f,45,4e,5e,23,5a,53,22,44,5f,39,40,2f,\
"{2A8CCF8D-046C-40F7-A934-DB800F8E8622}"=hex:8d,cf,8c,2a,6c,04,f7,40,a9,34,db,
80,0f,8e,86,22,42,49,5d,41,56,25,5e,46,32,5d,45,23,37,5d,4b,53,50,39,58,4f,\
"{B22C6851-2792-4A99-9755-E5932B45117E}"=hex:51,68,2c,b2,92,27,99,4a,97,55,e5,
93,2b,45,11,7e,56,53,4e,33,4a,25,3e,5d,4c,47,41,23,4d,29,57,54,44,39,21,4e,\
"{D0B06C5A-8110-47C7-8670-69ABF2BA5DD4}"=hex:5a,6c,b0,d0,10,81,c7,47,86,70,69,
ab,f2,ba,5d,d4,4d,42,51,31,45,25,5b,5d,52,39,5e,23,37,52,47,45,52,39,5f,4c,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DesktopInterfaceMethod]
@Denied: (A) (Everyone)
"{7EB348D2-86FD-4FA3-B17A-BCFBA9436034}"=hex:d2,48,b3,7e,fd,86,a3,4f,b1,7a,bc,
fb,a9,43,60,34,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{D3185195-2A22-4D87-AAB3-05785BD51713}"=hex:95,51,18,d3,22,2a,87,4d,aa,b3,05,
78,5b,d5,17,13,31,3c,5f,40,51,25,51,5b,5b,5e,4b,23,57,22,5b,42,59,39,26,47,\
"{4C66AD6C-C209-427F-82DD-600DED84834F}"=hex:6c,ad,66,4c,09,c2,7f,42,82,dd,60,
0d,ed,84,83,4f,50,52,30,51,4b,25,4b,39,3c,41,4b,23,47,27,43,46,24,39,52,2e,\
"{C9DF34E6-E244-42A9-AD79-BAD999C2EE53}"=hex:e6,34,df,c9,44,e2,a9,42,ad,79,ba,
d9,99,c2,ee,53,3b,3d,36,51,55,25,5f,41,38,3f,49,23,41,58,59,41,5d,39,40,58,\
"{1BFA98B6-26E2-4DBE-9B16-C807912256F0}"=hex:b6,98,fa,1b,e2,26,be,4d,9b,16,c8,
07,91,22,56,f0,56,54,33,52,42,25,4b,5d,53,5b,46,23,45,5e,49,2a,52,39,59,40,\
"{D1BE0BF4-7BA2-4E3F-BAE0-400FDB9B3509}"=hex:f4,0b,be,d1,a2,7b,3f,4e,ba,e0,40,
0f,db,9b,35,09,4d,51,50,33,41,25,3c,5e,3e,49,45,23,5d,40,55,5e,56,39,2d,2f,\
"{DA342750-B9D4-4EBA-96CC-12AE786F9111}"=hex:50,27,34,da,d4,b9,ba,4e,96,cc,12,
ae,78,6f,91,11,44,4e,4d,51,5e,25,5e,33,47,59,46,23,56,43,24,53,4b,39,58,2f,\
"{DDC7763B-9027-4057-B91D-466AE8102C73}"=hex:3b,76,c7,dd,27,90,57,40,b9,1d,46,
6a,e8,10,2c,73,52,57,5c,30,41,25,42,5a,53,3e,58,23,49,5d,40,57,4a,39,4c,2f,\
"{DA77225D-2537-4889-B368-02C8B86FFD6E}"=hex:5d,22,77,da,37,25,89,48,b3,68,02,
c8,b8,6f,fd,6e,49,50,51,4c,51,25,31,52,4f,4d,4f,23,39,48,5a,50,43,39,47,42,\
"{8B98B199-3D11-421B-9720-5FFCBDE5BFF0}"=hex:99,b1,98,8b,11,3d,1b,42,97,20,5f,
fc,bd,e5,bf,f0,55,46,46,5c,3f,25,3f,47,53,59,3f,23,59,4a,47,45,20,39,26,41,\
"{737D08E8-F188-421F-9BC3-57BABB9F75F2}"=hex:e8,08,7d,73,88,f1,1f,42,9b,c3,57,
ba,bb,9f,75,f2,50,40,55,4b,55,25,41,5d,5d,44,59,23,3b,41,56,42,5e,39,46,51,\
"{AAC1E739-C4D5-4C78-A6B7-2920E1CC065F}"=hex:39,e7,c1,aa,d5,c4,78,4c,a6,b7,29,
20,e1,cc,06,5f,5b,31,46,32,45,25,48,33,48,5f,39,23,43,46,5b,5c,46,39,56,5b,\
"{C31467FA-3E70-4037-B152-576513D362F5}"=hex:fa,67,14,c3,70,3e,37,40,b1,52,57,
65,13,d3,62,f5,48,33,40,54,3f,25,50,40,5a,40,35,23,3b,25,5c,5f,2b,39,4f,45,\
"{6C23012C-136E-47F8-871C-A1BF3C31AB2D}"=hex:2c,01,23,6c,6e,13,f8,47,87,1c,a1,
bf,3c,31,ab,2d,4b,57,43,33,53,25,5c,4d,38,58,3f,23,58,5d,40,59,25,39,59,45,\
"{8D7ED0D8-5007-43E4-90EB-00E6CCCE2BC4}"=hex:d8,d0,7e,8d,07,50,e4,43,90,eb,00,
e6,cc,ce,2b,c4,3b,3c,3d,52,41,25,50,4c,45,40,58,23,5b,5d,42,25,50,39,57,43,\
"{82E38E24-510F-4984-9AF4-407EE1B236D1}"=hex:24,8e,e3,82,0f,51,84,49,9a,f4,40,
7e,e1,b2,36,d1,4f,42,3d,42,5d,25,4c,33,4c,46,3e,23,5a,48,5f,44,5d,39,52,58,\
"{B3D9559F-0DE1-4989-86A7-A00014EFDECA}"=hex:9f,55,d9,b3,e1,0d,89,49,86,a7,a0,
00,14,ef,de,ca,4e,3c,4e,40,54,25,50,42,5f,44,54,23,58,26,53,4b,50,39,50,55,\
"{F9651F0A-8FA8-4621-AC8D-C26461D22F03}"=hex:0a,1f,65,f9,a8,8f,21,46,ac,8d,c2,
64,61,d2,2f,03,31,4a,32,3e,49,25,4a,4f,4c,4d,59,23,38,57,44,56,56,39,57,4c,\
"{77E8358A-83E8-487A-AA29-34A3EE377282}"=hex:8a,35,e8,77,e8,83,7a,48,aa,29,34,
a3,ee,37,72,82,5b,53,55,55,45,25,4c,39,4c,4a,4f,23,5b,5b,56,25,47,39,54,44,\
"{626DD72B-B99E-47CB-AD8E-EEE5A7A8F57F}"=hex:2b,d7,6d,62,9e,b9,cb,47,ad,8e,ee,
e5,a7,a8,f5,7f,42,48,42,5f,40,25,4a,32,5f,46,3a,23,44,27,25,50,47,39,58,20,\
"{A152FFC0-2C97-4656-B8B4-6D703BDFAB65}"=hex:c0,ff,52,a1,97,2c,56,46,b8,b4,6d,
70,3b,df,ab,65,55,4c,57,55,4c,25,53,38,41,5d,5a,23,44,23,24,59,42,39,23,53,\
"{F6194513-A305-42B0-9BD8-70D86B60C214}"=hex:13,45,19,f6,05,a3,b0,42,9b,d8,70,
d8,6b,60,c2,14,48,37,5f,53,57,25,4d,3f,4d,5c,4a,23,4b,53,5d,57,50,39,26,5d,\
"{1713C21C-5C9F-4D11-BCD9-0AA0A921176C}"=hex:1c,c2,13,17,9f,5c,11,4d,bc,d9,0a,
a0,a9,21,17,6c,31,55,53,40,5e,25,30,4e,5d,5b,39,23,5b,52,24,42,59,39,53,51,\
"{17D5D2DE-5F7A-4534-A32D-FDB06C478AF2}"=hex:de,d2,d5,17,7a,5f,34,45,a3,2d,fd,
b0,6c,47,8a,f2,5b,5d,40,4b,44,25,58,33,3c,4e,5b,23,37,5c,27,26,56,39,58,25,\
"{CA949C10-4A8F-4588-B074-1987C93A4697}"=hex:10,9c,94,ca,8f,4a,88,45,b0,74,19,
87,c9,3a,46,97,49,48,4d,40,34,25,3d,5e,3f,5f,4e,23,3b,43,47,58,59,39,40,55,\
"{AD292F6B-607C-46CE-95BF-BAE533AA42DE}"=hex:6b,2f,29,ad,7c,60,ce,46,95,bf,ba,
e5,33,aa,42,de,50,4f,56,40,53,25,43,4b,33,40,4a,23,39,48,49,26,5f,39,26,5b,\
"{B054797C-2043-4492-8BE0-07750E5185D6}"=hex:7c,79,54,b0,43,20,92,44,8b,e0,07,
75,0e,51,85,d6,5b,46,54,48,31,25,53,50,47,5f,49,23,39,58,40,5f,56,39,4d,22,\
"{ABD95B56-AD2D-48CF-97AC-52454CA2A189}"=hex:56,5b,d9,ab,2d,ad,cf,48,97,ac,52,
45,4c,a2,a1,89,4f,43,36,45,33,25,4f,53,5b,4f,5d,23,44,54,57,54,43,39,44,5c,\
"{C923B916-D879-4877-8D18-3028ACAAC031}"=hex:16,b9,23,c9,79,d8,77,48,8d,18,30,
28,ac,aa,c0,31,52,4f,50,50,46,25,3d,48,3f,38,5d,23,3c,53,50,24,59,39,56,52,\
"{C7CADF72-8655-42EB-B366-85440EE826A7}"=hex:72,df,ca,c7,55,86,eb,42,b3,66,85,
44,0e,e8,26,a7,41,48,4b,4d,3e,25,45,5c,47,4d,58,23,47,57,28,43,24,39,5b,41,\
"{7B22CC68-0DB6-4351-ACA5-4BB6C4D6C0A4}"=hex:68,cc,22,7b,b6,0d,51,43,ac,a5,4b,
b6,c4,d6,c0,a4,46,53,49,51,31,25,41,3d,43,49,34,23,3d,5e,23,59,41,39,54,4f,\
"{645C2825-7EC2-44E0-A562-25C7302C383B}"=hex:25,28,5c,64,c2,7e,e0,44,a5,62,25,
c7,30,2c,38,3b,34,51,33,35,55,25,3e,4b,5d,54,5c,23,43,28,29,2b,5b,39,58,2f,\
"{8EF6DF92-F74C-4980-9E6A-BFCD2AF56232}"=hex:92,df,f6,8e,4c,f7,80,49,9e,6a,bf,
cd,2a,f5,62,32,40,51,36,53,41,25,3c,5d,33,5c,4a,23,3b,56,49,20,59,39,5e,25,\
"{20F9B915-9567-4C22-85C5-AF0F9CE28DBD}"=hex:15,b9,f9,20,67,95,22,4c,85,c5,af,
0f,9c,e2,8d,bd,59,46,4e,33,46,25,4f,39,32,58,45,23,5d,51,5f,45,2b,39,4c,42,\
"{AA257AE4-D550-43E6-AD53-763EB8DEC707}"=hex:e4,7a,25,aa,50,d5,e6,43,ad,53,76,
3e,b8,de,c7,07,52,3d,40,4d,41,25,48,3c,4c,5e,4f,23,3b,24,26,59,40,39,5f,2f,\
"{DB8D0EB1-6002-4D3F-98F9-3117EBAB5D4E}"=hex:b1,0e,8d,db,02,60,3f,4d,98,f9,31,
17,eb,ab,5d,4e,52,4e,4d,51,4c,25,47,38,4d,4a,46,23,3b,25,50,26,47,39,53,4f,\
"{30106E1E-318E-4A3E-ADCC-FA5B569F1F2E}"=hex:1e,6e,10,30,8e,31,3e,4a,ad,cc,fa,
5b,56,9f,1f,2e,55,53,57,52,5f,25,59,48,52,3e,40,23,39,29,56,4b,49,39,52,5a,\
"{93F40CAD-B170-4706-ABA8-2AA713D9250D}"=hex:ad,0c,f4,93,70,b1,06,47,ab,a8,2a,
a7,13,d9,25,0d,55,42,41,4b,44,25,4e,44,47,5b,4f,23,5b,22,5d,25,58,39,4c,42,\
"{FBBE5791-607E-4A02-9D11-FC68C2B24084}"=hex:91,57,be,fb,7e,60,02,4a,9d,11,fc,
68,c2,b2,40,84,36,56,32,3e,40,25,43,46,3e,49,54,23,3b,58,52,48,46,39,44,23,\
"{089DBEC3-5646-4BFF-8D70-2EF1922E2F93}"=hex:c3,be,9d,08,46,56,ff,4b,8d,70,2e,
f1,92,2e,2f,93,5b,5e,44,35,52,25,44,4d,4f,3f,39,23,43,52,55,5c,2b,39,59,5e,\
"{0C66B612-A79E-421A-BA0B-C4A18A40FD16}"=hex:12,b6,66,0c,9e,a7,1a,42,ba,0b,c4,
a1,8a,40,fd,16,49,5d,4e,34,4d,25,59,46,5e,49,46,23,48,24,47,2a,5f,39,26,4f,\
"{67B48C75-8BE7-45FF-B64A-A347CB79E68C}"=hex:75,8c,b4,67,e7,8b,ff,45,b6,4a,a3,
47,cb,79,e6,8c,56,55,5c,33,30,25,4a,38,41,3a,38,23,5d,5d,5c,55,43,39,45,20,\
"{5B73420A-B228-4569-9CAB-23239A05D666}"=hex:0a,42,73,5b,28,b2,69,45,9c,ab,23,
23,9a,05,d6,66,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{BB026D19-6E77-4CFE-B034-A5FD1C674CA5}"=hex:19,6d,02,bb,77,6e,fe,4c,b0,34,a5,
fd,1c,67,4c,a5,41,47,52,3e,5f,25,58,3f,3d,59,45,23,45,25,24,54,5f,39,4c,5e,\
"{B242D7F9-D327-4220-807D-8CB94F0F77CC}"=hex:f9,d7,42,b2,27,d3,20,42,80,7d,8c,
b9,4f,0f,77,cc,4f,31,50,3e,57,25,4e,3e,3e,55,45,23,58,47,24,26,55,39,47,5d,\
"{95F498A4-9414-48A8-86EB-B288EB8A19BF}"=hex:a4,98,f4,95,14,94,a8,48,86,eb,b2,
88,eb,8a,19,bf,40,31,56,3f,45,25,59,48,51,3f,3e,23,37,51,46,2a,27,39,51,24,\
"{5B39719E-E171-4498-BB48-7CCC9FF915B1}"=hex:9e,71,39,5b,71,e1,98,44,bb,48,7c,
cc,9f,f9,15,b1,41,31,46,50,30,25,4e,38,3e,39,4e,23,4a,26,5d,40,56,39,51,21,\
"{F3F27AE0-0A51-4D5B-A341-1D43DD94A149}"=hex:e0,7a,f2,f3,51,0a,5b,4d,a3,41,1d,
43,dd,94,a1,49,45,40,4e,4a,4d,25,42,4b,5f,55,43,23,4a,48,5c,2a,58,39,43,45,\
"{F6FF3B20-BD4C-4047-BC2F-2DEAEE1D7EE2}"=hex:20,3b,ff,f6,4c,bd,47,40,bc,2f,2d,
ea,ee,1d,7e,e2,41,57,56,4d,4c,25,5d,33,3f,35,4a,23,37,57,47,48,44,39,4f,25,\
"{D620B56E-7DAF-4D49-822F-E4383ACD303D}"=hex:6e,b5,20,d6,af,7d,49,4d,82,2f,e4,
38,3a,cd,30,3d,46,48,37,3f,46,25,3a,47,5b,5a,38,23,56,26,5b,2a,45,39,4d,5e,\
"{A6586C3B-EDEB-4A0D-9D11-A209CCDDF9EB}"=hex:3b,6c,58,a6,eb,ed,0d,4a,9d,11,a2,
09,cc,dd,f9,eb,46,55,51,45,49,25,5b,4d,47,4a,5d,23,5e,5e,40,51,5f,39,56,24,\
"{93BF7EFF-8971-4C5B-8616-0FD76D787777}"=hex:ff,7e,bf,93,71,89,5b,4c,86,16,0f,
d7,6d,78,77,77,37,42,5c,4e,4a,25,3b,5f,43,47,35,23,39,40,5b,43,47,39,45,5a,\
"{7B73C823-0ABC-43AB-B45A-B3CB5E23EB0D}"=hex:23,c8,73,7b,bc,0a,ab,43,b4,5a,b3,
cb,5e,23,eb,0d,4d,30,36,40,5f,25,3b,48,46,42,4f,23,37,51,44,51,57,39,23,50,\
"{B02C6AF1-C57B-4A2A-B4F8-F5F39D144227}"=hex:f1,6a,2c,b0,7b,c5,2a,4a,b4,f8,f5,
f3,9d,14,42,27,37,41,49,4a,43,25,41,5c,3c,56,4c,23,4e,42,5d,2b,5d,39,45,4f,\
"{6AA5CAF4-D49D-4AB5-BEB8-D17BA61F1A61}"=hex:f4,ca,a5,6a,9d,d4,b5,4a,be,b8,d1,
7b,a6,1f,1a,61,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{79141476-CB8D-44AD-A56E-0D76FC53B006}"=hex:76,14,14,79,8d,cb,ad,44,a5,6e,0d,
76,fc,53,b0,06,46,50,3c,33,5d,25,41,52,5c,5f,5f,23,45,5e,28,41,57,39,42,52,\
"{070057DA-0223-4D7E-B886-7CF38806F044}"=hex:da,57,00,07,23,02,7e,4d,b8,86,7c,
f3,88,06,f0,44,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{0246C9DF-D76B-478C-8555-1129BF363020}"=hex:df,c9,46,02,6b,d7,8c,47,85,55,11,
29,bf,36,30,20,51,4c,56,4d,49,25,4a,40,47,5d,40,23,43,23,26,5f,25,39,4f,22,\
"{2DF1219B-27C2-4D27-B0B5-A0C975A5239D}"=hex:9b,21,f1,2d,c2,27,27,4d,b0,b5,a0,
c9,75,a5,23,9d,31,42,43,33,4b,25,3a,47,52,4b,4a,23,41,5a,45,25,56,39,2c,21,\
"{34BD3747-6CC2-4831-9AA7-24BED07CEE44}"=hex:47,37,bd,34,c2,6c,31,48,9a,a7,24,
be,d0,7c,ee,44,5a,3d,5f,31,4b,25,3a,5b,5c,5a,3b,23,4b,5a,54,42,5e,39,21,24,\
"{0FA4093D-7EF8-4F5E-9D34-E50739EC80C5}"=hex:3d,09,a4,0f,f8,7e,5e,4f,9d,34,e5,
07,39,ec,80,c5,50,5c,55,51,4f,25,58,33,45,35,4a,23,3a,55,40,55,58,39,56,45,\
"{964D7706-6201-4EB4-B262-16E98F1223D5}"=hex:06,77,4d,96,01,62,b4,4e,b2,62,16,
e9,8f,12,23,d5,35,46,32,4b,3e,25,45,4c,3c,3e,5e,23,3d,49,26,45,5e,39,50,43,\
"{0D2874A2-B851-46CE-8F11-32F8F16A8833}"=hex:a2,74,28,0d,51,b8,ce,46,8f,11,32,
f8,f1,6a,88,33,57,5c,44,4d,49,25,30,42,4c,46,45,23,5e,5b,46,27,52,39,51,52,\
"{1DC33A06-3CF8-460A-9F3B-95157BEE328B}"=hex:06,3a,c3,1d,f8,3c,0a,46,9f,3b,95,
15,7b,ee,32,8b,44,30,51,56,41,25,59,3f,45,4e,5e,23,5a,53,22,44,5f,39,40,2f,\
"{2A8CCF8D-046C-40F7-A934-DB800F8E8622}"=hex:8d,cf,8c,2a,6c,04,f7,40,a9,34,db,
80,0f,8e,86,22,42,49,5d,41,56,25,5e,46,32,5d,45,23,37,5d,4b,53,50,39,58,4f,\
"{B22C6851-2792-4A99-9755-E5932B45117E}"=hex:51,68,2c,b2,92,27,99,4a,97,55,e5,
93,2b,45,11,7e,56,53,4e,33,4a,25,3e,5d,4c,47,41,23,4d,29,57,54,44,39,21,4e,\
"{D0B06C5A-8110-47C7-8670-69ABF2BA5DD4}"=hex:5a,6c,b0,d0,10,81,c7,47,86,70,69,
ab,f2,ba,5d,d4,4d,42,51,31,45,25,5b,5d,52,39,5e,23,37,52,47,45,52,39,5f,4c,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG16.00.00.01PROFESSIONAL"="05FC1B779B9859D33D84C3353FF8B52BC7C4CC0A91428C496AB8CD8F128E3D7D71658CECE795A1B51393DBAFD4473B81F8CE0F75C139E8E1453D7CE14EE333E639C20FE6FC2C2A255CF6EB6266C449F241E79E00FDD4F878CF3064F5F1F89315A5D8758D038E04880410EEF709CEEC784DB0417A70BD633F170D33E5D2E33D8E4420F6DDA2DCE75B367546745835D3240B791F0DC090EFFA6904FB9BD02E316D6544ABA90930B02EE5EEB4AC73BBD499AC49C3B2225E0C05DCF731D84AD614DF9D269394E8925C234AFAE0C97C9966122BDA20B8C62DC7CA48002FAF24CE3229C8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407A2D97226D213B555A6A0AC4980AC7933A2D97226D213B55571C214871A82F14D0CAD81A25466C9E643BE540F6F41CCE9CCBFFAAE421B2CD964B2C28D2C38FADCE295173F0F9F912220B980C020383B4AAB9D04F07E72B76BC9E64A94A37E0E994FE0956FA020260843918CE9A681C338D1D952C5E61DBC3993296EE9BEBF0F73A14088B0B18AC2097602E7D6B99415C4A859D96B6010FC15E927CCDA2C867A9FDC484F8360A4355C3D28DA59839274C5CEE0E524C0625295266ED1BD92845A9539739F6CBED760F94A07FA49A43FB657151E933756D0A817567640680B10D111221E7FF2D3B13A208705B77DAFFE4855801F55ED61BB7F393E153136229F9592B78A4BA59864CC4E8F6D4FD52A5EA764CB586F9894A5ECDC54880E08D7526E5F4C5D33157BC7B5C9346C5833918C6A6763207D891836172BC1701541A3E7BB7D67A1BA54DE52A81DFA95B9F9D25A350C69B16C9687BBBB8EE551D9C8ECC4EB3BC442B87D1825EA941B5F3315D241443E322E7D1BF423AA36D392C28B10F206A65512DA2DF07FD74101A452F1E6DA6730C997C6F46203C89552820B77609F2395BA471F03A8C9DBF7CC23FD83DAE502D96BD5338648918C63D95040029F9A709E4DF85AA3700C7B53D4FDEEBC6EC58AF20A34FE3992AA849A1B1147A20BD82E9F982734386EF34BAF9FB9B01952810CFACA61BDF4224FCFFA773CD4534BF3B3B85C31276EBC55762DEAC3A5963143263406F1D2284BA2228705AF749405A8684C8BDD8575E9A43B3226688036225A8C254ADDF9C7D36C4407102A846ACA57CA034E567082767C6BE677594BFB37B98617D9FD3FC87A1993851650B9DCA6066A4A7EA761CD591AECBAB72FE2F4F1796F9729130726EC38FED04AAC1976955C6F512FC22494FCDFBA5B7063782C49D1B6F961C184DDD1FD0B7D11287DC70927108D20FDD7183F5364C0E4D310B429A3DDD4E18F42F4BDC1D062079595E3E5D89C34CA126F9B729E092388C3812370F1FD803A691FEEBF017B99FAA9E4E28305F3455A9C3467DA90E1"
"OOCC7.00.00.01PROSTATION"="0C9252B4FEF9B9EC39223D7A2A6ECCF8F62F70316D64C5AD765DF27A45C6D2A11CF36677C37FC154A5108840A2E1AD34125785760C3271365CC41764C8B2F87B0C8772A82D4DD0090E6690F561C1110CE1BF32E2F5659C3299124E47C7FB9E10A316B829B2186A18E369273F1C09241FA748FE7A3D6435F25CDBF728D013FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407A2D97226D213B555A6A0AC4980AC7933A2D97226D213B5550AB915552EE515F65D32569377F1604A2E1771EC3846904AB81F02E575AFBE23924A4E496722A7E89C7B06F525D0CA32539FD2B50D6466B061E12DAA08B4B46C8A6F0EC81C9805FDE4D86DDDC8439F69DFE988303A34F77B9BAB0228C9B4323C96644F08CCE77AF11EB272B737672638202F07A20BF2281A3B28239C18AD59CBAB62FCDF0E6E866884F46C175B9DDA48B4AD35F7DE2313DF640523EC696300B6162AF94E89D15CE4A6122CB1B30CEFA61426ED3FA98A868591F50B20445C337E73FD99F27D786450697C7260519B4848055FFE2C72B382240FB15662C6E4AE86B626A5943A8F39F905AF76225C787C0225232D93546CBC3C02F17483208A6798286F5C9924872B9203A5DF180D145A8E65BDAF71FDC89EB2DC75C977952281DE60A76C903793BCAF45DF50083325DF0C8901AFE5B41CC64CEA802F56FDC1596C4FA47DAAFD2D27C97F63D5DD31A245FC2CC4CE324D0206B6C957EF5C45C57DB2B73CA53B9B10543FB7B879A47CCBEF48385F1D3EB45861FEEBC5CC68ED4BAE0DB04AF3BC443B65D04B6CB38F9E20FDB76F3123936841931B151B77008AB6E436A32FE94AC0F22C24E98F72F338E43FF9E61A5CE2FDA38961E0281B4945304ACD50CEF927704231C317B519CD792438220781B77E1B29640C3D45D212D7A0BD5AC98F1037C2F02F1B2AF8FC38A92BA2258B4F96DBFC3F793CEA4DACC71439D143F65E0782BD1317FBCF746777230A69DD87F152976F18D3747F9DAE01DCEC4CD412A9B1367A790B9D07C99770D296AD0C5DDA3470D82B2F9CE599D1F3AC71A83F2AE5D324A63FE217A31EBEAB3DE9C4504780FC49AFB1FE00DAA7FEFB0EC19397218BA6C082BE2BE74E19035976E036B251DBDD287E2AE74DF1B2981B221F7155AE94D6A4E49722EF01E6FE4A2A9CBE1B5D6AFEB8665642988EA971739C8B59D5DD80070EB530BB740EBABEF416034F5B9E2E7A49183C9C5AEAFC534EC6CD14D88CD44ADB722F202017C548720C3D0CA320AC604E5B27396B16A678167CF1A0046D18AB142D01A87F94C38D8074374D8A3CEF335C8DA40C8CF09F115BAC47B15D09D5A5DE89D5E804D2EF7A02C622200BA30569AF1D06BF62B2E64152DC5E2E54389EAB0B43A12083700AEC7C1375C382DD7E"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-09-03 13:50:14
ComboFix-quarantined-files.txt 2014-09-03 11:50
.
Vor Suchlauf: 15 Verzeichnis(se), 23.218.839.552 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 23.876.685.824 Bytes frei
.
- - End Of File - - B27F6EDABE7CDD9EEA46B89C6BB1E0DA
|
|
03.09.2014, 20:54
| #10 |
| /// the machine /// TB-Ausbilder | Gdata läßt sich nicht öffnen ! Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.09.2014, 23:07
| #11 |
| | Gdata läßt sich nicht öffnen ! Hallo Schrauber, hier die mbam.txt Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 03.09.2014 Suchlauf-Zeit: 23:26:17 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.09.03.08 Rootkit Datenbank: v2014.08.21.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Acer Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 374644 Verstrichene Zeit: 9 Min, 9 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.309 - Bericht erstellt am 03/09/2014 um 23:46:01
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Acer - ACER-PC
# Gestartet von : C:\Users\Downloads\adwcleaner_3.309.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
[/!\] Nicht Gelöscht ( Junction ) : C:\Program Files\Gemeinsame Dateien
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17239
-\\ Mozilla Firefox v32.0 (x86 de)
[ Datei : C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hes6phug.default\prefs.js ]
-\\ Google Chrome v36.0.1985.143
[ Datei : C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1406193805&from=kmp&uid=INTELXSSDSA2BW120G3A_CVPR119603T8120LGN&q={searchTerms}
*************************
AdwCleaner[R0].txt - [35988 octets] - [06/12/2013 11:40:39]
AdwCleaner[R1].txt - [6923 octets] - [02/09/2014 10:49:57]
AdwCleaner[R2].txt - [1769 octets] - [03/09/2014 23:44:19]
AdwCleaner[S0].txt - [31314 octets] - [06/12/2013 11:41:37]
AdwCleaner[S1].txt - [6933 octets] - [02/09/2014 10:53:04]
AdwCleaner[S2].txt - [1586 octets] - [03/09/2014 23:46:01]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1646 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Acer on 03.09.2014 at 23:53:14,53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3406220267-2230971110-2032019791-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3406220267-2230971110-2032019791-1000\Software\web assistant
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\EvilLyrics_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\EvilLyrics_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\EvilLyrics_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\EvilLyrics_RASMANCS
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Acer\AppData\Roaming\getrighttogo"
~~~ FireFox
Emptied folder: C:\Users\Acer\AppData\Roaming\mozilla\firefox\profiles\hes6phug.default\minidumps [38 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.09.2014 at 0:02:39,46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02 Ran by Acer (administrator) on ACER-PC on 04-09-2014 00:05:45 Running from C:\Users\Downloads\First Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\lync.exe (LULU SOFTWARE LIMITED) C:\Program Files (x86)\Soda PDF 6\creator-ws.exe () C:\Program Files (x86)\RocketDock\RocketDock.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE (Microsoft Corporation) C:\Windows\System32\dllhost.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe () D:\Program Files (x86)\iPIN\iPIN.exe (GP Software) C:\Program Files\GPSoftware\Directory Opus\dopus.exe (Thisisu) C:\Users\Downloads\JRT.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-10] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2189416 2011-03-09] (Realtek Semiconductor) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.) HKLM-x32\...\Run: [G Data ASM] => C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [431224 2013-12-19] (G Data Software AG) HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1756792 2014-05-20] (G Data Software AG) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\.DEFAULT\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-21-3406220267-2230971110-2032019791-1000\...\Run: [Lync] => C:\Program Files\Microsoft Office 15\root\office15\lync.exe [18999456 2014-08-26] (Microsoft Corporation) HKU\S-1-5-21-3406220267-2230971110-2032019791-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: 01UnsuppModule -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\Acer\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>) ShellIconOverlayIdentifiers: 02SyncingModule -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\Acer\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>) ShellIconOverlayIdentifiers: 03SyncedModule -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\Acer\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>) ShellIconOverlayIdentifiers: AcronisSyncError -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) ShellIconOverlayIdentifiers: AcronisSyncInProgress -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) ShellIconOverlayIdentifiers: AcronisSyncOk -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: No Name -> {5114DD3B-516D-EF4E-E0F7-1DA15B707DB5} -> No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: No Name -> {7C11799F-052C-9921-E37C-6015BD7BAD44} -> No File BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Program Files (x86)\FireShot for Internet Explorer\fsaddin64-0.983.dll (getfireshot.com) Toolbar: HKLM-x32 - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No File Toolbar: HKLM-x32 - No Name - !{9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No File Toolbar: HKLM-x32 - No Name - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - No File Toolbar: HKLM-x32 - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Program Files (x86)\FireShot for Internet Explorer\fsaddin-0.983.dll (getfireshot.com) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [1571456 2014-07-04] (GP Software) ShellExecuteHooks-x32: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll [343128 2014-07-04] (GP Software) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hes6phug.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll No File FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: Soda PDF 6 -> C:\Program Files (x86)\Soda PDF 6\np-previewer.dll (LULU SOFTWARE LIMITED) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hes6phug.default\Extensions\2020Player_IKEA@2020Technologies.com [2014-02-22] FF Extension: FireShot - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hes6phug.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-07-26] FF Extension: Firebug - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hes6phug.default\Extensions\firebug@software.joehewitt.com.xpi [2014-02-08] FF Extension: FireFTP - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hes6phug.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2014-02-08] FF Extension: Web Developer - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hes6phug.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2014-02-08] FF Extension: Adblock Plus - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hes6phug.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-19] FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2014-09-02] FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2014-09-02] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-09-02] FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-05-12] FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff Chrome: ======= CHR HomePage: Default -> CHR DefaultSearchKeyword: Default -> omiga-plus CHR DefaultSearchProvider: Default -> omiga-plus CHR DefaultSearchURL: Default -> hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1406193805&from=kmp&uid=INTELXSSDSA2BW120G3A_CVPR119603T8120LGN&q={searchTerms} CHR DefaultSuggestURL: Default -> CHR Profile: C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-02] CHR Extension: (Google Wallet) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-18] CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-07-02] CHR HKLM-x32\...\Chrome\Extension: [fmlpgkiekchdonifafhpbchlkhacllpf] - C:\ProgramData\Download and Sa\fmlpgkiekchdonifafhpbchlkhacllpf.crx [] CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated) S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed] R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-07-30] (G Data Software AG) R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG) R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2683760 2014-05-20] (G Data Software AG) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation) S4 CLKMSVC10_34E30CCC; C:\Program Files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe [242664 2012-04-17] (CyberLink) R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed] S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3227624 2014-08-06] (G Data Software AG) R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG) S4 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated) [File not signed] S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-11-12] () [File not signed] S4 LaCieDesktopManagerService; C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe [1227776 2012-03-16] () [File not signed] S3 LULU Software CrashHandler; C:\Program Files (x86)\Soda PDF 6\crash-handler-ws.exe [744800 2014-06-20] (LULU SOFTWARE LIMITED) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S4 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-04-07] (Native Instruments GmbH) [File not signed] S4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation) S4 O&O CleverCache; C:\Program Files\OO Software\CleverCache\ooccag.exe [844616 2009-12-09] (O&O Software GmbH) S4 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2572072 2013-10-23] (O&O Software GmbH) S4 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [1922600 2013-07-08] (Pandora.TV) S4 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] () S3 Soda PDF 6; C:\Program Files (x86)\Soda PDF 6\ws.exe [1655136 2014-06-20] (LULU SOFTWARE LIMITED) R2 Soda PDF 6 Creator; C:\Program Files (x86)\Soda PDF 6\creator-ws.exe [621408 2014-06-20] (LULU SOFTWARE LIMITED) S4 Virtual CDAudio Service; C:\Program Files (x86)\Audials\Audials 10\VCDWriter\64\VCDAudioService.exe [179464 2013-06-27] (RapidSolution Software AG) S4 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed] S4 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] () S4 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.) R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 AsapiW2K; C:\Windows\SysWOW64\drivers\Asapiw2k.sys [11264 2002-04-17] (VOB Computersysteme GmbH) [File not signed] R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.) R1 cdrblock; C:\Windows\System32\DRIVERS\cdrblock.sys [37704 2013-04-25] (Grass Valley K.K.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-23] (DT Soft Ltd) R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.) R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.) S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [125304 2012-09-10] (Focusrite Audio Engineering Limited.) R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-09-03] (G Data Software AG) R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2014-09-03] (G Data Software AG) R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [142336 2014-09-03] (G Data Software AG) R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [64000 2014-09-03] (G Data Software AG) R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64000 2014-09-03] (G Data Software AG) R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-09-03] (G Data Software) R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [61440 2014-09-03] (G Data Software AG) S3 L6GX; C:\Windows\System32\Drivers\L6GX64.sys [772864 2013-06-26] (Line 6) S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed] R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-03] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 OXSDIDRV_x64; C:\Windows\System32\DRIVERS\OXSDIDRV_x64.sys [51760 2009-09-28] () R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation) S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-06-27] (RapidSolution Software AG) R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-06-27] (RapidSolution Software AG) R3 rsvcdwdr; C:\Windows\System32\DRIVERS\rsvcdwdr.sys [45192 2013-06-27] (RapidSolution Software AG) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [1093256 2012-10-02] (Acronis) S0 TPkd; C:\Windows\SysWow64\Drivers\TPkd.sys [68928 2012-01-16] (PACE Anti-Piracy, Inc.) [File not signed] R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [166024 2012-10-02] (Acronis) R3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2011-11-17] (Wondershare) S3 ZMGHPAudioSrv; C:\Windows\System32\drivers\zmghpau.sys [45568 2013-05-22] (ZOOM) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-04 00:02 - 2014-09-04 00:02 - 00001792 _____ () C:\Users\Acer\Desktop\JRT.txt 2014-09-03 23:52 - 2014-09-03 23:52 - 00000000 ____D () C:\Windows\ERUNT 2014-09-03 23:39 - 2014-09-03 23:39 - 00001152 _____ () C:\Users\Downloads\mbam.txt 2014-09-03 23:12 - 2014-09-03 23:12 - 01016261 _____ (Thisisu) C:\Users\Downloads\JRT.exe 2014-09-03 23:11 - 2014-09-03 23:11 - 01370483 _____ () C:\Users\Downloads\adwcleaner_3.309.exe 2014-09-03 23:08 - 2014-09-03 23:09 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-03 22:01 - 2014-09-03 22:01 - 00106272 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys 2014-09-03 21:58 - 2014-09-03 21:58 - 00001942 _____ () C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk 2014-09-03 21:58 - 2014-09-03 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY 2014-09-03 21:45 - 2014-09-03 21:58 - 00142336 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys 2014-09-03 21:45 - 2014-09-03 21:58 - 00064000 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys 2014-09-03 21:45 - 2014-09-03 21:58 - 00064000 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys 2014-09-03 21:45 - 2014-09-03 21:58 - 00061440 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys 2014-09-03 21:45 - 2014-09-03 21:58 - 00055808 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys 2014-09-03 21:45 - 2014-09-03 21:58 - 00020992 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys 2014-09-03 13:50 - 2014-09-03 13:50 - 00135010 _____ () C:\ComboFix.txt 2014-09-03 13:41 - 2014-09-03 13:50 - 00000000 ____D () C:\Qoobox 2014-09-03 13:41 - 2014-09-03 13:48 - 00000000 ____D () C:\Windows\erdnt 2014-09-03 13:41 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-09-03 13:41 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-09-03 13:41 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-09-03 13:41 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-09-03 13:41 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-09-03 13:41 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-09-03 13:41 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-09-03 13:41 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-09-03 13:39 - 2014-09-03 13:38 - 05576326 ____R (Swearware) C:\Users\Acer\Desktop\ComboFix.exe 2014-09-02 22:50 - 2014-09-02 22:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-02 13:46 - 2014-09-02 13:46 - 00030613 _____ () C:\Users\Downloads\First.rar 2014-09-02 13:41 - 2014-09-02 13:41 - 00004273 _____ () C:\Users\Downloads\Logfiles.rar 2014-09-02 13:11 - 2014-09-02 13:11 - 00073299 _____ () C:\Users\Downloads\gmer.txt 2014-09-02 12:08 - 2014-09-02 12:08 - 00000470 _____ () C:\Users\Downloads\defogger_disable.log 2014-09-02 11:47 - 2014-09-02 11:47 - 00000000 _____ () C:\Users\Acer\defogger_reenable 2014-09-02 11:22 - 2014-09-02 11:23 - 00000000 ____D () C:\Users\Downloads\Service scan 2014-09-02 11:11 - 2014-09-04 00:05 - 00000000 ____D () C:\Users\Downloads\First 2014-09-02 11:11 - 2014-09-02 11:12 - 00000000 ____D () C:\Users\Downloads\Gdata 2014-09-02 10:50 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-09-02 10:19 - 2014-09-04 00:05 - 00000000 ____D () C:\FRST 2014-08-31 00:29 - 2014-09-03 21:42 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-08-31 00:29 - 2014-08-31 00:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-08-31 00:29 - 2014-08-31 00:29 - 00707354 _____ () C:\Windows\unins000.exe 2014-08-31 00:29 - 2014-08-31 00:29 - 00001529 _____ () C:\Windows\unins000.dat 2014-08-31 00:29 - 2014-08-31 00:29 - 00000000 ____D () C:\Windows\SysWOW64\GPBAK 2014-08-31 00:29 - 2008-04-14 02:11 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgr.dll 2014-08-31 00:29 - 2001-08-23 13:00 - 00034871 _____ () C:\Windows\SysWOW64\gpedit.msc 2014-08-31 00:29 - 2001-08-23 13:00 - 00034871 _____ () C:\Windows\system32\gpedit.msc 2014-08-31 00:27 - 2014-08-31 00:27 - 00875012 _____ () C:\Users\Downloads\group_policy.zip 2014-08-30 23:53 - 2014-08-30 23:53 - 00000000 ____D () C:\Users\Downloads\406874_intl_x64_zip 2014-08-30 22:01 - 2014-08-30 22:01 - 00000000 ____D () C:\bootmedium 2014-08-30 20:48 - 2014-09-03 23:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-30 20:47 - 2014-09-03 23:14 - 00001070 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-30 20:47 - 2014-09-03 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-30 20:47 - 2014-09-03 23:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-30 20:47 - 2014-08-30 20:47 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-30 20:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-30 20:47 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-30 20:47 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-30 20:21 - 2014-08-30 22:50 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Nico Mak Computing 2014-08-30 12:31 - 2014-08-30 12:37 - 226580480 _____ () C:\Users\Downloads\GDBootMedium_2014.iso 2014-08-30 09:41 - 2014-08-30 09:45 - 00000000 ____D () C:\Users\Acer\AppData\OICE_15_974FA576_32C1D314_F3B 2014-08-29 17:01 - 2014-08-30 10:03 - 00000000 ____D () C:\Users\Downloads\piwik 2014-08-29 16:48 - 2014-08-29 16:48 - 00022789 _____ () C:\Users\Downloads\Contao_PiwikTrackingTag_20030029_6.zip 2014-08-28 12:41 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-28 12:41 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-28 12:41 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-25 18:59 - 2014-08-25 18:59 - 00000000 _____ () C:\Users\Acer\Desktop\Neues Textdokument (2).txt 2014-08-24 18:35 - 2013-08-10 16:39 - 01839104 _____ () C:\Users\Downloads\memtest86+-5.01.iso 2014-08-24 13:29 - 2014-08-24 13:29 - 00007817 _____ () C:\Windows\BROMJ245.INI 2014-08-23 13:47 - 2014-08-23 13:47 - 00002103 _____ () C:\Users\Acer\Desktop\Skype.lnk 2014-08-23 10:46 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-23 10:46 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-23 10:46 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-08-23 10:46 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-23 10:46 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-23 10:46 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-23 10:46 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-08-23 10:46 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-23 10:46 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-23 10:46 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-08-23 10:46 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-23 10:46 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-08-23 10:46 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-23 10:46 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-08-15 10:01 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-15 10:01 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2014-08-15 10:01 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-08-15 10:01 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-15 10:01 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-15 10:01 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-15 10:01 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2014-08-15 10:01 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2014-08-15 09:54 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-15 09:54 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-08-15 09:54 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-15 09:54 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-15 09:54 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-08-15 09:54 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-08-15 09:54 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-15 09:54 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-15 09:54 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-08-15 09:54 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-15 09:54 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-08-15 09:54 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-15 09:54 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-15 09:54 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-08-15 09:54 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-15 09:54 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-15 09:54 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-08-15 09:54 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-08-15 09:54 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-08-15 09:54 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-15 09:54 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-08-15 09:54 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-08-15 09:54 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-08-15 09:54 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-08-15 09:54 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-15 09:54 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-08-15 09:54 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-08-15 09:54 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-15 09:54 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-08-15 09:54 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-15 09:54 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-08-15 09:54 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-08-15 09:54 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-15 09:54 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-08-15 09:54 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-08-15 09:54 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-08-15 09:54 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-08-15 09:54 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-15 09:54 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-08-15 09:54 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-15 09:54 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-15 09:54 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-08-15 09:54 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-08-15 09:54 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-08-15 09:54 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-08-15 09:54 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-15 09:54 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-08-15 09:54 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-08-15 09:54 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-08-15 09:54 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-08-15 09:54 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-15 09:54 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-15 09:54 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-08-15 09:54 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-08-15 09:54 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-08-15 09:54 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-08-15 09:54 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-15 09:54 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-08-15 09:54 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-08-15 09:54 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-08-15 09:54 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-08-15 09:54 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-08-15 09:54 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-08-15 09:54 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2014-08-15 09:54 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2014-08-15 09:54 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2014-08-15 09:54 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2014-08-15 09:54 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2014-08-15 09:54 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-08-15 09:54 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls 2014-08-15 09:54 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-08-15 09:54 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-08-15 09:54 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-15 09:54 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-15 09:54 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-15 09:54 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-15 09:54 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-15 09:54 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-08-15 09:54 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-08-15 09:54 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-08-15 09:53 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-08-15 09:53 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-08-15 09:53 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-15 09:53 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-04 00:05 - 2014-09-02 11:11 - 00000000 ____D () C:\Users\Downloads\First 2014-09-04 00:05 - 2014-09-02 10:19 - 00000000 ____D () C:\FRST 2014-09-04 00:03 - 2014-02-19 22:30 - 00005128 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Acer-PC-Acer Acer-PC 2014-09-04 00:02 - 2014-09-04 00:02 - 00001792 _____ () C:\Users\Acer\Desktop\JRT.txt 2014-09-03 23:55 - 2011-07-21 16:21 - 00000000 ____D () C:\Users\Acer\AppData\Local\CrashDumps 2014-09-03 23:54 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-03 23:54 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-03 23:52 - 2014-09-03 23:52 - 00000000 ____D () C:\Windows\ERUNT 2014-09-03 23:51 - 2011-07-06 07:32 - 00703230 _____ () C:\Windows\system32\perfh007.dat 2014-09-03 23:51 - 2011-07-06 07:32 - 00150838 _____ () C:\Windows\system32\perfc007.dat 2014-09-03 23:51 - 2009-07-14 07:13 - 01629444 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-03 23:49 - 2014-01-24 14:33 - 00000000 ____D () C:\Users\Acer\iPIN 2014-09-03 23:47 - 2014-08-30 20:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-03 23:47 - 2012-09-09 15:12 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-03 23:46 - 2013-12-08 23:04 - 01106400 _____ () C:\Windows\PFRO.log 2014-09-03 23:46 - 2013-12-08 23:04 - 00034157 _____ () C:\Windows\setupact.log 2014-09-03 23:46 - 2013-12-06 11:40 - 00000000 ____D () C:\AdwCleaner 2014-09-03 23:46 - 2011-07-05 21:38 - 01801433 _____ () C:\Windows\WindowsUpdate.log 2014-09-03 23:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-03 23:39 - 2014-09-03 23:39 - 00001152 _____ () C:\Users\Downloads\mbam.txt 2014-09-03 23:33 - 2012-09-09 15:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-03 23:26 - 2012-04-03 18:06 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-03 23:14 - 2014-08-30 20:47 - 00001070 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-03 23:14 - 2014-08-30 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-03 23:14 - 2014-08-30 20:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-03 23:12 - 2014-09-03 23:12 - 01016261 _____ (Thisisu) C:\Users\Downloads\JRT.exe 2014-09-03 23:11 - 2014-09-03 23:11 - 01370483 _____ () C:\Users\Downloads\adwcleaner_3.309.exe 2014-09-03 23:09 - 2014-09-03 23:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-03 22:01 - 2014-09-03 22:01 - 00106272 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys 2014-09-03 21:58 - 2014-09-03 21:58 - 00001942 _____ () C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk 2014-09-03 21:58 - 2014-09-03 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY 2014-09-03 21:58 - 2014-09-03 21:45 - 00142336 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys 2014-09-03 21:58 - 2014-09-03 21:45 - 00064000 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys 2014-09-03 21:58 - 2014-09-03 21:45 - 00064000 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys 2014-09-03 21:58 - 2014-09-03 21:45 - 00061440 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys 2014-09-03 21:58 - 2014-09-03 21:45 - 00055808 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys 2014-09-03 21:58 - 2014-09-03 21:45 - 00020992 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys 2014-09-03 21:58 - 2014-01-18 23:05 - 00036798 _____ () C:\Windows\DPINST.LOG 2014-09-03 21:47 - 2012-08-18 12:00 - 00000000 ____D () C:\ProgramData\G DATA 2014-09-03 21:45 - 2014-07-07 13:19 - 00001558 _____ () C:\Users\Acer\AppData\Roaming\gdscan.log 2014-09-03 21:44 - 2012-08-18 12:00 - 00000000 ____D () C:\Program Files (x86)\G Data 2014-09-03 21:42 - 2014-08-31 00:29 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-09-03 13:50 - 2014-09-03 13:50 - 00135010 _____ () C:\ComboFix.txt 2014-09-03 13:50 - 2014-09-03 13:41 - 00000000 ____D () C:\Qoobox 2014-09-03 13:50 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-09-03 13:48 - 2014-09-03 13:41 - 00000000 ____D () C:\Windows\erdnt 2014-09-03 13:48 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-09-03 13:47 - 2011-07-21 15:41 - 00000000 ____D () C:\Users\Acer\AppData\Local\Adobe 2014-09-03 13:38 - 2014-09-03 13:39 - 05576326 ____R (Swearware) C:\Users\Acer\Desktop\ComboFix.exe 2014-09-02 23:04 - 2012-08-22 13:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-02 22:50 - 2014-09-02 22:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-02 22:26 - 2014-04-29 18:01 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\gnupg 2014-09-02 13:46 - 2014-09-02 13:46 - 00030613 _____ () C:\Users\Downloads\First.rar 2014-09-02 13:41 - 2014-09-02 13:41 - 00004273 _____ () C:\Users\Downloads\Logfiles.rar 2014-09-02 13:11 - 2014-09-02 13:11 - 00073299 _____ () C:\Users\Downloads\gmer.txt 2014-09-02 12:08 - 2014-09-02 12:08 - 00000470 _____ () C:\Users\Downloads\defogger_disable.log 2014-09-02 11:47 - 2014-09-02 11:47 - 00000000 _____ () C:\Users\Acer\defogger_reenable 2014-09-02 11:47 - 2011-07-21 11:27 - 00000000 ____D () C:\Users\Acer 2014-09-02 11:31 - 2012-01-20 23:23 - 00000000 ____D () C:\Program Files (x86)\MusicLab 2014-09-02 11:30 - 2012-11-12 13:29 - 00000000 ____D () C:\Users\Public\Documents\MAGIX 2014-09-02 11:30 - 2011-08-07 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX 2014-09-02 11:23 - 2014-09-02 11:22 - 00000000 ____D () C:\Users\Downloads\Service scan 2014-09-02 11:12 - 2014-09-02 11:11 - 00000000 ____D () C:\Users\Downloads\Gdata 2014-09-02 11:01 - 2013-11-20 21:55 - 00000000 ___RD () C:\Users\Acer\Dropbox 2014-09-02 11:01 - 2011-08-03 12:35 - 00000000 ____D () C:\Windows\pss 2014-09-02 10:57 - 2013-11-20 21:43 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Dropbox 2014-09-02 10:57 - 2013-07-01 20:29 - 00000000 ___RD () C:\Users\Acer\CloudStation 2014-09-02 10:57 - 2013-07-01 20:20 - 00000000 ___RD () C:\Users\Acer\Cloud-2 2014-09-02 10:57 - 2012-04-03 18:04 - 00000015 _____ () C:\Windows\system32\deviceAppeared.txt 2014-09-02 10:16 - 2013-12-10 14:35 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-08-31 00:36 - 2014-08-31 00:29 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-08-31 00:29 - 2014-08-31 00:29 - 00707354 _____ () C:\Windows\unins000.exe 2014-08-31 00:29 - 2014-08-31 00:29 - 00001529 _____ () C:\Windows\unins000.dat 2014-08-31 00:29 - 2014-08-31 00:29 - 00000000 ____D () C:\Windows\SysWOW64\GPBAK 2014-08-31 00:27 - 2014-08-31 00:27 - 00875012 _____ () C:\Users\Downloads\group_policy.zip 2014-08-30 23:53 - 2014-08-30 23:53 - 00000000 ____D () C:\Users\Downloads\406874_intl_x64_zip 2014-08-30 22:52 - 2014-01-23 17:38 - 00000000 ____D () C:\ProgramData\Vexel 2014-08-30 22:52 - 2011-06-01 06:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-08-30 22:50 - 2014-08-30 20:21 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Nico Mak Computing 2014-08-30 22:01 - 2014-08-30 22:01 - 00000000 ____D () C:\bootmedium 2014-08-30 21:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Globalization 2014-08-30 20:47 - 2014-08-30 20:47 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-30 20:12 - 2013-12-08 23:04 - 00110795 _____ () C:\Windows\AutoKMS.log 2014-08-30 16:49 - 2012-02-22 19:38 - 00000166 ___SH () C:\ProgramData\.zreglib 2014-08-30 12:37 - 2014-08-30 12:31 - 226580480 _____ () C:\Users\Downloads\GDBootMedium_2014.iso 2014-08-30 12:26 - 2012-04-03 18:06 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-08-30 12:26 - 2012-04-03 18:06 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-08-30 12:26 - 2011-07-21 19:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-08-30 12:15 - 2013-11-20 21:44 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-08-30 10:03 - 2014-08-29 17:01 - 00000000 ____D () C:\Users\Downloads\piwik 2014-08-30 09:45 - 2014-08-30 09:41 - 00000000 ____D () C:\Users\Acer\AppData\OICE_15_974FA576_32C1D314_F3B 2014-08-30 09:34 - 2014-08-03 17:32 - 00073356 _____ () C:\nospam.log 2014-08-30 09:34 - 2014-08-03 17:32 - 00033612 _____ () C:\spam.log 2014-08-29 17:31 - 2013-10-06 22:10 - 00000000 ____D () C:\Program Files (x86)\The KMPlayer 2014-08-29 16:48 - 2014-08-29 16:48 - 00022789 _____ () C:\Users\Downloads\Contao_PiwikTrackingTag_20030029_6.zip 2014-08-29 10:09 - 2013-12-08 23:04 - 05254200 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-28 20:53 - 2012-10-15 12:08 - 00000000 ____D () C:\Users\Acer\Documents\Video Editoren 2014-08-26 21:17 - 2013-05-25 12:45 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-26 12:26 - 2014-03-02 22:59 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-08-25 18:59 - 2014-08-25 18:59 - 00000000 _____ () C:\Users\Acer\Desktop\Neues Textdokument (2).txt 2014-08-25 17:21 - 2009-07-14 04:34 - 00000718 _____ () C:\Windows\win.ini 2014-08-24 19:22 - 2013-12-21 23:56 - 00008101 _____ () C:\Windows\BRRBCOM.INI 2014-08-24 13:29 - 2014-08-24 13:29 - 00007817 _____ () C:\Windows\BROMJ245.INI 2014-08-23 14:50 - 2011-07-21 11:51 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Skype 2014-08-23 13:49 - 2013-06-15 10:13 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-08-23 13:49 - 2011-06-01 06:43 - 00000000 ____D () C:\ProgramData\Skype 2014-08-23 13:47 - 2014-08-23 13:47 - 00002103 _____ () C:\Users\Acer\Desktop\Skype.lnk 2014-08-23 13:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-08-23 10:43 - 2012-10-14 18:46 - 00000000 ____D () C:\Windows\system32\inf32 2014-08-23 04:07 - 2014-08-28 12:41 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 03:45 - 2014-08-28 12:41 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-23 02:59 - 2014-08-28 12:41 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-15 10:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-08-15 10:06 - 2013-08-15 10:53 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-15 10:03 - 2011-07-21 12:00 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-08-15 10:01 - 2014-05-06 17:12 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-08-07 04:06 - 2014-08-15 09:53 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-08-07 04:01 - 2014-08-15 09:53 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-08-05 09:20 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe Files to move or delete: ==================== C:\Users\Downloads\adwcleaner_3.309.exe C:\Users\Downloads\JRT.exe C:\Users\Downloads\mbam-setup-2.0.2.1012.exe Some content of TEMP: ==================== C:\Users\Acer\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-27 11:30 ==================== End Of Log ============================ --- --- --- |
|
04.09.2014, 14:46
| #12 |
| /// the machine /// TB-Ausbilder | Gdata läßt sich nicht öffnen !ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.09.2014, 20:18
| #13 |
| | Gdata läßt sich nicht öffnen ! Hallo, so weit ich das beurteilen kann, sind die Probleme weg. Kann man sagen, was meinen PC'le aus der Bahn geworfen hat ?. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02 Ran by Acer (administrator) on ACER-PC on 04-09-2014 21:14:55 Running from C:\Users\Downloads\First Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\lync.exe (LULU SOFTWARE LIMITED) C:\Program Files (x86)\Soda PDF 6\creator-ws.exe () C:\Program Files (x86)\RocketDock\RocketDock.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe () D:\Program Files (x86)\iPIN\iPIN.exe (GP Software) C:\Program Files\GPSoftware\Directory Opus\dopus.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-10] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2189416 2011-03-09] (Realtek Semiconductor) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.) HKLM-x32\...\Run: [G Data ASM] => C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [431224 2013-12-19] (G Data Software AG) HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1756792 2014-05-20] (G Data Software AG) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\.DEFAULT\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-21-3406220267-2230971110-2032019791-1000\...\Run: [Lync] => C:\Program Files\Microsoft Office 15\root\office15\lync.exe [18999456 2014-08-26] (Microsoft Corporation) HKU\S-1-5-21-3406220267-2230971110-2032019791-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: 01UnsuppModule -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\Acer\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>) ShellIconOverlayIdentifiers: 02SyncingModule -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\Acer\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>) ShellIconOverlayIdentifiers: 03SyncedModule -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\Acer\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>) ShellIconOverlayIdentifiers: AcronisSyncError -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) ShellIconOverlayIdentifiers: AcronisSyncInProgress -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) ShellIconOverlayIdentifiers: AcronisSyncOk -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: No Name -> {5114DD3B-516D-EF4E-E0F7-1DA15B707DB5} -> No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: No Name -> {7C11799F-052C-9921-E37C-6015BD7BAD44} -> No File BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Program Files (x86)\FireShot for Internet Explorer\fsaddin64-0.983.dll (getfireshot.com) Toolbar: HKLM-x32 - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No File Toolbar: HKLM-x32 - No Name - !{9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No File Toolbar: HKLM-x32 - No Name - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - No File Toolbar: HKLM-x32 - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Program Files (x86)\FireShot for Internet Explorer\fsaddin-0.983.dll (getfireshot.com) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [1571456 2014-07-04] (GP Software) ShellExecuteHooks-x32: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll [343128 2014-07-04] (GP Software) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hes6phug.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll No File FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: Soda PDF 6 -> C:\Program Files (x86)\Soda PDF 6\np-previewer.dll (LULU SOFTWARE LIMITED) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hes6phug.default\Extensions\2020Player_IKEA@2020Technologies.com [2014-02-22] FF Extension: FireShot - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hes6phug.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-07-26] FF Extension: Firebug - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hes6phug.default\Extensions\firebug@software.joehewitt.com.xpi [2014-02-08] FF Extension: FireFTP - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hes6phug.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2014-02-08] FF Extension: Web Developer - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hes6phug.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2014-02-08] FF Extension: Adblock Plus - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hes6phug.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-19] FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2014-09-02] FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2014-09-02] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-09-02] FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-05-12] FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff Chrome: ======= CHR HomePage: Default -> CHR DefaultSearchKeyword: Default -> omiga-plus CHR DefaultSearchProvider: Default -> omiga-plus CHR DefaultSearchURL: Default -> hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1406193805&from=kmp&uid=INTELXSSDSA2BW120G3A_CVPR119603T8120LGN&q={searchTerms} CHR DefaultSuggestURL: Default -> CHR Profile: C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-02] CHR Extension: (Google Wallet) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-18] CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-07-02] CHR HKLM-x32\...\Chrome\Extension: [fmlpgkiekchdonifafhpbchlkhacllpf] - C:\ProgramData\Download and Sa\fmlpgkiekchdonifafhpbchlkhacllpf.crx [] CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated) S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed] R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-07-30] (G Data Software AG) R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG) R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2683760 2014-05-20] (G Data Software AG) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation) S4 CLKMSVC10_34E30CCC; C:\Program Files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe [242664 2012-04-17] (CyberLink) R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed] S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3227624 2014-08-06] (G Data Software AG) R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG) S4 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated) [File not signed] S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-11-12] () [File not signed] S4 LaCieDesktopManagerService; C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe [1227776 2012-03-16] () [File not signed] S3 LULU Software CrashHandler; C:\Program Files (x86)\Soda PDF 6\crash-handler-ws.exe [744800 2014-06-20] (LULU SOFTWARE LIMITED) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S4 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-04-07] (Native Instruments GmbH) [File not signed] S4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation) S4 O&O CleverCache; C:\Program Files\OO Software\CleverCache\ooccag.exe [844616 2009-12-09] (O&O Software GmbH) S4 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2572072 2013-10-23] (O&O Software GmbH) S4 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [1922600 2013-07-08] (Pandora.TV) S4 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] () S3 Soda PDF 6; C:\Program Files (x86)\Soda PDF 6\ws.exe [1655136 2014-06-20] (LULU SOFTWARE LIMITED) R2 Soda PDF 6 Creator; C:\Program Files (x86)\Soda PDF 6\creator-ws.exe [621408 2014-06-20] (LULU SOFTWARE LIMITED) S4 Virtual CDAudio Service; C:\Program Files (x86)\Audials\Audials 10\VCDWriter\64\VCDAudioService.exe [179464 2013-06-27] (RapidSolution Software AG) S4 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed] S4 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] () S4 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.) R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 AsapiW2K; C:\Windows\SysWOW64\drivers\Asapiw2k.sys [11264 2002-04-17] (VOB Computersysteme GmbH) [File not signed] R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.) R1 cdrblock; C:\Windows\System32\DRIVERS\cdrblock.sys [37704 2013-04-25] (Grass Valley K.K.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-23] (DT Soft Ltd) R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.) R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.) S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [125304 2012-09-10] (Focusrite Audio Engineering Limited.) R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-09-03] (G Data Software AG) R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2014-09-03] (G Data Software AG) R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [142336 2014-09-03] (G Data Software AG) R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [64000 2014-09-03] (G Data Software AG) R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64000 2014-09-03] (G Data Software AG) R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-09-03] (G Data Software) R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [61440 2014-09-03] (G Data Software AG) S3 L6GX; C:\Windows\System32\Drivers\L6GX64.sys [772864 2013-06-26] (Line 6) S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed] R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-04] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 OXSDIDRV_x64; C:\Windows\System32\DRIVERS\OXSDIDRV_x64.sys [51760 2009-09-28] () R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation) S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-06-27] (RapidSolution Software AG) R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-06-27] (RapidSolution Software AG) R3 rsvcdwdr; C:\Windows\System32\DRIVERS\rsvcdwdr.sys [45192 2013-06-27] (RapidSolution Software AG) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [1093256 2012-10-02] (Acronis) S0 TPkd; C:\Windows\SysWow64\Drivers\TPkd.sys [68928 2012-01-16] (PACE Anti-Piracy, Inc.) [File not signed] R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [166024 2012-10-02] (Acronis) R3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2011-11-17] (Wondershare) S3 ZMGHPAudioSrv; C:\Windows\System32\drivers\zmghpau.sys [45568 2013-05-22] (ZOOM) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-04 12:31 - 2014-09-04 12:31 - 00018160 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys 2014-09-04 00:02 - 2014-09-04 00:02 - 00001792 _____ () C:\Users\Acer\Desktop\JRT.txt 2014-09-03 23:52 - 2014-09-03 23:52 - 00000000 ____D () C:\Windows\ERUNT 2014-09-03 23:39 - 2014-09-03 23:39 - 00001152 _____ () C:\Users\Downloads\mbam.txt 2014-09-03 23:12 - 2014-09-03 23:12 - 01016261 _____ (Thisisu) C:\Users\Downloads\JRT.exe 2014-09-03 23:11 - 2014-09-03 23:11 - 01370483 _____ () C:\Users\Downloads\adwcleaner_3.309.exe 2014-09-03 23:08 - 2014-09-03 23:09 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-03 22:01 - 2014-09-03 22:01 - 00106272 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys 2014-09-03 21:58 - 2014-09-03 21:58 - 00001942 _____ () C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk 2014-09-03 21:58 - 2014-09-03 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY 2014-09-03 21:45 - 2014-09-03 21:58 - 00142336 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys 2014-09-03 21:45 - 2014-09-03 21:58 - 00064000 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys 2014-09-03 21:45 - 2014-09-03 21:58 - 00064000 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys 2014-09-03 21:45 - 2014-09-03 21:58 - 00061440 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys 2014-09-03 21:45 - 2014-09-03 21:58 - 00055808 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys 2014-09-03 21:45 - 2014-09-03 21:58 - 00020992 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys 2014-09-03 13:50 - 2014-09-03 13:50 - 00135010 _____ () C:\ComboFix.txt 2014-09-03 13:41 - 2014-09-03 13:50 - 00000000 ____D () C:\Qoobox 2014-09-03 13:41 - 2014-09-03 13:48 - 00000000 ____D () C:\Windows\erdnt 2014-09-03 13:41 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-09-03 13:41 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-09-03 13:41 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-09-03 13:41 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-09-03 13:41 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-09-03 13:41 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-09-03 13:41 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-09-03 13:41 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-09-03 13:39 - 2014-09-03 13:38 - 05576326 ____R (Swearware) C:\Users\Acer\Desktop\ComboFix.exe 2014-09-02 22:50 - 2014-09-02 22:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-02 13:46 - 2014-09-02 13:46 - 00030613 _____ () C:\Users\Downloads\First.rar 2014-09-02 13:41 - 2014-09-02 13:41 - 00004273 _____ () C:\Users\Downloads\Logfiles.rar 2014-09-02 13:11 - 2014-09-02 13:11 - 00073299 _____ () C:\Users\Downloads\gmer.txt 2014-09-02 12:08 - 2014-09-02 12:08 - 00000470 _____ () C:\Users\Downloads\defogger_disable.log 2014-09-02 11:47 - 2014-09-02 11:47 - 00000000 _____ () C:\Users\Acer\defogger_reenable 2014-09-02 11:22 - 2014-09-02 11:23 - 00000000 ____D () C:\Users\Downloads\Service scan 2014-09-02 11:11 - 2014-09-04 21:14 - 00000000 ____D () C:\Users\Downloads\First 2014-09-02 11:11 - 2014-09-02 11:12 - 00000000 ____D () C:\Users\Downloads\Gdata 2014-09-02 10:50 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-09-02 10:19 - 2014-09-04 21:14 - 00000000 ____D () C:\FRST 2014-08-31 00:29 - 2014-09-03 21:42 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-08-31 00:29 - 2014-08-31 00:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-08-31 00:29 - 2014-08-31 00:29 - 00707354 _____ () C:\Windows\unins000.exe 2014-08-31 00:29 - 2014-08-31 00:29 - 00001529 _____ () C:\Windows\unins000.dat 2014-08-31 00:29 - 2014-08-31 00:29 - 00000000 ____D () C:\Windows\SysWOW64\GPBAK 2014-08-31 00:29 - 2008-04-14 02:11 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgr.dll 2014-08-31 00:29 - 2001-08-23 13:00 - 00034871 _____ () C:\Windows\SysWOW64\gpedit.msc 2014-08-31 00:29 - 2001-08-23 13:00 - 00034871 _____ () C:\Windows\system32\gpedit.msc 2014-08-31 00:27 - 2014-08-31 00:27 - 00875012 _____ () C:\Users\Downloads\group_policy.zip 2014-08-30 23:53 - 2014-08-30 23:53 - 00000000 ____D () C:\Users\Downloads\406874_intl_x64_zip 2014-08-30 22:01 - 2014-08-30 22:01 - 00000000 ____D () C:\bootmedium 2014-08-30 20:48 - 2014-09-04 20:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-30 20:47 - 2014-09-03 23:14 - 00001070 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-30 20:47 - 2014-09-03 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-30 20:47 - 2014-09-03 23:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-30 20:47 - 2014-08-30 20:47 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-30 20:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-30 20:47 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-30 20:47 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-30 20:21 - 2014-08-30 22:50 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Nico Mak Computing 2014-08-30 12:31 - 2014-08-30 12:37 - 226580480 _____ () C:\Users\Downloads\GDBootMedium_2014.iso 2014-08-30 09:41 - 2014-08-30 09:45 - 00000000 ____D () C:\Users\Acer\AppData\OICE_15_974FA576_32C1D314_F3B 2014-08-29 17:01 - 2014-08-30 10:03 - 00000000 ____D () C:\Users\Downloads\piwik 2014-08-29 16:48 - 2014-08-29 16:48 - 00022789 _____ () C:\Users\Downloads\Contao_PiwikTrackingTag_20030029_6.zip 2014-08-28 12:41 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-28 12:41 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-28 12:41 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-25 18:59 - 2014-08-25 18:59 - 00000000 _____ () C:\Users\Acer\Desktop\Neues Textdokument (2).txt 2014-08-24 18:35 - 2013-08-10 16:39 - 01839104 _____ () C:\Users\Downloads\memtest86+-5.01.iso 2014-08-24 13:29 - 2014-08-24 13:29 - 00007817 _____ () C:\Windows\BROMJ245.INI 2014-08-23 13:47 - 2014-08-23 13:47 - 00002103 _____ () C:\Users\Acer\Desktop\Skype.lnk 2014-08-23 10:46 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-23 10:46 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-23 10:46 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-08-23 10:46 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-23 10:46 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-23 10:46 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-23 10:46 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-08-23 10:46 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-23 10:46 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-23 10:46 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-08-23 10:46 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-23 10:46 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-08-23 10:46 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-23 10:46 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-08-15 10:01 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-15 10:01 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2014-08-15 10:01 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-08-15 10:01 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-15 10:01 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-15 10:01 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-15 10:01 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2014-08-15 10:01 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2014-08-15 09:54 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-15 09:54 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-08-15 09:54 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-15 09:54 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-15 09:54 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-08-15 09:54 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-08-15 09:54 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-15 09:54 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-15 09:54 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-08-15 09:54 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-15 09:54 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-08-15 09:54 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-15 09:54 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-15 09:54 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-08-15 09:54 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-15 09:54 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-15 09:54 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-08-15 09:54 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-08-15 09:54 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-08-15 09:54 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-15 09:54 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-08-15 09:54 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-08-15 09:54 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-08-15 09:54 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-08-15 09:54 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-15 09:54 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-08-15 09:54 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-08-15 09:54 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-15 09:54 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-08-15 09:54 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-15 09:54 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-08-15 09:54 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-08-15 09:54 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-15 09:54 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-08-15 09:54 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-08-15 09:54 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-08-15 09:54 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-08-15 09:54 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-15 09:54 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-08-15 09:54 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-15 09:54 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-15 09:54 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-08-15 09:54 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-08-15 09:54 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-08-15 09:54 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-08-15 09:54 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-15 09:54 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-08-15 09:54 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-08-15 09:54 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-08-15 09:54 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-08-15 09:54 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-15 09:54 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-15 09:54 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-08-15 09:54 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-08-15 09:54 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-08-15 09:54 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-08-15 09:54 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-15 09:54 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-08-15 09:54 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-08-15 09:54 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-08-15 09:54 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-08-15 09:54 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-08-15 09:54 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-08-15 09:54 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2014-08-15 09:54 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2014-08-15 09:54 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2014-08-15 09:54 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2014-08-15 09:54 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2014-08-15 09:54 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-08-15 09:54 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls 2014-08-15 09:54 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-08-15 09:54 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-08-15 09:54 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-15 09:54 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-15 09:54 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-15 09:54 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-15 09:54 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-15 09:54 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-08-15 09:54 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-08-15 09:54 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-08-15 09:53 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-08-15 09:53 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-08-15 09:53 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-15 09:53 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-04 21:14 - 2014-09-02 11:11 - 00000000 ____D () C:\Users\Downloads\First 2014-09-04 21:14 - 2014-09-02 10:19 - 00000000 ____D () C:\FRST 2014-09-04 21:13 - 2014-01-24 14:33 - 00000000 ____D () C:\Users\Acer\iPIN 2014-09-04 21:07 - 2014-02-19 22:30 - 00005128 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Acer-PC-Acer Acer-PC 2014-09-04 20:59 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-04 20:59 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-04 20:56 - 2011-07-06 07:32 - 00703230 _____ () C:\Windows\system32\perfh007.dat 2014-09-04 20:56 - 2011-07-06 07:32 - 00150838 _____ () C:\Windows\system32\perfc007.dat 2014-09-04 20:56 - 2009-07-14 07:13 - 01629444 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-04 20:52 - 2014-08-30 20:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-04 20:52 - 2013-12-08 23:04 - 00034269 _____ () C:\Windows\setupact.log 2014-09-04 20:52 - 2012-09-09 15:12 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-04 20:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-04 15:20 - 2011-07-05 21:38 - 01828845 _____ () C:\Windows\WindowsUpdate.log 2014-09-04 14:33 - 2012-09-09 15:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-04 14:26 - 2012-04-03 18:06 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-04 12:31 - 2014-09-04 12:31 - 00018160 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys 2014-09-04 12:18 - 2011-07-21 15:41 - 00000000 ____D () C:\Users\Acer\AppData\Local\Adobe 2014-09-04 00:02 - 2014-09-04 00:02 - 00001792 _____ () C:\Users\Acer\Desktop\JRT.txt 2014-09-03 23:55 - 2011-07-21 16:21 - 00000000 ____D () C:\Users\Acer\AppData\Local\CrashDumps 2014-09-03 23:52 - 2014-09-03 23:52 - 00000000 ____D () C:\Windows\ERUNT 2014-09-03 23:46 - 2013-12-08 23:04 - 01106400 _____ () C:\Windows\PFRO.log 2014-09-03 23:46 - 2013-12-06 11:40 - 00000000 ____D () C:\AdwCleaner 2014-09-03 23:39 - 2014-09-03 23:39 - 00001152 _____ () C:\Users\Downloads\mbam.txt 2014-09-03 23:14 - 2014-08-30 20:47 - 00001070 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-03 23:14 - 2014-08-30 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-03 23:14 - 2014-08-30 20:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-03 23:12 - 2014-09-03 23:12 - 01016261 _____ (Thisisu) C:\Users\Downloads\JRT.exe 2014-09-03 23:11 - 2014-09-03 23:11 - 01370483 _____ () C:\Users\Downloads\adwcleaner_3.309.exe 2014-09-03 23:09 - 2014-09-03 23:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-03 22:01 - 2014-09-03 22:01 - 00106272 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys 2014-09-03 21:58 - 2014-09-03 21:58 - 00001942 _____ () C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk 2014-09-03 21:58 - 2014-09-03 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY 2014-09-03 21:58 - 2014-09-03 21:45 - 00142336 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys 2014-09-03 21:58 - 2014-09-03 21:45 - 00064000 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys 2014-09-03 21:58 - 2014-09-03 21:45 - 00064000 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys 2014-09-03 21:58 - 2014-09-03 21:45 - 00061440 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys 2014-09-03 21:58 - 2014-09-03 21:45 - 00055808 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys 2014-09-03 21:58 - 2014-09-03 21:45 - 00020992 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys 2014-09-03 21:58 - 2014-01-18 23:05 - 00036798 _____ () C:\Windows\DPINST.LOG 2014-09-03 21:47 - 2012-08-18 12:00 - 00000000 ____D () C:\ProgramData\G DATA 2014-09-03 21:45 - 2014-07-07 13:19 - 00001558 _____ () C:\Users\Acer\AppData\Roaming\gdscan.log 2014-09-03 21:44 - 2012-08-18 12:00 - 00000000 ____D () C:\Program Files (x86)\G Data 2014-09-03 21:42 - 2014-08-31 00:29 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-09-03 13:50 - 2014-09-03 13:50 - 00135010 _____ () C:\ComboFix.txt 2014-09-03 13:50 - 2014-09-03 13:41 - 00000000 ____D () C:\Qoobox 2014-09-03 13:50 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-09-03 13:48 - 2014-09-03 13:41 - 00000000 ____D () C:\Windows\erdnt 2014-09-03 13:48 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-09-03 13:38 - 2014-09-03 13:39 - 05576326 ____R (Swearware) C:\Users\Acer\Desktop\ComboFix.exe 2014-09-02 23:04 - 2012-08-22 13:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-02 22:50 - 2014-09-02 22:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-02 22:26 - 2014-04-29 18:01 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\gnupg 2014-09-02 13:46 - 2014-09-02 13:46 - 00030613 _____ () C:\Users\Downloads\First.rar 2014-09-02 13:41 - 2014-09-02 13:41 - 00004273 _____ () C:\Users\Downloads\Logfiles.rar 2014-09-02 13:11 - 2014-09-02 13:11 - 00073299 _____ () C:\Users\Downloads\gmer.txt 2014-09-02 12:08 - 2014-09-02 12:08 - 00000470 _____ () C:\Users\Downloads\defogger_disable.log 2014-09-02 11:47 - 2014-09-02 11:47 - 00000000 _____ () C:\Users\Acer\defogger_reenable 2014-09-02 11:47 - 2011-07-21 11:27 - 00000000 ____D () C:\Users\Acer 2014-09-02 11:31 - 2012-01-20 23:23 - 00000000 ____D () C:\Program Files (x86)\MusicLab 2014-09-02 11:30 - 2012-11-12 13:29 - 00000000 ____D () C:\Users\Public\Documents\MAGIX 2014-09-02 11:30 - 2011-08-07 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX 2014-09-02 11:23 - 2014-09-02 11:22 - 00000000 ____D () C:\Users\Downloads\Service scan 2014-09-02 11:12 - 2014-09-02 11:11 - 00000000 ____D () C:\Users\Downloads\Gdata 2014-09-02 11:01 - 2013-11-20 21:55 - 00000000 ___RD () C:\Users\Acer\Dropbox 2014-09-02 11:01 - 2011-08-03 12:35 - 00000000 ____D () C:\Windows\pss 2014-09-02 10:57 - 2013-11-20 21:43 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Dropbox 2014-09-02 10:57 - 2013-07-01 20:29 - 00000000 ___RD () C:\Users\Acer\CloudStation 2014-09-02 10:57 - 2013-07-01 20:20 - 00000000 ___RD () C:\Users\Acer\Cloud-2 2014-09-02 10:57 - 2012-04-03 18:04 - 00000015 _____ () C:\Windows\system32\deviceAppeared.txt 2014-09-02 10:16 - 2013-12-10 14:35 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-08-31 00:36 - 2014-08-31 00:29 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-08-31 00:29 - 2014-08-31 00:29 - 00707354 _____ () C:\Windows\unins000.exe 2014-08-31 00:29 - 2014-08-31 00:29 - 00001529 _____ () C:\Windows\unins000.dat 2014-08-31 00:29 - 2014-08-31 00:29 - 00000000 ____D () C:\Windows\SysWOW64\GPBAK 2014-08-31 00:27 - 2014-08-31 00:27 - 00875012 _____ () C:\Users\Downloads\group_policy.zip 2014-08-30 23:53 - 2014-08-30 23:53 - 00000000 ____D () C:\Users\Downloads\406874_intl_x64_zip 2014-08-30 22:52 - 2014-01-23 17:38 - 00000000 ____D () C:\ProgramData\Vexel 2014-08-30 22:52 - 2011-06-01 06:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-08-30 22:50 - 2014-08-30 20:21 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Nico Mak Computing 2014-08-30 22:01 - 2014-08-30 22:01 - 00000000 ____D () C:\bootmedium 2014-08-30 21:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Globalization 2014-08-30 20:47 - 2014-08-30 20:47 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-30 20:12 - 2013-12-08 23:04 - 00110795 _____ () C:\Windows\AutoKMS.log 2014-08-30 16:49 - 2012-02-22 19:38 - 00000166 ___SH () C:\ProgramData\.zreglib 2014-08-30 12:37 - 2014-08-30 12:31 - 226580480 _____ () C:\Users\Downloads\GDBootMedium_2014.iso 2014-08-30 12:26 - 2012-04-03 18:06 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-08-30 12:26 - 2012-04-03 18:06 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-08-30 12:26 - 2011-07-21 19:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-08-30 12:15 - 2013-11-20 21:44 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-08-30 10:03 - 2014-08-29 17:01 - 00000000 ____D () C:\Users\Downloads\piwik 2014-08-30 09:45 - 2014-08-30 09:41 - 00000000 ____D () C:\Users\Acer\AppData\OICE_15_974FA576_32C1D314_F3B 2014-08-30 09:34 - 2014-08-03 17:32 - 00073356 _____ () C:\nospam.log 2014-08-30 09:34 - 2014-08-03 17:32 - 00033612 _____ () C:\spam.log 2014-08-29 17:31 - 2013-10-06 22:10 - 00000000 ____D () C:\Program Files (x86)\The KMPlayer 2014-08-29 16:48 - 2014-08-29 16:48 - 00022789 _____ () C:\Users\Downloads\Contao_PiwikTrackingTag_20030029_6.zip 2014-08-29 10:09 - 2013-12-08 23:04 - 05254200 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-28 20:53 - 2012-10-15 12:08 - 00000000 ____D () C:\Users\Acer\Documents\Video Editoren 2014-08-26 21:17 - 2013-05-25 12:45 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-26 12:26 - 2014-03-02 22:59 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-08-25 18:59 - 2014-08-25 18:59 - 00000000 _____ () C:\Users\Acer\Desktop\Neues Textdokument (2).txt 2014-08-25 17:21 - 2009-07-14 04:34 - 00000718 _____ () C:\Windows\win.ini 2014-08-24 19:22 - 2013-12-21 23:56 - 00008101 _____ () C:\Windows\BRRBCOM.INI 2014-08-24 13:29 - 2014-08-24 13:29 - 00007817 _____ () C:\Windows\BROMJ245.INI 2014-08-23 14:50 - 2011-07-21 11:51 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Skype 2014-08-23 13:49 - 2013-06-15 10:13 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-08-23 13:49 - 2011-06-01 06:43 - 00000000 ____D () C:\ProgramData\Skype 2014-08-23 13:47 - 2014-08-23 13:47 - 00002103 _____ () C:\Users\Acer\Desktop\Skype.lnk 2014-08-23 13:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-08-23 10:43 - 2012-10-14 18:46 - 00000000 ____D () C:\Windows\system32\inf32 2014-08-23 04:07 - 2014-08-28 12:41 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 03:45 - 2014-08-28 12:41 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-23 02:59 - 2014-08-28 12:41 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-15 10:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-08-15 10:06 - 2013-08-15 10:53 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-15 10:03 - 2011-07-21 12:00 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-08-15 10:01 - 2014-05-06 17:12 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-08-07 04:06 - 2014-08-15 09:53 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-08-07 04:01 - 2014-08-15 09:53 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-08-05 09:20 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe Files to move or delete: ==================== C:\Users\Downloads\adwcleaner_3.309.exe C:\Users\Downloads\JRT.exe C:\Users\Downloads\mbam-setup-2.0.2.1012.exe Some content of TEMP: ==================== C:\Users\Acer\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-27 11:30 ==================== End Of Log ============================ Gruß Otscho |
|
05.09.2014, 20:02
| #14 |
| /// the machine /// TB-Ausbilder | Gdata läßt sich nicht öffnen ! Malware da fehlen noch Logfiles.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.09.2014, 07:46
| #15 |
| | Gdata läßt sich nicht öffnen ! Entschuldigung, habe ich übersehen. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1e1e63d0ee7c204e89ba92667474a19b
# engine=20022
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-06 06:32:47
# local_time=2014-09-06 08:32:47 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 56571 161615017 0 0
# scanned=482483
# found=28
# cleaned=0
# scan_time=36570
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll.vir"
sh=8A6E0AFA2724D7364D2BF842CCE19ED18C85BBF7 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WebConnect\ieakfmpjhljbpbfpldjkddkjmmgjmgon.crx.vir"
sh=2D8A0375397A0CE2F99ADB9D1C7FB9B6AA53D1FF ft=1 fh=891319e7c1f8b5bf vn="Variante von MSIL/BrowseFox.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WebConnect\updateWebConnect.exe.vir"
sh=3B88B9BD67A6D948F9D70FD055155CA6D3E808D1 ft=1 fh=ca0fa7dbab587652 vn="Variante von MSIL/BrowseFox.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WebConnect\WebConnect.Common.dll.vir"
sh=1D7B5FD0A67A70BE93386D553C8623917F63E653 ft=1 fh=688b16a15015434a vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WebConnect\WebConnectUninstall.exe.vir"
sh=55B64F53328498D22D269DE2E65BE2FEEBA7DA00 ft=1 fh=75c36158ce6b01c9 vn="Win32/Adware.MultiPlug.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Download and Sa\508f0a4d8e0ea.ocx.vir"
sh=72498A11A92A1CB069F3E326170729957226F525 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Download and Sa\508f0a4d8e123.html.vir"
sh=27F63C928A3441CB5B1D1C1E6CF4E80099C30D20 ft=1 fh=6d3e76d32d995b6b vn="Win32/DealPly.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Acer\AppData\Local\DownloadGuide\offers\dp.exe.vir"
sh=D67283E9C5245735C08C633EDB27D9009461ED25 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon\1.0.0_0\background.js.vir"
sh=C9DD8F6335C983611BDB183C867B1FCBF48D4B25 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon\1.0.0_0\content.js.vir"
sh=D67283E9C5245735C08C633EDB27D9009461ED25 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon\1.0.0_1\background.js.vir"
sh=C9DD8F6335C983611BDB183C867B1FCBF48D4B25 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon\1.0.0_1\content.js.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Acer\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll.vir"
sh=83EACB6A60EC7C7C14A2454F745D8459D670BCE8 ft=1 fh=38c089caa76a4ec8 vn="Win32/SmartFileAdvisor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Smart File Advisor\sfa.exe"
sh=1E1583CA6E3D477142B27F57F79F2604E79CA16E ft=1 fh=e95c77fdceed0cfc vn="Win32/SmartFileAdvisor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Smart File Advisor\sfa_inst.exe"
sh=94D0D7C7FAC9D0F63A56F2986A6243EB395E4A69 ft=1 fh=4a5c5acad1a08248 vn="Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Soda PDF 6\Installation\Soda6Installer.exe"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Acer\AppData\Roaming\0F0W0T1V0D0L0M\Mozilla Firefox Packages\uninstaller.exe"
sh=94D0D7C7FAC9D0F63A56F2986A6243EB395E4A69 ft=1 fh=4a5c5acad1a08248 vn="Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Soda PDF 6\Installation\Soda6Installer.exe"
sh=65645B6D49CFD4E880981A7144889F266FB33461 ft=1 fh=62361f327712eb91 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\defragsetup.exe"
sh=CA05A98F154209871BAA05A636E9338A47F4B0F7 ft=1 fh=93aa661413024ae5 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\defragsetup_2.7.exe"
sh=CE7405BC9B7D73517FA8F2CFD9BAED2BBB58F9CA ft=1 fh=55375d5c63b67047 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\FreeAudioConverter(1).exe"
sh=73DE1892D53516B246CFA69AF2E7BDBD8F1F11B2 ft=1 fh=c71c0011a17c88ed vn="Variante von Win32/InstallCore.D evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\FreeYouTubeDownload.exe"
sh=E8CD33623287C08C7CC3662A042E45522654BB30 ft=1 fh=7cd3b160b0dbd4bd vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\FreeYouTubeToMP3Converter(1).exe"
sh=EF476640E69604879C540915C4BCBA9CF9F6A332 ft=1 fh=f1da0bf17500491a vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\FreeYouTubetoMP3Converter.exe"
sh=C95708F43A748061D4C31D39204F5D2FAAE9410D ft=1 fh=4d6416c07f3bf995 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\isobuster_3_0.exe"
sh=94D0D7C7FAC9D0F63A56F2986A6243EB395E4A69 ft=1 fh=4a5c5acad1a08248 vn="Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\Soda_PDF_6_Installer.exe"
sh=732DD5A9B77FE8A6A9C15F10244988727972731D ft=1 fh=62268e3260077cf5 vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\SoftonicDownloader_fuer_droppix-label-maker.exe"
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1e1e63d0ee7c204e89ba92667474a19b
# engine=20022
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-06 06:32:47
# local_time=2014-09-06 08:32:47 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 56571 161615017 0 0
# scanned=482483
# found=28
# cleaned=0
# scan_time=36570
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll.vir"
sh=8A6E0AFA2724D7364D2BF842CCE19ED18C85BBF7 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WebConnect\ieakfmpjhljbpbfpldjkddkjmmgjmgon.crx.vir"
sh=2D8A0375397A0CE2F99ADB9D1C7FB9B6AA53D1FF ft=1 fh=891319e7c1f8b5bf vn="Variante von MSIL/BrowseFox.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WebConnect\updateWebConnect.exe.vir"
sh=3B88B9BD67A6D948F9D70FD055155CA6D3E808D1 ft=1 fh=ca0fa7dbab587652 vn="Variante von MSIL/BrowseFox.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WebConnect\WebConnect.Common.dll.vir"
sh=1D7B5FD0A67A70BE93386D553C8623917F63E653 ft=1 fh=688b16a15015434a vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WebConnect\WebConnectUninstall.exe.vir"
sh=55B64F53328498D22D269DE2E65BE2FEEBA7DA00 ft=1 fh=75c36158ce6b01c9 vn="Win32/Adware.MultiPlug.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Download and Sa\508f0a4d8e0ea.ocx.vir"
sh=72498A11A92A1CB069F3E326170729957226F525 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Download and Sa\508f0a4d8e123.html.vir"
sh=27F63C928A3441CB5B1D1C1E6CF4E80099C30D20 ft=1 fh=6d3e76d32d995b6b vn="Win32/DealPly.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Acer\AppData\Local\DownloadGuide\offers\dp.exe.vir"
sh=D67283E9C5245735C08C633EDB27D9009461ED25 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon\1.0.0_0\background.js.vir"
sh=C9DD8F6335C983611BDB183C867B1FCBF48D4B25 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon\1.0.0_0\content.js.vir"
sh=D67283E9C5245735C08C633EDB27D9009461ED25 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon\1.0.0_1\background.js.vir"
sh=C9DD8F6335C983611BDB183C867B1FCBF48D4B25 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon\1.0.0_1\content.js.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Acer\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll.vir"
sh=83EACB6A60EC7C7C14A2454F745D8459D670BCE8 ft=1 fh=38c089caa76a4ec8 vn="Win32/SmartFileAdvisor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Smart File Advisor\sfa.exe"
sh=1E1583CA6E3D477142B27F57F79F2604E79CA16E ft=1 fh=e95c77fdceed0cfc vn="Win32/SmartFileAdvisor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Smart File Advisor\sfa_inst.exe"
sh=94D0D7C7FAC9D0F63A56F2986A6243EB395E4A69 ft=1 fh=4a5c5acad1a08248 vn="Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Soda PDF 6\Installation\Soda6Installer.exe"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Acer\AppData\Roaming\0F0W0T1V0D0L0M\Mozilla Firefox Packages\uninstaller.exe"
sh=94D0D7C7FAC9D0F63A56F2986A6243EB395E4A69 ft=1 fh=4a5c5acad1a08248 vn="Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Soda PDF 6\Installation\Soda6Installer.exe"
sh=65645B6D49CFD4E880981A7144889F266FB33461 ft=1 fh=62361f327712eb91 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\defragsetup.exe"
sh=CA05A98F154209871BAA05A636E9338A47F4B0F7 ft=1 fh=93aa661413024ae5 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\defragsetup_2.7.exe"
sh=CE7405BC9B7D73517FA8F2CFD9BAED2BBB58F9CA ft=1 fh=55375d5c63b67047 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\FreeAudioConverter(1).exe"
sh=73DE1892D53516B246CFA69AF2E7BDBD8F1F11B2 ft=1 fh=c71c0011a17c88ed vn="Variante von Win32/InstallCore.D evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\FreeYouTubeDownload.exe"
sh=E8CD33623287C08C7CC3662A042E45522654BB30 ft=1 fh=7cd3b160b0dbd4bd vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\FreeYouTubeToMP3Converter(1).exe"
sh=EF476640E69604879C540915C4BCBA9CF9F6A332 ft=1 fh=f1da0bf17500491a vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\FreeYouTubetoMP3Converter.exe"
sh=C95708F43A748061D4C31D39204F5D2FAAE9410D ft=1 fh=4d6416c07f3bf995 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\isobuster_3_0.exe"
sh=94D0D7C7FAC9D0F63A56F2986A6243EB395E4A69 ft=1 fh=4a5c5acad1a08248 vn="Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\Soda_PDF_6_Installer.exe"
sh=732DD5A9B77FE8A6A9C15F10244988727972731D ft=1 fh=62268e3260077cf5 vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\SoftonicDownloader_fuer_droppix-label-maker.exe"
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by Acer (administrator) on ACER-PC on 06-09-2014 08:45:12
Running from C:\Users\Downloads\First
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\lync.exe
(LULU SOFTWARE LIMITED) C:\Program Files (x86)\Soda PDF 6\creator-ws.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(GP Software) C:\Program Files\GPSoftware\Directory Opus\dopus.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
() C:\Users\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
() D:\Program Files (x86)\iPIN\iPIN.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2189416 2011-03-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [G Data ASM] => C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [431224 2013-12-19] (G Data Software AG)
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1756792 2014-05-20] (G Data Software AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\.DEFAULT\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-3406220267-2230971110-2032019791-1000\...\Run: [Lync] => C:\Program Files\Microsoft Office 15\root\office15\lync.exe [18999456 2014-08-26] (Microsoft Corporation)
HKU\S-1-5-21-3406220267-2230971110-2032019791-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk
ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: 01UnsuppModule -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\Acer\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: 02SyncingModule -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\Acer\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: 03SyncedModule -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\Acer\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: AcronisSyncError -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: AcronisSyncInProgress -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: AcronisSyncOk -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: No Name -> {5114DD3B-516D-EF4E-E0F7-1DA15B707DB5} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {7C11799F-052C-9921-E37C-6015BD7BAD44} -> No File
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Program Files (x86)\FireShot for Internet Explorer\fsaddin64-0.983.dll (getfireshot.com)
Toolbar: HKLM-x32 - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM-x32 - No Name - !{9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No File
Toolbar: HKLM-x32 - No Name - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - No File
Toolbar: HKLM-x32 - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Program Files (x86)\FireShot for Internet Explorer\fsaddin-0.983.dll (getfireshot.com)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [1571456 2014-07-04] (GP Software)
ShellExecuteHooks-x32: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll [343128 2014-07-04] (GP Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hes6phug.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Soda PDF 6 -> C:\Program Files (x86)\Soda PDF 6\np-previewer.dll (LULU SOFTWARE LIMITED)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hes6phug.default\Extensions\2020Player_IKEA@2020Technologies.com [2014-02-22]
FF Extension: FireShot - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hes6phug.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-07-26]
FF Extension: Firebug - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hes6phug.default\Extensions\firebug@software.joehewitt.com.xpi [2014-02-08]
FF Extension: FireFTP - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hes6phug.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2014-02-08]
FF Extension: Web Developer - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hes6phug.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2014-02-08]
FF Extension: Adblock Plus - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hes6phug.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-19]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2014-09-02]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2014-09-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-09-02]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-05-12]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSearchKeyword: Default -> omiga-plus
CHR DefaultSearchProvider: Default -> omiga-plus
CHR DefaultSearchURL: Default -> hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1406193805&from=kmp&uid=INTELXSSDSA2BW120G3A_CVPR119603T8120LGN&q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-02]
CHR Extension: (Google Wallet) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-18]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-07-02]
CHR HKLM-x32\...\Chrome\Extension: [fmlpgkiekchdonifafhpbchlkhacllpf] - C:\ProgramData\Download and Sa\fmlpgkiekchdonifafhpbchlkhacllpf.crx []
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-07-30] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2683760 2014-05-20] (G Data Software AG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
S4 CLKMSVC10_34E30CCC; C:\Program Files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe [242664 2012-04-17] (CyberLink)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3227624 2014-08-06] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
S4 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated) [File not signed]
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-11-12] () [File not signed]
S4 LaCieDesktopManagerService; C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe [1227776 2012-03-16] () [File not signed]
S3 LULU Software CrashHandler; C:\Program Files (x86)\Soda PDF 6\crash-handler-ws.exe [744800 2014-06-20] (LULU SOFTWARE LIMITED)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S4 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-04-07] (Native Instruments GmbH) [File not signed]
S4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
S4 O&O CleverCache; C:\Program Files\OO Software\CleverCache\ooccag.exe [844616 2009-12-09] (O&O Software GmbH)
S4 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2572072 2013-10-23] (O&O Software GmbH)
S4 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [1922600 2013-07-08] (Pandora.TV)
S4 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
S3 Soda PDF 6; C:\Program Files (x86)\Soda PDF 6\ws.exe [1655136 2014-06-20] (LULU SOFTWARE LIMITED)
R2 Soda PDF 6 Creator; C:\Program Files (x86)\Soda PDF 6\creator-ws.exe [621408 2014-06-20] (LULU SOFTWARE LIMITED)
S4 Virtual CDAudio Service; C:\Program Files (x86)\Audials\Audials 10\VCDWriter\64\VCDAudioService.exe [179464 2013-06-27] (RapidSolution Software AG)
S4 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed]
S4 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] ()
S4 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 AsapiW2K; C:\Windows\SysWOW64\drivers\Asapiw2k.sys [11264 2002-04-17] (VOB Computersysteme GmbH) [File not signed]
R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
R1 cdrblock; C:\Windows\System32\DRIVERS\cdrblock.sys [37704 2013-04-25] (Grass Valley K.K.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-23] (DT Soft Ltd)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [125304 2012-09-10] (Focusrite Audio Engineering Limited.)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-09-03] (G Data Software AG)
R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2014-09-03] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [142336 2014-09-03] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [64000 2014-09-03] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64000 2014-09-03] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-09-03] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [61440 2014-09-03] (G Data Software AG)
S3 L6GX; C:\Windows\System32\Drivers\L6GX64.sys [772864 2013-06-26] (Line 6)
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 OXSDIDRV_x64; C:\Windows\System32\DRIVERS\OXSDIDRV_x64.sys [51760 2009-09-28] ()
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-06-27] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-06-27] (RapidSolution Software AG)
R3 rsvcdwdr; C:\Windows\System32\DRIVERS\rsvcdwdr.sys [45192 2013-06-27] (RapidSolution Software AG)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [1093256 2012-10-02] (Acronis)
S0 TPkd; C:\Windows\SysWow64\Drivers\TPkd.sys [68928 2012-01-16] (PACE Anti-Piracy, Inc.) [File not signed]
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [166024 2012-10-02] (Acronis)
R3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2011-11-17] (Wondershare)
S3 ZMGHPAudioSrv; C:\Windows\System32\drivers\zmghpau.sys [45568 2013-05-22] (ZOOM)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-06 08:34 - 2014-09-06 08:34 - 00003662 _____ () C:\Users\Downloads\Eset.txt
2014-09-05 22:18 - 2014-09-05 22:18 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-05 22:15 - 2014-09-05 22:15 - 00854417 _____ () C:\Users\Downloads\SecurityCheck.exe
2014-09-05 22:14 - 2014-09-05 22:14 - 02347384 _____ (ESET) C:\Users\Downloads\esetsmartinstaller_deu.exe
2014-09-04 12:31 - 2014-09-04 12:31 - 00018160 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys
2014-09-04 00:02 - 2014-09-04 00:02 - 00001792 _____ () C:\Users\Acer\Desktop\JRT.txt
2014-09-03 23:52 - 2014-09-03 23:52 - 00000000 ____D () C:\Windows\ERUNT
2014-09-03 23:39 - 2014-09-03 23:39 - 00001152 _____ () C:\Users\Downloads\mbam.txt
2014-09-03 23:12 - 2014-09-03 23:12 - 01016261 _____ (Thisisu) C:\Users\Downloads\JRT.exe
2014-09-03 23:11 - 2014-09-03 23:11 - 01370483 _____ () C:\Users\Downloads\adwcleaner_3.309.exe
2014-09-03 23:08 - 2014-09-03 23:09 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-03 22:01 - 2014-09-03 22:01 - 00106272 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2014-09-03 21:58 - 2014-09-03 21:58 - 00001942 _____ () C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk
2014-09-03 21:58 - 2014-09-03 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY
2014-09-03 21:45 - 2014-09-03 21:58 - 00142336 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2014-09-03 21:45 - 2014-09-03 21:58 - 00064000 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2014-09-03 21:45 - 2014-09-03 21:58 - 00064000 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2014-09-03 21:45 - 2014-09-03 21:58 - 00061440 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2014-09-03 21:45 - 2014-09-03 21:58 - 00055808 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2014-09-03 21:45 - 2014-09-03 21:58 - 00020992 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys
2014-09-03 13:50 - 2014-09-03 13:50 - 00135010 _____ () C:\ComboFix.txt
2014-09-03 13:41 - 2014-09-03 13:50 - 00000000 ____D () C:\Qoobox
2014-09-03 13:41 - 2014-09-03 13:48 - 00000000 ____D () C:\Windows\erdnt
2014-09-03 13:41 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-03 13:41 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-03 13:41 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-03 13:41 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-03 13:41 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-03 13:41 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-03 13:41 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-03 13:41 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-03 13:39 - 2014-09-03 13:38 - 05576326 ____R (Swearware) C:\Users\Acer\Desktop\ComboFix.exe
2014-09-02 22:50 - 2014-09-02 22:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-02 13:46 - 2014-09-02 13:46 - 00030613 _____ () C:\Users\Downloads\First.rar
2014-09-02 13:41 - 2014-09-02 13:41 - 00004273 _____ () C:\Users\Downloads\Logfiles.rar
2014-09-02 13:11 - 2014-09-02 13:11 - 00073299 _____ () C:\Users\Downloads\gmer.txt
2014-09-02 12:08 - 2014-09-02 12:08 - 00000470 _____ () C:\Users\Downloads\defogger_disable.log
2014-09-02 11:47 - 2014-09-02 11:47 - 00000000 _____ () C:\Users\Acer\defogger_reenable
2014-09-02 11:22 - 2014-09-02 11:23 - 00000000 ____D () C:\Users\Downloads\Service scan
2014-09-02 11:11 - 2014-09-06 08:45 - 00000000 ____D () C:\Users\Downloads\First
2014-09-02 11:11 - 2014-09-02 11:12 - 00000000 ____D () C:\Users\Downloads\Gdata
2014-09-02 10:50 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-02 10:19 - 2014-09-06 08:45 - 00000000 ____D () C:\FRST
2014-08-31 00:29 - 2014-09-03 21:42 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-08-31 00:29 - 2014-08-31 00:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-31 00:29 - 2014-08-31 00:29 - 00707354 _____ () C:\Windows\unins000.exe
2014-08-31 00:29 - 2014-08-31 00:29 - 00001529 _____ () C:\Windows\unins000.dat
2014-08-31 00:29 - 2014-08-31 00:29 - 00000000 ____D () C:\Windows\SysWOW64\GPBAK
2014-08-31 00:29 - 2008-04-14 02:11 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgr.dll
2014-08-31 00:29 - 2001-08-23 13:00 - 00034871 _____ () C:\Windows\SysWOW64\gpedit.msc
2014-08-31 00:29 - 2001-08-23 13:00 - 00034871 _____ () C:\Windows\system32\gpedit.msc
2014-08-31 00:27 - 2014-08-31 00:27 - 00875012 _____ () C:\Users\Downloads\group_policy.zip
2014-08-30 23:53 - 2014-08-30 23:53 - 00000000 ____D () C:\Users\Downloads\406874_intl_x64_zip
2014-08-30 22:01 - 2014-08-30 22:01 - 00000000 ____D () C:\bootmedium
2014-08-30 20:48 - 2014-09-05 22:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-30 20:47 - 2014-09-03 23:14 - 00001070 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-30 20:47 - 2014-09-03 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-30 20:47 - 2014-09-03 23:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-30 20:47 - 2014-08-30 20:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-30 20:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-30 20:47 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-30 20:47 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-30 20:21 - 2014-08-30 22:50 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Nico Mak Computing
2014-08-30 12:31 - 2014-08-30 12:37 - 226580480 _____ () C:\Users\Downloads\GDBootMedium_2014.iso
2014-08-30 09:41 - 2014-08-30 09:45 - 00000000 ____D () C:\Users\Acer\AppData\OICE_15_974FA576_32C1D314_F3B
2014-08-29 17:01 - 2014-08-30 10:03 - 00000000 ____D () C:\Users\Downloads\piwik
2014-08-29 16:48 - 2014-08-29 16:48 - 00022789 _____ () C:\Users\Downloads\Contao_PiwikTrackingTag_20030029_6.zip
2014-08-28 12:41 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 12:41 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 12:41 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-25 18:59 - 2014-08-25 18:59 - 00000000 _____ () C:\Users\Acer\Desktop\Neues Textdokument (2).txt
2014-08-24 18:35 - 2013-08-10 16:39 - 01839104 _____ () C:\Users\Downloads\memtest86+-5.01.iso
2014-08-24 13:29 - 2014-08-24 13:29 - 00007817 _____ () C:\Windows\BROMJ245.INI
2014-08-23 13:47 - 2014-08-23 13:47 - 00002103 _____ () C:\Users\Acer\Desktop\Skype.lnk
2014-08-23 10:46 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-23 10:46 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-23 10:46 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-23 10:46 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-23 10:46 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-23 10:46 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-23 10:46 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-23 10:46 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-23 10:46 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-23 10:46 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-23 10:46 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-23 10:46 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-23 10:46 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-23 10:46 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-15 10:01 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 10:01 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 10:01 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 10:01 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 10:01 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 10:01 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 10:01 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 10:01 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 09:54 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 09:54 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 09:54 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 09:54 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 09:54 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 09:54 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 09:54 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 09:54 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 09:54 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 09:54 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 09:54 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 09:54 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 09:54 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 09:54 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 09:54 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 09:54 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 09:54 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 09:54 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 09:54 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 09:54 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 09:54 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 09:54 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 09:54 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 09:54 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 09:54 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 09:54 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 09:54 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 09:54 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 09:54 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 09:54 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 09:54 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 09:54 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 09:54 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 09:54 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 09:54 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 09:54 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 09:54 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 09:54 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 09:54 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 09:54 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 09:54 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 09:54 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 09:54 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 09:54 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 09:54 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 09:54 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 09:54 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 09:54 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 09:54 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 09:54 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 09:54 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 09:54 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 09:54 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 09:54 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 09:54 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 09:54 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 09:54 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 09:54 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 09:54 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-15 09:54 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-15 09:54 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-15 09:54 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-15 09:54 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-15 09:54 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-15 09:54 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-15 09:54 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-15 09:54 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-15 09:54 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-15 09:54 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-15 09:54 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-15 09:54 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 09:54 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 09:54 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 09:54 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 09:54 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 09:54 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 09:54 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 09:54 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 09:54 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 09:54 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 09:53 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 09:53 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 09:53 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 09:53 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-06 08:45 - 2014-09-02 11:11 - 00000000 ____D () C:\Users\Downloads\First
2014-09-06 08:45 - 2014-09-02 10:19 - 00000000 ____D () C:\FRST
2014-09-06 08:40 - 2014-01-24 14:33 - 00000000 ____D () C:\Users\Acer\iPIN
2014-09-06 08:34 - 2014-09-06 08:34 - 00003662 _____ () C:\Users\Downloads\Eset.txt
2014-09-06 08:34 - 2012-09-09 15:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-06 08:26 - 2012-04-03 18:06 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-06 03:00 - 2011-07-05 21:38 - 01885428 _____ () C:\Windows\WindowsUpdate.log
2014-09-06 02:00 - 2011-07-21 15:41 - 00000000 ____D () C:\Users\Acer\AppData\Local\Adobe
2014-09-05 22:18 - 2014-09-05 22:18 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-05 22:18 - 2014-02-19 22:30 - 00005128 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Acer-PC-Acer Acer-PC
2014-09-05 22:15 - 2014-09-05 22:15 - 00854417 _____ () C:\Users\Downloads\SecurityCheck.exe
2014-09-05 22:14 - 2014-09-05 22:14 - 02347384 _____ (ESET) C:\Users\Downloads\esetsmartinstaller_deu.exe
2014-09-05 22:14 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-05 22:14 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-05 22:11 - 2011-07-06 07:32 - 00703230 _____ () C:\Windows\system32\perfh007.dat
2014-09-05 22:11 - 2011-07-06 07:32 - 00150838 _____ () C:\Windows\system32\perfc007.dat
2014-09-05 22:11 - 2009-07-14 07:13 - 01629444 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-05 22:10 - 2014-08-30 20:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-05 22:07 - 2012-09-09 15:12 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-05 22:07 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-05 22:06 - 2013-12-08 23:04 - 00034381 _____ () C:\Windows\setupact.log
2014-09-04 12:31 - 2014-09-04 12:31 - 00018160 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys
2014-09-04 00:02 - 2014-09-04 00:02 - 00001792 _____ () C:\Users\Acer\Desktop\JRT.txt
2014-09-03 23:55 - 2011-07-21 16:21 - 00000000 ____D () C:\Users\Acer\AppData\Local\CrashDumps
2014-09-03 23:52 - 2014-09-03 23:52 - 00000000 ____D () C:\Windows\ERUNT
2014-09-03 23:46 - 2013-12-08 23:04 - 01106400 _____ () C:\Windows\PFRO.log
2014-09-03 23:46 - 2013-12-06 11:40 - 00000000 ____D () C:\AdwCleaner
2014-09-03 23:39 - 2014-09-03 23:39 - 00001152 _____ () C:\Users\Downloads\mbam.txt
2014-09-03 23:14 - 2014-08-30 20:47 - 00001070 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-03 23:14 - 2014-08-30 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-03 23:14 - 2014-08-30 20:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-03 23:12 - 2014-09-03 23:12 - 01016261 _____ (Thisisu) C:\Users\Downloads\JRT.exe
2014-09-03 23:11 - 2014-09-03 23:11 - 01370483 _____ () C:\Users\Downloads\adwcleaner_3.309.exe
2014-09-03 23:09 - 2014-09-03 23:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-03 22:01 - 2014-09-03 22:01 - 00106272 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2014-09-03 21:58 - 2014-09-03 21:58 - 00001942 _____ () C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk
2014-09-03 21:58 - 2014-09-03 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY
2014-09-03 21:58 - 2014-09-03 21:45 - 00142336 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2014-09-03 21:58 - 2014-09-03 21:45 - 00064000 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2014-09-03 21:58 - 2014-09-03 21:45 - 00064000 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2014-09-03 21:58 - 2014-09-03 21:45 - 00061440 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2014-09-03 21:58 - 2014-09-03 21:45 - 00055808 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2014-09-03 21:58 - 2014-09-03 21:45 - 00020992 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys
2014-09-03 21:58 - 2014-01-18 23:05 - 00036798 _____ () C:\Windows\DPINST.LOG
2014-09-03 21:47 - 2012-08-18 12:00 - 00000000 ____D () C:\ProgramData\G DATA
2014-09-03 21:45 - 2014-07-07 13:19 - 00001558 _____ () C:\Users\Acer\AppData\Roaming\gdscan.log
2014-09-03 21:44 - 2012-08-18 12:00 - 00000000 ____D () C:\Program Files (x86)\G Data
2014-09-03 21:42 - 2014-08-31 00:29 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-03 13:50 - 2014-09-03 13:50 - 00135010 _____ () C:\ComboFix.txt
2014-09-03 13:50 - 2014-09-03 13:41 - 00000000 ____D () C:\Qoobox
2014-09-03 13:50 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-03 13:48 - 2014-09-03 13:41 - 00000000 ____D () C:\Windows\erdnt
2014-09-03 13:48 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-03 13:38 - 2014-09-03 13:39 - 05576326 ____R (Swearware) C:\Users\Acer\Desktop\ComboFix.exe
2014-09-02 23:04 - 2012-08-22 13:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-02 22:50 - 2014-09-02 22:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-02 22:26 - 2014-04-29 18:01 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\gnupg
2014-09-02 13:46 - 2014-09-02 13:46 - 00030613 _____ () C:\Users\Downloads\First.rar
2014-09-02 13:41 - 2014-09-02 13:41 - 00004273 _____ () C:\Users\Downloads\Logfiles.rar
2014-09-02 13:11 - 2014-09-02 13:11 - 00073299 _____ () C:\Users\Downloads\gmer.txt
2014-09-02 12:08 - 2014-09-02 12:08 - 00000470 _____ () C:\Users\Downloads\defogger_disable.log
2014-09-02 11:47 - 2014-09-02 11:47 - 00000000 _____ () C:\Users\Acer\defogger_reenable
2014-09-02 11:47 - 2011-07-21 11:27 - 00000000 ____D () C:\Users\Acer
2014-09-02 11:31 - 2012-01-20 23:23 - 00000000 ____D () C:\Program Files (x86)\MusicLab
2014-09-02 11:30 - 2012-11-12 13:29 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2014-09-02 11:30 - 2011-08-07 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2014-09-02 11:23 - 2014-09-02 11:22 - 00000000 ____D () C:\Users\Downloads\Service scan
2014-09-02 11:12 - 2014-09-02 11:11 - 00000000 ____D () C:\Users\Downloads\Gdata
2014-09-02 11:01 - 2013-11-20 21:55 - 00000000 ___RD () C:\Users\Acer\Dropbox
2014-09-02 11:01 - 2011-08-03 12:35 - 00000000 ____D () C:\Windows\pss
2014-09-02 10:57 - 2013-11-20 21:43 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Dropbox
2014-09-02 10:57 - 2013-07-01 20:29 - 00000000 ___RD () C:\Users\Acer\CloudStation
2014-09-02 10:57 - 2013-07-01 20:20 - 00000000 ___RD () C:\Users\Acer\Cloud-2
2014-09-02 10:57 - 2012-04-03 18:04 - 00000015 _____ () C:\Windows\system32\deviceAppeared.txt
2014-09-02 10:16 - 2013-12-10 14:35 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-08-31 00:36 - 2014-08-31 00:29 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-31 00:29 - 2014-08-31 00:29 - 00707354 _____ () C:\Windows\unins000.exe
2014-08-31 00:29 - 2014-08-31 00:29 - 00001529 _____ () C:\Windows\unins000.dat
2014-08-31 00:29 - 2014-08-31 00:29 - 00000000 ____D () C:\Windows\SysWOW64\GPBAK
2014-08-31 00:27 - 2014-08-31 00:27 - 00875012 _____ () C:\Users\Downloads\group_policy.zip
2014-08-30 23:53 - 2014-08-30 23:53 - 00000000 ____D () C:\Users\Downloads\406874_intl_x64_zip
2014-08-30 22:52 - 2014-01-23 17:38 - 00000000 ____D () C:\ProgramData\Vexel
2014-08-30 22:52 - 2011-06-01 06:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-30 22:50 - 2014-08-30 20:21 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Nico Mak Computing
2014-08-30 22:01 - 2014-08-30 22:01 - 00000000 ____D () C:\bootmedium
2014-08-30 21:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Globalization
2014-08-30 20:47 - 2014-08-30 20:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-30 20:12 - 2013-12-08 23:04 - 00110795 _____ () C:\Windows\AutoKMS.log
2014-08-30 16:49 - 2012-02-22 19:38 - 00000166 ___SH () C:\ProgramData\.zreglib
2014-08-30 12:37 - 2014-08-30 12:31 - 226580480 _____ () C:\Users\Downloads\GDBootMedium_2014.iso
2014-08-30 12:26 - 2012-04-03 18:06 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-30 12:26 - 2012-04-03 18:06 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-30 12:26 - 2011-07-21 19:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-30 12:15 - 2013-11-20 21:44 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-30 10:03 - 2014-08-29 17:01 - 00000000 ____D () C:\Users\Downloads\piwik
2014-08-30 09:45 - 2014-08-30 09:41 - 00000000 ____D () C:\Users\Acer\AppData\OICE_15_974FA576_32C1D314_F3B
2014-08-30 09:34 - 2014-08-03 17:32 - 00073356 _____ () C:\nospam.log
2014-08-30 09:34 - 2014-08-03 17:32 - 00033612 _____ () C:\spam.log
2014-08-29 17:31 - 2013-10-06 22:10 - 00000000 ____D () C:\Program Files (x86)\The KMPlayer
2014-08-29 16:48 - 2014-08-29 16:48 - 00022789 _____ () C:\Users\Downloads\Contao_PiwikTrackingTag_20030029_6.zip
2014-08-29 10:09 - 2013-12-08 23:04 - 05254200 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 20:53 - 2012-10-15 12:08 - 00000000 ____D () C:\Users\Acer\Documents\Video Editoren
2014-08-26 21:17 - 2013-05-25 12:45 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-26 12:26 - 2014-03-02 22:59 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-25 18:59 - 2014-08-25 18:59 - 00000000 _____ () C:\Users\Acer\Desktop\Neues Textdokument (2).txt
2014-08-25 17:21 - 2009-07-14 04:34 - 00000718 _____ () C:\Windows\win.ini
2014-08-24 19:22 - 2013-12-21 23:56 - 00008101 _____ () C:\Windows\BRRBCOM.INI
2014-08-24 13:29 - 2014-08-24 13:29 - 00007817 _____ () C:\Windows\BROMJ245.INI
2014-08-23 14:50 - 2011-07-21 11:51 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Skype
2014-08-23 13:49 - 2013-06-15 10:13 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-23 13:49 - 2011-06-01 06:43 - 00000000 ____D () C:\ProgramData\Skype
2014-08-23 13:47 - 2014-08-23 13:47 - 00002103 _____ () C:\Users\Acer\Desktop\Skype.lnk
2014-08-23 13:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-23 10:43 - 2012-10-14 18:46 - 00000000 ____D () C:\Windows\system32\inf32
2014-08-23 04:07 - 2014-08-28 12:41 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 12:41 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 12:41 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-15 10:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 10:06 - 2013-08-15 10:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 10:03 - 2011-07-21 12:00 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-15 10:01 - 2014-05-06 17:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-07 04:06 - 2014-08-15 09:53 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-15 09:53 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
Files to move or delete:
====================
C:\Users\Downloads\adwcleaner_3.309.exe
C:\Users\Downloads\esetsmartinstaller_deu.exe
C:\Users\Downloads\JRT.exe
C:\Users\Downloads\mbam-setup-2.0.2.1012.exe
C:\Users\Downloads\SecurityCheck.exe
Some content of TEMP:
====================
C:\Users\Acer\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-06 00:55
==================== End Of Log ============================
--- --- --- Gruß Otscho |
|
Linear-Darstellung
