| |
| |||||||
Log-Analyse und Auswertung: Laptop hängt und ständig BluescreensWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.04.2013, 14:10
| #1 |
 |  Laptop hängt und ständig Bluescreens Hallo , ich habe seit paar monaten ein Ultrabook und am anfang war noch alles ok, seit paar Wochen hängt mein Laptop sogar beim schreiben ! Pro Tag habe ich 2-3 Bluescreens.. Malwarebytes hat auch was gefunden : Code:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.10.04 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16519 Denis :: LAPTOP [Administrator] Schutz: Aktiviert 10.04.2013 13:13:05 MBAM-log-2013-04-10 (14-32-01).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 385614 Laufzeit: 58 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Denis\AppData\Local\Temp\addlyrics1030.exe (Adware.Dropper.AL) -> Keine Aktion durchgeführt. C:\Users\Denis\Desktop\Cryptload1.1.8\router\FRITZ!Box\nc.exe (PUP.Netcat) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter OTL logfile created on: 10.04.2013 14:35:55 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Denis\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16519) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,82 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 45,98% Memory free 7,69 Gb Paging File | 5,02 Gb Available in Paging File | 65,19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 444,95 Gb Total Space | 378,53 Gb Free Space | 85,07% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: Denis | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Denis\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation) PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe () PRC - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe () PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe (Intel) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65220f0f32ec84454f9a811fba883c2e\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\1f3dbc5b0a874bf49a4559e71274f8ba\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\38b47b5452863bcadb6b731fe6c5198f\CustomMarshalers.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fb048f69c5b71baf063604bd1724b078\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ae31f7dc9817e359d05c9c8efdd5f359\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e1ec8b9a6d4f9af9d6065c4187fb1b5f\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f641b786d36d1cc5a5531a746c96ce1b\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\bbebe831e3b0761ad47dcc09231cbc29\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\05cc6faa6704d01e78700561b22937e3\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\8347ac8367f91309fa888d79a54c7450\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\1c7f4533b2b24c10a628793a8b93e1a7\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\15cc4fff434f274c1f6ab56a385dcb54\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\0247de206c1c48ac4f8b55df16468405\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a7811936e59aaee26b1d9d467174d6d4\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\374a0cc6603f58864831897ef723bd4a\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe () MOD - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll () MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll () ========== Services (SafeList) ========== SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (ETDService) -- C:\Programme\Elantech\ETDService.exe (ELAN Microelectronics Corp.) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (USecuAppSvc) -- C:\Programme\Acer\Acer Theft Shield\USecuAppSvc.exe (Acer Incorporated) SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation) SRV - (ose64) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (RfButtonDriverService) -- C:\Windows\RfBtnSvc64.exe (Dritek System INC.) SRV - (CCDMonitorService) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated) SRV - (DeviceFastLaneService) -- C:\Programme\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe (Acer Incorporated) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer Power Management\ePowerSvc.exe (Acer Incorporated) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Qualcomm Atheros Commnucations) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (irstrtsv) -- C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. ) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (ExpressCache) -- C:\Programme\Diskeeper Corporation\ExpressCache\ExpressCache.exe (Diskeeper Corporation) SRV - (FFSOpzSvc) -- C:\Programme\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe (Acer Incorporated) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\Drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (klwfp) -- C:\Windows\SysNative\Drivers\klwfp.sys (Kaspersky Lab ZAO) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\Drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\Drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (ETD) -- C:\Windows\SysNative\Drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\Drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\Drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\Drivers\klkbdflt.sys (Kaspersky Lab) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\Drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (athr) -- C:\Windows\SysNative\Drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (Ps2Kb2Hid) -- C:\Windows\SysNative\Drivers\aPs2Kb2Hid.sys (Dritek System Inc.) DRV:64bit: - (kneps) -- C:\Windows\SysNative\Drivers\kneps.sys (Kaspersky Lab) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\Drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\Drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\Drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\Drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\Drivers\btfilter.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\Drivers\btath_rcp.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\Drivers\btath_lwflt.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\Drivers\btath_hcrp.sys (Qualcomm Atheros) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\Drivers\btath_flt.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\Drivers\btath_a2dp.sys (Qualcomm Atheros) DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\Drivers\btath_avdt.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\Drivers\btath_bus.sys (Qualcomm Atheros) DRV:64bit: - (klelam) -- C:\Windows\SysNative\Drivers\klelam.sys (Kaspersky Lab) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (irstrtdv) -- C:\Windows\SysNative\Drivers\irstrtdv.sys (Intel Corporation) DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation) DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\Drivers\RtsPStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (kl1) -- C:\Windows\SysNative\Drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\Drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (excsd) -- C:\Windows\SysNative\Drivers\excsd.sys (Diskeeper Corporation) DRV:64bit: - (excfs) -- C:\Windows\SysNative\Drivers\excfs.sys (Diskeeper Corporation) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\Drivers\UBHelper.sys (NTI Corporation) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NTI Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {986B18CE-935F-4991-918E-E88E5751A708} IE:64bit: - HKLM\..\SearchScopes\{986B18CE-935F-4991-918E-E88E5751A708}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {986B18CE-935F-4991-918E-E88E5751A708} IE - HKLM\..\SearchScopes\{986B18CE-935F-4991-918E-E88E5751A708}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2929871637-3288670245-3381123236-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2929871637-3288670245-3381123236-1001\..\SearchScopes,DefaultScope = {986B18CE-935F-4991-918E-E88E5751A708} IE - HKU\S-1-5-21-2929871637-3288670245-3381123236-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Web Search" FF - prefs.js..browser.startup.homepage: "google.at" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 21.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 21.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.01.15 03:34:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.01.15 03:34:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.01.15 03:34:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.01.15 03:34:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.01.15 03:34:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.13 23:38:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.17 15:30:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013.01.06 02:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denis\AppData\Roaming\mozilla\Extensions [2013.03.28 14:36:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denis\AppData\Roaming\mozilla\Firefox\Profiles\p31gzfsm.default\extensions [2013.03.28 14:36:44 | 002,358,379 | ---- | M] () (No name found) -- C:\Users\Denis\AppData\Roaming\mozilla\firefox\profiles\p31gzfsm.default\extensions\nasanightlaunch@example.com.xpi [2013.03.01 22:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.03.13 23:38:40 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.11 04:06:08 | 000,033,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013.02.16 02:35:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.16 02:35:09 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plugin/content_blocker_npapi.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin/online_banking_npapi.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin/npVKPlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll CHR - plugin: Microsoft Office 2013 (Enabled) = C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Docs = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\ CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\ CHR - Extension: Modul f\u00FCr das Blockieren gef\u00E4hrlicher Webseiten = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\ CHR - Extension: Google Mail = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Anti-Banner = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\ O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [BtPreLoad] C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe () O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [BakupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LManager] File not found O4 - HKU\S-1-5-21-2929871637-3288670245-3381123236-1001..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-2929871637-3288670245-3381123236-1001..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKU\S-1-5-21-2929871637-3288670245-3381123236-1001..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Denis\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Denis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\Denis\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Denis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{397E3952-FEB0-4B1A-BD3A-D22F421EC68D}: DhcpNameServer = 212.186.211.21 195.34.133.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C078D38A-C17B-41A3-B332-A0B351131F0D}: DhcpNameServer = 212.186.211.21 195.34.133.21 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.10 13:05:39 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\Malwarebytes [2013.04.10 13:05:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.10 13:05:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.10 13:05:28 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.10 13:05:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.04.10 00:42:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2013.04.10 00:37:35 | 000,203,544 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2013.04.10 00:37:35 | 000,102,936 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2013.04.10 00:31:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny [2013.04.10 00:31:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log [2013.04.10 00:31:04 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Local\Samsung [2013.04.10 00:31:02 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\Samsung [2013.04.10 00:30:59 | 000,000,000 | ---D | C] -- C:\Users\Denis\Documents\samsung [2013.04.10 00:28:32 | 001,490,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01007.dll [2013.04.10 00:28:32 | 000,708,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinUSBCoInstaller.dll [2013.04.10 00:27:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec [2013.04.10 00:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyFree Codec [2013.04.10 00:24:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2013.04.10 00:24:20 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll [2013.04.10 00:23:58 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll [2013.04.10 00:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2013.04.10 00:23:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung [2013.04.10 00:22:11 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Local\Downloaded Installations [2013.03.22 23:48:59 | 000,000,000 | ---D | C] -- C:\Users\Denis\Desktop\media [2013.03.22 23:48:40 | 000,000,000 | ---D | C] -- C:\Users\Denis\Desktop\WhatsApp Video [2013.03.22 23:48:26 | 000,000,000 | ---D | C] -- C:\Users\Denis\Desktop\WhatsApp Images [2013.03.22 17:23:26 | 000,000,000 | ---D | C] -- C:\Users\Denis\Desktop\DCIM [2013.03.22 16:53:43 | 000,000,000 | ---D | C] -- C:\Users\Denis\Documents\default [2013.03.22 02:26:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab [2013.03.20 01:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID [2013.03.20 01:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID [2013.03.20 01:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.03.20 01:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013.03.17 15:40:27 | 001,010,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll [2013.03.17 15:40:27 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgent.dll [2013.03.17 15:40:27 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll [2013.03.17 15:36:08 | 000,692,568 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.17 15:36:08 | 000,078,168 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.17 15:20:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.17 15:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.17 15:19:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.17 15:17:10 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.17 15:17:08 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.17 15:17:07 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.17 15:17:07 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll [2013.03.17 15:17:07 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.17 15:17:07 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.03.17 15:17:07 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.03.17 15:17:07 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.03.17 15:17:07 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll [2013.03.17 15:17:07 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.03.17 15:17:06 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.03.17 15:17:06 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll [2013.03.17 15:17:00 | 013,643,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll [2013.03.17 15:16:57 | 010,792,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll [2013.03.17 15:16:55 | 005,977,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.03.17 15:16:50 | 005,090,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.03.17 15:16:48 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\duser.dll [2013.03.17 15:16:48 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlroamextension.dll [2013.03.17 15:16:47 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWanAPI.dll [2013.03.17 15:16:47 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll [2013.03.17 15:16:47 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll [2013.03.17 15:16:47 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2013.03.17 15:16:47 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.Connectivity.dll [2013.03.17 15:16:46 | 000,731,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.03.17 15:16:46 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll [2013.03.17 15:16:46 | 000,446,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS [2013.03.17 15:16:46 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlroamextension.dll [2013.03.17 15:16:46 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWanAPI.dll [2013.03.17 15:16:46 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll [2013.03.17 15:16:46 | 000,329,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2013.03.17 15:16:46 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hotspotauth.dll [2013.03.17 15:16:46 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll [2013.03.17 15:16:46 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mbsmsapi.dll [2013.03.17 15:16:46 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll [2013.03.17 15:16:46 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mbsmsapi.dll [2013.03.17 15:16:46 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll [2013.03.17 15:16:46 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskkill.exe [2013.03.17 15:16:46 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tasklist.exe [2013.03.17 15:16:46 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys [2013.03.17 15:16:46 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskkill.exe [2013.03.17 15:16:46 | 000,061,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys [2013.03.17 15:16:46 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys [2013.03.17 15:16:45 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tasklist.exe [2013.03.17 15:16:45 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmproxy.dll [2013.03.17 15:16:45 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmsprep.dll [2013.03.17 15:16:42 | 010,115,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll [2013.03.17 15:16:41 | 008,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll [2013.03.17 15:16:38 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.03.17 15:16:37 | 002,146,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll [2013.03.17 15:16:37 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.03.17 15:16:37 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys [2013.03.17 15:16:35 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll [2013.03.17 15:16:34 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll [2013.03.17 15:16:33 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.17 15:16:27 | 000,230,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys [2013.03.17 15:16:26 | 000,035,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys [2013.03.17 15:16:23 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll [2013.03.17 15:16:23 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll [2013.03.16 16:13:40 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.16 16:13:35 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.16 16:13:35 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.16 16:13:35 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.16 16:13:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.15 01:58:04 | 000,000,000 | ---D | C] -- C:\Windows\Minidump ========== Files - Modified Within 30 Days ========== [2013.04.10 14:33:06 | 000,000,178 | ---- | M] () -- C:\Users\Denis\defogger_reenable [2013.04.10 14:14:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.10 13:08:14 | 001,754,216 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.10 13:08:14 | 000,756,772 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.10 13:08:14 | 000,713,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.10 13:08:14 | 000,156,908 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.10 13:08:14 | 000,133,458 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.10 13:05:29 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.10 13:02:56 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat [2013.04.10 13:00:54 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.04.10 13:00:52 | 3279,331,328 | -HS- | M] () -- C:\hiberfil.sys [2013.04.10 00:33:35 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf [2013.04.10 00:30:51 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2013.04.09 23:05:51 | 1412,904,550 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.20 01:19:57 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk [2013.03.20 01:09:44 | 000,001,207 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk [2013.03.18 11:46:46 | 000,421,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.16 16:13:28 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.03.16 16:13:28 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.03.16 16:13:28 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.16 16:13:28 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.16 16:13:28 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.16 16:13:28 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.13 01:14:14 | 016,486,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe ========== Files Created - No Company Name ========== [2013.04.10 14:33:06 | 000,000,178 | ---- | C] () -- C:\Users\Denis\defogger_reenable [2013.04.10 13:05:29 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.10 00:33:35 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf [2013.04.10 00:30:51 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2013.03.20 01:19:57 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk [2013.03.20 01:09:44 | 000,001,207 | ---- | C] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk [2013.03.18 11:46:34 | 000,421,792 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.15 01:58:00 | 1412,904,550 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.02.05 17:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2013.02.05 17:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2013.02.05 17:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2013.02.05 17:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2013.02.05 17:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2013.01.16 03:35:47 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2013.01.16 03:35:46 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin [2013.01.11 18:21:52 | 000,228,088 | ---- | C] () -- C:\ProgramData\1357921100.bdinstall.bin [2013.01.08 01:50:14 | 000,007,599 | ---- | C] () -- C:\Users\Denis\AppData\Local\Resmon.ResmonCfg [2013.01.06 14:06:06 | 000,444,766 | ---- | C] () -- C:\ProgramData\1357473868.bdinstall.bin [2013.01.06 14:04:26 | 000,090,848 | ---- | C] () -- C:\ProgramData\1357473857.bdinstall.bin [2013.01.06 04:06:07 | 000,591,862 | ---- | C] () -- C:\ProgramData\1357437740.bdinstall.bin [2013.01.05 21:57:22 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2013.01.05 21:57:21 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2013.01.05 21:57:21 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2013.01.05 21:57:11 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2013.01.05 21:57:06 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2013.01.05 21:56:33 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2012.09.09 21:41:16 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2012.08.11 22:47:01 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | -H-- | C] () -- C:\Windows\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.07.25 22:22:56 | 000,733,840 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.07.25 22:22:56 | 000,492,340 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2012.04.20 13:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2013.01.06 04:16:37 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 01:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 01:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.01.06 15:47:01 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\Ashampoo [2013.01.16 02:38:41 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\DAEMON Tools Pro [2013.03.20 01:09:59 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\DVDVideoSoft [2013.01.11 17:46:35 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\DVDVideoSoftIEHelpers [2013.01.11 21:32:13 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\ImgBurn [2013.01.06 04:16:52 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\liQeNSoft [2013.01.06 00:33:34 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\lm [2013.02.21 12:33:37 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\PDF Architect [2013.02.21 12:27:45 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\pdfforge [2013.01.06 04:03:22 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\QuickScan [2013.04.10 00:31:08 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\Samsung [2013.01.08 17:45:35 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\Thunderbird ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 10.04.2013 14:35:55 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Denis\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16519)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,82 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 45,98% Memory free
7,69 Gb Paging File | 5,02 Gb Available in Paging File | 65,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444,95 Gb Total Space | 378,53 Gb Free Space | 85,07% Space Free | Partition Type: NTFS
Computer Name: LAPTOP | User Name: Denis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2929871637-3288670245-3381123236-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09FC242E-BE7A-4639-98E2-EDF206FBFEC9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{113DD6DE-6F03-4476-961A-569DD4ECB11B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{12231DB3-F323-4EC3-9442-39006FD824DD}" = rport=445 | protocol=6 | dir=out | app=system |
"{1D543576-F34F-4DFD-9F93-F7F2B9D820D4}" = rport=137 | protocol=17 | dir=out | app=system |
"{1E4E8DC2-C9FA-4836-81F2-3DB0522137D1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{29E9B9E8-2943-465D-BEA4-8D8FB48C50D7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{356B8101-8EFC-4C71-951F-50C8D8CCCDBB}" = lport=139 | protocol=6 | dir=in | app=system |
"{3D21A7B6-AF00-424D-A679-A52F8E7BC481}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4C0F3308-188D-4A3E-B5DC-62FE4425FB99}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5163F41D-94B7-48A8-BD9A-F3C8765DC6B3}" = lport=138 | protocol=17 | dir=in | app=system |
"{55C0CDC0-A97C-4981-A14C-AF1AD6CC8C9F}" = rport=138 | protocol=17 | dir=out | app=system |
"{5DF566DE-0C61-46ED-A101-4856D2DE2E66}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{62F7A807-5F0F-40BE-A07D-54B95274ED95}" = lport=137 | protocol=17 | dir=in | app=system |
"{8DEB65FA-FCBF-46EA-826B-12E6DDBA073E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |
"{A81415E9-02EB-4F1E-BA0B-BC054DB071A0}" = rport=139 | protocol=6 | dir=out | app=system |
"{AB0602C9-8C8B-414D-AB88-124182EE0077}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AD2C9DEB-B09B-4E61-9188-58646AD109D3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C813BB8D-79AD-449A-B183-88E087E0ABEC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CFE89FB6-24A8-455E-A77C-BD8CCBD357B3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D1E098BB-BB3D-4194-9403-0323799325BC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E4065425-F76E-458A-ACA8-9D7C00BB458E}" = lport=445 | protocol=6 | dir=in | app=system |
"{F9E96377-767F-47BF-A50C-E6D94CDBE6DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001FCE24-73E8-4AB8-8929-E8153206EFE7}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{0891285B-5DA3-4D05-AF49-D10E4BED8E01}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{17D90225-669D-47DC-86B0-8304DFB1E675}" = dir=out | name=youtube player |
"{1ECADFDB-2F4D-47A9-AC3A-870898AB25B9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{2BF3CC82-DECF-4EFF-886D-8E0E387677DC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{2CC4F63B-0928-4A12-AC59-024F50706A48}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{2DE8AAEC-D883-4FFF-92F0-1CB013275698}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{30375B2D-0EB2-4303-848D-2B798B70A385}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{389E70C0-2719-43AA-9DDB-4169F8382ABB}" = protocol=6 | dir=out | app=system |
"{3DB24368-2397-4F7A-A289-3FB3D533F382}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{4B39F1C3-BF16-44B9-9B4A-76DBC25C5719}" = dir=in | app=c:\program files\acer\acer theft shield\usecuappclient.exe |
"{4C1E7221-7B31-4AC9-AFF6-6A5E6ED0C4F7}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{5089ED47-BC57-4895-8C6F-8FA4D0F7EE02}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5315E709-EA60-41A5-AA56-E05BF1E8F21E}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{54CB5998-62A8-44C3-8DF4-21C698164D56}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{56984BD0-6B5C-4CB4-9986-23DC1BBAFD3F}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe |
"{5B30D869-4504-4080-AC7A-A894D3C49D3E}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{5B3A68D1-C1BB-4A96-91BB-B20500BEA798}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{5C21E7B1-5A1B-4F5D-A3D3-2B9FF1BF7C3C}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{5D0C6D37-E583-4423-A2E5-D42226EEE262}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{61980CC1-3F9E-4A61-AFFA-B9277EEF2094}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{63EE7B1F-8C54-4AEB-896C-1D611C9E7F47}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{67123EBC-3859-4DE8-B852-20D455DE08FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6F37463E-8B60-4C5D-9AE3-AAAF62349AE1}" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\bttray.exe |
"{702B346D-98A9-4AE6-9266-9E5C08AA9B7C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7238AC84-5DBB-4496-8199-08179998F361}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{77300AA4-010E-42FF-85CC-5B70D5117A16}" = protocol=6 | dir=out | app=c:\program files (x86)\bluetooth suite\win7ui.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{870CE6DB-A7D7-4483-B9E3-B1CA019C5F71}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8D6E0952-9D55-47D1-9C75-EF58E069AA4C}" = dir=out | name=@{microsoft.zunemusic_1.1.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{90F25EB4-5FD4-44BE-8CC8-17D2B02D4600}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe |
"{931E367F-6B9B-49ED-9303-86E72E9FFCA1}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\backupmanager.exe |
"{94234AE6-2104-4080-9BD8-C3FE39C8FFD0}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\ischedulesvc.exe |
"{94B52CB7-C062-4EC7-BFAA-B73431C06780}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9576E2F3-9D61-43BD-B093-402511AA476E}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{9617CA92-9011-4942-BBD1-9F99420AC365}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{96C8E867-6D50-4BDD-B180-96B8CEFE2634}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\fileexplorer.exe |
"{984EC752-9964-48E9-B344-C1EFF41A1EDA}" = dir=out | name=acer crystal eye |
"{99809141-0DCA-4AE0-AA0B-8364ED6D4509}" = dir=in | name=acer explorer |
"{999F15F0-CFBB-4C9D-A0A6-3077F632FDA9}" = dir=out | name=acer explorer |
"{99B9947F-41B4-4902-9789-2D3A9BFD3592}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9D1097C4-76E1-4E51-B0F1-DAEEAF035EF2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9FF2D917-DB93-48F1-9DFF-879D6D00CED6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A67A1E83-3419-4396-8F5E-D0AFC3B1BC0B}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{AE7D688F-68F5-4B36-8CC9-E1197C7CF3F3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B543F518-0C1C-4548-843B-262ECE61E8C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BA180F67-8D9C-480A-894E-BF5CE0C2A312}" = dir=out | name=fresh paint |
"{BDDDB83E-DC6F-4975-8A07-2B966EA66861}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe |
"{C096C6C3-1D1A-423B-B371-78724849E455}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{C43BDF31-A386-48F1-95A7-32C4DB453CCD}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{C878611C-A867-4AFF-8738-380441895B61}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C8C2638D-1269-4E82-AE7C-BE334C070794}" = dir=out | name=windows_ie_ac_001 |
"{CA4E8DE5-AE69-477C-BF64-F611F775AAA2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{CC9B38FE-74B5-4A09-9ABE-EB0F45D91DF4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D0B254C9-274B-4E7E-8BBB-3C795F67AE6A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D1184077-A968-4A00-AE95-9468DA35FFE4}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{D3DA94FD-A1F6-41C4-AAE5-FFDCEC0B4540}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{DA1CCFA8-E888-40A9-ACB2-CEAFC5C8FA1C}" = protocol=6 | dir=out | app=c:\program files (x86)\bluetooth suite\bttray.exe |
"{DADA4A00-9632-47D8-A09F-E9195C491250}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{DDC47FD5-F2CD-4039-838E-53E8761670E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E3BA83C5-45CE-4798-A387-7A31038F5420}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{E6420F81-2847-4263-9D3C-31C4AF193D8D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E8C55DDD-6E22-4EA8-84C7-4D598CFC61EF}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{F4879581-A9CE-463B-99E2-359B7179FCB9}" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\btvstack.exe |
"{F9495E4D-8F93-4502-AF43-01A5785E8428}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"TCP Query User{C979FB41-4B2F-422C-9456-191E0EBCDCD3}C:\program files (x86)\bluetooth suite\bttray.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\bttray.exe |
"TCP Query User{F4077F06-97C1-4D66-AB95-00071D729B75}C:\program files (x86)\bluetooth suite\btvstack.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\btvstack.exe |
"UDP Query User{A267BAD0-76C2-490A-9F34-EA56DD7D6258}C:\program files (x86)\bluetooth suite\bttray.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bluetooth suite\bttray.exe |
"UDP Query User{CCCCA9B9-E0F9-4E5B-8A50-DB4EBD50095C}C:\program files (x86)\bluetooth suite\btvstack.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bluetooth suite\btvstack.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07E867C5-0C48-40FF-A013-DDAF4565AD47}" = Acer USB Charge Manager
"{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}" = ExpressCache
"{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}" = Acer Device Fast-lane
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADB0CD2-4E5A-452F-BB3B-3A2984CAC749}" = Acer Theft Shield
"{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0407-1000-0000000FF1CE}" = Microsoft Access MUI (German) 2013
"{90150000-0016-0407-1000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013
"{90150000-0018-0407-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013
"{90150000-0019-0407-1000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013
"{90150000-001A-0407-1000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013
"{90150000-001B-0407-1000-0000000FF1CE}" = Microsoft Word MUI (German) 2013
"{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013
"{90150000-0044-0407-1000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013
"{90150000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-0090-0407-1000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013
"{90150000-00A1-0407-1000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013
"{90150000-00BA-0407-1000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2013
"{90150000-00E1-0407-1000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013
"{90150000-00E2-0407-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013
"{90150000-012B-0407-1000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013
"{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management
"{A10FCEC8-5523-4C2D-8B42-091B48EDEB55}" = Sleep Memory Optimizer
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F6100F13-F183-47A2-94A8-9AAC4976E228}" = Acer Instant Update Service
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.63.0
"Elantech" = ETDWare PS/2-X64 11.6.11.002_WHQL
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25F6C1CB-C8F0-4BAE-996B-9C16F97B82F3}" = Acer PicEvermore
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation
"{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" = clear.fi SDK- Movie 2
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89DB52FC-EA72-468F-A0C7-150AF8B7AB74}" = Smart Timer
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1" = Ashampoo Burning Studio 2013 v.11.0.5
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Backup Manager v4
"{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
"{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" = clear.fi SDK - Video 2
"{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel(R) Rapid Start Technology
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aurora 21.0a2 (x86 de)" = Aurora 21.0a2 (x86 de)
"DAEMON Tools Pro" = DAEMON Tools Pro
"Free Studio_is1" = Free Studio version 2013
"ImgBurn" = ImgBurn
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{25F6C1CB-C8F0-4BAE-996B-9C16F97B82F3}" = Acer PicEvermore
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Acer Backup Manager
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.6.5
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"VLC media player" = VLC media player 2.0.5
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2929871637-3288670245-3381123236-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BB108A893815B64BF41C4574C3324FB7371AA244" = Atheros Outlook Addin 2010
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.03.2013 19:41:48 | Computer Name = Laptop | Source = .NET Runtime | ID = 1026
Description =
Error - 19.03.2013 19:41:49 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: liveupdater_agent.exe, Version: 2.0.3000.0,
Zeitstempel: 0x4fe30d82 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988aa6 Ausnahmecode: 0xe0434352 Fehleroffset: 0x000000000003811c
ID
des fehlerhaften Prozesses: 0x161c Startzeit der fehlerhaften Anwendung: 0x01ce24fb52a858b6
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 90c7583a-90ee-11e2-bed8-4c72b9897278
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 19.03.2013 19:41:53 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WerFault.exe, Version: 6.2.9200.16384,
Zeitstempel: 0x501096ef Name des fehlerhaften Moduls: werui.dll, Version: 6.2.9200.16384,
Zeitstempel: 0x50109732 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000ca98
ID
des fehlerhaften Prozesses: 0x178c Startzeit der fehlerhaften Anwendung: 0x01ce24fb530c7cd3
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\WerFault.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\werui.dll Berichtskennung: 934d7d22-90ee-11e2-bed8-4c72b9897278
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 21.03.2013 07:11:21 | Computer Name = Laptop | Source = Office 2013 Licensing Service | ID = 0
Description =
Error - 22.03.2013 05:44:29 | Computer Name = Laptop | Source = Office 2013 Licensing Service | ID = 0
Description =
Error - 24.03.2013 14:05:14 | Computer Name = Laptop | Source = Office 2013 Licensing Service | ID = 0
Description =
Error - 25.03.2013 15:06:43 | Computer Name = Laptop | Source = Office 2013 Licensing Service | ID = 0
Description =
Error - 26.03.2013 11:24:43 | Computer Name = Laptop | Source = Office 2013 Licensing Service | ID = 0
Description =
Error - 27.03.2013 10:38:05 | Computer Name = Laptop | Source = Office 2013 Licensing Service | ID = 0
Description =
Error - 28.03.2013 08:41:19 | Computer Name = Laptop | Source = Office 2013 Licensing Service | ID = 0
Description =
[ System Events ]
Error - 16.03.2013 22:36:41 | Computer Name = Laptop | Source = BugCheck | ID = 1001
Description =
Error - 17.03.2013 09:27:17 | Computer Name = Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070103 fehlgeschlagen: Intel driver update for Intel(R) Management Engine
Interface
Error - 18.03.2013 05:46:48 | Computer Name = Laptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?18.?03.?2013 um 02:06:07 unerwartet heruntergefahren.
Error - 19.03.2013 19:31:45 | Computer Name = Laptop | Source = Microsoft-Windows-Eventlog | ID = 23
Description = Der Ereignisprotokollierungsdienst hat einen Fehler (Auflösung=1500)
beim Initialisieren der Protokollierung der Ressourcen für Kanal "Microsoft-Windows-AppxPackaging/Operational"
erkannt.
Error - 19.03.2013 19:57:50 | Computer Name = Laptop | Source = DCOM | ID = 10010
Description =
Error - 22.03.2013 11:20:37 | Computer Name = Laptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?22.?03.?2013 um 16:19:29 unerwartet heruntergefahren.
Error - 22.03.2013 11:20:50 | Computer Name = Laptop | Source = BugCheck | ID = 1001
Description =
Error - 29.03.2013 08:24:42 | Computer Name = Laptop | Source = DCOM | ID = 10010
Description =
Error - 08.04.2013 19:28:17 | Computer Name = Laptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?04.?2013 um 01:15:05 unerwartet heruntergefahren.
Error - 08.04.2013 19:28:23 | Computer Name = Laptop | Source = BugCheck | ID = 1001
Description =
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-10 14:59:53
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003a Hitachi_HTS545050A7E380 rev.GG2OA6C0 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Denis\AppData\Local\Temp\fwloapow.sys
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [784:808] fffff960009745e8
Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe [3700:5168] 000007fcee06b364
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
| Themen zu Laptop hängt und ständig Bluescreens |
| addlyrics, adobe, adobe reader xi, adware.dropper.al, autorun, bho, bluescreen, cloud, converter, desktop, ebanking, error, flash player, format, hängt, iexplore.exe, install.exe, internet security 2013, kaspersky, kaspersky internet security 2013, klelam.sys, laptop hängt, launch, livecomm.exe, logfile, mausklick, office 2013, plug-in, realtek, registry, security, senden, software, svchost.exe, tastatur, visual studio, whatsapp, windowsapps |
Baum-Darstellung