| |
| |||||||
Log-Analyse und Auswertung: Win 8.1: Button Konto verwalten in Word 2013 öffnet dubiose SeiteWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
21.12.2013, 15:38
| #1 |
 |  Win 8.1: Button Konto verwalten in Word 2013 öffnet dubiose Seite Hallo miteinander! Ich habe letzte Woche einen neuen Laptop gekauft und diesen dann auf Win 8.1 updated und Office 365 installiert. Nun habe ich folgendes Problem: Ich bin auf Windows 8.1 auf einem lokalen Konto angemeldet. Wenn ich im Word 365 unter Optionen>Konto den Button Konto verwalten Klicke, wird der Firefox geöffnet (obwohl dieser nicht als Standard definiert ist) und es erscheint neben der Anmeldemaske für das Microsoftkonto ein weiterer Tab mit der URL www.44e.com. Auf dieser Seite findet man dann natürlich dubiose Links. Ich habe den Rechner mit folgenden Tools gescannt:
Die Dateien sind angehängt Ich habe auch Microsoft kontktiert, sie denken an eine Malware. Könnt ihr mir da weiterhelfen? Herzlichen Dank!FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-12-2013 02
Ran by AcerXYZ at 2013-12-21 14:51:58
Running from C:\Users\XYZOnAcer\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
clear.fi SDK - Video 2 (x32 Version: 2.1.2606)
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606)
Acer Launch Manager (Version: 8.00.3005)
Acer Power Management (Version: 7.00.3013)
Acer Recovery Management (Version: 6.00.3016)
Acer System Information (x32 Version: 1.0.0)
AcerCloud Docs (x32 Version: 1.01.2008)
AcerCloud Portal (x32 Version: 2.02.2022)
Adobe Reader XI (11.0.04) - Deutsch (x32 Version: 11.0.04)
AMD Accelerated Video Transcoding (Version: 12.10.100.30314)
AMD APP SDK Runtime (Version: 10.0.1124.2)
AMD Catalyst Install Manager (Version: 8.0.911.0)
Bejeweled 3 (x32 Version: 2.2.0.98)
Broadcom Card Reader Driver Installer (Version: 16.0.2.3)
Broadcom NetLink Controller (Version: 16.0.2.1)
Canon MG8100 series MP Drivers
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2013.0314.1033.17070)
Catalyst Control Center InstallProxy (x32 Version: 2013.0314.1033.17070)
Catalyst Control Center Localization All (x32 Version: 2013.0314.1033.17070)
Catalyst Control Center Profiles Mobile (x32 Version: 2013.0314.1033.17070)
CCC Help Chinese Standard (x32 Version: 2013.0314.1032.17070)
CCC Help Chinese Traditional (x32 Version: 2013.0314.1032.17070)
CCC Help Czech (x32 Version: 2013.0314.1032.17070)
CCC Help Danish (x32 Version: 2013.0314.1032.17070)
CCC Help Dutch (x32 Version: 2013.0314.1032.17070)
CCC Help English (x32 Version: 2013.0314.1032.17070)
CCC Help Finnish (x32 Version: 2013.0314.1032.17070)
CCC Help French (x32 Version: 2013.0314.1032.17070)
CCC Help German (x32 Version: 2013.0314.1032.17070)
CCC Help Greek (x32 Version: 2013.0314.1032.17070)
CCC Help Hungarian (x32 Version: 2013.0314.1032.17070)
CCC Help Italian (x32 Version: 2013.0314.1032.17070)
CCC Help Japanese (x32 Version: 2013.0314.1032.17070)
CCC Help Korean (x32 Version: 2013.0314.1032.17070)
CCC Help Norwegian (x32 Version: 2013.0314.1032.17070)
CCC Help Polish (x32 Version: 2013.0314.1032.17070)
CCC Help Portuguese (x32 Version: 2013.0314.1032.17070)
CCC Help Russian (x32 Version: 2013.0314.1032.17070)
CCC Help Spanish (x32 Version: 2013.0314.1032.17070)
CCC Help Swedish (x32 Version: 2013.0314.1032.17070)
CCC Help Thai (x32 Version: 2013.0314.1032.17070)
CCC Help Turkish (x32 Version: 2013.0314.1032.17070)
ccc-utility64 (Version: 2013.0314.1033.17070)
Citavi 4 (x32 Version: 4.2.0.11)
clear.fi Media (x32 Version: 2.02.2012)
clear.fi Photo (x32 Version: 2.02.2016)
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32)
ETDWare PS/2-X64 11.6.23.203_WHQL (Version: 11.6.23.203)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110)
Identity Card (x32 Version: 2.00.3006)
Intel(R) Management Engine Components (x32 Version: 9.5.3.1520)
Intel(R) Processor Graphics (x32 Version: 10.18.10.3316)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 3.0.0.66956)
Intel® Trusted Connect Service Client (Version: 1.27.798.1)
Jewel Match 3 (x32 Version: 2.2.0.98)
John Deere Drive Green (x32 Version: 2.2.0.95)
Kaspersky Internet Security (x32 Version: 14.0.0.4651)
Live Updater (x32 Version: 2.00.3010)
Magic Academy (x32 Version: 2.2.0.98)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft Office 365 Home Premium - de-de (Version: 15.0.4551.1011)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0)
Mozilla Maintenance Service (x32 Version: 26.0)
Nero BackItUp (x32 Version: 12.5.5000)
Nero BackItUp 12 Essentials OEM.a01 (x32 Version: 12.5.00500)
Nero BackItUp Help (CHM) (x32 Version: 12.0.10000)
Nero ControlCenter (x32 Version: 11.0.15600)
Nero ControlCenter Help (CHM) (x32 Version: 12.0.7000)
Nero Core Components (x32 Version: 11.0.20200)
Nero Launcher (x32 Version: 12.2.7000)
Nero RescueAgent (x32 Version: 12.0.3001)
Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000)
Nero Update (x32 Version: 11.0.11800.31.0)
OEM Application Profile (x32 Version: 1.00.0000)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1011)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1011)
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1011)
Office Addin (x32 Version: 2.02.2008)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98)
Pokki (HKCU Version: 0.266.1.172)
Prerequisite installer (x32 Version: 12.0.0003)
PX Profile Update (x32 Version: 1.00.1.)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.224)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (x32 Version: 11.49)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6865)
Shared C Run-time for x64 (Version: 10.0.0)
Spotify (x32 Version: 0.8.4.99.ga249b5f1)
Tales of Lagoona (x32 Version: 2.2.0.110)
Update Installer for WildTangent Games App (x32)
Visual Studio 2005 Tools for Office Second Edition Runtime (x32)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729)
Visual Studio Tools for the Office system 3.0 Runtime (x32)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (x32 Version: 1)
WildTangent Games (x32 Version: 1.0.4.0)
WildTangent Games App (x32 Version: 4.0.10.5)
==================== Restore Points =========================
17-12-2013 20:48:01 Removed Microsoft Office
==================== Hosts content: ==========================
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0C0093D6-F6F1-4512-A9F6-3CF809365B60} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2A6DDC4B-CA80-4CAF-AC2A-353C25683573} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2013-12-17] (Microsoft Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\System32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {AD1A14F2-2FAB-4195-9938-E9FB577A0BD8} - System32\Tasks\Microsoft Office 15 Sync Maintenance for HOMEACER-AcerXYZHomeAcer => C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE [2013-12-17] (Microsoft Corporation)
Task: {B95D8C60-670E-4674-ACA0-144C0E6AA85E} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-01-24] (Acer Incorporated)
Task: {CE7922E0-7574-4459-B11D-706D7014AD27} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-11-02] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DBD97C4E-96EA-4AFA-AAAF-CFC081BE2EA1} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: {E46225B2-E87E-4E0F-86A1-1EE4C462392A} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {E6102338-9D7E-47AD-B68A-27886F0C0907} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-06-18] (Acer Incorporate)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
==================== Loaded Modules (whitelisted) =============
2013-04-15 19:23 - 2013-04-15 19:23 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-04-15 19:20 - 2013-04-15 19:20 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-09-15 04:00 - 2013-05-08 21:23 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-12-18 21:09 - 2013-12-05 20:36 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\AcerXYZ\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (12/21/2013 02:18:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: HomeAcer)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147009280. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (12/21/2013 09:33:21 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (12/21/2013 09:16:40 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (12/19/2013 09:06:26 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (12/18/2013 09:56:45 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel: 0x4f8350e0
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.16408, Zeitstempel: 0x523d557d
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000000ab78
ID des fehlerhaften Prozesses: 0x1090
Startzeit der fehlerhaften Anwendung: 0xCCC.exe0
Pfad der fehlerhaften Anwendung: CCC.exe1
Pfad des fehlerhaften Moduls: CCC.exe2
Berichtskennung: CCC.exe3
Vollständiger Name des fehlerhaften Pakets: CCC.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CCC.exe5
Error: (12/18/2013 09:56:44 PM) (Source: .NET Runtime) (User: )
Description: Anwendung: CCC.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ObjectDisposedException
Stapel:
bei System.Threading.TimerQueueTimer.Change(UInt32, UInt32)
bei ATI.ACE.CCC.Implementation.CCC_Main.CCCNewThreadBegin(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
bei System.Threading.ThreadHelper.ThreadStart(System.Object)
Error: (12/17/2013 10:30:47 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU Client has failed to start
Error: (12/17/2013 10:05:58 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: POWERPNT.EXE, Version: 15.0.4454.1000, Zeitstempel: 0x509a39f9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x14ab83ca
ID des fehlerhaften Prozesses: 0x888
Startzeit der fehlerhaften Anwendung: 0xPOWERPNT.EXE0
Pfad der fehlerhaften Anwendung: POWERPNT.EXE1
Pfad des fehlerhaften Moduls: POWERPNT.EXE2
Berichtskennung: POWERPNT.EXE3
Vollständiger Name des fehlerhaften Pakets: POWERPNT.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: POWERPNT.EXE5
Error: (12/17/2013 09:48:01 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (12/17/2013 09:43:05 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004E028
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=7b65fea6-df35-4e65-aaa7-bdf1fef5b24f;NotificationInterval=1440;Trigger=TimerEvent
System errors:
=============
Error: (12/21/2013 02:47:03 PM) (Source: DCOM) (User: HomeAcer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (12/21/2013 02:46:33 PM) (Source: DCOM) (User: HomeAcer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (12/21/2013 02:18:39 PM) (Source: DCOM) (User: HomeAcer)
Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server15616Microsoft.WindowsLive.Mail.AppXc44xwbp9kd84a2z6xvsv95wqf9kad67n.mcaNicht verfügbarNicht verfügbar
Error: (12/21/2013 00:14:16 PM) (Source: DCOM) (User: HomeAcer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (12/21/2013 00:13:41 PM) (Source: DCOM) (User: HomeAcer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (12/21/2013 00:04:23 PM) (Source: DCOM) (User: HomeAcer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (12/21/2013 00:03:53 PM) (Source: DCOM) (User: HomeAcer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (12/19/2013 11:39:06 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (12/19/2013 11:34:29 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (12/19/2013 07:32:57 AM) (Source: DCOM) (User: HomeAcer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Microsoft Office Sessions:
=========================
Error: (12/21/2013 02:18:39 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: HomeAcer)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147009280
Error: (12/21/2013 09:33:21 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (12/21/2013 09:16:40 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (12/19/2013 09:06:26 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (12/18/2013 09:56:45 PM) (Source: Application Error)(User: )
Description: CCC.exe3.5.0.04f8350e0KERNELBASE.dll6.3.9600.16408523d557de0434352000000000000ab78109001cefc3314acfca6C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\WINDOWS\system32\KERNELBASE.dlle6b1d1b0-6826-11e3-824f-a4db30039eb2
Error: (12/18/2013 09:56:44 PM) (Source: .NET Runtime)(User: )
Description: Anwendung: CCC.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ObjectDisposedException
Stapel:
bei System.Threading.TimerQueueTimer.Change(UInt32, UInt32)
bei ATI.ACE.CCC.Implementation.CCC_Main.CCCNewThreadBegin(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
bei System.Threading.ThreadHelper.ThreadStart(System.Object)
Error: (12/17/2013 10:30:47 PM) (Source: ATIeRecord)(User: )
Description:
Error: (12/17/2013 10:05:58 PM) (Source: Application Error)(User: )
Description: POWERPNT.EXE15.0.4454.1000509a39f9unknown0.0.0.000000000c000000514ab83ca88801cefb6bc5963d1fC:\Program Files\Microsoft Office 15\Root\Office15\POWERPNT.EXEunknown066498a0-675f-11e3-824f-a4db30039eb2
Error: (12/17/2013 09:48:01 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
Error: (12/17/2013 09:43:05 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004E028RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=7b65fea6-df35-4e65-aaa7-bdf1fef5b24f;NotificationInterval=1440;Trigger=TimerEvent
==================== Memory info ===========================
Percentage of memory in use: 28%
Total physical RAM: 7912.27 MB
Available physical RAM: 5658.03 MB
Total Pagefile: 9832.27 MB
Available Pagefile: 7367.12 MB
Total Virtual: 131072 MB
Available Virtual: 131071.77 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:680.35 GB) (Free:645.34 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 699 GB) (Disk ID: E9C661FE)
Partition: GPT Partition Type
==================== End Of Log ============================
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2013 02 Ran by AcerXYZ (administrator) on HOMEACER on 21-12-2013 14:51:35 Running from C:\Users\XYZOnAcer\Downloads Windows 8.1 Pro with Media Center (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HotKeysCmds] - "C:\WINDOWS\system32\hkcmd.exe" HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2890640 2013-04-22] (ELAN Microelectronics Corp.) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-04-15] ( (Atheros Communications)) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-14] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com SearchScopes: HKLM - DefaultScope {D68C1CDB-A4AA-4204-92EB-379C6EBBB7E7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ch.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKLM - {D68C1CDB-A4AA-4204-92EB-379C6EBBB7E7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM-x32 - DefaultScope {D68C1CDB-A4AA-4204-92EB-379C6EBBB7E7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM-x32 - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ch.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKLM-x32 - {D68C1CDB-A4AA-4204-92EB-379C6EBBB7E7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKCU - DefaultScope {D68C1CDB-A4AA-4204-92EB-379C6EBBB7E7} URL = SearchScopes: HKCU - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ch.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKCU - {D68C1CDB-A4AA-4204-92EB-379C6EBBB7E7} URL = BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\AcerXYZ\AppData\Roaming\Mozilla\Firefox\Profiles\u8elastf.default FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: WOT - C:\Users\AcerXYZ\AppData\Roaming\Mozilla\Firefox\Profiles\u8elastf.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com ==================== Services (Whitelisted) ================= R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [228480 2013-04-15] (Qualcomm Atheros Commnucations) R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-08] (Intel Corporation) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-06-18] (Acer Incorporate) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-11-02] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-04-15] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-12-17] (Microsoft Corporation) S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-11-14] (Microsoft Corporation) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-17] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2013-12-18] (Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [623712 2013-12-18] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [64608 2013-05-07] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2013-12-18] (Kaspersky Lab ZAO) R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated) S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-08] (Intel Corporation) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-12-17] (Microsoft Corporation) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation) S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [112224 2013-06-08] (Kaspersky Lab ZAO) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-21 14:51 - 2013-12-21 14:51 - 00016262 _____ C:\Users\XYZOnAcer\Downloads\FRST.txt 2013-12-21 14:51 - 2013-12-21 14:51 - 00000000 ____D C:\FRST 2013-12-21 14:50 - 2013-12-21 14:50 - 00000484 _____ C:\Users\XYZOnAcer\Downloads\defogger_disable.log 2013-12-21 14:50 - 2013-12-21 14:50 - 00000000 _____ C:\Users\AcerXYZ\defogger_reenable 2013-12-21 14:48 - 2013-12-21 14:48 - 00377856 _____ C:\Users\AcerXYZ\Downloads\gmer_2.1.19163.exe 2013-12-21 14:18 - 2013-12-21 14:18 - 00001121 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-12-21 14:18 - 2013-12-21 14:18 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\Malwarebytes 2013-12-21 14:18 - 2013-12-21 14:18 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-21 14:18 - 2013-12-21 14:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-21 14:18 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2013-12-21 14:13 - 2013-12-21 14:14 - 00000000 ____D C:\AdwCleaner 2013-12-21 14:08 - 2013-12-21 14:08 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Microsoft Help 2013-12-21 13:58 - 2013-12-21 13:58 - 01226802 _____ C:\Users\XYZOnAcer\Downloads\adwcleaner_3.0.1.5.exe 2013-12-21 13:56 - 2013-12-21 13:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\XYZOnAcer\Downloads\mbam-setup-1.75.0.1300.exe 2013-12-21 13:52 - 2013-12-21 13:52 - 02193141 _____ (Farbar) C:\Users\XYZOnAcer\Downloads\FRST64.exe 2013-12-21 13:52 - 2013-12-21 13:52 - 00050477 _____ C:\Users\XYZOnAcer\Downloads\Defogger.exe 2013-12-21 13:34 - 2013-12-21 13:34 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Roaming\Macromedia 2013-12-21 09:24 - 2013-12-21 09:24 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Roaming\Mozilla 2013-12-21 09:24 - 2013-12-21 09:24 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\Mozilla 2013-12-19 10:48 - 2013-12-19 10:48 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\Microsoft Help 2013-12-19 10:26 - 2013-12-19 10:26 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\Adobe 2013-12-19 09:51 - 2013-12-19 09:51 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\clear.fi 2013-12-19 09:47 - 2013-12-19 09:49 - 00000000 ____D C:\Users\XYZOnAcer\Documents\masterarbeit 2013-12-19 09:47 - 2013-12-19 09:47 - 00047104 ___SH C:\Users\XYZOnAcer\Desktop\Thumbs.db 2013-12-19 09:47 - 2013-12-19 09:47 - 00001464 _____ C:\Users\XYZOnAcer\Desktop\masterarbeit - Verknüpfung.lnk 2013-12-19 07:23 - 2013-12-19 07:23 - 00002043 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-12-19 07:23 - 2013-12-19 07:23 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-12-19 07:22 - 2013-12-19 07:23 - 00000000 ____D C:\ProgramData\Adobe 2013-12-19 07:16 - 2013-12-19 07:24 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Adobe 2013-12-18 22:06 - 2013-12-18 22:06 - 00000493 _____ C:\Users\AcerXYZ\Desktop\Wartungscenter - Verknüpfung.lnk 2013-12-18 21:57 - 2013-12-18 21:57 - 00000000 ____D C:\AMD 2013-12-18 21:52 - 2013-12-18 21:52 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\ATI 2013-12-18 21:52 - 2013-12-18 21:52 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\ATI 2013-12-18 21:52 - 2013-12-18 21:52 - 00000000 ____D C:\ProgramData\ATI 2013-12-18 21:45 - 2013-12-18 21:45 - 00000000 ____D C:\Users\AcerXYZ\PicStream 2013-12-18 21:44 - 2013-12-18 21:45 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\clear.fi 2013-12-18 21:44 - 2013-12-18 21:44 - 00000000 ____D C:\Users\Public\OEM 2013-12-18 21:44 - 2013-12-18 21:44 - 00000000 ____D C:\Users\AcerXYZ\Documents\clear.fi 2013-12-18 21:26 - 2013-12-18 21:26 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Intel_Corporation 2013-12-18 21:09 - 2013-12-18 21:09 - 00001159 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-12-18 21:09 - 2013-12-18 21:09 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\Mozilla 2013-12-18 21:09 - 2013-12-18 21:09 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Mozilla 2013-12-18 21:09 - 2013-12-18 21:09 - 00000000 ____D C:\ProgramData\Mozilla 2013-12-18 21:09 - 2013-12-18 21:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-12-18 21:09 - 2013-12-18 21:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-18 20:41 - 2013-12-21 09:19 - 00003962 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3FC13721-6C14-4BD9-A303-4887F701ADD7} 2013-12-17 22:36 - 2013-12-21 13:27 - 00003592 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-698567670-189481497-758974349-1004 2013-12-17 22:35 - 2013-12-21 13:59 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\Deployment 2013-12-17 22:35 - 2013-12-19 11:28 - 00000000 ____D C:\Users\XYZOnAcer\Documents\Citavi 4 2013-12-17 22:35 - 2013-12-17 22:37 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Roaming\Swiss Academic Software 2013-12-17 22:35 - 2013-12-17 22:35 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\Swiss Academic Software 2013-12-17 22:35 - 2013-12-17 22:35 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\Apps\2.0 2013-12-17 22:31 - 2013-12-19 10:26 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Roaming\Adobe 2013-12-17 22:31 - 2013-12-17 22:31 - 00002346 _____ C:\Users\XYZOnAcer\Desktop\Sicherer Zahlungsverkehr.lnk 2013-12-17 22:31 - 2013-12-17 22:31 - 00001450 _____ C:\Users\XYZOnAcer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-12-17 22:31 - 2013-12-17 22:31 - 00000020 ___SH C:\Users\XYZOnAcer\ntuser.ini 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Vorlagen 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Startmenü 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Netzwerkumgebung 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Lokale Einstellungen 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Eigene Dateien 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Druckumgebung 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Documents\Eigene Musik 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Documents\Eigene Bilder 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\AppData\Local\Verlauf 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\AppData\Local\Anwendungsdaten 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Anwendungsdaten 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 ___RD C:\Users\XYZOnAcer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 ___RD C:\Users\XYZOnAcer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 ____D C:\Users\XYZOnAcer\Documents\Bluetooth Folder 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Roaming\Atheros 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\VirtualStore 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\Packages 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\BMExplorer 2013-12-17 22:30 - 2013-12-17 22:31 - 00000000 ____D C:\Users\XYZOnAcer 2013-12-17 22:30 - 2013-12-17 21:25 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\Pokki 2013-12-17 22:30 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\XYZOnAcer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2013-12-17 22:30 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\XYZOnAcer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2013-12-17 22:30 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\XYZOnAcer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2013-12-17 22:30 - 2013-08-22 16:36 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2013-12-17 22:17 - 2013-12-17 22:19 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\Swiss Academic Software 2013-12-17 22:17 - 2013-12-17 22:18 - 00000000 ____D C:\Users\AcerXYZ\Documents\Citavi 4 2013-12-17 22:17 - 2013-12-17 22:17 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Swiss Academic Software 2013-12-17 22:15 - 2013-12-17 22:15 - 00001969 _____ C:\Users\Public\Desktop\Citavi 4.lnk 2013-12-17 22:15 - 2013-12-17 22:15 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Downloaded Installations 2013-12-17 22:15 - 2013-12-17 22:15 - 00000000 ____D C:\ProgramData\Swiss Academic Software 2013-12-17 22:15 - 2013-12-17 22:15 - 00000000 ____D C:\Program Files (x86)\Citavi 4 2013-12-17 22:15 - 2013-12-17 22:15 - 00000000 _____ C:\Recovery.txt 2013-12-17 22:13 - 2013-12-21 14:07 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Deployment 2013-12-17 22:13 - 2013-12-17 22:13 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf 2013-12-17 22:13 - 2013-12-17 22:13 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Apps\2.0 2013-12-17 22:11 - 2013-12-21 14:28 - 00005158 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for HOMEACER-AcerXYZ HomeAcer 2013-12-17 22:10 - 2013-12-17 22:10 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive 2013-12-17 22:07 - 2013-12-17 22:07 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\Macromedia 2013-12-17 22:06 - 2013-12-17 22:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2013-12-17 22:03 - 2013-12-17 22:04 - 00000000 ____D C:\Program Files\Microsoft Office 15 2013-12-17 22:02 - 2013-12-17 22:02 - 00000000 ____D C:\ProgramData\Pokki 2013-12-17 21:57 - 2013-12-17 21:57 - 00003954 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3A3DA8ED-E676-46E5-8CB8-4AAEEFB2FE44} 2013-12-17 21:56 - 2013-12-17 21:56 - 00000000 ___RD C:\WINDOWS\BrowserChoice 2013-12-17 21:53 - 2013-12-17 21:53 - 00002346 _____ C:\Users\AcerXYZ\Desktop\Sicherer Zahlungsverkehr.lnk 2013-12-17 21:53 - 2013-12-17 21:53 - 00001341 _____ C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security.lnk 2013-12-17 21:52 - 2013-12-21 14:07 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-12-17 21:52 - 2013-12-17 21:52 - 00001144 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2013-12-17 21:52 - 2013-12-17 21:52 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2013-12-17 21:52 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll 2013-12-17 21:51 - 2013-12-18 21:06 - 00623712 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys 2013-12-17 21:51 - 2013-06-08 20:18 - 00112224 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klflt.sys 2013-12-17 21:48 - 2013-12-17 21:48 - 00000000 ____D C:\WINDOWS\system32\appmgmt 2013-12-17 21:45 - 2013-12-17 22:11 - 00000000 __RDO C:\Users\AcerXYZ\SkyDrive 2013-12-17 21:44 - 2013-12-17 21:44 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information 2013-12-17 21:44 - 2013-12-17 21:44 - 00000000 ___HD C:\ProgramData\CanonBJ 2013-12-17 21:44 - 2013-12-17 21:44 - 00000000 ____D C:\Users\AcerXYZ\Documents\Bluetooth Folder 2013-12-17 21:44 - 2013-12-17 21:44 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\BMExplorer 2013-12-17 21:44 - 2010-08-25 05:00 - 00361472 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMAH.DLL 2013-12-17 21:43 - 2013-12-17 21:43 - 00001450 _____ C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-12-17 21:42 - 2013-12-17 21:42 - 00000020 ___SH C:\Users\AcerXYZ\ntuser.ini 2013-12-17 21:32 - 2013-12-21 14:29 - 01297235 _____ C:\WINDOWS\WindowsUpdate.log 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Vorlagen 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Startmenü 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Eigene Dateien 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Druckumgebung 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Programme 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\ProgramData\Vorlagen 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\ProgramData\Startmenü 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\ProgramData\Dokumente 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Dokumente und Einstellungen 2013-12-17 21:31 - 2013-12-17 21:31 - 00022960 _____ C:\WINDOWS\system32\emptyregdb.dat 2013-12-17 21:25 - 2013-12-17 21:25 - 00000000 ____D C:\Users\Default\AppData\Local\Pokki 2013-12-17 21:25 - 2013-12-17 21:25 - 00000000 ____D C:\Users\Default User\AppData\Local\Pokki 2013-12-17 21:23 - 2013-12-17 21:23 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate 2013-12-17 21:22 - 2013-12-21 14:50 - 00000000 ____D C:\Users\AcerXYZ 2013-12-17 21:22 - 2013-12-17 21:32 - 00020958 _____ C:\WINDOWS\diagwrn.xml 2013-12-17 21:22 - 2013-12-17 21:32 - 00020958 _____ C:\WINDOWS\diagerr.xml 2013-12-17 21:22 - 2013-12-17 21:23 - 00000000 ___RD C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Vorlagen 2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Startmenü 2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Netzwerkumgebung 2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Lokale Einstellungen 2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Eigene Dateien 2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Druckumgebung 2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Documents\Eigene Musik 2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Documents\Eigene Bilder 2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\AppData\Local\Verlauf 2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\AppData\Local\Anwendungsdaten 2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Anwendungsdaten 2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\Atheros 2013-12-17 21:22 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2013-12-17 21:22 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2013-12-17 21:22 - 2013-08-22 16:36 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2013-12-17 21:21 - 2013-12-17 22:31 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD 2013-12-17 21:21 - 2013-12-17 21:43 - 00000000 ___RD C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-12-17 21:21 - 2013-12-17 21:43 - 00000000 ___RD C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-12-17 21:21 - 2013-12-17 21:21 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\Adobe 2013-12-17 21:21 - 2013-12-17 21:21 - 00000000 ____D C:\ProgramData\OEM_YAHOO 2013-12-17 21:20 - 2013-12-18 21:11 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Pokki 2013-12-17 21:20 - 2013-12-17 22:04 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\VirtualStore 2013-12-17 21:20 - 2013-12-17 21:56 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Packages 2013-12-17 21:18 - 2013-12-17 21:24 - 00000000 ____D C:\Program Files\Intel 2013-12-17 21:18 - 2013-12-17 21:24 - 00000000 ____D C:\Program Files (x86)\Intel 2013-12-17 21:18 - 2013-12-17 21:18 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2013-12-17 21:18 - 2013-12-17 21:18 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf 2013-12-17 21:18 - 2013-12-17 21:18 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2013-12-17 21:18 - 2013-12-17 21:18 - 00000000 ____D C:\Program Files\Realtek 2013-12-17 21:18 - 2013-12-17 21:18 - 00000000 ____D C:\Program Files\Elantech 2013-12-17 21:18 - 2013-12-17 21:18 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies 2013-12-17 21:18 - 2013-12-17 21:18 - 00000000 ____D C:\Program Files\AMD 2013-12-17 21:16 - 2013-12-18 22:05 - 00000000 ___DC C:\WINDOWS\Panther 2013-12-17 21:16 - 2013-12-17 21:16 - 00000000 __SHD C:\Recovery 2013-12-17 21:15 - 2013-12-17 21:15 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2013-12-17 21:15 - 2013-12-17 21:15 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll 2013-12-17 21:15 - 2013-12-17 21:15 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll 2013-12-17 21:15 - 2013-12-17 21:15 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2013-12-17 21:15 - 2013-12-17 21:15 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll 2013-12-17 21:15 - 2013-12-17 21:15 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll 2013-12-17 21:15 - 2013-12-17 21:15 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll 2013-12-17 21:15 - 2013-12-17 21:15 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll 2013-12-17 21:15 - 2013-12-17 21:15 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2013-12-17 21:14 - 2013-12-17 21:14 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2013-12-17 21:14 - 2013-12-17 21:14 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2013-12-17 21:14 - 2013-12-17 21:14 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2013-12-17 21:14 - 2013-12-17 21:14 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe 2013-12-17 21:14 - 2013-12-17 21:14 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2013-12-17 21:14 - 2013-12-17 21:14 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2013-12-17 21:14 - 2013-12-17 21:14 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2013-12-17 21:14 - 2013-12-17 21:14 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2013-12-17 21:14 - 2013-12-17 21:14 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe 2013-12-17 21:14 - 2013-12-17 21:14 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2013-12-17 21:14 - 2013-12-17 21:14 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2013-12-17 21:14 - 2013-12-17 21:14 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe 2013-12-17 21:14 - 2013-12-17 21:14 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2013-12-17 21:14 - 2013-12-17 21:14 - 00449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgr.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2013-12-17 21:14 - 2013-12-17 21:14 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2013-12-17 21:14 - 2013-12-17 21:14 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2013-12-17 21:14 - 2013-12-17 21:14 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2013-12-17 21:14 - 2013-12-17 21:14 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys 2013-12-17 21:14 - 2013-12-17 21:14 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2013-12-17 21:14 - 2013-12-17 21:14 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys 2013-12-17 21:14 - 2013-12-17 21:14 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll 2013-12-17 21:13 - 2013-12-17 21:13 - 00262144 _____ C:\WINDOWS\system32\config\userdiff 2013-12-17 21:12 - 2013-12-17 21:25 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer 2013-12-17 21:12 - 2013-12-17 21:12 - 00000000 ____D C:\Program Files\Reference Assemblies 2013-12-17 21:12 - 2013-12-17 21:12 - 00000000 ____D C:\Program Files\MSBuild 2013-12-17 21:12 - 2013-12-17 21:12 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2013-12-17 21:12 - 2013-12-17 21:12 - 00000000 ____D C:\Program Files (x86)\MSBuild 2013-12-17 21:11 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2013-12-17 21:11 - 2013-08-03 05:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2013-12-17 21:11 - 2013-08-03 05:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2013-12-17 21:11 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2013-12-17 21:11 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-12-17 21:11 - 2013-08-03 05:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2013-12-17 20:54 - 2013-12-17 21:32 - 00006598 _____ C:\WINDOWS\comsetup.log 2013-12-17 20:05 - 2013-12-17 21:23 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acer 2013-12-17 20:03 - 2013-12-17 20:04 - 00011713 _____ C:\Users\AcerXYZ\AppData\Local\HWVendorDetection.log 2013-12-17 19:30 - 2013-11-19 11:21 - 00267936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2013-12-17 19:19 - 2013-12-17 19:20 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-12-17 19:19 - 2013-12-01 14:42 - 90708896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2013-12-17 18:35 - 2013-12-21 14:46 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-698567670-189481497-758974349-1001 2013-12-17 18:15 - 2013-12-17 18:15 - 00000493 _____ C:\Users\AcerXYZ\Desktop\Windows Update - Verknüpfung.lnk 2013-12-17 17:40 - 2013-12-17 17:40 - 00002060 _____ C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk 2013-12-17 15:26 - 2013-12-17 22:28 - 00003562 _____ C:\WINDOWS\System32\Tasks\CreateChoiceProcessTask 2013-12-17 15:08 - 2013-12-17 15:27 - 00000000 ____D C:\WINDOWS\CSC 2013-12-17 14:23 - 2013-05-04 05:51 - 00014848 ____N (Microsoft) C:\WINDOWS\system32\rars.rs 2013-12-17 14:23 - 2013-05-04 05:10 - 00014848 ____N (Microsoft) C:\WINDOWS\SysWOW64\rars.rs ==================== One Month Modified Files and Folders ======= 2021-10-21 14:36 - 2013-09-15 04:09 - 00000852 _____ C:\WINDOWS\system32\Drivers\RTKHDRC.dat 2021-10-04 08:34 - 2013-09-15 04:09 - 00000712 _____ C:\WINDOWS\system32\Drivers\RTMICEQ0.dat 2013-12-21 14:51 - 2013-12-21 14:51 - 00016262 _____ C:\Users\XYZOnAcer\Downloads\FRST.txt 2013-12-21 14:51 - 2013-12-21 14:51 - 00000000 ____D C:\FRST 2013-12-21 14:50 - 2013-12-21 14:50 - 00000484 _____ C:\Users\XYZOnAcer\Downloads\defogger_disable.log 2013-12-21 14:50 - 2013-12-21 14:50 - 00000000 _____ C:\Users\AcerXYZ\defogger_reenable 2013-12-21 14:50 - 2013-12-17 21:22 - 00000000 ____D C:\Users\AcerXYZ 2013-12-21 14:48 - 2013-12-21 14:48 - 00377856 _____ C:\Users\AcerXYZ\Downloads\gmer_2.1.19163.exe 2013-12-21 14:46 - 2013-12-17 18:35 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-698567670-189481497-758974349-1001 2013-12-21 14:29 - 2013-12-17 21:32 - 01297235 _____ C:\WINDOWS\WindowsUpdate.log 2013-12-21 14:28 - 2013-12-17 22:11 - 00005158 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for HOMEACER-AcerXYZ HomeAcer 2013-12-21 14:19 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2013-12-21 14:18 - 2013-12-21 14:18 - 00001121 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-12-21 14:18 - 2013-12-21 14:18 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\Malwarebytes 2013-12-21 14:18 - 2013-12-21 14:18 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-21 14:18 - 2013-12-21 14:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-21 14:14 - 2013-12-21 14:13 - 00000000 ____D C:\AdwCleaner 2013-12-21 14:08 - 2013-12-21 14:08 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Microsoft Help 2013-12-21 14:07 - 2013-12-17 22:13 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Deployment 2013-12-21 14:07 - 2013-12-17 21:52 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-12-21 14:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru 2013-12-21 13:59 - 2013-12-17 22:35 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\Deployment 2013-12-21 13:58 - 2013-12-21 13:58 - 01226802 _____ C:\Users\XYZOnAcer\Downloads\adwcleaner_3.0.1.5.exe 2013-12-21 13:56 - 2013-12-21 13:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\XYZOnAcer\Downloads\mbam-setup-1.75.0.1300.exe 2013-12-21 13:52 - 2013-12-21 13:52 - 02193141 _____ (Farbar) C:\Users\XYZOnAcer\Downloads\FRST64.exe 2013-12-21 13:52 - 2013-12-21 13:52 - 00050477 _____ C:\Users\XYZOnAcer\Downloads\Defogger.exe 2013-12-21 13:50 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF 2013-12-21 13:34 - 2013-12-21 13:34 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Roaming\Macromedia 2013-12-21 13:27 - 2013-12-17 22:36 - 00003592 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-698567670-189481497-758974349-1004 2013-12-21 13:21 - 2013-11-14 08:39 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-12-21 13:21 - 2013-11-14 08:15 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat 2013-12-21 13:21 - 2013-11-14 08:15 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat 2013-12-21 13:17 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-12-21 13:16 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2013-12-21 09:24 - 2013-12-21 09:24 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Roaming\Mozilla 2013-12-21 09:24 - 2013-12-21 09:24 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\Mozilla 2013-12-21 09:19 - 2013-12-18 20:41 - 00003962 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3FC13721-6C14-4BD9-A303-4887F701ADD7} 2013-12-19 11:47 - 2013-11-13 23:27 - 00035420 _____ C:\WINDOWS\PFRO.log 2013-12-19 11:47 - 2013-09-15 04:28 - 00000000 ____D C:\ProgramData\Norton 2013-12-19 11:47 - 2013-08-22 15:44 - 00481632 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-12-19 11:28 - 2013-12-17 22:35 - 00000000 ____D C:\Users\XYZOnAcer\Documents\Citavi 4 2013-12-19 10:48 - 2013-12-19 10:48 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\Microsoft Help 2013-12-19 10:26 - 2013-12-19 10:26 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\Adobe 2013-12-19 10:26 - 2013-12-17 22:31 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Roaming\Adobe 2013-12-19 09:51 - 2013-12-19 09:51 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\clear.fi 2013-12-19 09:49 - 2013-12-19 09:47 - 00000000 ____D C:\Users\XYZOnAcer\Documents\masterarbeit 2013-12-19 09:47 - 2013-12-19 09:47 - 00047104 ___SH C:\Users\XYZOnAcer\Desktop\Thumbs.db 2013-12-19 09:47 - 2013-12-19 09:47 - 00001464 _____ C:\Users\XYZOnAcer\Desktop\masterarbeit - Verknüpfung.lnk 2013-12-19 07:27 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache 2013-12-19 07:24 - 2013-12-19 07:16 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Adobe 2013-12-19 07:23 - 2013-12-19 07:23 - 00002043 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-12-19 07:23 - 2013-12-19 07:23 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-12-19 07:23 - 2013-12-19 07:22 - 00000000 ____D C:\ProgramData\Adobe 2013-12-18 22:06 - 2013-12-18 22:06 - 00000493 _____ C:\Users\AcerXYZ\Desktop\Wartungscenter - Verknüpfung.lnk 2013-12-18 22:05 - 2013-12-17 21:16 - 00000000 ___DC C:\WINDOWS\Panther 2013-12-18 21:57 - 2013-12-18 21:57 - 00000000 ____D C:\AMD 2013-12-18 21:52 - 2013-12-18 21:52 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\ATI 2013-12-18 21:52 - 2013-12-18 21:52 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\ATI 2013-12-18 21:52 - 2013-12-18 21:52 - 00000000 ____D C:\ProgramData\ATI 2013-12-18 21:45 - 2013-12-18 21:45 - 00000000 ____D C:\Users\AcerXYZ\PicStream 2013-12-18 21:45 - 2013-12-18 21:44 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\clear.fi 2013-12-18 21:44 - 2013-12-18 21:44 - 00000000 ____D C:\Users\Public\OEM 2013-12-18 21:44 - 2013-12-18 21:44 - 00000000 ____D C:\Users\AcerXYZ\Documents\clear.fi 2013-12-18 21:26 - 2013-12-18 21:26 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Intel_Corporation 2013-12-18 21:11 - 2013-12-17 21:20 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Pokki 2013-12-18 21:09 - 2013-12-18 21:09 - 00001159 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-12-18 21:09 - 2013-12-18 21:09 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\Mozilla 2013-12-18 21:09 - 2013-12-18 21:09 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Mozilla 2013-12-18 21:09 - 2013-12-18 21:09 - 00000000 ____D C:\ProgramData\Mozilla 2013-12-18 21:09 - 2013-12-18 21:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-12-18 21:09 - 2013-12-18 21:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-18 21:06 - 2013-12-17 21:51 - 00623712 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys 2013-12-18 21:06 - 2013-06-06 17:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kneps.sys 2013-12-18 21:06 - 2012-07-27 18:38 - 00029792 _____ (Kaspersky Lab) C:\WINDOWS\system32\Drivers\klelam.sys 2013-12-17 22:37 - 2013-12-17 22:35 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Roaming\Swiss Academic Software 2013-12-17 22:35 - 2013-12-17 22:35 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\Swiss Academic Software 2013-12-17 22:35 - 2013-12-17 22:35 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\Apps\2.0 2013-12-17 22:31 - 2013-12-17 22:31 - 00002346 _____ C:\Users\XYZOnAcer\Desktop\Sicherer Zahlungsverkehr.lnk 2013-12-17 22:31 - 2013-12-17 22:31 - 00001450 _____ C:\Users\XYZOnAcer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-12-17 22:31 - 2013-12-17 22:31 - 00000020 ___SH C:\Users\XYZOnAcer\ntuser.ini 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Vorlagen 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Startmenü 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Netzwerkumgebung 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Lokale Einstellungen 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Eigene Dateien 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Druckumgebung 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Documents\Eigene Musik 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Documents\Eigene Bilder 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\AppData\Local\Verlauf 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\AppData\Local\Anwendungsdaten 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Anwendungsdaten 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 ___RD C:\Users\XYZOnAcer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 ___RD C:\Users\XYZOnAcer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 ____D C:\Users\XYZOnAcer\Documents\Bluetooth Folder 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Roaming\Atheros 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\VirtualStore 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\Packages 2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\BMExplorer 2013-12-17 22:31 - 2013-12-17 22:30 - 00000000 ____D C:\Users\XYZOnAcer 2013-12-17 22:31 - 2013-12-17 21:21 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD 2013-12-17 22:31 - 2013-09-15 04:20 - 00000000 ____D C:\ProgramData\Atheros 2013-12-17 22:28 - 2013-12-17 15:26 - 00003562 _____ C:\WINDOWS\System32\Tasks\CreateChoiceProcessTask 2013-12-17 22:19 - 2013-12-17 22:17 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\Swiss Academic Software 2013-12-17 22:18 - 2013-12-17 22:17 - 00000000 ____D C:\Users\AcerXYZ\Documents\Citavi 4 2013-12-17 22:17 - 2013-12-17 22:17 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Swiss Academic Software 2013-12-17 22:15 - 2013-12-17 22:15 - 00001969 _____ C:\Users\Public\Desktop\Citavi 4.lnk 2013-12-17 22:15 - 2013-12-17 22:15 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Downloaded Installations 2013-12-17 22:15 - 2013-12-17 22:15 - 00000000 ____D C:\ProgramData\Swiss Academic Software 2013-12-17 22:15 - 2013-12-17 22:15 - 00000000 ____D C:\Program Files (x86)\Citavi 4 2013-12-17 22:15 - 2013-12-17 22:15 - 00000000 _____ C:\Recovery.txt 2013-12-17 22:13 - 2013-12-17 22:13 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf 2013-12-17 22:13 - 2013-12-17 22:13 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Apps\2.0 2013-12-17 22:13 - 2013-08-22 15:46 - 00288801 _____ C:\WINDOWS\setupact.log 2013-12-17 22:11 - 2013-12-17 21:45 - 00000000 __RDO C:\Users\AcerXYZ\SkyDrive 2013-12-17 22:10 - 2013-12-17 22:10 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive 2013-12-17 22:07 - 2013-12-17 22:07 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\Macromedia 2013-12-17 22:06 - 2013-12-17 22:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2013-12-17 22:04 - 2013-12-17 22:03 - 00000000 ____D C:\Program Files\Microsoft Office 15 2013-12-17 22:04 - 2013-12-17 21:20 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\VirtualStore 2013-12-17 22:02 - 2013-12-17 22:02 - 00000000 ____D C:\ProgramData\Pokki 2013-12-17 21:59 - 2013-10-17 15:47 - 00458336 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kl1.sys 2013-12-17 21:57 - 2013-12-17 21:57 - 00003954 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3A3DA8ED-E676-46E5-8CB8-4AAEEFB2FE44} 2013-12-17 21:56 - 2013-12-17 21:56 - 00000000 ___RD C:\WINDOWS\BrowserChoice 2013-12-17 21:56 - 2013-12-17 21:20 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Packages 2013-12-17 21:53 - 2013-12-17 21:53 - 00002346 _____ C:\Users\AcerXYZ\Desktop\Sicherer Zahlungsverkehr.lnk 2013-12-17 21:53 - 2013-12-17 21:53 - 00001341 _____ C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security.lnk 2013-12-17 21:52 - 2013-12-17 21:52 - 00001144 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2013-12-17 21:52 - 2013-12-17 21:52 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2013-12-17 21:52 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM 2013-12-17 21:52 - 2012-07-26 09:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2013-12-17 21:50 - 2013-08-12 14:07 - 00000000 ____D C:\Program Files (x86)\Acer 2013-12-17 21:49 - 2013-09-15 04:28 - 00000000 ____D C:\ProgramData\boost_interprocess 2013-12-17 21:48 - 2013-12-17 21:48 - 00000000 ____D C:\WINDOWS\system32\appmgmt 2013-12-17 21:48 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\restore 2013-12-17 21:46 - 2013-08-22 16:36 - 00000000 __RHD C:\Users\Public\Libraries 2013-12-17 21:44 - 2013-12-17 21:44 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information 2013-12-17 21:44 - 2013-12-17 21:44 - 00000000 ___HD C:\ProgramData\CanonBJ 2013-12-17 21:44 - 2013-12-17 21:44 - 00000000 ____D C:\Users\AcerXYZ\Documents\Bluetooth Folder 2013-12-17 21:44 - 2013-12-17 21:44 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\BMExplorer 2013-12-17 21:43 - 2013-12-17 21:43 - 00001450 _____ C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-12-17 21:43 - 2013-12-17 21:21 - 00000000 ___RD C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-12-17 21:43 - 2013-12-17 21:21 - 00000000 ___RD C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-12-17 21:42 - 2013-12-17 21:42 - 00000020 ___SH C:\Users\AcerXYZ\ntuser.ini 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Vorlagen 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Startmenü 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Eigene Dateien 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Druckumgebung 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Programme 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\ProgramData\Vorlagen 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\ProgramData\Startmenü 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\ProgramData\Dokumente 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien 2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Dokumente und Einstellungen 2013-12-17 21:32 - 2013-12-17 21:22 - 00020958 _____ C:\WINDOWS\diagwrn.xml 2013-12-17 21:32 - 2013-12-17 21:22 - 00020958 _____ C:\WINDOWS\diagerr.xml 2013-12-17 21:32 - 2013-12-17 20:54 - 00006598 _____ C:\WINDOWS\comsetup.log 2013-12-17 21:32 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Registration 2013-12-17 21:32 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows NT 2013-12-17 21:32 - 2013-08-22 14:36 - 00000000 __RHD C:\Users\Default 2013-12-17 21:31 - 2013-12-17 21:31 - 00022960 _____ C:\WINDOWS\system32\emptyregdb.dat 2013-12-17 21:29 - 2013-08-22 16:36 - 00000000 __RSD C:\WINDOWS\Media 2013-12-17 21:26 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Help 2013-12-17 21:26 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2013-12-17 21:25 - 2013-12-17 22:30 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\Pokki 2013-12-17 21:25 - 2013-12-17 21:25 - 00000000 ____D C:\Users\Default\AppData\Local\Pokki 2013-12-17 21:25 - 2013-12-17 21:25 - 00000000 ____D C:\Users\Default User\AppData\Local\Pokki 2013-12-17 21:25 - 2013-12-17 21:12 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer 2013-12-17 21:25 - 2013-11-14 08:15 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm 2013-12-17 21:25 - 2013-11-14 08:15 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN 2013-12-17 21:25 - 2013-11-14 08:15 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep 2013-12-17 21:25 - 2013-11-14 08:15 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr 2013-12-17 21:25 - 2013-11-14 08:15 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts 2013-12-17 21:25 - 2013-11-14 08:15 - 00000000 ____D C:\WINDOWS\system32\winrm 2013-12-17 21:25 - 2013-11-14 08:15 - 00000000 ____D C:\WINDOWS\system32\WCN 2013-12-17 21:25 - 2013-11-14 08:15 - 00000000 ____D C:\WINDOWS\system32\slmgr 2013-12-17 21:25 - 2013-11-14 08:15 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts 2013-12-17 21:25 - 2013-08-22 16:37 - 00004893 _____ C:\WINDOWS\DtcInstall.log 2013-12-17 21:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore 2013-12-17 21:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI 2013-12-17 21:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz 2013-12-17 21:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\IME 2013-12-17 21:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2013-12-17 21:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2013-12-17 21:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\spool 2013-12-17 21:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\MUI 2013-12-17 21:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\IME 2013-12-17 21:25 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI 2013-12-17 21:25 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe 2013-12-17 21:25 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2013-12-17 21:25 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\oobe 2013-12-17 21:25 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\Dism 2013-12-17 21:25 - 2012-07-26 06:37 - 00000000 ____D C:\Users\Default.migrated 2013-12-17 21:24 - 2013-12-17 21:18 - 00000000 ____D C:\Program Files\Intel 2013-12-17 21:24 - 2013-12-17 21:18 - 00000000 ____D C:\Program Files (x86)\Intel 2013-12-17 21:24 - 2013-11-14 08:19 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-12-17 21:24 - 2013-11-14 08:19 - 00000000 ____D C:\Program Files\Windows Journal 2013-12-17 21:24 - 2013-08-22 16:43 - 00000000 ____D C:\WINDOWS\DigitalLocker 2013-12-17 21:24 - 2013-08-22 16:36 - 00000000 __SHD C:\Program Files\Windows Sidebar 2013-12-17 21:24 - 2013-08-22 16:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar 2013-12-17 21:24 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2013-12-17 21:24 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2013-12-17 21:24 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\IME 2013-12-17 21:24 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2013-12-17 21:24 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\System 2013-12-17 21:24 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2013-12-17 21:24 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2013-12-17 21:24 - 2013-08-12 13:51 - 00000000 ____D C:\ProgramData\PRICache 2013-12-17 21:23 - 2013-12-17 21:23 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate 2013-12-17 21:23 - 2013-12-17 21:22 - 00000000 ___RD C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2013-12-17 21:23 - 2013-12-17 20:05 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acer 2013-12-17 21:23 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\Recovery 2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Vorlagen 2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Startmenü 2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Netzwerkumgebung 2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Lokale Einstellungen 2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Eigene Dateien 2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Druckumgebung 2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Documents\Eigene Musik 2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Documents\Eigene Bilder 2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\AppData\Local\Verlauf 2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\AppData\Local\Anwendungsdaten 2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Anwendungsdaten 2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\Atheros 2013-12-17 21:21 - 2013-12-17 21:21 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\Adobe 2013-12-17 21:21 - 2013-12-17 21:21 - 00000000 ____D C:\ProgramData\OEM_YAHOO 2013-12-17 21:19 - 2013-08-22 15:46 - 00000084 _____ C:\WINDOWS\setuperr.log 2013-12-17 21:18 - 2013-12-17 21:18 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2013-12-17 21:18 - 2013-12-17 21:18 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf 2013-12-17 21:18 - 2013-12-17 21:18 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2013-12-17 21:18 - 2013-12-17 21:18 - 00000000 ____D C:\Program Files\Realtek 2013-12-17 21:18 - 2013-12-17 21:18 - 00000000 ____D C:\Program Files\Elantech 2013-12-17 21:18 - 2013-12-17 21:18 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies 2013-12-17 21:18 - 2013-12-17 21:18 - 00000000 ____D C:\Program Files\AMD 2013-12-17 21:16 - 2013-12-17 21:16 - 00000000 __SHD C:\Recovery 2013-12-17 21:15 - 2013-12-17 21:15 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2013-12-17 21:15 - 2013-12-17 21:15 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll 2013-12-17 21:15 - 2013-12-17 21:15 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll 2013-12-17 21:15 - 2013-12-17 21:15 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2013-12-17 21:15 - 2013-12-17 21:15 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll 2013-12-17 21:15 - 2013-12-17 21:15 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll 2013-12-17 21:15 - 2013-12-17 21:15 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll 2013-12-17 21:15 - 2013-12-17 21:15 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll 2013-12-17 21:15 - 2013-12-17 21:15 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll 2013-12-17 21:15 - 2013-08-22 16:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template 2013-12-17 21:14 - 2013-12-17 21:14 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2013-12-17 21:14 - 2013-12-17 21:14 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2013-12-17 21:14 - 2013-12-17 21:14 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2013-12-17 21:14 - 2013-12-17 21:14 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2013-12-17 21:14 - 2013-12-17 21:14 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe 2013-12-17 21:14 - 2013-12-17 21:14 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2013-12-17 21:14 - 2013-12-17 21:14 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2013-12-17 21:14 - 2013-12-17 21:14 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2013-12-17 21:14 - 2013-12-17 21:14 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2013-12-17 21:14 - 2013-12-17 21:14 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe 2013-12-17 21:14 - 2013-12-17 21:14 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2013-12-17 21:14 - 2013-12-17 21:14 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2013-12-17 21:14 - 2013-12-17 21:14 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe 2013-12-17 21:14 - 2013-12-17 21:14 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2013-12-17 21:14 - 2013-12-17 21:14 - 00449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgr.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2013-12-17 21:14 - 2013-12-17 21:14 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2013-12-17 21:14 - 2013-12-17 21:14 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2013-12-17 21:14 - 2013-12-17 21:14 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2013-12-17 21:14 - 2013-12-17 21:14 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys 2013-12-17 21:14 - 2013-12-17 21:14 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2013-12-17 21:14 - 2013-12-17 21:14 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys 2013-12-17 21:14 - 2013-12-17 21:14 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll 2013-12-17 21:14 - 2013-12-17 21:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll 2013-12-17 21:14 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData 2013-12-17 21:14 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer 2013-12-17 21:14 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager 2013-12-17 21:14 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera 2013-12-17 21:13 - 2013-12-17 21:13 - 00262144 _____ C:\WINDOWS\system32\config\userdiff 2013-12-17 21:12 - 2013-12-17 21:12 - 00000000 ____D C:\Program Files\Reference Assemblies 2013-12-17 21:12 - 2013-12-17 21:12 - 00000000 ____D C:\Program Files\MSBuild 2013-12-17 21:12 - 2013-12-17 21:12 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2013-12-17 21:12 - 2013-12-17 21:12 - 00000000 ____D C:\Program Files (x86)\MSBuild 2013-12-17 20:58 - 2013-09-15 03:56 - 01530870 _____ C:\WINDOWS\WindowsUpdate (1).log 2013-12-17 20:32 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent 2013-12-17 20:05 - 2013-08-12 14:34 - 00000000 ___HD C:\OEM 2013-12-17 20:04 - 2013-12-17 20:03 - 00011713 _____ C:\Users\AcerXYZ\AppData\Local\HWVendorDetection.log 2013-12-17 19:45 - 2013-09-15 04:45 - 00780976 _____ C:\WINDOWS\system32\perfh010.dat 2013-12-17 19:45 - 2013-09-15 04:45 - 00152608 _____ C:\WINDOWS\system32\perfc010.dat 2013-12-17 19:45 - 2013-09-15 04:39 - 00790022 _____ C:\WINDOWS\system32\perfh00C.dat 2013-12-17 19:45 - 2013-09-15 04:39 - 00155084 _____ C:\WINDOWS\system32\perfc00C.dat 2013-12-17 19:20 - 2013-12-17 19:19 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-12-17 18:30 - 2013-08-12 14:04 - 00000000 ____D C:\ProgramData\McAfee 2013-12-17 18:30 - 2013-08-12 14:04 - 00000000 ____D C:\Program Files\Common Files\mcafee 2013-12-17 18:30 - 2013-08-12 14:04 - 00000000 ____D C:\Program Files (x86)\McAfee 2013-12-17 18:15 - 2013-12-17 18:15 - 00000493 _____ C:\Users\AcerXYZ\Desktop\Windows Update - Verknüpfung.lnk 2013-12-17 17:40 - 2013-12-17 17:40 - 00002060 _____ C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk 2013-12-17 15:27 - 2013-12-17 15:08 - 00000000 ____D C:\WINDOWS\CSC 2013-12-04 01:05 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2013-12-04 01:05 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-01 14:42 - 2013-12-17 19:19 - 90708896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe Some content of TEMP: ==================== C:\Users\AcerXYZ\AppData\Local\Temp\catalyst_mobility_64-bit_util.exe C:\Users\AcerXYZ\AppData\Local\Temp\OfficeSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-18 21:38 ==================== End Of Log ============================ GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-21 15:03:53
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002c WDC_WD7500BPVX-22JC3T0 rev.01.01A01 698.64GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ACERPH~1\AppData\Local\Temp\kfdiipow.sys
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffa35bd169a 4 bytes [BD, 35, FA, 7F]
.text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffa35bd16a2 4 bytes [BD, 35, FA, 7F]
.text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffa35bd181a 4 bytes [BD, 35, FA, 7F]
.text C:\WINDOWS\system32\atiesrxx.exe[1008] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffa35bd1832 4 bytes [BD, 35, FA, 7F]
.text C:\WINDOWS\system32\atieclxx.exe[1032] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffa35bd169a 4 bytes [BD, 35, FA, 7F]
.text C:\WINDOWS\system32\atieclxx.exe[1032] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffa35bd16a2 4 bytes [BD, 35, FA, 7F]
.text C:\WINDOWS\system32\atieclxx.exe[1032] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffa35bd181a 4 bytes [BD, 35, FA, 7F]
.text C:\WINDOWS\system32\atieclxx.exe[1032] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffa35bd1832 4 bytes [BD, 35, FA, 7F]
.text C:\WINDOWS\System32\spoolsv.exe[1416] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffa35bd169a 4 bytes [BD, 35, FA, 7F]
.text C:\WINDOWS\System32\spoolsv.exe[1416] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffa35bd16a2 4 bytes [BD, 35, FA, 7F]
.text C:\WINDOWS\System32\spoolsv.exe[1416] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffa35bd181a 4 bytes [BD, 35, FA, 7F]
.text C:\WINDOWS\System32\spoolsv.exe[1416] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffa35bd1832 4 bytes [BD, 35, FA, 7F]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1816] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffa35bd169a 4 bytes [BD, 35, FA, 7F]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1816] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffa35bd16a2 4 bytes [BD, 35, FA, 7F]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1816] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffa35bd181a 4 bytes [BD, 35, FA, 7F]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1816] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffa35bd1832 4 bytes [BD, 35, FA, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[3208] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffa35bd169a 4 bytes [BD, 35, FA, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[3208] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffa35bd16a2 4 bytes [BD, 35, FA, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[3208] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffa35bd181a 4 bytes [BD, 35, FA, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[3208] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffa35bd1832 4 bytes [BD, 35, FA, 7F]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [700:724] fffff9600083e4d0
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Geändert von glühwein (21.12.2013 um 15:40 Uhr) Grund: Logs der Scan eingefügt. |
|
21.12.2013, 15:53
| #2 |
| /// the machine /// TB-Ausbilder    | Win 8.1: Button Konto verwalten in Word 2013 öffnet dubiose Seite Hi,
__________________Log von Malwarebytes? Wo ist Office 365 bezogen worden?
__________________ |
|
21.12.2013, 16:47
| #3 |
| | Win 8.1: Button Konto verwalten in Word 2013 öffnet dubiose Seite Hi
__________________Danke für die prompte Reaktion. Malwarebyte hat nichts gefunden. Ich lasse ihn nochmals laufen und versuche das Log zu finden. Das Office 365 habe ich offiziell im Media Markt erworben und habe es dann mit dem Product Key wie beschrieben über www.office.com/setup gedownloaded installiert. Anbei noch das Malwarebyte-Log: (Malewarebyte hat gemeldet, dass keine Schadsoftware gefunden wurde) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 Datenbank Version: v2013.12.21.03 Windows 8 x64 NTFS Internet Explorer 11.0.9600.16476 AcerXYZ :: HOMEACER [Administrator] Schutz: Aktiviert 21.12.2013 15:56:55 mbam-log-2013-12-21 (15-56-55).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 364694 Laufzeit: 24 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v3.015 - Bericht erstellt am 21/12/2013 um 16:30:15
# Updated 10/12/2013 von Xplode
# Betriebssystem : Windows 8.1 Pro with Media Center (64 bits)
# Benutzername : AcerXYZ - HOMEACER
# Gestartet von : C:\Users\AcerXYZ\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Pokki
Ordner Gelöscht : C:\Users\AcerXYZ\AppData\Local\Pokki
Ordner Gelöscht : C:\Users\XYZOnAcer\AppData\Local\Pokki
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Schlüssel Gelöscht : HKCU\Software\Pokki
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16384
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\AcerXYZ\AppData\Roaming\Mozilla\Firefox\Profiles\u8elastf.default\prefs.js ]
[ Datei : C:\Users\XYZOnAcer\AppData\Roaming\Mozilla\Firefox\Profiles\pic9ayop.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [1366 octets] - [21/12/2013 14:13:55]
AdwCleaner[R1].txt - [1416 octets] - [21/12/2013 16:29:54]
AdwCleaner[S0].txt - [1297 octets] - [21/12/2013 16:30:15]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1357 octets] ##########
Das Problem ist immer noch vorhanden. |
|
22.12.2013, 07:16
| #4 |
| /// the machine /// TB-Ausbilder | Win 8.1: Button Konto verwalten in Word 2013 öffnet dubiose Seite Downloade dir bitte Windows Repair (All In One) von hier.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.12.2013, 14:03
| #5 |
| | Win 8.1: Button Konto verwalten in Word 2013 öffnet dubiose Seite Hi Die neuste Version von Windows Repair 2.1.0 von Filepony sieht ein wenig anders aus. Ich kann diese nicht installieren sondern nur via exe ausführen. Im Schritt Start Repairs kann ich nicht zwischen den einzelnen Modi wählen, sondern nur Start klicken. Kann ich es so trotzdem ausführen? => ich habe es herausgefunden wie es geht, die Einstellungen kommen nach dem klicken von Start. Ich habe Windows Repair ausgeführt. Die Seite www.44e.com wird immer noch geöffnet. Anbei der FRST Scan: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2013 02
Ran by AcerXYZ (administrator) on HOMEACER on 22-12-2013 10:48:07
Running from C:\Users\XYZOnAcer\Downloads
Windows 8.1 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2890640 2013-04-22] (ELAN Microelectronics Corp.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-04-15] ( (Atheros Communications))
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM - DefaultScope {D68C1CDB-A4AA-4204-92EB-379C6EBBB7E7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ch.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM - {D68C1CDB-A4AA-4204-92EB-379C6EBBB7E7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ch.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 - {D68C1CDB-A4AA-4204-92EB-379C6EBBB7E7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {D68C1CDB-A4AA-4204-92EB-379C6EBBB7E7} URL =
SearchScopes: HKCU - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ch.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKCU - {D68C1CDB-A4AA-4204-92EB-379C6EBBB7E7} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\AcerXYZ\AppData\Roaming\Mozilla\Firefox\Profiles\u8elastf.default
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\AcerXYZ\AppData\Roaming\Mozilla\Firefox\Profiles\u8elastf.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
==================== Services (Whitelisted) =================
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [228480 2013-04-15] (Qualcomm Atheros Commnucations)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-08] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-06-18] (Acer Incorporate)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-11-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-04-15] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-12-17] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-11-14] (Microsoft Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-17] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2013-12-18] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [623712 2013-12-18] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [64608 2013-05-07] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2013-12-18] (Kaspersky Lab ZAO)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-08] (Intel Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-12-17] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [112224 2013-06-08] (Kaspersky Lab ZAO)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-22 10:48 - 2013-12-22 10:48 - 00015720 _____ C:\Users\XYZOnAcer\Downloads\FRST.txt
2013-12-22 10:26 - 2013-12-22 10:40 - 00181064 _____ (Sysinternals) C:\WINDOWS\PSEXESVC.EXE
2013-12-22 10:22 - 2013-12-22 10:22 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-HOMEACER-Microsoft-Windows-8.1-Pro-mit-Media-Center-(64-bit).dat
2013-12-22 10:21 - 2013-12-22 10:21 - 00000000 ____D C:\RegBackup
2013-12-22 09:33 - 2013-12-22 09:33 - 00003176 ____N C:\bootsqm.dat
2013-12-22 09:27 - 2013-12-22 09:27 - 00000000 ____D C:\Users\AcerXYZ\Downloads\tweaking.com_windows_repair_aio
2013-12-22 09:26 - 2013-12-22 09:26 - 02900332 _____ C:\Users\AcerXYZ\Downloads\tweaking.com_windows_repair_aio.zip
2013-12-21 16:39 - 2013-12-21 16:39 - 00001159 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-21 16:39 - 2013-12-21 16:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-21 16:28 - 2013-12-21 16:28 - 01226750 _____ C:\Users\AcerXYZ\Downloads\adwcleaner.exe
2013-12-21 14:55 - 2013-12-22 10:46 - 00000000 ____D C:\Users\AcerXYZ\Desktop\scan
2013-12-21 14:51 - 2013-12-21 14:51 - 00000000 ____D C:\FRST
2013-12-21 14:50 - 2013-12-21 14:50 - 00000484 _____ C:\Users\XYZOnAcer\Downloads\defogger_disable.log
2013-12-21 14:50 - 2013-12-21 14:50 - 00000000 _____ C:\Users\AcerXYZ\defogger_reenable
2013-12-21 14:48 - 2013-12-21 14:48 - 00377856 _____ C:\Users\AcerXYZ\Downloads\gmer_2.1.19163.exe
2013-12-21 14:18 - 2013-12-21 14:18 - 00001121 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-21 14:18 - 2013-12-21 14:18 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\Malwarebytes
2013-12-21 14:18 - 2013-12-21 14:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-21 14:18 - 2013-12-21 14:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-21 14:18 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-12-21 14:13 - 2013-12-21 16:30 - 00000000 ____D C:\AdwCleaner
2013-12-21 14:08 - 2013-12-21 14:08 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Microsoft Help
2013-12-21 13:58 - 2013-12-21 13:58 - 01226802 _____ C:\Users\XYZOnAcer\Downloads\adwcleaner_3.0.1.5.exe
2013-12-21 13:56 - 2013-12-21 13:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\XYZOnAcer\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-21 13:52 - 2013-12-21 13:52 - 02193141 _____ (Farbar) C:\Users\XYZOnAcer\Downloads\FRST64.exe
2013-12-21 13:52 - 2013-12-21 13:52 - 00050477 _____ C:\Users\XYZOnAcer\Downloads\Defogger.exe
2013-12-21 13:34 - 2013-12-21 13:34 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Roaming\Macromedia
2013-12-21 09:24 - 2013-12-21 09:24 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Roaming\Mozilla
2013-12-21 09:24 - 2013-12-21 09:24 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\Mozilla
2013-12-19 10:48 - 2013-12-19 10:48 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\Microsoft Help
2013-12-19 10:26 - 2013-12-19 10:26 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\Adobe
2013-12-19 09:51 - 2013-12-19 09:51 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\clear.fi
2013-12-19 09:47 - 2013-12-19 09:49 - 00000000 ____D C:\Users\XYZOnAcer\Documents\masterarbeit
2013-12-19 09:47 - 2013-12-19 09:47 - 00047104 ___SH C:\Users\XYZOnAcer\Desktop\Thumbs.db
2013-12-19 09:47 - 2013-12-19 09:47 - 00001464 _____ C:\Users\XYZOnAcer\Desktop\masterarbeit - Verknüpfung.lnk
2013-12-19 07:23 - 2013-12-19 07:23 - 00002043 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-12-19 07:23 - 2013-12-19 07:23 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-19 07:22 - 2013-12-19 07:23 - 00000000 ____D C:\ProgramData\Adobe
2013-12-19 07:16 - 2013-12-19 07:24 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Adobe
2013-12-18 22:06 - 2013-12-18 22:06 - 00000493 _____ C:\Users\AcerXYZ\Desktop\Wartungscenter - Verknüpfung.lnk
2013-12-18 21:57 - 2013-12-18 21:57 - 00000000 ____D C:\AMD
2013-12-18 21:52 - 2013-12-18 21:52 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\ATI
2013-12-18 21:52 - 2013-12-18 21:52 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\ATI
2013-12-18 21:52 - 2013-12-18 21:52 - 00000000 ____D C:\ProgramData\ATI
2013-12-18 21:45 - 2013-12-18 21:45 - 00000000 ____D C:\Users\AcerXYZ\PicStream
2013-12-18 21:44 - 2013-12-18 21:45 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\clear.fi
2013-12-18 21:44 - 2013-12-18 21:44 - 00000000 ____D C:\Users\Public\OEM
2013-12-18 21:44 - 2013-12-18 21:44 - 00000000 ____D C:\Users\AcerXYZ\Documents\clear.fi
2013-12-18 21:26 - 2013-12-18 21:26 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Intel_Corporation
2013-12-18 21:09 - 2013-12-21 16:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-18 21:09 - 2013-12-18 21:09 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\Mozilla
2013-12-18 21:09 - 2013-12-18 21:09 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Mozilla
2013-12-18 21:09 - 2013-12-18 21:09 - 00000000 ____D C:\ProgramData\Mozilla
2013-12-18 20:41 - 2013-12-21 09:19 - 00003962 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3FC13721-6C14-4BD9-A303-4887F701ADD7}
2013-12-17 22:36 - 2013-12-21 13:27 - 00003592 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-698567670-189481497-758974349-1004
2013-12-17 22:35 - 2013-12-21 13:59 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\Deployment
2013-12-17 22:35 - 2013-12-19 11:28 - 00000000 ____D C:\Users\XYZOnAcer\Documents\Citavi 4
2013-12-17 22:35 - 2013-12-17 22:37 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Roaming\Swiss Academic Software
2013-12-17 22:35 - 2013-12-17 22:35 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\Swiss Academic Software
2013-12-17 22:35 - 2013-12-17 22:35 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\Apps\2.0
2013-12-17 22:31 - 2013-12-19 10:26 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Roaming\Adobe
2013-12-17 22:31 - 2013-12-17 22:31 - 00002346 _____ C:\Users\XYZOnAcer\Desktop\Sicherer Zahlungsverkehr.lnk
2013-12-17 22:31 - 2013-12-17 22:31 - 00001450 _____ C:\Users\XYZOnAcer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-17 22:31 - 2013-12-17 22:31 - 00000020 ___SH C:\Users\XYZOnAcer\ntuser.ini
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Vorlagen
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Startmenü
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Netzwerkumgebung
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Lokale Einstellungen
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Eigene Dateien
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Druckumgebung
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Documents\Eigene Musik
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Documents\Eigene Bilder
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\AppData\Local\Verlauf
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\AppData\Local\Anwendungsdaten
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Anwendungsdaten
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 ___RD C:\Users\XYZOnAcer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 ___RD C:\Users\XYZOnAcer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 ____D C:\Users\XYZOnAcer\Documents\Bluetooth Folder
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Roaming\Atheros
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\VirtualStore
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\Packages
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\BMExplorer
2013-12-17 22:30 - 2013-12-17 22:31 - 00000000 ____D C:\Users\XYZOnAcer
2013-12-17 22:30 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\XYZOnAcer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-12-17 22:30 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\XYZOnAcer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-17 22:30 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\XYZOnAcer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-12-17 22:30 - 2013-08-22 16:36 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-12-17 22:17 - 2013-12-17 22:19 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\Swiss Academic Software
2013-12-17 22:17 - 2013-12-17 22:18 - 00000000 ____D C:\Users\AcerXYZ\Documents\Citavi 4
2013-12-17 22:17 - 2013-12-17 22:17 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Swiss Academic Software
2013-12-17 22:15 - 2013-12-17 22:15 - 00001969 _____ C:\Users\Public\Desktop\Citavi 4.lnk
2013-12-17 22:15 - 2013-12-17 22:15 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Downloaded Installations
2013-12-17 22:15 - 2013-12-17 22:15 - 00000000 ____D C:\ProgramData\Swiss Academic Software
2013-12-17 22:15 - 2013-12-17 22:15 - 00000000 ____D C:\Program Files (x86)\Citavi 4
2013-12-17 22:15 - 2013-12-17 22:15 - 00000000 _____ C:\Recovery.txt
2013-12-17 22:13 - 2013-12-21 14:07 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Deployment
2013-12-17 22:13 - 2013-12-17 22:13 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2013-12-17 22:13 - 2013-12-17 22:13 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Apps\2.0
2013-12-17 22:11 - 2013-12-22 10:43 - 00005160 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for HOMEACER-AcerXYZ HomeAcer
2013-12-17 22:10 - 2013-12-17 22:10 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2013-12-17 22:07 - 2013-12-17 22:07 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\Macromedia
2013-12-17 22:06 - 2013-12-17 22:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-12-17 22:03 - 2013-12-17 22:04 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-12-17 21:57 - 2013-12-22 09:27 - 00003954 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3A3DA8ED-E676-46E5-8CB8-4AAEEFB2FE44}
2013-12-17 21:56 - 2013-12-17 21:56 - 00000000 ___RD C:\WINDOWS\BrowserChoice
2013-12-17 21:53 - 2013-12-17 21:53 - 00002346 _____ C:\Users\AcerXYZ\Desktop\Sicherer Zahlungsverkehr.lnk
2013-12-17 21:53 - 2013-12-17 21:53 - 00001341 _____ C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security.lnk
2013-12-17 21:52 - 2013-12-22 10:42 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-12-17 21:52 - 2013-12-17 21:52 - 00001144 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2013-12-17 21:52 - 2013-12-17 21:52 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-12-17 21:52 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2013-12-17 21:51 - 2013-12-18 21:06 - 00623712 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2013-12-17 21:51 - 2013-06-08 20:18 - 00112224 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klflt.sys
2013-12-17 21:48 - 2013-12-17 21:48 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2013-12-17 21:45 - 2013-12-17 22:11 - 00000000 __RDO C:\Users\AcerXYZ\SkyDrive
2013-12-17 21:44 - 2013-12-17 21:44 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2013-12-17 21:44 - 2013-12-17 21:44 - 00000000 ___HD C:\ProgramData\CanonBJ
2013-12-17 21:44 - 2013-12-17 21:44 - 00000000 ____D C:\Users\AcerXYZ\Documents\Bluetooth Folder
2013-12-17 21:44 - 2013-12-17 21:44 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\BMExplorer
2013-12-17 21:44 - 2010-08-25 05:00 - 00361472 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMAH.DLL
2013-12-17 21:43 - 2013-12-17 21:43 - 00001450 _____ C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-17 21:42 - 2013-12-17 21:42 - 00000020 ___SH C:\Users\AcerXYZ\ntuser.ini
2013-12-17 21:32 - 2013-12-22 10:42 - 01388424 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Vorlagen
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Programme
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\ProgramData\Vorlagen
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Dokumente und Einstellungen
2013-12-17 21:31 - 2013-12-17 21:31 - 00022960 _____ C:\WINDOWS\system32\emptyregdb.dat
2013-12-17 21:25 - 2013-12-17 21:25 - 00000000 ____D C:\Users\Default\AppData\Local\Pokki
2013-12-17 21:25 - 2013-12-17 21:25 - 00000000 ____D C:\Users\Default User\AppData\Local\Pokki
2013-12-17 21:23 - 2013-12-17 21:23 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2013-12-17 21:22 - 2013-12-21 14:50 - 00000000 ____D C:\Users\AcerXYZ
2013-12-17 21:22 - 2013-12-17 21:32 - 00020958 _____ C:\WINDOWS\diagwrn.xml
2013-12-17 21:22 - 2013-12-17 21:32 - 00020958 _____ C:\WINDOWS\diagerr.xml
2013-12-17 21:22 - 2013-12-17 21:23 - 00000000 ___RD C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Vorlagen
2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Startmenü
2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Netzwerkumgebung
2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Lokale Einstellungen
2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Eigene Dateien
2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Druckumgebung
2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Documents\Eigene Musik
2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Documents\Eigene Bilder
2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\AppData\Local\Verlauf
2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\AppData\Local\Anwendungsdaten
2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Anwendungsdaten
2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\Atheros
2013-12-17 21:22 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-17 21:22 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-12-17 21:22 - 2013-08-22 16:36 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-12-17 21:21 - 2013-12-17 22:31 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2013-12-17 21:21 - 2013-12-17 21:43 - 00000000 ___RD C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-17 21:21 - 2013-12-17 21:43 - 00000000 ___RD C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-17 21:21 - 2013-12-17 21:21 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\Adobe
2013-12-17 21:21 - 2013-12-17 21:21 - 00000000 ____D C:\ProgramData\OEM_YAHOO
2013-12-17 21:20 - 2013-12-17 22:04 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\VirtualStore
2013-12-17 21:20 - 2013-12-17 21:56 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Packages
2013-12-17 21:18 - 2013-12-17 21:24 - 00000000 ____D C:\Program Files\Intel
2013-12-17 21:18 - 2013-12-17 21:24 - 00000000 ____D C:\Program Files (x86)\Intel
2013-12-17 21:18 - 2013-12-17 21:18 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2013-12-17 21:18 - 2013-12-17 21:18 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2013-12-17 21:18 - 2013-12-17 21:18 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2013-12-17 21:18 - 2013-12-17 21:18 - 00000000 ____D C:\Program Files\Realtek
2013-12-17 21:18 - 2013-12-17 21:18 - 00000000 ____D C:\Program Files\Elantech
2013-12-17 21:18 - 2013-12-17 21:18 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-12-17 21:18 - 2013-12-17 21:18 - 00000000 ____D C:\Program Files\AMD
2013-12-17 21:16 - 2013-12-18 22:05 - 00000000 ___DC C:\WINDOWS\Panther
2013-12-17 21:16 - 2013-12-17 21:16 - 00000000 __SHD C:\Recovery
2013-12-17 21:15 - 2013-12-17 21:15 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2013-12-17 21:15 - 2013-12-17 21:15 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2013-12-17 21:15 - 2013-12-17 21:15 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2013-12-17 21:15 - 2013-12-17 21:15 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2013-12-17 21:15 - 2013-12-17 21:15 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2013-12-17 21:15 - 2013-12-17 21:15 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2013-12-17 21:15 - 2013-12-17 21:15 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2013-12-17 21:15 - 2013-12-17 21:15 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2013-12-17 21:15 - 2013-12-17 21:15 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-12-17 21:14 - 2013-12-17 21:14 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-12-17 21:14 - 2013-12-17 21:14 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2013-12-17 21:14 - 2013-12-17 21:14 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2013-12-17 21:14 - 2013-12-17 21:14 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2013-12-17 21:14 - 2013-12-17 21:14 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2013-12-17 21:14 - 2013-12-17 21:14 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-12-17 21:14 - 2013-12-17 21:14 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2013-12-17 21:14 - 2013-12-17 21:14 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2013-12-17 21:14 - 2013-12-17 21:14 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2013-12-17 21:14 - 2013-12-17 21:14 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2013-12-17 21:14 - 2013-12-17 21:14 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2013-12-17 21:14 - 2013-12-17 21:14 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2013-12-17 21:14 - 2013-12-17 21:14 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2013-12-17 21:14 - 2013-12-17 21:14 - 00449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgr.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2013-12-17 21:14 - 2013-12-17 21:14 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-12-17 21:14 - 2013-12-17 21:14 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-12-17 21:14 - 2013-12-17 21:14 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-12-17 21:14 - 2013-12-17 21:14 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2013-12-17 21:14 - 2013-12-17 21:14 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2013-12-17 21:14 - 2013-12-17 21:14 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2013-12-17 21:14 - 2013-12-17 21:14 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2013-12-17 21:13 - 2013-12-17 21:13 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2013-12-17 21:12 - 2013-12-17 21:25 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2013-12-17 21:12 - 2013-12-17 21:12 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-12-17 21:12 - 2013-12-17 21:12 - 00000000 ____D C:\Program Files\MSBuild
2013-12-17 21:12 - 2013-12-17 21:12 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-12-17 21:12 - 2013-12-17 21:12 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-12-17 21:11 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2013-12-17 21:11 - 2013-08-03 05:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2013-12-17 21:11 - 2013-08-03 05:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2013-12-17 21:11 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2013-12-17 21:11 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-12-17 21:11 - 2013-08-03 05:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2013-12-17 20:54 - 2013-12-17 21:32 - 00006598 _____ C:\WINDOWS\comsetup.log
2013-12-17 20:05 - 2013-12-17 21:23 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acer
2013-12-17 20:03 - 2013-12-17 20:04 - 00011713 _____ C:\Users\AcerXYZ\AppData\Local\HWVendorDetection.log
2013-12-17 19:30 - 2013-11-19 11:21 - 00267936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2013-12-17 19:19 - 2013-12-17 19:20 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-17 19:19 - 2013-12-01 14:42 - 90708896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-17 18:35 - 2013-12-22 09:50 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-698567670-189481497-758974349-1001
2013-12-17 18:15 - 2013-12-17 18:15 - 00000493 _____ C:\Users\AcerXYZ\Desktop\Windows Update - Verknüpfung.lnk
2013-12-17 17:40 - 2013-12-17 17:40 - 00002060 _____ C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2013-12-17 15:26 - 2013-12-17 22:28 - 00003562 _____ C:\WINDOWS\System32\Tasks\CreateChoiceProcessTask
2013-12-17 15:08 - 2013-12-17 15:27 - 00000000 ____D C:\WINDOWS\CSC
2013-12-17 14:23 - 2013-05-04 05:51 - 00014848 ____N (Microsoft) C:\WINDOWS\system32\rars.rs
2013-12-17 14:23 - 2013-05-04 05:10 - 00014848 _____ (Microsoft) C:\WINDOWS\SysWOW64\rars.rs
==================== One Month Modified Files and Folders =======
2021-10-21 14:36 - 2013-09-15 04:09 - 00000852 _____ C:\WINDOWS\system32\Drivers\RTKHDRC.dat
2021-10-04 08:34 - 2013-09-15 04:09 - 00000712 _____ C:\WINDOWS\system32\Drivers\RTMICEQ0.dat
2013-12-22 10:48 - 2013-12-22 10:48 - 00015720 _____ C:\Users\XYZOnAcer\Downloads\FRST.txt
2013-12-22 10:46 - 2013-12-21 14:55 - 00000000 ____D C:\Users\AcerXYZ\Desktop\scan
2013-12-22 10:46 - 2013-11-14 08:39 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-22 10:46 - 2013-11-14 08:15 - 00751874 _____ C:\WINDOWS\system32\perfh007.dat
2013-12-22 10:46 - 2013-11-14 08:15 - 00155350 _____ C:\WINDOWS\system32\perfc007.dat
2013-12-22 10:43 - 2013-12-17 22:11 - 00005160 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for HOMEACER-AcerXYZ HomeAcer
2013-12-22 10:42 - 2013-12-17 21:52 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-12-22 10:42 - 2013-12-17 21:32 - 01388424 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-22 10:42 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-22 10:41 - 2013-11-13 23:27 - 00036114 _____ C:\WINDOWS\PFRO.log
2013-12-22 10:41 - 2013-08-22 15:44 - 00481632 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-22 10:40 - 2013-12-22 10:26 - 00181064 _____ (Sysinternals) C:\WINDOWS\PSEXESVC.EXE
2013-12-22 10:40 - 2012-07-26 06:26 - 00000160 _____ C:\WINDOWS\win.ini
2013-12-22 10:22 - 2013-12-22 10:22 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-HOMEACER-Microsoft-Windows-8.1-Pro-mit-Media-Center-(64-bit).dat
2013-12-22 10:21 - 2013-12-22 10:21 - 00000000 ____D C:\RegBackup
2013-12-22 10:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2013-12-22 09:50 - 2013-12-17 18:35 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-698567670-189481497-758974349-1001
2013-12-22 09:33 - 2013-12-22 09:33 - 00003176 ____N C:\bootsqm.dat
2013-12-22 09:27 - 2013-12-22 09:27 - 00000000 ____D C:\Users\AcerXYZ\Downloads\tweaking.com_windows_repair_aio
2013-12-22 09:27 - 2013-12-17 21:57 - 00003954 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3A3DA8ED-E676-46E5-8CB8-4AAEEFB2FE44}
2013-12-22 09:26 - 2013-12-22 09:26 - 02900332 _____ C:\Users\AcerXYZ\Downloads\tweaking.com_windows_repair_aio.zip
2013-12-21 16:39 - 2013-12-21 16:39 - 00001159 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-21 16:39 - 2013-12-21 16:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-21 16:39 - 2013-12-18 21:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-21 16:31 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2013-12-21 16:30 - 2013-12-21 14:13 - 00000000 ____D C:\AdwCleaner
2013-12-21 16:28 - 2013-12-21 16:28 - 01226750 _____ C:\Users\AcerXYZ\Downloads\adwcleaner.exe
2013-12-21 14:56 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2013-12-21 14:51 - 2013-12-21 14:51 - 00000000 ____D C:\FRST
2013-12-21 14:50 - 2013-12-21 14:50 - 00000484 _____ C:\Users\XYZOnAcer\Downloads\defogger_disable.log
2013-12-21 14:50 - 2013-12-21 14:50 - 00000000 _____ C:\Users\AcerXYZ\defogger_reenable
2013-12-21 14:50 - 2013-12-17 21:22 - 00000000 ____D C:\Users\AcerXYZ
2013-12-21 14:48 - 2013-12-21 14:48 - 00377856 _____ C:\Users\AcerXYZ\Downloads\gmer_2.1.19163.exe
2013-12-21 14:19 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2013-12-21 14:18 - 2013-12-21 14:18 - 00001121 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-21 14:18 - 2013-12-21 14:18 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\Malwarebytes
2013-12-21 14:18 - 2013-12-21 14:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-21 14:18 - 2013-12-21 14:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-21 14:08 - 2013-12-21 14:08 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Microsoft Help
2013-12-21 14:07 - 2013-12-17 22:13 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Deployment
2013-12-21 13:59 - 2013-12-17 22:35 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\Deployment
2013-12-21 13:58 - 2013-12-21 13:58 - 01226802 _____ C:\Users\XYZOnAcer\Downloads\adwcleaner_3.0.1.5.exe
2013-12-21 13:56 - 2013-12-21 13:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\XYZOnAcer\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-21 13:52 - 2013-12-21 13:52 - 02193141 _____ (Farbar) C:\Users\XYZOnAcer\Downloads\FRST64.exe
2013-12-21 13:52 - 2013-12-21 13:52 - 00050477 _____ C:\Users\XYZOnAcer\Downloads\Defogger.exe
2013-12-21 13:34 - 2013-12-21 13:34 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Roaming\Macromedia
2013-12-21 13:27 - 2013-12-17 22:36 - 00003592 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-698567670-189481497-758974349-1004
2013-12-21 09:24 - 2013-12-21 09:24 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Roaming\Mozilla
2013-12-21 09:24 - 2013-12-21 09:24 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\Mozilla
2013-12-21 09:19 - 2013-12-18 20:41 - 00003962 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3FC13721-6C14-4BD9-A303-4887F701ADD7}
2013-12-19 11:47 - 2013-09-15 04:28 - 00000000 ____D C:\ProgramData\Norton
2013-12-19 11:28 - 2013-12-17 22:35 - 00000000 ____D C:\Users\XYZOnAcer\Documents\Citavi 4
2013-12-19 10:48 - 2013-12-19 10:48 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\Microsoft Help
2013-12-19 10:26 - 2013-12-19 10:26 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\Adobe
2013-12-19 10:26 - 2013-12-17 22:31 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Roaming\Adobe
2013-12-19 09:51 - 2013-12-19 09:51 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\clear.fi
2013-12-19 09:49 - 2013-12-19 09:47 - 00000000 ____D C:\Users\XYZOnAcer\Documents\masterarbeit
2013-12-19 09:47 - 2013-12-19 09:47 - 00047104 ___SH C:\Users\XYZOnAcer\Desktop\Thumbs.db
2013-12-19 09:47 - 2013-12-19 09:47 - 00001464 _____ C:\Users\XYZOnAcer\Desktop\masterarbeit - Verknüpfung.lnk
2013-12-19 07:27 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2013-12-19 07:24 - 2013-12-19 07:16 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Adobe
2013-12-19 07:23 - 2013-12-19 07:23 - 00002043 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-12-19 07:23 - 2013-12-19 07:23 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-19 07:23 - 2013-12-19 07:22 - 00000000 ____D C:\ProgramData\Adobe
2013-12-18 22:06 - 2013-12-18 22:06 - 00000493 _____ C:\Users\AcerXYZ\Desktop\Wartungscenter - Verknüpfung.lnk
2013-12-18 22:05 - 2013-12-17 21:16 - 00000000 ___DC C:\WINDOWS\Panther
2013-12-18 21:57 - 2013-12-18 21:57 - 00000000 ____D C:\AMD
2013-12-18 21:52 - 2013-12-18 21:52 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\ATI
2013-12-18 21:52 - 2013-12-18 21:52 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\ATI
2013-12-18 21:52 - 2013-12-18 21:52 - 00000000 ____D C:\ProgramData\ATI
2013-12-18 21:45 - 2013-12-18 21:45 - 00000000 ____D C:\Users\AcerXYZ\PicStream
2013-12-18 21:45 - 2013-12-18 21:44 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\clear.fi
2013-12-18 21:44 - 2013-12-18 21:44 - 00000000 ____D C:\Users\Public\OEM
2013-12-18 21:44 - 2013-12-18 21:44 - 00000000 ____D C:\Users\AcerXYZ\Documents\clear.fi
2013-12-18 21:26 - 2013-12-18 21:26 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Intel_Corporation
2013-12-18 21:09 - 2013-12-18 21:09 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\Mozilla
2013-12-18 21:09 - 2013-12-18 21:09 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Mozilla
2013-12-18 21:09 - 2013-12-18 21:09 - 00000000 ____D C:\ProgramData\Mozilla
2013-12-18 21:06 - 2013-12-17 21:51 - 00623712 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2013-12-18 21:06 - 2013-06-06 17:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kneps.sys
2013-12-18 21:06 - 2012-07-27 18:38 - 00029792 _____ (Kaspersky Lab) C:\WINDOWS\system32\Drivers\klelam.sys
2013-12-17 22:37 - 2013-12-17 22:35 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Roaming\Swiss Academic Software
2013-12-17 22:35 - 2013-12-17 22:35 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\Swiss Academic Software
2013-12-17 22:35 - 2013-12-17 22:35 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\Apps\2.0
2013-12-17 22:31 - 2013-12-17 22:31 - 00002346 _____ C:\Users\XYZOnAcer\Desktop\Sicherer Zahlungsverkehr.lnk
2013-12-17 22:31 - 2013-12-17 22:31 - 00001450 _____ C:\Users\XYZOnAcer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-17 22:31 - 2013-12-17 22:31 - 00000020 ___SH C:\Users\XYZOnAcer\ntuser.ini
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Vorlagen
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Startmenü
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Netzwerkumgebung
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Lokale Einstellungen
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Eigene Dateien
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Druckumgebung
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Documents\Eigene Musik
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Documents\Eigene Bilder
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\AppData\Local\Verlauf
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\AppData\Local\Anwendungsdaten
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 _SHDL C:\Users\XYZOnAcer\Anwendungsdaten
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 ___RD C:\Users\XYZOnAcer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 ___RD C:\Users\XYZOnAcer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 ____D C:\Users\XYZOnAcer\Documents\Bluetooth Folder
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Roaming\Atheros
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\VirtualStore
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\Packages
2013-12-17 22:31 - 2013-12-17 22:31 - 00000000 ____D C:\Users\XYZOnAcer\AppData\Local\BMExplorer
2013-12-17 22:31 - 2013-12-17 22:30 - 00000000 ____D C:\Users\XYZOnAcer
2013-12-17 22:31 - 2013-12-17 21:21 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2013-12-17 22:31 - 2013-09-15 04:20 - 00000000 ____D C:\ProgramData\Atheros
2013-12-17 22:28 - 2013-12-17 15:26 - 00003562 _____ C:\WINDOWS\System32\Tasks\CreateChoiceProcessTask
2013-12-17 22:19 - 2013-12-17 22:17 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\Swiss Academic Software
2013-12-17 22:18 - 2013-12-17 22:17 - 00000000 ____D C:\Users\AcerXYZ\Documents\Citavi 4
2013-12-17 22:17 - 2013-12-17 22:17 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Swiss Academic Software
2013-12-17 22:15 - 2013-12-17 22:15 - 00001969 _____ C:\Users\Public\Desktop\Citavi 4.lnk
2013-12-17 22:15 - 2013-12-17 22:15 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Downloaded Installations
2013-12-17 22:15 - 2013-12-17 22:15 - 00000000 ____D C:\ProgramData\Swiss Academic Software
2013-12-17 22:15 - 2013-12-17 22:15 - 00000000 ____D C:\Program Files (x86)\Citavi 4
2013-12-17 22:15 - 2013-12-17 22:15 - 00000000 _____ C:\Recovery.txt
2013-12-17 22:13 - 2013-12-17 22:13 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2013-12-17 22:13 - 2013-12-17 22:13 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Apps\2.0
2013-12-17 22:13 - 2013-08-22 15:46 - 00288801 _____ C:\WINDOWS\setupact.log
2013-12-17 22:11 - 2013-12-17 21:45 - 00000000 __RDO C:\Users\AcerXYZ\SkyDrive
2013-12-17 22:10 - 2013-12-17 22:10 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2013-12-17 22:07 - 2013-12-17 22:07 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\Macromedia
2013-12-17 22:06 - 2013-12-17 22:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-12-17 22:04 - 2013-12-17 22:03 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-12-17 22:04 - 2013-12-17 21:20 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\VirtualStore
2013-12-17 21:59 - 2013-10-17 15:47 - 00458336 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kl1.sys
2013-12-17 21:56 - 2013-12-17 21:56 - 00000000 ___RD C:\WINDOWS\BrowserChoice
2013-12-17 21:56 - 2013-12-17 21:20 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\Packages
2013-12-17 21:53 - 2013-12-17 21:53 - 00002346 _____ C:\Users\AcerXYZ\Desktop\Sicherer Zahlungsverkehr.lnk
2013-12-17 21:53 - 2013-12-17 21:53 - 00001341 _____ C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security.lnk
2013-12-17 21:52 - 2013-12-17 21:52 - 00001144 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2013-12-17 21:52 - 2013-12-17 21:52 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-12-17 21:52 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2013-12-17 21:52 - 2012-07-26 09:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2013-12-17 21:50 - 2013-08-12 14:07 - 00000000 ____D C:\Program Files (x86)\Acer
2013-12-17 21:48 - 2013-12-17 21:48 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2013-12-17 21:48 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\restore
2013-12-17 21:46 - 2013-08-22 16:36 - 00000000 __RHD C:\Users\Public\Libraries
2013-12-17 21:44 - 2013-12-17 21:44 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2013-12-17 21:44 - 2013-12-17 21:44 - 00000000 ___HD C:\ProgramData\CanonBJ
2013-12-17 21:44 - 2013-12-17 21:44 - 00000000 ____D C:\Users\AcerXYZ\Documents\Bluetooth Folder
2013-12-17 21:44 - 2013-12-17 21:44 - 00000000 ____D C:\Users\AcerXYZ\AppData\Local\BMExplorer
2013-12-17 21:43 - 2013-12-17 21:43 - 00001450 _____ C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-17 21:43 - 2013-12-17 21:21 - 00000000 ___RD C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-17 21:43 - 2013-12-17 21:21 - 00000000 ___RD C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-17 21:42 - 2013-12-17 21:42 - 00000020 ___SH C:\Users\AcerXYZ\ntuser.ini
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Vorlagen
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Programme
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\ProgramData\Vorlagen
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2013-12-17 21:32 - 2013-12-17 21:32 - 00000000 _SHDL C:\Dokumente und Einstellungen
2013-12-17 21:32 - 2013-12-17 21:22 - 00020958 _____ C:\WINDOWS\diagwrn.xml
2013-12-17 21:32 - 2013-12-17 21:22 - 00020958 _____ C:\WINDOWS\diagerr.xml
2013-12-17 21:32 - 2013-12-17 20:54 - 00006598 _____ C:\WINDOWS\comsetup.log
2013-12-17 21:32 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Registration
2013-12-17 21:32 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows NT
2013-12-17 21:32 - 2013-08-22 14:36 - 00000000 __RHD C:\Users\Default
2013-12-17 21:31 - 2013-12-17 21:31 - 00022960 _____ C:\WINDOWS\system32\emptyregdb.dat
2013-12-17 21:29 - 2013-08-22 16:36 - 00000000 __RSD C:\WINDOWS\Media
2013-12-17 21:26 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Help
2013-12-17 21:26 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2013-12-17 21:25 - 2013-12-17 21:25 - 00000000 ____D C:\Users\Default\AppData\Local\Pokki
2013-12-17 21:25 - 2013-12-17 21:25 - 00000000 ____D C:\Users\Default User\AppData\Local\Pokki
2013-12-17 21:25 - 2013-12-17 21:12 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2013-12-17 21:25 - 2013-11-14 08:15 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2013-12-17 21:25 - 2013-11-14 08:15 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2013-12-17 21:25 - 2013-11-14 08:15 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2013-12-17 21:25 - 2013-11-14 08:15 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2013-12-17 21:25 - 2013-11-14 08:15 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2013-12-17 21:25 - 2013-11-14 08:15 - 00000000 ____D C:\WINDOWS\system32\winrm
2013-12-17 21:25 - 2013-11-14 08:15 - 00000000 ____D C:\WINDOWS\system32\WCN
2013-12-17 21:25 - 2013-11-14 08:15 - 00000000 ____D C:\WINDOWS\system32\slmgr
2013-12-17 21:25 - 2013-11-14 08:15 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2013-12-17 21:25 - 2013-08-22 16:37 - 00004893 _____ C:\WINDOWS\DtcInstall.log
2013-12-17 21:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2013-12-17 21:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2013-12-17 21:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2013-12-17 21:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2013-12-17 21:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2013-12-17 21:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2013-12-17 21:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\spool
2013-12-17 21:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\MUI
2013-12-17 21:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\IME
2013-12-17 21:25 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2013-12-17 21:25 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2013-12-17 21:25 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2013-12-17 21:25 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2013-12-17 21:25 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\Dism
2013-12-17 21:25 - 2012-07-26 06:37 - 00000000 ____D C:\Users\Default.migrated
2013-12-17 21:24 - 2013-12-17 21:18 - 00000000 ____D C:\Program Files\Intel
2013-12-17 21:24 - 2013-12-17 21:18 - 00000000 ____D C:\Program Files (x86)\Intel
2013-12-17 21:24 - 2013-11-14 08:19 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-12-17 21:24 - 2013-11-14 08:19 - 00000000 ____D C:\Program Files\Windows Journal
2013-12-17 21:24 - 2013-08-22 16:43 - 00000000 ____D C:\WINDOWS\DigitalLocker
2013-12-17 21:24 - 2013-08-22 16:36 - 00000000 __SHD C:\Program Files\Windows Sidebar
2013-12-17 21:24 - 2013-08-22 16:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2013-12-17 21:24 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2013-12-17 21:24 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2013-12-17 21:24 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\IME
2013-12-17 21:24 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-12-17 21:24 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\System
2013-12-17 21:24 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-12-17 21:24 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-12-17 21:24 - 2013-08-12 13:51 - 00000000 ____D C:\ProgramData\PRICache
2013-12-17 21:23 - 2013-12-17 21:23 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2013-12-17 21:23 - 2013-12-17 21:22 - 00000000 ___RD C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-12-17 21:23 - 2013-12-17 20:05 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acer
2013-12-17 21:23 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\Recovery
2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Vorlagen
2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Startmenü
2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Netzwerkumgebung
2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Lokale Einstellungen
2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Eigene Dateien
2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Druckumgebung
2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Documents\Eigene Musik
2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Documents\Eigene Bilder
2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\AppData\Local\Verlauf
2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\AppData\Local\Anwendungsdaten
2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 _SHDL C:\Users\AcerXYZ\Anwendungsdaten
2013-12-17 21:22 - 2013-12-17 21:22 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\Atheros
2013-12-17 21:21 - 2013-12-17 21:21 - 00000000 ____D C:\Users\AcerXYZ\AppData\Roaming\Adobe
2013-12-17 21:21 - 2013-12-17 21:21 - 00000000 ____D C:\ProgramData\OEM_YAHOO
2013-12-17 21:19 - 2013-08-22 15:46 - 00000084 _____ C:\WINDOWS\setuperr.log
2013-12-17 21:18 - 2013-12-17 21:18 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2013-12-17 21:18 - 2013-12-17 21:18 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2013-12-17 21:18 - 2013-12-17 21:18 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2013-12-17 21:18 - 2013-12-17 21:18 - 00000000 ____D C:\Program Files\Realtek
2013-12-17 21:18 - 2013-12-17 21:18 - 00000000 ____D C:\Program Files\Elantech
2013-12-17 21:18 - 2013-12-17 21:18 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-12-17 21:18 - 2013-12-17 21:18 - 00000000 ____D C:\Program Files\AMD
2013-12-17 21:16 - 2013-12-17 21:16 - 00000000 __SHD C:\Recovery
2013-12-17 21:15 - 2013-12-17 21:15 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2013-12-17 21:15 - 2013-12-17 21:15 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2013-12-17 21:15 - 2013-12-17 21:15 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2013-12-17 21:15 - 2013-12-17 21:15 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2013-12-17 21:15 - 2013-12-17 21:15 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2013-12-17 21:15 - 2013-12-17 21:15 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2013-12-17 21:15 - 2013-12-17 21:15 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2013-12-17 21:15 - 2013-12-17 21:15 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2013-12-17 21:15 - 2013-12-17 21:15 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2013-12-17 21:15 - 2013-08-22 16:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2013-12-17 21:14 - 2013-12-17 21:14 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-12-17 21:14 - 2013-12-17 21:14 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-12-17 21:14 - 2013-12-17 21:14 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2013-12-17 21:14 - 2013-12-17 21:14 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2013-12-17 21:14 - 2013-12-17 21:14 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2013-12-17 21:14 - 2013-12-17 21:14 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2013-12-17 21:14 - 2013-12-17 21:14 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-12-17 21:14 - 2013-12-17 21:14 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2013-12-17 21:14 - 2013-12-17 21:14 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2013-12-17 21:14 - 2013-12-17 21:14 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2013-12-17 21:14 - 2013-12-17 21:14 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2013-12-17 21:14 - 2013-12-17 21:14 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2013-12-17 21:14 - 2013-12-17 21:14 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2013-12-17 21:14 - 2013-12-17 21:14 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2013-12-17 21:14 - 2013-12-17 21:14 - 00449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgr.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2013-12-17 21:14 - 2013-12-17 21:14 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-12-17 21:14 - 2013-12-17 21:14 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-12-17 21:14 - 2013-12-17 21:14 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-12-17 21:14 - 2013-12-17 21:14 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2013-12-17 21:14 - 2013-12-17 21:14 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2013-12-17 21:14 - 2013-12-17 21:14 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2013-12-17 21:14 - 2013-12-17 21:14 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2013-12-17 21:14 - 2013-12-17 21:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2013-12-17 21:14 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2013-12-17 21:14 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2013-12-17 21:14 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager
2013-12-17 21:14 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera
2013-12-17 21:13 - 2013-12-17 21:13 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2013-12-17 21:12 - 2013-12-17 21:12 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-12-17 21:12 - 2013-12-17 21:12 - 00000000 ____D C:\Program Files\MSBuild
2013-12-17 21:12 - 2013-12-17 21:12 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-12-17 21:12 - 2013-12-17 21:12 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-12-17 20:58 - 2013-09-15 03:56 - 01530870 _____ C:\WINDOWS\WindowsUpdate (1).log
2013-12-17 20:32 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-12-17 20:05 - 2013-08-12 14:34 - 00000000 ___HD C:\OEM
2013-12-17 20:04 - 2013-12-17 20:03 - 00011713 _____ C:\Users\AcerXYZ\AppData\Local\HWVendorDetection.log
2013-12-17 19:45 - 2013-09-15 04:45 - 00780976 _____ C:\WINDOWS\system32\perfh010.dat
2013-12-17 19:45 - 2013-09-15 04:45 - 00152608 _____ C:\WINDOWS\system32\perfc010.dat
2013-12-17 19:45 - 2013-09-15 04:39 - 00790022 _____ C:\WINDOWS\system32\perfh00C.dat
2013-12-17 19:45 - 2013-09-15 04:39 - 00155084 _____ C:\WINDOWS\system32\perfc00C.dat
2013-12-17 19:20 - 2013-12-17 19:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-17 18:30 - 2013-08-12 14:04 - 00000000 ____D C:\ProgramData\McAfee
2013-12-17 18:30 - 2013-08-12 14:04 - 00000000 ____D C:\Program Files\Common Files\mcafee
2013-12-17 18:30 - 2013-08-12 14:04 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-12-17 18:15 - 2013-12-17 18:15 - 00000493 _____ C:\Users\AcerXYZ\Desktop\Windows Update - Verknüpfung.lnk
2013-12-17 17:40 - 2013-12-17 17:40 - 00002060 _____ C:\Users\AcerXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2013-12-17 15:27 - 2013-12-17 15:08 - 00000000 ____D C:\WINDOWS\CSC
2013-12-04 01:05 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2013-12-04 01:05 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-01 14:42 - 2013-12-17 19:19 - 90708896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\AcerXYZ\AppData\Local\Temp\catalyst_mobility_64-bit_util.exe
C:\Users\AcerXYZ\AppData\Local\Temp\OfficeSetup.exe
C:\Users\AcerXYZ\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-18 21:38
==================== End Of Log ============================
--- --- --- --- --- --- [/CODE] Eine Frage noch: Kann man schon beurteilen ob eine Übertragungsgefahr via USB Stick oder via Router/Netzwerk möglich ist? Ist der Router in Gefahr? |
|
23.12.2013, 08:35
| #6 |
| /// the machine /// TB-Ausbilder | Win 8.1: Button Konto verwalten in Word 2013 öffnet dubiose Seite Nee übertragen kann sich da eigentlich nix. Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop. SystemLook (64 bit)
__________________ --> Win 8.1: Button Konto verwalten in Word 2013 öffnet dubiose Seite |
|
23.12.2013, 13:30
| #7 |
| | Win 8.1: Button Konto verwalten in Word 2013 öffnet dubiose Seite Habe es laufen lassen. Folgendes ist nach kurzer Zeit erschienen: Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 13:28 on 23/12/2013 by AcerXYZ
Administrator - Elevation successful
========== regfind ==========
Searching for "www.44e.com"
No data found.
-= EOF =-
|
|
24.12.2013, 10:31
| #8 |
| /// the machine /// TB-Ausbilder | Win 8.1: Button Konto verwalten in Word 2013 öffnet dubiose Seite Sehr komisch. Gleiches Spiel bitte nochmal mit: Code:
ATTFilter :regfind
word
:filefind
*www.44e.com*
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.12.2013, 11:18
| #9 |
| | Win 8.1: Button Konto verwalten in Word 2013 öffnet dubiose Seite Herzlichen Dank, dass Du dich sogar am 24. um diese Probleme kümmerst!!! Anbei das ZIP mit dem SystemLook. Und schon mal ganz schöne Weihanchten!!! |
|
24.12.2013, 11:35
| #10 |
| /// the machine /// TB-Ausbilder | Win 8.1: Button Konto verwalten in Word 2013 öffnet dubiose Seite Absolut sauber. Really strange. Und das passiert nur wenn Du bei Word bist, sonst nirgends? Kannste den Rechner mal aus Spass bei Bekannten ins Internet hängen und testen?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.12.2013, 12:05
| #11 |
| | Win 8.1: Button Konto verwalten in Word 2013 öffnet dubiose Seite Es passiert über alle Officeanwendungen, wenn ich über die Option > Konto Konto vewalten klicke. Was ist Dein Verdacht, wenn Du nach einem anderen Internetzugang fragst? Könnte es am Router oder der Internetverbindung liegen? Ich kann es mal direkt ins Internet versuchen, ohne den Router dazwischen und mal meine Nachbarn fragen. => Ich habe es mit der Verbindung direkt zum Kabelmodem versucht, d. h. ohne Router dazwischen. Die Probleme sind genau dieselben. |
|
24.12.2013, 12:08
| #12 | |
| /// the machine /// TB-Ausbilder | Win 8.1: Button Konto verwalten in Word 2013 öffnet dubiose SeiteZitat:
Du hast Modem und Router getrennt voneinander? Bitte beide Geräte mal 30 min vom Strom nehmen. Es ist zwar höhst unwarscheinlich, könnte aber an den Geräten oder in den Geräten liegen. Das ganze Problem ist höchst mysteriös und ich finde so gar keine Anzeichen in den Scans. Und auf alle Fälle mal bei den Nachbarn versuchen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.12.2013, 13:04
| #13 |
| | Win 8.1: Button Konto verwalten in Word 2013 öffnet dubiose Seite Ich habe beide, Modem und Router, 30 min vom Strom genommen. Dann habe ich den Laptop nochmals direkt ans Modem gehängt und die Seite ist immer noch gekommen. Anschliessend habe ich wieder den Router zwischengehängt und die Seite wird immer noch geöffnet. Was ich auch gemacht habe ist folgendes: ich habe den Firefox deinstalliert und anschliessend Optionen > Konto > Konto verwalten geklickt. Nun wurde der IE 11 geöffnet und die Seite www.44e.com wird nicht geöffnet. Hat es evt. nur mit dem Firefox zu tun? Ich versuche noch ein anderes Netz zu finden. |
|
24.12.2013, 16:33
| #14 |
| /// the machine /// TB-Ausbilder | Win 8.1: Button Konto verwalten in Word 2013 öffnet dubiose Seite Deinstalliere mal Firefox komplett, keine Daten behalten, dann neu installieren. Dann bitte Firefox komplett zurücksetzen und nochmal testen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.12.2013, 10:15
| #15 |
| | Win 8.1: Button Konto verwalten in Word 2013 öffnet dubiose Seite Habe den Firefox komplett deinstalliert und wieder installiert, dann auf Optionen > Konto > Konto verwalten geklickt und anschliessend den Firefox zurückgesetzt und nochmals dasselbe geklickt. Die Seite 44e.com ist bei beiden Versuchen erschienen. Ich konnte auch in einem anderen Netz probieren. Die Seite 44e.com kommt ebenfalls. Ich denke es muss irgendwo in den tiefen des Firefox liegen... |
|
| Themen zu Win 8.1: Button Konto verwalten in Word 2013 öffnet dubiose Seite |
| branding, browser-tabs, button, dateien, ebanking, firefox, folge, folgendes, gekauft, herzlichen, klelam.sys, klicke, konto, laptop, launch, livecomm.exe, lokale, neue, neuen, office, office 2013, office 365, problem, rechner, required, seite, standard, tab, tools, updated, wildtangent games, win, windows, windowsapps, woche, word 2013, öffnet |
