| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-Virus: Erst Zahlungsaufforderung und nach meherem Hochfahren schwarzer BildschirmWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.05.2013, 20:06
| #16 |
| /// Helfer-Team  |  GVU-Virus: Erst Zahlungsaufforderung und nach meherem Hochfahren schwarzer Bildschirm Das ist schon mal gut, dass das WinXP-Bild kommt! Schaue im Bios unter SATA einstellungen ob du den Modus von AHCI auf IDE umstellen kannst! |
|
06.05.2013, 20:39
| #17 |
 | GVU-Virus: Erst Zahlungsaufforderung und nach meherem Hochfahren schwarzer Bildschirm ok, also ich habe wieder auf das legacy bios umgestellt und konnte auch den modus von ahc l auf ide umstellen.
__________________windows xp wurde gestartet und man kommt dahin wo ich otlpe wählen kann. dort wird my computer mit - ramdisk (B) - reatogoPE (X  - shared documents angezeigt, aber kein laufwerk c. unter microsoft finde ich auch kein windows. was vieleicht daran liegt dass es bei legancy nur 7 anstatt 8 reihenfolgen gibt und windows fehlt? oder weil das uef l speziell für windwows 8 konzipiert wurde? jedenfalls wenn ich jetzt noch mal auf uef l umstelle, sagt der pc immer es gibt ein problem und startet endlos neu. also habe ich wieder auf legacy umgestellt. jetzt bist du gefragt. |
|
06.05.2013, 23:27
| #18 |
| /// Helfer-Team | GVU-Virus: Erst Zahlungsaufforderung und nach meherem Hochfahren schwarzer Bildschirm Du sollst mit dem BIOS nicht weiter rumspielen.
__________________Du musst die Logfiles mit OTL erstellen! http://www.trojaner-board.de/134277-...ml#post1054428
__________________ |
|
07.05.2013, 02:40
| #19 |
| | GVU-Virus: Erst Zahlungsaufforderung und nach meherem Hochfahren schwarzer Bildschirm dann musst du mir schon erklären, wie das funktioniert. ich klicke wie bereits beschrieben auf das icon und die oben aufgeführten möglichkeiten erscheinen: bei mycomputer - ramdisk (b) - reatogoPE - shared documents dort finde ich keinen windowsordner sonst hätte ich ihn ja benutzt. nirgendwo dort steht windows. der link zu der seite, die ich die ganze zeit benutze hilft mir da nicht weiter. ich schreibe gerade meine doktorarbeit an dem pc, brauche ihn daher dringendst wieder, habe leider keine große ahnung von informatik und brauche daher deine hilfe. jedoch habe ich das gefühl, dass du das, was ich schreibe nicht richtig liest oder wir aneinerander vorbei reden. jedenfalls wären tipps wie schalten sie einfach nach start den pc wieder aus um ins bios zu kommen sowie, dass ich auf legacy umschalten muss schon hilfreicher, wenn sie früher kommen würden oder ich nicht durch ausprobieren hinkommen müsste. versteh mich nicht falsch, ich bin absolut dankbar für deine hilfe, aber ich denke ist es doch klar erklärt, dass die logfiles sich nicht wie gewünscht erstellen lassen und daher so ein satz wie "Du musst die Logfiles mit OTL erstellen!" nicht weiterhilft. ich mache es so wie beschrieben und es funktioniert nicht. entweder ist also deine beschreibung nicht genau genug für einen anfänger wie mich oder irgendwas anderes stimmt nicht. also wo finde ich diesen windows-ordner? ich möchte noch mal betonen, dass ich laie bin und es daher wichtig ist, ausführlich zu schreiben, falls du es sonst gewohnt bist mit experten zu schreiben. |
|
07.05.2013, 11:35
| #20 |
| /// Helfer-Team | GVU-Virus: Erst Zahlungsaufforderung und nach meherem Hochfahren schwarzer Bildschirm Das Problem ist: Windows 8 Es gibt noch nicht soviel Erfahrung damit und es ist komplizierter gestaltet als die Windows Versionen zuvor. Wenn du den blauen Bildschirm hast:
Versuchst du in den abgesicherten Modus zu kommen. Wenn der mit Netwerktreibern funktioniert: Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
Wenn nicht, nimmst du den Modus mit Eingabeaufforderung. Von einem zweiten PC laedst du OTL auf einen STick. Lade dir auf einem Zweitrechner bitte OTL (von Oldtimer) herunter und speichere es auf einen USB-Stick (nicht in einen Unterordner!).
|
|
07.05.2013, 15:24
| #21 |
| | GVU-Virus: Erst Zahlungsaufforderung und nach meherem Hochfahren schwarzer Bildschirm danke schon mal für die ausführliche antwort. beide möglichkeiten funktionieren leider nicht in den abgesicherten modus zu kommen. dazu habe ich erst wieder auf uefi gestellt weil der unter legacy nur sagt, es gäbe nichts zu booten wenn ich die cd rausnehme, ansonsten wird halt die cd gebootet. ich mache alles wie gesagt bis er wieder zu meinem pw kommt, danach bin ich wieder da, wo ich schon die ganze zeit erscheine. als ob der gar nicht verstanden hat, dass er in den abgesicherten modus soll. mitlerweile ist alles wieder wie vorher ohen blauen bildschirm und der runDLLL-nachricht. bei der anderen möglichkeit reagiert der pc nicht auf f8. habe es auch direkt lange und mehrmals versucht. laut dieses videos lassen das die neusten formen des gvu-virusses auch nicht mehr zu, in den abgesicherten modus zu kommen. hxxp://www.youtube.com/watch?v=pcSfCFZ3qC4 |
|
07.05.2013, 20:17
| #22 |
| /// Helfer-Team | GVU-Virus: Erst Zahlungsaufforderung und nach meherem Hochfahren schwarzer Bildschirm Dieses Video ist Unsinn. Hattest du diesen Schirm? |
|
08.05.2013, 01:19
| #23 |
| | GVU-Virus: Erst Zahlungsaufforderung und nach meherem Hochfahren schwarzer Bildschirm ok, gut zu wissen das mit dem video. ja, genau diesen schirm und dann habe ich f4 gedrückt. |
|
08.05.2013, 08:38
| #24 |
| /// Helfer-Team | GVU-Virus: Erst Zahlungsaufforderung und nach meherem Hochfahren schwarzer Bildschirm ...und auch F6 probiert? |
|
12.05.2013, 00:33
| #25 |
| | GVU-Virus: Erst Zahlungsaufforderung und nach meherem Hochfahren schwarzer Bildschirm hallo, danke schon mal für die hilfe und mühen bis jetzt. sry, ich musste kurzfristig vereisen und bin aber ab sonnatgabend oder montagnachmittag wieder dabei. bis dann! |
|
12.05.2013, 11:35
| #26 |
| /// Helfer-Team | GVU-Virus: Erst Zahlungsaufforderung und nach meherem Hochfahren schwarzer Bildschirm Alles klar! |
|
16.05.2013, 13:58
| #27 |
| | GVU-Virus: Erst Zahlungsaufforderung und nach meherem Hochfahren schwarzer Bildschirm der prof und ich sind noch ein paar tage länger geblieben, jetzt bin ich aber wieder voll da. habe jetzt mit f6 gestartet. es kommt auch wieder die pw-abfrage udn dann ein schwarzer bildschirm mit weißer schrift: administrator: cmd.exe microsoft windows version blablabla <c> 2012 Microsoft blablablabla c:\Windows\system32> wenn ich enter drücke steht da noch mal letztere zeile leider weiß ich nciht,w as ich nun machen muss. |
|
16.05.2013, 14:00
| #28 |
| /// Helfer-Team | GVU-Virus: Erst Zahlungsaufforderung und nach meherem Hochfahren schwarzer Bildschirm genau da wollen wir doch hin! Lade dir auf einem Zweitrechner bitte OTL (von Oldtimer) herunter und speichere es auf einen USB-Stick (nicht in einen Unterordner!).
|
|
16.05.2013, 17:24
| #29 |
| | GVU-Virus: Erst Zahlungsaufforderung und nach meherem Hochfahren schwarzer Bildschirm OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.05.2013 02:07:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = e:\ 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,82 Gb Total Physical Memory | 14,85 Gb Available Physical Memory | 93,87% Memory free 18,07 Gb Paging File | 17,10 Gb Available in Paging File | 94,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 680,83 Gb Total Space | 523,92 Gb Free Space | 76,95% Space Free | Partition Type: NTFS Drive E: | 1,83 Gb Total Space | 0,83 Gb Free Space | 45,26% Space Free | Partition Type: FAT Computer Name: TOBIASPC | User Name: Tobias | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days ========== Processes (SafeList) ========== PRC - [2013.05.07 16:03:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- e:\OTL.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2013.02.19 14:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2013.02.19 14:53:32 | 000,218,760 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2013.02.19 14:51:54 | 000,241,456 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2013.02.02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012.11.06 06:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012.08.31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV:64bit: - [2012.08.31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2012.08.31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv) SRV:64bit: - [2012.08.31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2012.08.31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2012.08.31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2012.08.31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2012.08.31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV - [2013.04.29 16:17:46 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.03.07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2013.02.06 23:49:11 | 000,335,216 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Programme\mcafee\AppStats\MfeASUM.exe -- (MfeASUM) SRV - [2013.02.02 18:02:57 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.16 22:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\mcafee\virusscan\mcods.exe -- (McODS) SRV - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.10.13 07:05:01 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.10.13 06:47:19 | 000,093,296 | ---- | M] (Dritek System INC.) [Auto | Stopped] -- C:\Windows\RfBtnSvc64.exe -- (RfButtonDriverService) SRV - [2012.10.06 04:14:08 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.30 11:05:10 | 000,028,560 | ---- | M] (ELAN Microelectronics Corp.) [Auto | Stopped] -- C:\Programme\Elantech\ETDService.exe -- (ETDService) SRV - [2012.08.23 21:24:38 | 002,435,728 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe -- (CCDMonitorService) SRV - [2012.08.23 08:24:38 | 000,259,136 | ---- | M] (NTI Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2012.08.23 06:36:28 | 000,468,624 | ---- | M] (Acer Incorporated) [On_Demand | Stopped] -- C:\Programme\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe -- (DeviceFastLaneService) SRV - [2012.08.22 20:02:36 | 000,658,576 | ---- | M] (Acer Incorporated) [On_Demand | Stopped] -- C:\Programme\Acer\Acer Power Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2012.08.21 12:36:52 | 000,348,784 | ---- | M] (Dritek System Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2012.08.10 18:28:14 | 000,211,584 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Stopped] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2012.07.31 18:02:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012.07.17 11:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.07.17 11:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.07.17 11:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.07.13 11:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2012.07.12 05:10:24 | 000,174,160 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service) SRV - [2012.04.20 14:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2012.01.26 23:19:18 | 000,332,080 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Programme\mcafee\msc\McAWFwk.exe -- (McAWFwk) SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.07 01:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2013.03.07 01:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2013.03.07 01:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:64bit: - [2013.03.07 01:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:64bit: - [2013.03.07 01:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2013.03.07 01:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2013.03.02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2013.03.02 12:57:46 | 000,283,880 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2013.03.02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2013.02.19 14:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2013.02.19 14:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2013.02.19 14:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2013.02.19 14:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2013.02.19 14:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2013.02.19 14:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2013.02.19 14:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2013.02.19 14:40:52 | 000,069,168 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mfeelamk.sys -- (mfeelamk) DRV:64bit: - [2013.02.02 18:02:56 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2013.02.02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012.10.15 02:14:30 | 003,701,760 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr) DRV:64bit: - [2012.10.13 06:47:19 | 000,026,736 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\aPs2Kb2Hid.sys -- (Ps2Kb2Hid) DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012.10.08 12:42:36 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.09.03 08:48:41 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2012.09.03 08:48:41 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Stopped] -- C:\Windows\SysNative\Drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2012.09.03 08:48:41 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2012.08.30 11:05:12 | 000,318,864 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETD.sys -- (ETD) DRV:64bit: - [2012.08.10 18:09:46 | 000,567,808 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2012.08.10 18:09:44 | 000,135,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2012.08.10 18:09:42 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2012.08.10 18:09:42 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2012.08.10 18:09:42 | 000,076,952 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2012.08.10 18:09:40 | 000,344,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2012.08.10 18:09:40 | 000,114,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_avdt.sys -- (btath_avdt) DRV:64bit: - [2012.08.10 18:09:40 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 04:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum) DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.07.09 13:43:12 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2012.07.04 04:41:58 | 000,339,600 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2012.07.02 09:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.06.21 23:02:52 | 000,110,744 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C) DRV:64bit: - [2012.06.19 01:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012.04.20 17:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HipShieldK.sys -- (HipShieldK) DRV:64bit: - [2010.07.09 05:51:38 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2010.04.20 04:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr) DRV - [2013.02.06 23:49:11 | 000,031,408 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Programme\mcafee\AppStats\MfeASKM.sys -- (MfeASKM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D6C7584D-0EB2-4EE7-898C-A528B27F2901} IE:64bit: - HKLM\..\SearchScopes\{D6C7584D-0EB2-4EE7-898C-A528B27F2901}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {D6C7584D-0EB2-4EE7-898C-A528B27F2901} IE - HKLM\..\SearchScopes\{D6C7584D-0EB2-4EE7-898C-A528B27F2901}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1278171695-3749194759-2327688644-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com IE - HKU\S-1-5-21-1278171695-3749194759-2327688644-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com IE - HKU\S-1-5-21-1278171695-3749194759-2327688644-1002\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-1278171695-3749194759-2327688644-1002\..\SearchScopes,DefaultScope = {D6C7584D-0EB2-4EE7-898C-A528B27F2901} IE - HKU\S-1-5-21-1278171695-3749194759-2327688644-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.care2.com/click-to-donate/" FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1483 FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.9.20130409112616 FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.6.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..keyword.URL: "" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.02.07 10:35:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.14 16:36:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 14:09:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013.05.03 16:39:03 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 14:09:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.02 17:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias\AppData\Roaming\mozilla\Extensions [2013.04.11 13:19:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias\AppData\Roaming\mozilla\Firefox\Profiles\nv2ppo3k.default\extensions [2013.04.11 13:19:37 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Tobias\AppData\Roaming\mozilla\Firefox\Profiles\nv2ppo3k.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.04.12 14:09:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.12 14:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2013.04.12 14:09:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.02.07 10:35:37 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR [2013.03.14 16:36:48 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2013.04.12 14:09:25 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.03.26 08:29:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.26 08:29:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.26 08:29:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.26 08:29:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.26 08:29:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.26 08:29:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [BtPreLoad] C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [LManager] File not found O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKU\S-1-5-21-1278171695-3749194759-2327688644-1002..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-21-1278171695-3749194759-2327688644-1002..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64DA3A99-69A9-4C63-9BD1-FFB45BF42124}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4EBD722-545D-4D9A-9254-4ACC255E0AE7}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (C:\PROGRA~3\fhotol.bat) - C:\ProgramData\fhotol.bat () O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - File not found O31 - SafeBoot: UseAlternatShell - 1 O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{9aaa99e2-7e8b-11e2-bea1-4c72b9e24f7c}\Shell - "" = AutoRun O33 - MountPoints2\{9aaa99e2-7e8b-11e2-bea1-4c72b9e24f7c}\Shell\AutoRun\command - "" = "E:\HTC_Sync_Manager_PC.exe" O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 60 Days ========== [2013.05.17 02:07:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013.04.29 23:16:14 | 000,163,840 | ---- | C] (Корпорация Майкрософт) -- C:\ProgramData\wlg3.dat [2013.04.29 23:16:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe [2013.04.28 01:00:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2013.04.28 01:00:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamSpeak 3 Client [2013.04.26 11:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET [2013.04.26 11:27:48 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Local\Paint.NET [2013.04.17 20:41:30 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll [2013.04.17 20:41:28 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.04.17 20:41:27 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll [2013.04.17 20:41:27 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll [2013.04.17 20:41:26 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll [2013.04.17 20:41:25 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.04.17 20:41:25 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll [2013.04.17 20:41:25 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll [2013.04.17 20:41:25 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BCP47Langs.dll [2013.04.17 20:41:25 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll [2013.04.17 20:41:25 | 000,327,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys [2013.04.17 20:41:24 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll [2013.04.17 20:41:24 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Globalization.dll [2013.04.17 20:41:24 | 000,760,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2013.04.17 20:41:24 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Security.Authentication.OnlineId.dll [2013.04.17 20:41:24 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\BCP47Langs.dll [2013.04.17 20:41:24 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll [2013.04.17 20:41:22 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.04.17 20:41:22 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.04.17 20:41:22 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.04.17 20:41:22 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcfgx.dll [2013.04.17 20:41:22 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2013.04.17 20:41:22 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll [2013.04.17 20:41:22 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll [2013.04.17 20:41:21 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll [2013.04.17 20:41:21 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll [2013.04.17 20:41:21 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Globalization.dll [2013.04.17 20:41:21 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll [2013.04.17 20:41:21 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll [2013.04.17 20:41:21 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcfgx.dll [2013.04.17 20:41:21 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll [2013.04.17 20:41:21 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usbmon.dll [2013.04.17 20:41:20 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll [2013.04.17 20:41:20 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.04.17 20:41:20 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll [2013.04.17 20:41:20 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll [2013.04.17 20:41:20 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2013.04.17 20:41:19 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\discan.dll [2013.04.17 20:41:19 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.04.17 20:41:17 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2013.04.17 20:41:17 | 000,283,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys [2013.04.17 20:41:16 | 000,337,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS [2013.04.17 20:41:16 | 000,194,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys [2013.04.17 20:41:16 | 000,148,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys [2013.04.17 20:41:16 | 000,125,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys [2013.04.17 20:41:16 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NdisImPlatform.dll [2013.04.17 20:41:16 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storahci.sys [2013.04.17 20:41:16 | 000,058,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2013.04.17 20:41:15 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll [2013.04.17 20:41:15 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsquirt.exe [2013.04.17 20:41:15 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll [2013.04.17 20:41:15 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercfg.cpl [2013.04.17 20:41:15 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercfg.cpl [2013.04.17 20:41:15 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll [2013.04.17 20:41:15 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncInfo.dll [2013.04.17 20:41:15 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhostex.exe [2013.04.17 20:41:15 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDPrintProxy.DLL [2013.04.17 20:41:15 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys [2013.04.17 20:41:15 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevDispItemProvider.dll [2013.04.17 20:41:14 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2013.04.17 20:41:14 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncInfo.dll [2013.04.17 20:41:14 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2013.04.17 20:41:14 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll [2013.04.17 20:41:12 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2013.04.17 20:41:12 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevDispItemProvider.dll [2013.04.17 20:41:12 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe [2013.04.17 20:40:09 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.17 20:40:05 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll [2013.04.17 20:40:05 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.17 20:40:05 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.17 20:40:04 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.17 20:40:04 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.04.17 20:40:03 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.04.17 20:40:03 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.04.17 20:40:03 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.04.17 20:40:03 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.04.17 20:40:02 | 006,991,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.17 20:39:56 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll [2013.04.17 20:39:56 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll [2013.04.16 03:21:52 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Local\Diagnostics [2013.04.16 00:52:26 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Local\SWTOR [2013.04.16 00:52:26 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Documents\HeroBlade Logs [2013.04.12 14:09:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.11 13:18:12 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Desktop\Scheibenwelt [2013.04.08 00:27:27 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Local\2DBoy [2013.04.08 00:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\2DBoy [2013.04.07 21:09:25 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Desktop\Rezensionen [2013.04.05 21:37:24 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Desktop\aliceGodwin [2013.04.05 21:36:46 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Desktop\Playboy [2013.04.05 21:34:51 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Desktop\Hillary Fischer [2013.04.05 19:35:47 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Local\SWTORPerf [2013.04.01 21:09:48 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Ashampoo [2013.04.01 21:09:21 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Local\ashampoo [2013.04.01 21:09:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo [2013.04.01 21:09:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Ashampoo [2013.04.01 21:08:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo [2013.04.01 21:08:39 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Local\Programs [2013.03.23 22:39:17 | 000,230,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys [2013.03.23 22:39:15 | 000,035,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys [2013.03.23 22:38:53 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll [2013.03.23 22:38:53 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll [2013.03.23 22:38:44 | 013,643,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll [2013.03.23 22:38:43 | 010,792,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll [2013.03.23 22:38:41 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\duser.dll [2013.03.23 22:38:41 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlroamextension.dll [2013.03.23 22:38:40 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWanAPI.dll [2013.03.23 22:38:40 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll [2013.03.23 22:38:40 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2013.03.23 22:38:40 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.Connectivity.dll [2013.03.23 22:38:40 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hotspotauth.dll [2013.03.23 22:38:40 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys [2013.03.23 22:38:39 | 000,731,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.03.23 22:38:39 | 000,446,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS [2013.03.23 22:38:39 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlroamextension.dll [2013.03.23 22:38:39 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWanAPI.dll [2013.03.23 22:38:39 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll [2013.03.23 22:38:39 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mbsmsapi.dll [2013.03.23 22:38:39 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll [2013.03.23 22:38:39 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mbsmsapi.dll [2013.03.23 22:38:39 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll [2013.03.23 22:38:39 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskkill.exe [2013.03.23 22:38:39 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tasklist.exe [2013.03.23 22:38:38 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll [2013.03.23 22:38:38 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys [2013.03.23 22:38:38 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskkill.exe [2013.03.23 22:38:38 | 000,061,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys [2013.03.23 22:38:37 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tasklist.exe [2013.03.23 22:38:37 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmproxy.dll [2013.03.23 22:38:36 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmsprep.dll [2013.03.23 22:37:56 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll [2013.03.23 22:37:56 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll [2013.03.23 22:37:55 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.23 22:37:54 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll [2013.03.23 22:37:54 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll ========== Files - Modified Within 60 Days ========== [2013.05.17 02:02:30 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat [2013.05.17 02:00:25 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.05.17 02:00:23 | 706,543,613 | -HS- | M] () -- C:\hiberfil.sys [2013.05.06 17:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.03 16:40:44 | 095,023,320 | ---- | M] () -- C:\ProgramData\fhotol.pad [2013.04.29 23:16:28 | 000,001,033 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk [2013.04.29 23:16:22 | 000,000,152 | ---- | M] () -- C:\ProgramData\fhotol.reg [2013.04.29 23:16:22 | 000,000,056 | ---- | M] () -- C:\ProgramData\fhotol.bat [2013.04.29 23:16:19 | 095,023,320 | ---- | M] () -- C:\ProgramData\3glw.pad [2013.04.29 23:16:14 | 000,163,840 | ---- | M] (Корпорация Майкрософт) -- C:\ProgramData\wlg3.dat [2013.04.29 23:16:13 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe [2013.04.29 02:44:09 | 005,426,844 | ---- | M] () -- C:\Users\Tobias\Desktop\27602_HiddenAgendaReferenceManual.pdf [2013.04.29 02:43:43 | 006,448,035 | ---- | M] () -- C:\Users\Tobias\Desktop\27603_HiddenAgendaUsersManual.pdf [2013.04.29 02:43:17 | 000,407,012 | ---- | M] () -- C:\Users\Tobias\Desktop\Hidden Agenda.zip [2013.04.28 01:00:14 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2013.04.26 11:36:51 | 003,399,260 | ---- | M] () -- C:\Users\Tobias\Desktop\eis.png [2013.04.26 11:28:48 | 000,001,292 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk [2013.04.26 00:12:47 | 002,934,886 | ---- | M] () -- C:\Users\Tobias\Desktop\Tresh op.png [2013.04.25 21:23:46 | 000,285,210 | ---- | M] () -- C:\Users\Tobias\Desktop\fgfgdgjkfvv.jpg [2013.04.25 21:23:30 | 000,625,265 | ---- | M] () -- C:\Users\Tobias\Desktop\fffffffffffffffffffffffffffffffffffffffhhhhhhhhhhhhhhhhhhhhh.jpg [2013.04.25 21:23:30 | 000,625,265 | ---- | M] () -- C:\Users\Tobias\Desktop\fffffffffffffffffffffffffffffffffffffffhhhhhhhhhhhhhhhhhhhhh - Kopie.jpg [2013.04.25 21:23:07 | 000,307,393 | ---- | M] () -- C:\Users\Tobias\Desktop\WRGTABFRRHEB.jpg [2013.04.24 20:05:50 | 000,051,539 | ---- | M] () -- C:\Users\Tobias\Desktop\Beautyleg NO.787 Winnie 0002.jpg [2013.04.24 20:05:40 | 000,048,459 | ---- | M] () -- C:\Users\Tobias\Desktop\Beautyleg NO.787 Winnie 0001.jpg [2013.04.19 12:46:58 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.19 12:46:58 | 000,753,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.19 12:46:58 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.19 12:46:58 | 000,155,826 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.19 12:46:58 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.18 16:07:58 | 000,281,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.15 03:00:59 | 000,992,938 | ---- | M] () -- C:\Users\Tobias\Desktop\bigimagefghjhdsfghjk.jpg [2013.04.15 03:00:27 | 000,425,613 | ---- | M] () -- C:\Users\Tobias\Desktop\bigimagesdfghjklkjhgfdfghjk.jpg [2013.04.15 03:00:17 | 000,361,835 | ---- | M] () -- C:\Users\Tobias\Desktop\bigimagefghjkl.jpg [2013.04.15 03:00:01 | 000,417,013 | ---- | M] () -- C:\Users\Tobias\Desktop\bigimagesdfghjkl.jpg [2013.04.13 20:16:31 | 000,639,976 | ---- | M] () -- C:\Users\Tobias\Desktop\Ezreal.jpg [2013.04.10 22:16:01 | 000,159,212 | ---- | M] () -- C:\Users\Tobias\Desktop\Spieletreff-Casablanca-April2013.pdf [2013.04.03 00:08:01 | 000,692,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.04.03 00:08:01 | 000,078,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.04.02 23:20:17 | 000,237,315 | ---- | M] () -- C:\Users\Tobias\Desktop\ffffffffffffffffffffffffffffffffffffffffffffffffffffffff.jpg [2013.04.02 23:20:07 | 000,250,485 | ---- | M] () -- C:\Users\Tobias\Desktop\ffffffffffffffffffffff.jpg [2013.04.02 23:19:59 | 000,276,262 | ---- | M] () -- C:\Users\Tobias\Desktop\ggggggggggggggggg.jpg [2013.04.02 23:19:51 | 000,258,534 | ---- | M] () -- C:\Users\Tobias\Desktop\12dddddddddddddddd.jpg [2013.04.01 21:09:20 | 000,001,248 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Photo Commander 10.lnk [2013.03.31 21:03:32 | 000,445,598 | ---- | M] () -- C:\Users\Tobias\Desktop\bigimage.jpg [2013.03.25 00:23:51 | 000,000,221 | ---- | M] () -- C:\Users\Tobias\Desktop\Assassins Creed.url [2013.03.21 21:57:06 | 000,125,112 | ---- | M] () -- C:\Users\Tobias\Desktop\64200_287736611357743_2020520919_n.jpg [2013.03.21 20:53:17 | 000,097,121 | ---- | M] () -- C:\Users\Tobias\Desktop\222418_1891293643627_7731609_n.jpg ========== Files Created - No Company Name ========== [2013.04.29 23:16:28 | 000,001,033 | ---- | C] () -- C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk [2013.04.29 23:16:22 | 000,000,152 | ---- | C] () -- C:\ProgramData\fhotol.reg [2013.04.29 23:16:22 | 000,000,056 | ---- | C] () -- C:\ProgramData\fhotol.bat [2013.04.29 23:16:21 | 095,023,320 | ---- | C] () -- C:\ProgramData\fhotol.pad [2013.04.29 23:16:18 | 095,023,320 | ---- | C] () -- C:\ProgramData\3glw.pad [2013.04.29 02:44:09 | 005,426,844 | ---- | C] () -- C:\Users\Tobias\Desktop\27602_HiddenAgendaReferenceManual.pdf [2013.04.29 02:43:42 | 006,448,035 | ---- | C] () -- C:\Users\Tobias\Desktop\27603_HiddenAgendaUsersManual.pdf [2013.04.29 02:43:16 | 000,407,012 | ---- | C] () -- C:\Users\Tobias\Desktop\Hidden Agenda.zip [2013.04.28 01:00:14 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2013.04.26 11:36:51 | 003,399,260 | ---- | C] () -- C:\Users\Tobias\Desktop\eis.png [2013.04.26 11:28:48 | 000,001,304 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk [2013.04.26 11:28:48 | 000,001,292 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk [2013.04.26 09:24:40 | 000,625,265 | ---- | C] () -- C:\Users\Tobias\Desktop\fffffffffffffffffffffffffffffffffffffffhhhhhhhhhhhhhhhhhhhhh - Kopie.jpg [2013.04.26 00:12:47 | 002,934,886 | ---- | C] () -- C:\Users\Tobias\Desktop\Tresh op.png [2013.04.25 21:23:45 | 000,285,210 | ---- | C] () -- C:\Users\Tobias\Desktop\fgfgdgjkfvv.jpg [2013.04.25 21:23:30 | 000,625,265 | ---- | C] () -- C:\Users\Tobias\Desktop\fffffffffffffffffffffffffffffffffffffffhhhhhhhhhhhhhhhhhhhhh.jpg [2013.04.25 21:23:06 | 000,307,393 | ---- | C] () -- C:\Users\Tobias\Desktop\WRGTABFRRHEB.jpg [2013.04.24 20:05:50 | 000,051,539 | ---- | C] () -- C:\Users\Tobias\Desktop\Beautyleg NO.787 Winnie 0002.jpg [2013.04.24 20:05:39 | 000,048,459 | ---- | C] () -- C:\Users\Tobias\Desktop\Beautyleg NO.787 Winnie 0001.jpg [2013.04.18 16:07:49 | 000,281,248 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.17 20:41:11 | 000,387,867 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml [2013.04.15 03:00:58 | 000,992,938 | ---- | C] () -- C:\Users\Tobias\Desktop\bigimagefghjhdsfghjk.jpg [2013.04.15 03:00:26 | 000,425,613 | ---- | C] () -- C:\Users\Tobias\Desktop\bigimagesdfghjklkjhgfdfghjk.jpg [2013.04.15 03:00:17 | 000,361,835 | ---- | C] () -- C:\Users\Tobias\Desktop\bigimagefghjkl.jpg [2013.04.15 02:59:59 | 000,417,013 | ---- | C] () -- C:\Users\Tobias\Desktop\bigimagesdfghjkl.jpg [2013.04.13 20:16:31 | 000,639,976 | ---- | C] () -- C:\Users\Tobias\Desktop\Ezreal.jpg [2013.04.10 22:15:59 | 000,159,212 | ---- | C] () -- C:\Users\Tobias\Desktop\Spieletreff-Casablanca-April2013.pdf [2013.04.02 23:20:16 | 000,237,315 | ---- | C] () -- C:\Users\Tobias\Desktop\ffffffffffffffffffffffffffffffffffffffffffffffffffffffff.jpg [2013.04.02 23:20:07 | 000,250,485 | ---- | C] () -- C:\Users\Tobias\Desktop\ffffffffffffffffffffff.jpg [2013.04.02 23:19:58 | 000,276,262 | ---- | C] () -- C:\Users\Tobias\Desktop\ggggggggggggggggg.jpg [2013.04.02 23:19:50 | 000,258,534 | ---- | C] () -- C:\Users\Tobias\Desktop\12dddddddddddddddd.jpg [2013.04.01 21:09:22 | 000,001,863 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Software Deals.lnk [2013.04.01 21:09:20 | 000,001,248 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Photo Commander 10.lnk [2013.03.31 21:03:30 | 000,445,598 | ---- | C] () -- C:\Users\Tobias\Desktop\bigimage.jpg [2013.03.25 00:23:51 | 000,000,221 | ---- | C] () -- C:\Users\Tobias\Desktop\Assassins Creed.url [2013.03.21 21:57:05 | 000,125,112 | ---- | C] () -- C:\Users\Tobias\Desktop\64200_287736611357743_2020520919_n.jpg [2013.03.21 20:53:15 | 000,097,121 | ---- | C] () -- C:\Users\Tobias\Desktop\222418_1891293643627_7731609_n.jpg [2013.02.04 10:42:18 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2013.02.02 18:02:57 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2013.02.02 18:02:56 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2013.02.02 18:02:55 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.10.13 06:30:18 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | -H-- | C] () -- C:\Windows\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2012.04.20 13:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2013.02.04 00:25:54 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.03.02 04:45:01 | 019,748,864 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.03.02 10:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > EXTRAS:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.05.2013 02:07:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = e:\
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
15,82 Gb Total Physical Memory | 14,85 Gb Available Physical Memory | 93,87% Memory free
18,07 Gb Paging File | 17,10 Gb Available in Paging File | 94,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 680,83 Gb Total Space | 523,92 Gb Free Space | 76,95% Space Free | Partition Type: NTFS
Drive E: | 1,83 Gb Total Space | 0,83 Gb Free Space | 45,26% Space Free | Partition Type: FAT
Computer Name: TOBIASPC | User Name: Tobias | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1278171695-3749194759-2327688644-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B58C10D-F17C-4B82-8BDB-CAA610A6ACB5}" = dir=out | name=windows_ie_ac_001 |
"{0C427212-E0AA-4A7F-933E-73D99DF3B21A}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{0E4439CC-45ED-4945-8476-62875BE124B0}" = dir=out | name=skype |
"{0E4B5439-11DB-490F-BA57-46C47596F6D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stacking\stack.exe |
"{0F14765E-5878-4785-8821-0C6C3628696B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe |
"{113579AB-E75D-4C60-887E-58B650B09088}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe |
"{173BE869-02FB-4265-B80F-3C8DEEC72416}" = dir=out | name=evernote |
"{18F8D5A7-821C-4BB3-A3AD-EB99C5446AEE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\osmos\osmos.exe |
"{190959E5-1199-465B-BF6A-4A3A159ABC1B}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{1EA4D6C9-CF99-4453-9253-1C0014DE1A4B}" = protocol=6 | dir=in | app=c:\spiele\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{21EE221A-EA9D-4C38-812C-394307368BA4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{2268AEBE-51B6-4F46-ACB3-31656BCEBA10}" = dir=out | name=microsoft mahjong |
"{22CD2F9A-7FF3-4EDC-9339-DCDB0B172F41}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\backupmanager.exe |
"{23657DA7-D36F-47A2-8D4C-661A07BE6CA1}" = dir=out | name=tunein radio |
"{25A7B767-5ACF-454C-A47F-18FA1AAD7353}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{2823218A-DEB1-4AA4-A2F9-9056DBE0AF5D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{28451C39-D50E-4A05-AA12-30CB35D53D09}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{2899882C-A365-4490-A1AB-B6DC2D0A2481}" = dir=in | name=ebay |
"{28A7E45F-7BFC-4818-B6C8-67EE8AD4E70A}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe |
"{2907E884-D47F-4F99-A318-AA4F33C9AC15}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{327F3AC0-FA9F-43A6-AE27-685D63C33A99}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{356DD7B2-9446-4FA6-B7ED-2A52D5DA9AFF}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{372EBE9C-6A7E-4CA1-965B-E1F31D5B21A9}" = dir=out | name=newsxpresso metro |
"{3740460D-1B79-46B6-8055-5DAB784B576C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{377B516A-A226-4BE9-A2E7-552F03E5D7ED}" = dir=out | name=taptiles |
"{3829A836-B501-476C-AC0B-7D1DA3D4C66A}" = dir=out | name=7digital music store |
"{39E9732A-449D-40ED-B0B0-985D83AA4C6F}" = dir=in | name=evernote |
"{3B5B61B7-334C-46D8-BAE6-014B9AE1A449}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe |
"{3D52238C-A11F-4F7A-A052-B6E3DDF9444F}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{3E686EF7-17D2-41B8-8740-D9B80F879D7B}" = dir=out | name=acer crystal eye |
"{4651E7DA-4D0F-45F5-95B0-2573F79DF231}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of goo\worldofgoo.exe |
"{4992247F-2A86-48A3-A326-41B32708ECDD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe |
"{49C883A2-7E48-4CB7-8852-C78D5A714957}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{4A3F64FE-42DF-453C-9E2E-3D24C516E3BF}" = dir=out | name=txtr reader |
"{4BB34F98-A399-4D18-BAC0-7A2F3575F23E}" = dir=out | name=skitch |
"{4D6C52D5-5AF1-49E9-B09B-D7DE0825507A}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{4FE5EB42-C527-4557-BD01-F1D9765D450F}" = dir=out | name=ebay |
"{5318B01C-1393-4915-A9AC-745B77140520}" = dir=out | name=weatherbug |
"{554A9B34-A045-4F77-8BBF-31B886DF4369}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\ischedulesvc.exe |
"{559E425D-443E-4186-A338-032957D89187}" = dir=out | name=cut the rope |
"{56B0E473-ADDE-4053-99E5-85832FFC8045}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{5BACFAF6-CF82-4D60-935F-1162596BF7B0}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{5D406F9C-5468-40EC-BD9E-D61F299E1935}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe |
"{5E4F772C-7BC8-4DC0-B220-9C962C9A6BB5}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe |
"{5EA6ED48-8A43-4303-9310-5E17A68326A7}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{64E60D71-A39E-4E88-850E-2CA175B49EE9}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{68544BA0-B8BC-4AFF-B5D8-E5D36F415314}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{69001937-243D-4073-8708-BDF90CEF896B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sins of a solar empire rebellion\sins of a solar empire rebellion.exe |
"{6E42DF99-DBD3-4F88-A304-DB1CF6C05F1D}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{73C79B3E-A3CB-45F1-A46A-366ACCE07062}" = protocol=17 | dir=in | app=c:\spiele\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{75C4307D-DC87-430D-9C83-5A6F4DF03662}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{77640A2C-0CAB-4A5A-8DB1-159F5072C612}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{80CA958F-F577-401B-B37D-7CCAF1BC027E}" = dir=in | name=skype |
"{8269BB0E-472F-41F7-8B51-76798F9FC237}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{8376CF27-2E5C-4849-8D23-BEF8B6854490}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{8E80A125-54D5-4CC8-8407-143E1BBC9FAE}" = dir=out | name=microsoft solitaire collection |
"{8F0BB3DC-E098-4124-B3FF-2DBA9D36C873}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{92E58BA1-D8B5-4F95-9B02-886DD96D6B8D}" = dir=out | name=acer explorer |
"{93D6578B-3CBD-4BD2-A210-7A036F48BF10}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\osmos\osmos.exe |
"{9818F124-B23C-4696-B27F-6237F4D930BC}" = dir=out | name=social jogger |
"{98C89E86-0F78-40DF-9967-BD4DD77FBE2A}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{99AFDC34-CD77-4E2F-8E7D-B626166A5617}" = dir=out | name=microsoft minesweeper |
"{9E68D38B-2EFD-41F3-8340-9BF1C7952824}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dxhrml\dxhrml.exe |
"{A20A67E5-75F0-41B9-BA1D-921B2B04F954}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dxhrml\dxhrml.exe |
"{A5D03F44-1A0D-46C3-BF17-1099988E94FD}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A6737669-B6C7-45A4-81B8-5BD24BE66E9E}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{AC3E4F1D-F663-4534-B6E2-6053DA128E94}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of goo\worldofgoo.exe |
"{AF245528-5962-48E1-A9BD-CBFD980EFAB1}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{B6C39224-7CEC-4487-8AF2-8E200C08AEC3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{B9F76424-6DF0-4F7D-8C70-0548A94255C5}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe |
"{BB72F9D3-A38A-4349-ADCE-666B38757A82}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stacking\stack.exe |
"{BCB6F1F6-14B8-4FDA-BB56-FCAE765E994D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{BE59A7C4-7C12-4D20-801B-EEF71AFA297A}" = protocol=17 | dir=in | app=c:\spiele\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{BFB17417-219C-4ADB-AEEA-CBDA8D787DF5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe |
"{BFD3168B-284B-46D6-A432-FF68AEA3C746}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{C44F4001-5117-4E3F-972D-06FD998E2275}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\fileexplorer.exe |
"{C4FE2A9D-EA62-4B02-83BB-195FD7583340}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{C66F841C-B03C-4A43-855E-278126128110}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{CBDFD610-63EF-422D-B371-490957903C5D}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\movie\playmovie.exe |
"{CDB66CD9-4D70-46F2-8652-27AE3C39A2EC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe |
"{D1E581C5-7616-48B4-8C5C-BC46754B050B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{D540CEB5-FFC2-4560-A968-DE27A9B8E063}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{D60E9D20-7E02-461E-9FF8-CE732943AEC0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{D7D97B94-2FFE-4AED-8807-F2D40EC0D51D}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{D87A8E6F-B23B-4862-97DE-C9A0DDA0B3D8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\from dust\from_dust.exe |
"{D90066E4-0D51-4598-9CC3-262EB45FA188}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe |
"{DDBAE5A6-C7EA-4852-8AD9-024B9AAE2C0F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sins of a solar empire rebellion\sins of a solar empire rebellion.exe |
"{DFEF16E5-233C-4779-8E4F-BBDB2DA32B52}" = protocol=6 | dir=in | app=c:\spiele\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{E0855C6E-805D-4033-9E90-941DEED83C57}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E16E3A3F-53D0-428E-8382-81D00E016F44}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\from dust\from_dust.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EAFEDF3A-9CF0-4719-B798-9D4545D1F334}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{ECB63A2B-2927-4D03-82AE-24B86799FF9C}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{EE4C5927-DA52-47F9-B277-A0430FAC9CE0}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{F1A18028-88DD-49E5-BE10-9038A4ED63B9}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{F1B959F7-DC0F-4C84-A81A-FAF4385766FF}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\musicplayer.exe |
"{F3121B2A-AE2E-46E7-AC97-49265CC2737B}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{F3922F19-173C-4322-9819-82A37B02D0C5}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{F451B27C-99BB-4D03-9464-99EA84134466}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{F662305C-7A1A-4C4C-8EAA-488240AF3F00}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{F67959DA-0C07-4E85-9FA6-255307C22B84}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FB68FB19-776A-4578-BEC8-8E7BEDD5152E}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{FC45D866-5A10-480E-A742-F41861D41CF4}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}" = Acer Device Fast-lane
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{8215A318-CC27-435E-B3EA-2E3443C8998C}" = Acer Instant Update Service
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0613
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"Elantech" = ETDWare PS/2-X64 11.6.8.001_WHQL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" = clear.fi SDK- Movie 2
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Backup Manager v4
"{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C92AB6F1-4B66-808A-D77C-25EF81C0176A}_is1" = Ashampoo Photo Commander 10 v.10.2.1
"{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media
"{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" = clear.fi SDK - Video 2
"{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"BrettspielWelt" = BrettspielWelt
"Guild Wars" = GUILD WARS
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Acer Backup Manager
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"LManager" = Launch Manager
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee Internet Security Suite
"OpenAL" = OpenAL
"Spotify" = Spotify
"Steam App 115110" = Stacking
"Steam App 15100" = Assassin's Creed
"Steam App 201280" = Deus Ex: Human Revolution - The Missing Link
"Steam App 204060" = Superbrothers: Sword & Sworcery EP
"Steam App 204880" = Sins of a Solar Empire: Rebellion
"Steam App 20920" = The Witcher 2: Assassins of Kings Enhanced Edition
"Steam App 22000" = World of Goo
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 29180" = Osmos
"Steam App 33460" = From Dust
"Steam App 35720" = Trine 2
"Steam App 43110" = Metro 2033
"Steam App 57300" = Amnesia: The Dark Descent
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WTA-07b9d720-69c9-46e6-8be5-0b5df514ff1c" = Zuma's Revenge
"WTA-09180a15-ecf4-4cf0-b190-49c8d48ec7ab" = Penguins!
"WTA-0d73e6b9-7605-4967-9241-6d31a66c59e3" = Delicious: Emily's True Love Premium Edition
"WTA-1aa9cdfb-031d-42d3-95b9-f3d4238574f5" = Magic Academy
"WTA-2fbdc90c-ea08-4cdb-a114-0579e7ca5b84" = John Deere Drive Green
"WTA-7bd0d6a5-7ea6-4128-94e4-f23bcbb5b747" = Island Tribe
"WTA-821d3b11-2944-40a3-9330-f79bb6888d40" = Agatha Christie - Death on the Nile
"WTA-903138d6-c938-405f-85b5-99c32c29f39c" = Plants vs. Zombies - Game of the Year
"WTA-913ef5ff-89c2-4a21-9001-b70d1642da99" = Tales of Lagoona
"WTA-98738a97-f6d5-455a-9d22-02dbd629a990" = Bejeweled 3
"WTA-9df68d2d-fff3-402f-8466-c38971097b3f" = Polar Bowler
"WTA-acc4604f-e512-44fb-b4d5-6a92a82cb098" = Jewel Match 3
"WTA-b4e8a6a5-cecd-4c3d-8607-06bb57bfedb2" = Governor of Poker 2 Premium Edition
"WTA-b9ee9910-759b-4749-9e7c-e77c4027d44b" = Aloha TriPeaks
"Your Software Deals_is1" = Your Software Deals
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.04.2013 23:20:25 | Computer Name = TobiasPC | Source = ETDService | ID = 0
Description =
Error - 26.04.2013 03:22:13 | Computer Name = TobiasPC | Source = ETDService | ID = 0
Description =
Error - 26.04.2013 06:05:54 | Computer Name = TobiasPC | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo“ wurde
nicht innerhalb der vorgesehenen Zeit gestartet.
Error - 26.04.2013 06:06:25 | Computer Name = TobiasPC | Source = Application Hang | ID = 1002
Description = Programm wwahost.exe, Version 6.2.9200.16420 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: d20 Startzeit: 01ce42659a1684b3 Endzeit: 4294967295 Anwendungspfad:
C:\Windows\system32\wwahost.exe Berichts-ID: e1624be1-ae58-11e2-bf10-4c72b9e24f7c
Vollständiger
Name des fehlerhaften Pakets: Microsoft.ZuneVideo_1.0.927.0_x64__8wekyb3d8bbwe Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: Microsoft.ZuneVideo
Error - 26.04.2013 14:10:06 | Computer Name = TobiasPC | Source = ETDService | ID = 0
Description =
Error - 27.04.2013 06:24:27 | Computer Name = TobiasPC | Source = ETDService | ID = 0
Description =
Error - 27.04.2013 09:01:06 | Computer Name = TobiasPC | Source = ETDService | ID = 0
Description =
Error - 27.04.2013 18:02:29 | Computer Name = TobiasPC | Source = ETDService | ID = 0
Description =
Error - 28.04.2013 05:05:17 | Computer Name = TobiasPC | Source = ETDService | ID = 0
Description =
Error - 28.04.2013 07:38:03 | Computer Name = TobiasPC | Source = ETDService | ID = 0
Description =
[ System Events ]
Error - 29.04.2013 18:19:54 | Computer Name = TobiasPC | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =
Error - 03.05.2013 10:13:36 | Computer Name = TobiasPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee McShield" wurde aufgrund folgenden Fehlers nicht
gestartet: %%109
Error - 03.05.2013 10:14:12 | Computer Name = TobiasPC | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =
Error - 03.05.2013 10:22:58 | Computer Name = TobiasPC | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =
Error - 03.05.2013 10:26:37 | Computer Name = TobiasPC | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =
Error - 03.05.2013 10:40:49 | Computer Name = TobiasPC | Source = DCOM | ID = 10010
Description =
Error - 03.05.2013 14:04:25 | Computer Name = TobiasPC | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =
Error - 03.05.2013 14:05:17 | Computer Name = TobiasPC | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description = Fehler beim Starten des BITS-Dienstes. Fehler: 2147943515.
Error - 03.05.2013 14:05:17 | Computer Name = TobiasPC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit
dem folgenden dienstspezifischen Fehler beendet: %%2147943515
Error - 03.05.2013 14:05:45 | Computer Name = TobiasPC | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =
< End of report >
|
|
16.05.2013, 18:02
| #30 |
| /// Helfer-Team | GVU-Virus: Erst Zahlungsaufforderung und nach meherem Hochfahren schwarzer Bildschirm Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Erstelle zuerst auf einem Zweitrechner das Fixskript:
Danach führe folgendermassen den Fix aus:
2. Schritt Downloade Dir bitte  Malwarebytes Anti-Malware
danach: 3. Schritt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
|
|
| Themen zu GVU-Virus: Erst Zahlungsaufforderung und nach meherem Hochfahren schwarzer Bildschirm |
| 64bit-einstellung, beste, besten, bildschirm, erneute, euro, freue, gvu-virus, hochfahren, kurzem, laptop, mehrfach, nichts, recht, schei, schild, schwarz, schwarzer, schwarzer bildschirm, seitdem, starte, taskmanager, troja, versucht, virus, weiterhelfen, windows8, wirklich, würde |
+ R Taste, schreibe "notepad" in das Ausführen Fenster und drücke OK.
Linear-Darstellung
