Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 30.12.2013, 19:07   #1
JoeCool
 
VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ? - Standard

VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ?



Moin,

Ich weiss nicht wirklich weiter. Zunächst war ich recht sicher das ich mir nen Virus oder so eingefangen hatte.

Seit ca. 1-2 Wochen folgende Symptome:

Latop (Win7) friert manchmal ein oder stürzt komplett ab (schwarzer Bildschirm & nix weiter möglich - dabei erhebliche HDD Aktivität).
Teils kommt ne Meldung das Programme geschlossen werden müssen, da Arbeitsspeicher zu gering - auch wenn nur Firefox + Exchange offen sind!

Insbesondere Firefox schien oft der Auslöser für Abstürze zu sein.

Hab nun folgende Scan bereits durch (chronologisch) - Im Anhang die Logs da als Code hier viel zu lang:

- Avast - Komplett Scan - Nix gefunden
- FRST64 - Merkwürdige System Errors etc. in der "Addition.txt"
- GMER - Find da nix auffällig, weiss aber auch nicht wonach ich suchen muss
- MalWarebytes - Nix gefunden
- MalWarebytes Anti-Root - Nix gefunden
- OTL - Merkwürdige Fehlermeldungen in der "Extras.txt"
- AdwCleaner - Einige Funde aber wohl eher harmlose Toolbars etc.
- Emisoft - Ein Paar Registry Einträge aber wohl nix wildes

Über Nacht will ich dann noch ESET Scanner laufen lassen.

Der Witz: Obwohl ich ja ausser einige belanglose Registry Einträge (Patrypoker...) nix weiter entfernt hab läuft das System im Moment wieder stabil und soweit ich erkenne ohne Macken.

Wäre dennoch dankbar, wenn mal jemand einen Blick auf die Logfiles im Anhang wirft.
Angehängte Dateien
Dateityp: zip LogFiles.zip (76,2 KB, 28x aufgerufen)

Alt 31.12.2013, 02:23   #2
schrauber
/// the machine
/// TB-Ausbilder
 

VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ? - Standard

VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ?



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 31.12.2013, 09:11   #3
JoeCool
 
VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ? - Standard

VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ?



Moin Schrauber. Sinf halt ne Menge.
Ich fang ma an...

FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01
Ran by APB (administrator) on ACER-ULTRA on 30-12-2013 13:42:31
Running from C:\Users\APB\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Acer Incorporated) C:\Program Files\Sleep Memory Optimizer\FFSService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Dropbox, Inc.) C:\Users\APB\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe
(Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\PeerManager.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\tunmgr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\BbDevMgr.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1021056 2012-03-08] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800896 2012-03-08] (Atheros Commnucations)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2822952 2012-02-24] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM\...\Run: [InstantUpdate] - C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe [124520 2012-02-20] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [170496 2013-06-02] (Sun Microsystems, Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-21] (Logitech, Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-24] (Dritek System Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [RIM PeerManager] - C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\PeerManager.exe [4265472 2013-04-26] (Research In Motion Limited)
HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\72c2e4d7-871f-4dee-b80b-4301baba235d.exe [180184 2013-11-23] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKCU\...\Run: [Personal ID] - C:\coolspot AG\Personal ID\pid.exe [1134008 2009-03-04] (coolspot AG, Düsseldorf)
MountPoints2: {1cdabc58-bf86-11e2-a8d0-917478fbae53} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\start.exe
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\Default\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe [1845832 2013-01-22] (Acer Incorporated)
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\Default User\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe [1845832 2013-01-22] (Acer Incorporated)
Startup: C:\Users\APB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\APB\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\APB\AppData\Roaming\Mozilla\Firefox\Profiles\h3p0lpdr.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: avast! Ad Blocker - C:\Program Files (x86)\Mozilla Firefox\extensions\adblocker@avast.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Logitech SetPoint) - C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0
CHR Extension: (Google Wallet) - C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-02-06] (Research In Motion Limited)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-01-24] (Acer Incorporated)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-02-17] (Diskeeper Corporation)
R2 FFSOpzSvc; C:\Program Files\Sleep Memory Optimizer\FFSService.exe [141192 2011-09-17] (Acer Incorporated)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-29] ()
S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-03-28] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-29] (Intel Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2013-04-26] (Apple Inc.)
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1235456 2013-04-26] (Research In Motion Limited)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [345744 2012-11-12] (Acer Incorporated)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [72864 2012-02-19] (Atheros)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-02-17] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [92976 2012-02-17] (Diskeeper Corporation)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-03-28] (Intel Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2013-04-26] (Research in Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-30 13:42 - 2013-12-30 13:42 - 00023848 _____ C:\Users\APB\Desktop\FRST.txt
2013-12-30 13:30 - 2013-12-30 13:30 - 00000000 ____D C:\FRST
2013-12-30 13:21 - 2013-12-30 13:21 - 00377856 _____ C:\Users\APB\Desktop\4s7438ut.exe
2013-12-30 13:16 - 2013-12-30 13:16 - 01931302 _____ (Farbar) C:\Users\APB\Desktop\FRST64.exe
2013-12-30 11:31 - 2013-12-30 11:31 - 00003288 ____N C:\bootsqm.dat
2013-12-30 10:52 - 2013-12-30 10:52 - 00000000 ___DC C:\Users\APB\AppData\Local\MigWiz
2013-12-30 10:19 - 2013-05-04 17:51 - 00001228 _____ C:\Users\APB\Desktop\Explorer.lnk
2013-12-30 10:19 - 2013-05-04 15:36 - 00000700 _____ C:\Users\APB\Desktop\Biblio.lnk
2013-12-30 10:07 - 2013-12-30 10:09 - 00000000 ____D C:\Users\APB\Desktop\ACER_SAS
2013-12-29 12:17 - 2013-12-30 02:11 - 00000000 ____D C:\Program Files\CCleaner
2013-12-29 12:03 - 2013-12-29 12:03 - 00128764 _____ C:\Users\APB\Desktop\Extras.Txt
2013-12-29 12:02 - 2013-12-29 12:02 - 00107164 _____ C:\Users\APB\Desktop\OTL.Txt
2013-12-29 11:23 - 2013-12-29 11:24 - 00000000 ____D C:\AdwCleaner
2013-12-28 19:35 - 2013-12-28 19:35 - 00000000 ____D C:\Users\APB\AppData\Roaming\Malwarebytes
2013-12-28 19:34 - 2013-12-29 17:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-28 19:34 - 2013-12-28 19:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-28 19:33 - 2013-12-29 17:26 - 00000000 ____D C:\Users\APB\Downloads\ANTIVIR
2013-12-23 05:15 - 2013-12-23 05:15 - 00000000 ____D C:\Users\APB\dwhelper
2013-12-20 09:24 - 2013-12-29 17:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 09:01 - 2013-12-20 09:01 - 00000000 ____D C:\Users\APB\AppData\Local\{BDF73505-64CB-4A28-9990-C822EFCE3D12}
2013-12-19 07:37 - 2013-12-19 07:37 - 00000000 ____D C:\Users\APB\AppData\Local\{2B140492-5FC5-41A1-94C9-74DCB4805487}
2013-12-18 10:49 - 2013-12-18 10:50 - 00000000 ____D C:\Users\APB\AppData\Local\{E1DF1BD8-A55C-40BD-A4E9-1AAD3BE3CC2B}
2013-12-17 09:10 - 2013-12-17 09:11 - 00000000 ____D C:\Users\APB\AppData\Local\{B17FE4F4-478F-4693-8B38-598A83554B4A}
2013-12-16 11:49 - 2013-12-16 11:49 - 00000000 ____D C:\Users\APB\AppData\Local\{6325584A-A627-4E06-BD5E-DD2C49885B55}
2013-12-15 10:40 - 2013-12-15 10:40 - 00000000 ____D C:\Users\APB\AppData\Local\{D2324234-C310-4EC8-8C46-2FF3583558B6}
2013-12-14 09:23 - 2013-12-14 09:23 - 00000000 ____D C:\Users\APB\AppData\Local\{9BFB83A7-93D0-4DCE-87D0-07612EBEDCD1}
2013-12-13 09:14 - 2013-12-13 09:14 - 00000000 ____D C:\Users\APB\AppData\Local\{CEB7D5C0-24F2-42AB-887F-A269488BE7EF}
2013-12-13 07:28 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-13 07:28 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-13 07:28 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-13 07:28 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-13 07:26 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-13 07:26 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-13 07:26 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-13 07:26 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-13 07:26 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-13 07:26 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-13 07:26 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-13 07:26 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-13 07:26 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-13 07:26 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-13 07:26 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-13 07:26 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-13 07:26 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-13 07:26 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-13 07:26 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-13 07:26 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-13 07:26 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-13 07:26 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-13 07:26 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-13 07:26 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-13 07:26 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-13 07:26 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-13 07:26 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-13 07:26 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-13 07:26 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-13 07:26 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-13 07:26 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-13 07:26 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-13 07:26 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-13 07:26 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-13 07:26 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 20:25 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 20:25 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 20:25 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 20:25 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-12 20:25 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 20:25 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-12 20:25 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 20:25 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 20:25 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 20:25 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 20:25 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 20:25 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-12 20:25 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-12 20:25 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 20:25 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 20:25 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-12 20:25 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-12 20:25 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 20:25 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-12 12:19 - 2013-12-12 12:20 - 18277248 _____ (pdfforge                                                    ) C:\Users\APB\Downloads\PDFCreator-1_7_2_setup.exe
2013-12-12 11:24 - 2013-12-12 11:24 - 00000000 ____D C:\Users\APB\AppData\Local\{2F47591A-C639-46DF-99D6-B49855015C7F}
2013-12-11 12:17 - 2013-12-11 12:17 - 00000000 ____D C:\Users\APB\AppData\Local\{A4C4C9D7-1E95-47E6-8D33-173BA47A781F}
2013-12-03 15:04 - 2013-12-03 15:04 - 00000000 ____D C:\Users\APB\AppData\Local\{C7FABDC8-6BE3-4822-84B3-8A90A30124BB}
2013-12-01 09:40 - 2013-12-01 09:40 - 00000000 ____D C:\Users\APB\AppData\Local\{270D3B0E-0616-4AB3-A772-75895074453C}
2013-11-30 15:08 - 2013-11-30 15:08 - 00836416 _____ C:\Users\APB\Downloads\pidsetup.exe
2013-11-30 15:08 - 2013-11-30 15:08 - 00000000 ____D C:\coolspot AG
2013-11-30 10:20 - 2013-11-30 10:20 - 00000000 ____D C:\Users\APB\AppData\Local\{ABE5A90D-DB41-433E-801C-91BFF6DC92EC}

==================== One Month Modified Files and Folders =======

2013-12-30 13:42 - 2013-12-30 13:42 - 00023848 _____ C:\Users\APB\Desktop\FRST.txt
2013-12-30 13:37 - 2013-04-30 14:18 - 01314558 _____ C:\Windows\WindowsUpdate.log
2013-12-30 13:36 - 2013-05-04 15:41 - 00000000 ____D C:\Users\APB\AppData\Roaming\Skype
2013-12-30 13:30 - 2013-12-30 13:30 - 00000000 ____D C:\FRST
2013-12-30 13:21 - 2013-12-30 13:21 - 00377856 _____ C:\Users\APB\Desktop\4s7438ut.exe
2013-12-30 13:19 - 2012-03-27 19:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-30 13:16 - 2013-12-30 13:16 - 01931302 _____ (Farbar) C:\Users\APB\Desktop\FRST64.exe
2013-12-30 12:55 - 2013-05-04 15:34 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-30 11:55 - 2013-05-04 15:34 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-30 11:41 - 2009-07-14 05:45 - 00031248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-30 11:41 - 2009-07-14 05:45 - 00031248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-30 11:35 - 2013-05-05 13:14 - 00000000 ____D C:\Users\APB\AppData\Roaming\Dropbox
2013-12-30 11:34 - 2013-05-05 13:16 - 00000000 ___RD C:\Users\APB\Dropbox
2013-12-30 11:34 - 2013-05-04 15:34 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-12-30 11:33 - 2013-04-30 14:24 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-12-30 11:32 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-30 11:32 - 2009-07-14 05:51 - 00065054 _____ C:\Windows\setupact.log
2013-12-30 11:31 - 2013-12-30 11:31 - 00003288 ____N C:\bootsqm.dat
2013-12-30 10:52 - 2013-12-30 10:52 - 00000000 ___DC C:\Users\APB\AppData\Local\MigWiz
2013-12-30 10:38 - 2013-05-01 00:09 - 00700418 _____ C:\Windows\system32\perfh007.dat
2013-12-30 10:38 - 2013-05-01 00:09 - 00149182 _____ C:\Windows\system32\perfc007.dat
2013-12-30 10:38 - 2009-07-14 06:13 - 01621308 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-30 10:09 - 2013-12-30 10:07 - 00000000 ____D C:\Users\APB\Desktop\ACER_SAS
2013-12-30 10:05 - 2013-08-26 14:07 - 00000000 ____D C:\Users\APB\Documents\FORMDOC_FILES
2013-12-30 09:46 - 2013-05-04 15:43 - 00000000 ____D C:\Users\APB\AppData\Local\CrashDumps
2013-12-30 09:22 - 2013-05-04 13:24 - 00000000 ____D C:\Users\APB\AppData\Local\Deployment
2013-12-30 02:11 - 2013-12-29 12:17 - 00000000 ____D C:\Program Files\CCleaner
2013-12-29 17:54 - 2013-05-04 15:34 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-12-29 17:52 - 2013-05-04 10:28 - 00000000 ____D C:\Users\APB
2013-12-29 17:51 - 2013-12-28 19:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-29 17:51 - 2013-12-20 09:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-29 17:51 - 2013-07-11 06:54 - 00000000 ____D C:\Users\APB\AppData\Roaming\IrfanView
2013-12-29 17:51 - 2013-06-09 18:01 - 00000000 ____D C:\Windows\Minidump
2013-12-29 17:51 - 2013-05-05 13:14 - 00000000 ____D C:\Users\APB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-29 17:51 - 2013-05-04 12:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-29 17:51 - 2013-05-04 10:30 - 00000000 ___RD C:\Users\APB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-29 17:51 - 2012-03-27 19:50 - 00000000 ____D C:\ProgramData\BackupManager
2013-12-29 17:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-12-29 17:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-12-29 17:49 - 2013-05-04 12:03 - 00000000 ____D C:\Users\APB\AppData\Local\Mozilla
2013-12-29 17:26 - 2013-12-28 19:33 - 00000000 ____D C:\Users\APB\Downloads\ANTIVIR
2013-12-29 12:33 - 2012-03-24 02:58 - 00000000 ____D C:\Windows\Panther
2013-12-29 12:03 - 2013-12-29 12:03 - 00128764 _____ C:\Users\APB\Desktop\Extras.Txt
2013-12-29 12:02 - 2013-12-29 12:02 - 00107164 _____ C:\Users\APB\Desktop\OTL.Txt
2013-12-29 11:24 - 2013-12-29 11:23 - 00000000 ____D C:\AdwCleaner
2013-12-28 19:35 - 2013-12-28 19:35 - 00000000 ____D C:\Users\APB\AppData\Roaming\Malwarebytes
2013-12-28 19:34 - 2013-12-28 19:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-28 11:30 - 2013-04-30 14:24 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-12-23 11:38 - 2013-05-05 13:15 - 00000973 _____ C:\Windows\wininit.ini
2013-12-23 05:15 - 2013-12-23 05:15 - 00000000 ____D C:\Users\APB\dwhelper
2013-12-20 09:01 - 2013-12-20 09:01 - 00000000 ____D C:\Users\APB\AppData\Local\{BDF73505-64CB-4A28-9990-C822EFCE3D12}
2013-12-19 07:37 - 2013-12-19 07:37 - 00000000 ____D C:\Users\APB\AppData\Local\{2B140492-5FC5-41A1-94C9-74DCB4805487}
2013-12-18 10:50 - 2013-12-18 10:49 - 00000000 ____D C:\Users\APB\AppData\Local\{E1DF1BD8-A55C-40BD-A4E9-1AAD3BE3CC2B}
2013-12-17 09:11 - 2013-12-17 09:10 - 00000000 ____D C:\Users\APB\AppData\Local\{B17FE4F4-478F-4693-8B38-598A83554B4A}
2013-12-17 08:07 - 2010-11-21 04:47 - 00212972 _____ C:\Windows\PFRO.log
2013-12-16 11:49 - 2013-12-16 11:49 - 00000000 ____D C:\Users\APB\AppData\Local\{6325584A-A627-4E06-BD5E-DD2C49885B55}
2013-12-15 10:40 - 2013-12-15 10:40 - 00000000 ____D C:\Users\APB\AppData\Local\{D2324234-C310-4EC8-8C46-2FF3583558B6}
2013-12-15 08:50 - 2013-07-25 23:45 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 08:47 - 2013-05-07 17:42 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 18:56 - 2013-05-04 15:34 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-14 09:23 - 2013-12-14 09:23 - 00000000 ____D C:\Users\APB\AppData\Local\{9BFB83A7-93D0-4DCE-87D0-07612EBEDCD1}
2013-12-13 16:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-13 09:14 - 2013-12-13 09:14 - 00000000 ____D C:\Users\APB\AppData\Local\{CEB7D5C0-24F2-42AB-887F-A269488BE7EF}
2013-12-13 08:24 - 2009-07-14 05:45 - 00469272 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-13 07:28 - 2013-05-04 11:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 12:20 - 2013-12-12 12:19 - 18277248 _____ (pdfforge                                                    ) C:\Users\APB\Downloads\PDFCreator-1_7_2_setup.exe
2013-12-12 11:24 - 2013-12-12 11:24 - 00000000 ____D C:\Users\APB\AppData\Local\{2F47591A-C639-46DF-99D6-B49855015C7F}
2013-12-11 16:19 - 2012-03-27 19:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 16:19 - 2012-03-27 19:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 16:19 - 2012-03-27 19:45 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 12:17 - 2013-12-11 12:17 - 00000000 ____D C:\Users\APB\AppData\Local\{A4C4C9D7-1E95-47E6-8D33-173BA47A781F}
2013-12-09 09:03 - 2013-05-14 05:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-09 09:03 - 2012-03-27 20:00 - 00000000 ____D C:\ProgramData\Skype
2013-12-03 15:04 - 2013-12-03 15:04 - 00000000 ____D C:\Users\APB\AppData\Local\{C7FABDC8-6BE3-4822-84B3-8A90A30124BB}
2013-12-01 09:40 - 2013-12-01 09:40 - 00000000 ____D C:\Users\APB\AppData\Local\{270D3B0E-0616-4AB3-A772-75895074453C}
2013-11-30 15:08 - 2013-11-30 15:08 - 00836416 _____ C:\Users\APB\Downloads\pidsetup.exe
2013-11-30 15:08 - 2013-11-30 15:08 - 00000000 ____D C:\coolspot AG
2013-11-30 10:20 - 2013-11-30 10:20 - 00000000 ____D C:\Users\APB\AppData\Local\{ABE5A90D-DB41-433E-801C-91BFF6DC92EC}

Some content of TEMP:
====================
C:\Users\APB\AppData\Local\Temp\BlackBerryDeviceManager.exe
C:\Users\APB\AppData\Local\Temp\BlackBerryLauncher.exe
C:\Users\APB\AppData\Local\Temp\DesktopInstaller.exe
C:\Users\APB\AppData\Local\Temp\jna5975893615272437134.dll
C:\Users\APB\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\APB\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\APB\AppData\Local\Temp\LMkRstPt.exe
C:\Users\APB\AppData\Local\Temp\PidGenX.dll
C:\Users\APB\AppData\Local\Temp\SIInvoker.exe
C:\Users\APB\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 08:56

==================== End Of Log ============================
         
--- --- ---


Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-12-2013 01
Ran by APB at 2013-12-30 13:42:55
Running from C:\Users\APB\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 clear.fi SDK - Video 2 (x32 Version: 2.1.2308 - CyberLink Corp.)
 clear.fi SDK- Movie 2 (x32 Version: 2.1.2112 - CyberLink Corp.)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Acer Backup Manager (x32 Version: 3.0.0.100 - NTI Corporation)
Acer Crystal Eye Webcam (x32 Version: 1.5.2728.00 - CyberLink Corp.)
Acer ePower Management (x32 Version: 6.00.3010 - Acer Incorporated)
Acer eRecovery Management (x32 Version: 5.00.3507 - Acer Incorporated)
Acer Games (x32 Version: 1.0.2.5 - WildTangent)
Acer Instant Update Service (Version: 1.00.3001 - Acer Incorporated)
Acer Registration (x32 Version: 1.04.3506 - Acer Incorporated)
Acer ScreenSaver (x32 Version: 20.12.0307.1154 - Acer Incorporated)
Acer Theft Shield (Version: 1.01.3006 - Acer Incorporated)
Acer Updater (x32 Version: 1.02.3501 - Acer Incorporated)
Acer VCM (x32 Version: 4.05.3501 - Acer Incorporated)
AcerCloud Docs (x32 Version: 1.01.2007 - Acer Incorporated)
AcerCloud Portal (x32 Version: 2.02.2018 - Acer Incorporated)
Adobe AIR (x32 Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent)
Atheros Bluetooth Suite (64) (Version: 7.4.0.126 - Atheros)
avast! Free Antivirus (x32 Version: 8.0.1497.0 - AVAST Software)
AVM FRITZ!Box Dokumentation (x32 Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (x32 Version:  - AVM Berlin)
AVM FRITZ!fax für FRITZ!Box (x32 Version:  - AVM Berlin)
AX88772B Windows 7 Drivers (x32 Version: 1.0.1.1 - ASIX Electronics Corporation)
Backup Manager V3 (x32 Version: 3.0.0.100 - NTI Corporation)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent)
BlackBerry Link (x32 Version: 1.1.0.37 - Research in Motion Ltd.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent)
clear.fi Media (x32 Version: 2.02.2009 - Acer Incorporated)
clear.fi Photo (x32 Version: 2.02.2016 - Acer Incorporated)
CyberLink MediaEspresso (x32 Version: 6.5.1720_38230 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
Dolby Home Theater v4 (x32 Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dropbox (HKCU Version: 2.4.10 - Dropbox, Inc.)
ElsterFormular (x32 Version: 14.4.20130909 - Landesfinanzdirektion Thüringen)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.)
ETDWare PS/2-X64 10.6.9.8_WHQL (Version: 10.6.9.8 - ELAN Microelectronic Corp.)
Evernote v. 4.5.2 (x32 Version: 4.5.2.5866 - Evernote Corp.)
ExpressCache (Version: 1.0.82 - Diskeeper Corporation)
FATE (x32 Version: 2.2.0.97 - WildTangent)
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent)
Flachheizkörper-Auswahl 2011 Version 2.0 (x32 Version:  - )
FleetMon Explorer (x32 Version: 2.07 - JAKOTA Cruise Systems GmbH)
FormDocs 8.3.0 (x32 Version: 8.3.0 - FormDocs LLC)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Full Tilt Poker (x32 Version: 4.65.0.WIN.FullTilt.COM - )
Full Tilt Poker.Eu (x32 Version: 4.65.0.WIN.FullTilt.EU - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.)
Hydrostatix Master Suite (x32 Version: 1.0.43 - Hydrostatix)
Identity Card (x32 Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent)
Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36279 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 8.0.10.1464 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (x32 Version:  - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2712 - Intel Corporation)
Intel(R) Rapid Start Technology (x32 Version: 1.0.0.1024 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.23.943.1 - Intel Corporation)
IrfanView (remove only) (x32 Version: 4.36 - Irfan Skiljan)
Java 7 Update 25 (64-bit) (Version: 7.0.250 - Oracle)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.)
Java(TM) 6 Update 13 (64-bit) (Version: 6.0.130 - Sun Microsystems, Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent)
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent)
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Kobo (x32 Version: 2.1.5 - Kobo Inc.)
Launch Manager (x32 Version: 5.1.15 - Acer Inc.)
Lexware Abschreibungsrechner (x32 Version: 12.00.04.0003 - Haufe-Lexware GmbH & Co.KG)
Lexware büro easy 2013 (x32 Version: 26.10.04.0051 - Haufe-Lexware GmbH & Co.KG)
Lexware Elster (x32 Version: 13.15.00.0074 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (x32 Version: 2.90.00.0009 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (x32 Version: 18.00.00.0035 - Haufe-Lexware GmbH & Co.KG)
Lexware Sepa Check (x32 Version: 1.00.00.0003 - Haufe-Lexware GmbH & Co.KG)
Lexware Zeiterfassung (x32 Version: 26.00.04.0001 - Haufe-Lexware GmbH & Co.KG)
Logitech Harmony Remote Software 7 (x32 Version: 7.7.0.0 - Logitech)
Logitech SetPoint 6.52 (Version: 6.52.74 - Logitech)
Logitech Unifying-Software 2.10 (Version: 2.10.37 - Logitech)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.)
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.)
Office Addin (x32 Version: 2.02.2008 - Acer)
Office Addin 2003 (x32 Version: 2.02.2008 - Acer)
partypoker (x32 Version:  - PartyGaming)
PDF Architect (x32 Version: 1.1.83.9982 - pdfforge GmbH)
PDF Split And Merge Basic (Version: 2.2.2 - Andrea Vacondio)
PDFCreator (x32 Version: 1.7.0 - pdfforge)
Penguins! (x32 Version: 2.2.0.98 - WildTangent)
Personal ID (x32 Version: 1.8.5 - coolspot AG)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent)
PNMD (x32 Version: 1.00.0000 - NETRONIX)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent)
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Qualcomm Atheros WiFi Driver Installation (x32 Version: 3.1 - Qualcomm Atheros)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6597 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7601.39025 - Realtek Semiconductor Corp.)
Remote Control USB Driver (x32 Version: 2.3.2.317 - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.)
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Sleep Memory Optimizer (x32 Version: 1.00.3004 - Acer Incorporated)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent)
Smart Timer (x32 Version: 1.00.3004 - Acer Incorporated)
SSF Editor (x32 Version: 1.0.0 - SDSD)
Torchlight (x32 Version: 2.2.0.98 - WildTangent)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.5 (Version: 2.5.1.0 - Intel)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent)
Visual Studio 2005 Tools for Office Second Edition Runtime (x32 Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (x32 Version: 1 - Microsoft Corporation)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent)
Welcome Center (x32 Version: 1.02.3507 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.32 - WildTangent)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation)
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт)
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт)
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2C04AD64-50FE-4D88-AC26-BDE2DD1FD904} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-03-26] (Intel Corporation)
Task: {56F06DD2-E015-43AD-B2FD-69C6114A441C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {6450085A-4321-4BBA-8114-2546710C0CBB} - System32\Tasks\Theft Shield\AcerTheftShieldTask => C:\Program Files\Acer\Acer Theft Shield\USecuAppLauncher.exe [2012-11-12] (Acer Incorporated)
Task: {85AC4994-7CE6-4801-9FD0-E22957AA1A09} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-03-26] (Intel Corporation)
Task: {86171674-E24F-4CFB-85F6-495DA6CDEC29} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {9E92F86C-CE0F-4F26-814C-D5A52B8C6234} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-04] (Google Inc.)
Task: {AE9AFAC4-40AC-45B6-A599-3305DA49F2FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-04] (Google Inc.)
Task: {CC1E2782-52EE-4DCA-8FC9-37FE091CAC4B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {CE86FF2C-F9C8-41A0-BFC8-067461DFA5BB} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-05-20] (CyberLink)
Task: {D10A3F32-1B9E-4820-95A8-F9460ED773B2} - System32\Tasks\Smart Timer Task Scheduler => Smart_Timer.exe
Task: {EA1E36F0-DD88-423F-A651-B4D9F2D504EF} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-07] (Acer Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (whitelisted) =============

2013-05-04 11:11 - 2013-03-21 17:40 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2013-04-30 23:55 - 2012-03-27 02:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-12-29 17:55 - 2013-12-29 13:58 - 02246144 _____ () C:\Program Files\AVAST Software\Avast\defs\13122900\algo.dll
2012-01-05 22:22 - 2012-01-05 22:22 - 00465344 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-01-05 22:22 - 2012-01-05 22:22 - 01081368 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-01-05 22:22 - 2012-01-05 22:22 - 00125464 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\APB\AppData\Roaming\Dropbox\bin\libcef.dll
2013-12-20 09:24 - 2013-12-20 09:24 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-04-30 14:24 - 2012-03-29 07:18 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: HD WebCam
Description: USB-Videogerät
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/30/2013 11:01:26 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (12/30/2013 11:01:26 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (12/30/2013 11:01:26 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (12/30/2013 11:01:26 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (12/30/2013 11:01:26 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (12/30/2013 11:01:26 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (12/30/2013 11:01:25 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (12/30/2013 11:01:25 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (12/30/2013 11:01:25 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (12/30/2013 11:01:25 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.


System errors:
=============
Error: (12/30/2013 01:25:19 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (12/30/2013 01:21:59 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "My Passport" den Befehl "chkdsk" aus.

Error: (12/30/2013 01:21:59 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "My Passport" den Befehl "chkdsk" aus.

Error: (12/30/2013 01:21:59 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "My Passport" den Befehl "chkdsk" aus.

Error: (12/30/2013 01:21:59 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "My Passport" den Befehl "chkdsk" aus.

Error: (12/30/2013 01:21:59 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "My Passport" den Befehl "chkdsk" aus.

Error: (12/30/2013 01:21:59 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "My Passport" den Befehl "chkdsk" aus.

Error: (12/30/2013 01:21:59 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "My Passport" den Befehl "chkdsk" aus.

Error: (12/30/2013 01:21:59 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "My Passport" den Befehl "chkdsk" aus.

Error: (12/30/2013 01:21:59 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "My Passport" den Befehl "chkdsk" aus.


Microsoft Office Sessions:
=========================
Error: (12/30/2013 11:01:26 AM) (Source: SideBySide)(User: )
Description: C:\Windows\system32\WFS.exeC:\Windows\system32\WFS.exe0

Error: (12/30/2013 11:01:26 AM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exeC:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe0

Error: (12/30/2013 11:01:26 AM) (Source: SideBySide)(User: )
Description: C:\Windows\system32\WFS.exeC:\Windows\system32\WFS.exe0

Error: (12/30/2013 11:01:26 AM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exeC:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe0

Error: (12/30/2013 11:01:26 AM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exeC:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe0

Error: (12/30/2013 11:01:26 AM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exeC:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe0

Error: (12/30/2013 11:01:25 AM) (Source: SideBySide)(User: )
Description: C:\Windows\ehome\ehshell.exeC:\Windows\ehome\ehshell.exe0

Error: (12/30/2013 11:01:25 AM) (Source: SideBySide)(User: )
Description: C:\Windows\system32\WindowsAnytimeUpgradeUI.exeC:\Windows\system32\WindowsAnytimeUpgradeUI.exe0

Error: (12/30/2013 11:01:25 AM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exeC:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe0

Error: (12/30/2013 11:01:25 AM) (Source: SideBySide)(User: )
Description: C:\Windows\system32\WindowsAnytimeUpgradeUI.exeC:\Windows\system32\WindowsAnytimeUpgradeUI.exe0


==================== Memory info =========================== 

Percentage of memory in use: 70%
Total physical RAM: 3934.36 MB
Available physical RAM: 1170.95 MB
Total Pagefile: 7866.89 MB
Available Pagefile: 4276.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:450.53 GB) (Free:388.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 6E8CE96C)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 19 GB) (Disk ID: 37A019CD)
Partition 1: (Not Active) - (Size=4 GB) - (Type=84)
Partition 2: (Not Active) - (Size=15 GB) - (Type=73)

==================== End Of Log ============================
         
__________________

Alt 31.12.2013, 09:13   #4
JoeCool
 
VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ? - Standard

VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ?



GMER:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-30 13:57:57
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD50 rev.01.0 465,76GB
Running: 4s7438ut.exe; Driver: C:\Users\APB\AppData\Local\Temp\kxdoakob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                   fffff80003207000 45 bytes [00, 00, 1E, 02, 4E, 53, 49, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                                   fffff8000320702f 16 bytes [00, 58, C0, 4F, 0B, 80, FA, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Windows\System32\svchost.exe[700] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                           000000007789eecd 1 byte [62]
.text     C:\Windows\System32\svchost.exe[736] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                           000000007789eecd 1 byte [62]
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                          000000007789eecd 1 byte [62]
.text     C:\Windows\Explorer.EXE[1572] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                  000000007789eecd 1 byte [62]
.text     C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe[1372] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                             000000007585a2ba 1 byte [62]
.text     C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[2124] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                               000000007789eecd 1 byte [62]
.text     C:\Program Files\Logitech\SetPointP\SetPoint.exe[2260] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                         000000007789eecd 1 byte [62]
.text     C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2380] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                             000000007585a2ba 1 byte [62]
.text     C:\Program Files (x86)\PDF Architect\HelperService.exe[2168] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                   000000007585a2ba 1 byte [62]
.text     C:\Users\APB\AppData\Roaming\Dropbox\bin\Dropbox.exe[1556] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                     000000007585a2ba 1 byte [62]
.text     C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3180] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                     000000007585a2ba 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe[3252] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112  000000007585a2ba 1 byte [62]
.text     C:\Program Files (x86)\Launch Manager\LManager.exe[3260] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                       000000007585a2ba 1 byte [62]
.text     C:\Program Files\AVAST Software\Avast\AvastUI.exe[3380] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                        000000007585a2ba 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe[3440] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112  000000007585a2ba 1 byte [62]
.text     C:\Windows\system32\svchost.exe[3448] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                          000000007789eecd 1 byte [62]
.text     C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe[3528] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                         000000007585a2ba 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\PeerManager.exe[3548] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112    000000007585a2ba 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[3576] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112           000000007585a2ba 1 byte [62]
.text     C:\Windows\system32\igfxsrvc.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                    0000000077a83b10 5 bytes JMP 000000010021075c
.text     C:\Windows\system32\igfxsrvc.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                      0000000077a87ac0 5 bytes JMP 00000001002103a4
.text     C:\Windows\system32\igfxsrvc.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                         0000000077ab1430 5 bytes JMP 0000000100210b14
.text     C:\Windows\system32\igfxsrvc.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                             0000000077ab1490 5 bytes JMP 0000000100210ecc
.text     C:\Windows\system32\igfxsrvc.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                              0000000077ab1570 5 bytes JMP 000000010021163c
.text     C:\Windows\system32\igfxsrvc.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                          0000000077ab17b0 5 bytes JMP 0000000100211284
.text     C:\Windows\system32\igfxsrvc.exe[5608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                              0000000077ab27e0 5 bytes JMP 00000001002119f4
.text     C:\Windows\system32\SearchIndexer.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                               0000000077a83b10 5 bytes JMP 00000001001a075c
.text     C:\Windows\system32\SearchIndexer.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                 0000000077a87ac0 5 bytes JMP 00000001001a03a4
.text     C:\Windows\system32\SearchIndexer.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                    0000000077ab1430 5 bytes JMP 00000001001a0b14
.text     C:\Windows\system32\SearchIndexer.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                        0000000077ab1490 5 bytes JMP 00000001001a0ecc
.text     C:\Windows\system32\SearchIndexer.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                         0000000077ab1570 5 bytes JMP 00000001001a163c
.text     C:\Windows\system32\SearchIndexer.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                     0000000077ab17b0 5 bytes JMP 00000001001a1284
.text     C:\Windows\system32\SearchIndexer.exe[5772] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                         0000000077ab27e0 5 bytes JMP 00000001001a19f4
.text     C:\Windows\system32\SearchIndexer.exe[5772] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                    000000007789eecd 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe[5060] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory          0000000077c5fac0 5 bytes JMP 0000000100030600
.text     C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe[5060] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory              0000000077c5fb58 5 bytes JMP 0000000100030804
.text     C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe[5060] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess               0000000077c5fcb0 5 bytes JMP 0000000100030c0c
.text     C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe[5060] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory           0000000077c60038 5 bytes JMP 0000000100030a08
.text     C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe[5060] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread               0000000077c61920 5 bytes JMP 0000000100030e10
.text     C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe[5060] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                       0000000077c7c4dd 5 bytes JMP 00000001000301f8
.text     C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe[5060] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                     0000000077c81287 5 bytes JMP 00000001000303fc
.text     C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe[5060] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112          000000007585a2ba 1 byte [62]
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[6416] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                  0000000077a83b10 5 bytes JMP 000000010011075c
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[6416] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                    0000000077a87ac0 5 bytes JMP 00000001001103a4
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[6416] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                       0000000077ab1430 5 bytes JMP 0000000100110b14
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[6416] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                           0000000077ab1490 5 bytes JMP 0000000100110ecc
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[6416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                            0000000077ab1570 5 bytes JMP 000000010011163c
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[6416] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                        0000000077ab17b0 5 bytes JMP 0000000100111284
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[6416] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                            0000000077ab27e0 5 bytes JMP 00000001001119f4
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[6416] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                       000000007789eecd 1 byte [62]
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[6416] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                    000007fefe536e00 5 bytes JMP 000007ff7e551dac
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[6416] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                        000007fefe536f2c 5 bytes JMP 000007ff7e550ecc
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[6416] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                        000007fefe537220 5 bytes JMP 000007ff7e551284
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[6416] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                       000007fefe53739c 5 bytes JMP 000007ff7e55163c
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[6416] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                       000007fefe537538 5 bytes JMP 000007ff7e5519f4
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[6416] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                              000007fefe5375e8 5 bytes JMP 000007ff7e5503a4
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[6416] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                              000007fefe53790c 5 bytes JMP 000007ff7e55075c
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[6416] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                               000007fefe537ab4 5 bytes JMP 000007ff7e550b14
.text     C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[6692] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory            0000000077c5fac0 5 bytes JMP 0000000100150600
.text     C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[6692] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                0000000077c5fb58 5 bytes JMP 0000000100150804
.text     C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[6692] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                 0000000077c5fcb0 5 bytes JMP 0000000100150c0c
.text     C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[6692] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory             0000000077c60038 5 bytes JMP 0000000100150a08
.text     C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[6692] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                 0000000077c61920 5 bytes JMP 0000000100150e10
.text     C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[6692] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                         0000000077c7c4dd 5 bytes JMP 00000001001501f8
.text     C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[6692] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                       0000000077c81287 5 bytes JMP 00000001001503fc
.text     C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[6692] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112            000000007585a2ba 1 byte [62]
.text     C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[6700] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory         0000000077c5fac0 5 bytes JMP 0000000100090600
.text     C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[6700] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory             0000000077c5fb58 5 bytes JMP 0000000100090804
.text     C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[6700] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess              0000000077c5fcb0 5 bytes JMP 0000000100090c0c
.text     C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[6700] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory          0000000077c60038 5 bytes JMP 0000000100090a08
.text     C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[6700] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread              0000000077c61920 5 bytes JMP 0000000100090e10
.text     C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[6700] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                      0000000077c7c4dd 5 bytes JMP 00000001000901f8
.text     C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[6700] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                    0000000077c81287 5 bytes JMP 00000001000903fc
.text     C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[6700] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112         000000007585a2ba 1 byte [62]
.text     C:\Windows\System32\svchost.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                     0000000077a83b10 5 bytes JMP 000000010023075c
.text     C:\Windows\System32\svchost.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                       0000000077a87ac0 5 bytes JMP 00000001002303a4
.text     C:\Windows\System32\svchost.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                          0000000077ab1430 5 bytes JMP 0000000100230b14
.text     C:\Windows\System32\svchost.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                              0000000077ab1490 5 bytes JMP 0000000100230ecc
.text     C:\Windows\System32\svchost.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                               0000000077ab1570 5 bytes JMP 000000010023163c
.text     C:\Windows\System32\svchost.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                           0000000077ab17b0 5 bytes JMP 0000000100231284
.text     C:\Windows\System32\svchost.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                               0000000077ab27e0 5 bytes JMP 00000001002319f4
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4492] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory           0000000077c5fac0 5 bytes JMP 0000000100030600
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4492] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory               0000000077c5fb58 5 bytes JMP 0000000100030804
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4492] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                0000000077c5fcb0 5 bytes JMP 0000000100030c0c
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4492] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory            0000000077c60038 5 bytes JMP 0000000100030a08
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4492] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                0000000077c61920 5 bytes JMP 0000000100030e10
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4492] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                        0000000077c7c4dd 5 bytes JMP 00000001000301f8
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4492] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                      0000000077c81287 5 bytes JMP 00000001000303fc
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4492] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112           000000007585a2ba 1 byte [62]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory           0000000077c5fac0 5 bytes JMP 0000000100030600
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory               0000000077c5fb58 5 bytes JMP 0000000100030804
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                0000000077c5fcb0 5 bytes JMP 0000000100030c0c
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory            0000000077c60038 5 bytes JMP 0000000100030a08
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                0000000077c61920 5 bytes JMP 0000000100030e10
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                        0000000077c7c4dd 5 bytes JMP 00000001000301f8
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                      0000000077c81287 5 bytes JMP 00000001000303fc
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112           000000007585a2ba 1 byte [62]
.text     C:\Windows\system32\AUDIODG.EXE[5744] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189                                                          000000007789eecd 1 byte [62]
.text     C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                        0000000077c5fac0 5 bytes JMP 0000000100030600
.text     C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                            0000000077c5fb58 5 bytes JMP 0000000100030804
.text     C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                             0000000077c5fcb0 5 bytes JMP 0000000100030c0c
.text     C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                         0000000077c60038 5 bytes JMP 0000000100030a08
.text     C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                             0000000077c61920 5 bytes JMP 0000000100030e10
.text     C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                     0000000077c7c4dd 5 bytes JMP 00000001000301f8
.text     C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                   0000000077c81287 5 bytes JMP 00000001000303fc
.text     C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                        000000007585a2ba 1 byte [62]
.text     C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                                     0000000075ea5181 5 bytes JMP 00000001001e1014
.text     C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                                         0000000075ea5254 5 bytes JMP 00000001001e0804
.text     C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                                         0000000075ea53d5 5 bytes JMP 00000001001e0a08
.text     C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                                        0000000075ea54c2 5 bytes JMP 00000001001e0c0c
.text     C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                                        0000000075ea55e2 5 bytes JMP 00000001001e0e10
.text     C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                                               0000000075ea567c 5 bytes JMP 00000001001e01f8
.text     C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                                               0000000075ea589f 5 bytes JMP 00000001001e03fc
.text     C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\SysWOW64\sechost.dll!DeleteService                                                                0000000075ea5a22 5 bytes JMP 00000001001e0600
.text     C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                               000000007600ee09 5 bytes JMP 00000001001f01f8
.text     C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                                                0000000076013982 5 bytes JMP 00000001001f03fc
.text     C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                             0000000076017603 5 bytes JMP 00000001001f0804
.text     C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                             000000007601835c 5 bytes JMP 00000001001f0600
.text     C:\Users\APB\Desktop\4s7438ut.exe[1224] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                           000000007602f52b 5 bytes JMP 00000001001f0a08

---- Threads - GMER 2.1 ----

Thread    C:\Windows\system32\svchost.exe [948:3900]                                                                                                           000007fefaab2154
Thread    C:\Windows\system32\svchost.exe [400:3896]                                                                                                           000007fefaab2154
Thread    C:\Windows\System32\svchost.exe [700:1108]                                                                                                           000007fefc1ef2f4
Thread    C:\Windows\System32\svchost.exe [700:1124]                                                                                                           000007fefc016204
Thread    C:\Windows\System32\svchost.exe [700:1256]                                                                                                           000007fefb7c2070
Thread    C:\Windows\System32\svchost.exe [700:1284]                                                                                                           000007fefb625428
Thread    C:\Windows\System32\svchost.exe [700:6880]                                                                                                           000007fefe5cc608
Thread    C:\Windows\System32\svchost.exe [700:2916]                                                                                                           000007fee92a6b8c
Thread    C:\Windows\System32\svchost.exe [700:4116]                                                                                                           000007fee92a1d88
Thread    C:\Windows\System32\svchost.exe [700:1312]                                                                                                           000007fefad65fd0
Thread    C:\Windows\System32\svchost.exe [700:2208]                                                                                                           000007fefb70a828
Thread    C:\Windows\System32\svchost.exe [736:1340]                                                                                                           000007fefb2659a0
Thread    C:\Windows\System32\svchost.exe [736:1424]                                                                                                           000007fefd271a70
Thread    C:\Windows\System32\svchost.exe [736:5072]                                                                                                           000007fef5d188f8
Thread    C:\Windows\System32\svchost.exe [736:5108]                                                                                                           000007fef51544e0
Thread    C:\Windows\System32\svchost.exe [736:1804]                                                                                                           000007feed1720c0
Thread    C:\Windows\System32\svchost.exe [736:4072]                                                                                                           000007feed1726a8
Thread    C:\Windows\System32\svchost.exe [736:4860]                                                                                                           000007feed1729dc
Thread    C:\Windows\System32\svchost.exe [736:6564]                                                                                                           000007feead33efc
Thread    C:\Windows\System32\svchost.exe [736:3420]                                                                                                           000007feead78a4c
Thread    C:\Windows\System32\svchost.exe [736:6076]                                                                                                           000007feeac442c8
Thread    C:\Windows\System32\svchost.exe [736:892]                                                                                                            000007fefad65fd0
Thread    C:\Windows\System32\svchost.exe [736:4900]                                                                                                           000007fefad663ec
Thread    C:\Windows\system32\svchost.exe [964:6840]                                                                                                           000007feeb41d3c8
Thread    C:\Windows\system32\svchost.exe [964:6336]                                                                                                           000007feeb41d3c8
Thread    C:\Windows\system32\svchost.exe [964:6860]                                                                                                           000007feeb41d3c8
Thread    C:\Windows\system32\svchost.exe [964:6856]                                                                                                           000007feeb41d3c8
Thread    C:\Windows\system32\svchost.exe [964:5276]                                                                                                           000007feeb54c2d4
Thread    C:\Windows\system32\svchost.exe [964:4468]                                                                                                           000007feeb54c2d4
Thread    C:\Windows\system32\svchost.exe [964:3876]                                                                                                           000007feeb54c2d4
Thread    C:\Windows\system32\svchost.exe [964:3048]                                                                                                           000007feeb54c2d4
Thread    C:\Windows\system32\svchost.exe [964:5636]                                                                                                           000007fef5d55124
Thread    C:\Windows\system32\svchost.exe [1036:5404]                                                                                                          000007feefba506c
Thread    C:\Windows\system32\svchost.exe [1036:5408]                                                                                                          000007fef8081c20
Thread    C:\Windows\system32\svchost.exe [1036:5412]                                                                                                          000007fef8081c20
Thread    C:\Windows\system32\svchost.exe [1036:2456]                                                                                                          000007fef5d55124
Thread    C:\Windows\system32\svchost.exe [1036:6740]                                                                                                          000007fee6cccb70
Thread    C:\Windows\system32\svchost.exe [1128:1420]                                                                                                          000007fefbd28274
Thread    C:\Windows\system32\svchost.exe [1128:1540]                                                                                                          000007fefbd28274
Thread    C:\Windows\system32\svchost.exe [1244:1292]                                                                                                          000007fefb6c341c
Thread    C:\Windows\system32\svchost.exe [1244:1300]                                                                                                          000007fefb6c3a2c
Thread    C:\Windows\system32\svchost.exe [1244:1304]                                                                                                          000007fefb6c3768
Thread    C:\Windows\system32\svchost.exe [1244:1308]                                                                                                          000007fefb6c5c20
Thread    C:\Windows\system32\svchost.exe [1244:3036]                                                                                                          000007fef61cbd88
Thread    C:\Windows\system32\svchost.exe [1244:4916]                                                                                                          000007fef8505170
Thread    C:\Windows\system32\svchost.exe [1244:6544]                                                                                                          000007fef5d55124
Thread    C:\Windows\system32\svchost.exe [1244:6816]                                                                                                          000007fefb6c3900
Thread    C:\Windows\System32\spoolsv.exe [1784:3796]                                                                                                          000007fefa9410c8
Thread    C:\Windows\System32\spoolsv.exe [1784:3852]                                                                                                          000007fef6c26144
Thread    C:\Windows\System32\spoolsv.exe [1784:3856]                                                                                                          000007fefad65fd0
Thread    C:\Windows\System32\spoolsv.exe [1784:3860]                                                                                                          000007fefa903438
Thread    C:\Windows\System32\spoolsv.exe [1784:3864]                                                                                                          000007fefad663ec
Thread    C:\Windows\System32\spoolsv.exe [1784:3868]                                                                                                          000007fefa903438
Thread    C:\Windows\System32\spoolsv.exe [1784:3872]                                                                                                          000007fefad663ec
Thread    C:\Windows\System32\spoolsv.exe [1784:3904]                                                                                                          000007fef52e5e5c
Thread    C:\Windows\System32\spoolsv.exe [1784:3984]                                                                                                          000007fef5415074
Thread    C:\Windows\system32\svchost.exe [1824:1852]                                                                                                          000007fefd271a70
Thread    C:\Windows\system32\svchost.exe [1824:1856]                                                                                                          000007fefd271a70
Thread    C:\Windows\system32\svchost.exe [1824:1936]                                                                                                          000007fefd271a70
Thread    C:\Windows\system32\svchost.exe [1824:1960]                                                                                                          000007fef9a52c70
Thread    C:\Windows\system32\svchost.exe [1824:1992]                                                                                                          000007fef9a5fb40
Thread    C:\Windows\system32\svchost.exe [1824:2004]                                                                                                          000007fef9a71d20
Thread    C:\Windows\system32\svchost.exe [1824:2008]                                                                                                          000007fef9a5f6f0
Thread    C:\Windows\system32\svchost.exe [1824:1672]                                                                                                          000007fef84335c0
Thread    C:\Windows\system32\svchost.exe [1824:6000]                                                                                                          000007fef8435600
Thread    C:\Windows\system32\svchost.exe [1824:6504]                                                                                                          000007feebb82888
Thread    C:\Windows\system32\svchost.exe [1824:6532]                                                                                                          000007feebb52940
Thread    C:\Windows\system32\svchost.exe [2488:2932]                                                                                                          000007fefad65fd0
Thread    C:\Windows\system32\svchost.exe [2488:2944]                                                                                                          000007fefad663ec
Thread    C:\Windows\system32\svchost.exe [2488:6536]                                                                                                          000007feec1d8470
Thread    C:\Windows\system32\svchost.exe [2488:6540]                                                                                                          000007feec1e2418
Thread    C:\Windows\system32\svchost.exe [2488:6400]                                                                                                          000007feeb47f130
Thread    C:\Windows\system32\svchost.exe [2488:4192]                                                                                                          000007feeb474734
Thread    C:\Windows\system32\svchost.exe [2488:6284]                                                                                                          000007feeb474734
Thread    C:\Windows\system32\svchost.exe [2488:4144]                                                                                                          000007feec1e976c
Thread    C:\Windows\system32\wbem\wmiprvse.exe [5420:5488]                                                                                                    000007fef8081c20
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [6416:5068]                                                                                       000007fefe130168
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [6416:4944]                                                                                       000007fefbb72a7c
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [6416:3100]                                                                                       000007fee9634830
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [6416:5948]                                                                                       000007fef5d55124
Thread    C:\Windows\System32\svchost.exe [7052:7068]                                                                                                          000007fef8505170
Thread    C:\Windows\System32\svchost.exe [7052:2448]                                                                                                          000007fef5d59874
Thread    C:\Windows\System32\svchost.exe [6084:5748]                                                                                                          000007fee6f29688

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{899AC9CD-C277-40F6-88FB-A8BC50C6E288}\Connection@Name          isatap.{637B9800-7C80-4D5C-91D8-2880EB94C04D}
Reg       HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind             \Device\{B6DAEFB3-F26A-4480-BB27-0FEF2D71DF24}?\Device\{899AC9CD-C277-40F6-88FB-A8BC50C6E288}?\Device\{2094E1C8-9A5C-4BB7-BA6E-243B1BA58B49}?\Device\{9BB5DC1F-C610-484A-823D-6E536CDF9C41}?
Reg       HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route            "{B6DAEFB3-F26A-4480-BB27-0FEF2D71DF24}"?"{899AC9CD-C277-40F6-88FB-A8BC50C6E288}"?"{2094E1C8-9A5C-4BB7-BA6E-243B1BA58B49}"?"{9BB5DC1F-C610-484A-823D-6E536CDF9C41}"?
Reg       HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export           \Device\TCPIP6TUNNEL_{B6DAEFB3-F26A-4480-BB27-0FEF2D71DF24}?\Device\TCPIP6TUNNEL_{899AC9CD-C277-40F6-88FB-A8BC50C6E288}?\Device\TCPIP6TUNNEL_{2094E1C8-9A5C-4BB7-BA6E-243B1BA58B49}?\Device\TCPIP6TUNNEL_{9BB5DC1F-C610-484A-823D-6E536CDF9C41}?
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type                                                                                                 2
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start                                                                                                2
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl                                                                                         1
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName                                                                                          aswFsBlk
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group                                                                                                FSFilter Activity Monitor
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService                                                                                      FltMgr?
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description                                                                                          avast! mini-filter driver (aswFsBlk)
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag                                                                                                  3
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances                                                                                            
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance                                                                            aswFsBlk Instance
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance                                                                          
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                                                                 388400
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                                                                    0
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk                                                                                                      
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type                                                                                                2
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start                                                                                               2
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl                                                                                        1
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath                                                                                           \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName                                                                                         aswMonFlt
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group                                                                                               FSFilter Anti-Virus
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService                                                                                     FltMgr?
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description                                                                                         avast! mini-filter driver (aswMonFlt)
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances                                                                                           
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance                                                                           aswMonFlt Instance
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance                                                                        
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                                                               320700
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                                                                  0
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt                                                                                                     
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath                                                                                              \SystemRoot\System32\Drivers\aswrdr2.sys
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type                                                                                                   1
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start                                                                                                  1
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl                                                                                           1
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName                                                                                            aswRdr
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group                                                                                                  PNP_TDI
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService                                                                                        tcpip?
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description                                                                                            avast! WFP Redirect driver
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters                                                                                             
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault                                                                          
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault                                                                          nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswRdr                                                                                                        
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type                                                                                                  1
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start                                                                                                 0
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl                                                                                          1
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName                                                                                           aswRvrt
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description                                                                                           avast! Revert
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters                                                                                            
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter                                                                                91
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter                                                                                7658193
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot                                                                                 \Device\Harddisk0\Partition3\Windows
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown                                                                           1
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswRvrt                                                                                                       
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type                                                                                                   2
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start                                                                                                  1
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl                                                                                           1
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName                                                                                            aswSnx
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group                                                                                                  FSFilter Virtualization
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService                                                                                        FltMgr?
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description                                                                                            avast! virtualization driver (aswSnx)
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag                                                                                                    2
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances                                                                                              
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance                                                                              aswSnx Instance
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance                                                                              
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude                                                                     137600
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags                                                                        0
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters                                                                                             
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder                                                                               \DosDevices\C:\Program Files\AVAST Software\Avast
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder                                                                                  \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswSnx                                                                                                        
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type                                                                                                    1
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start                                                                                                   1
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl                                                                                            1
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName                                                                                             aswSP
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description                                                                                             avast! Self Protection
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters                                                                                              
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield                                                                                  1
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder                                                                                \DosDevices\C:\Program Files\AVAST Software\Avast
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder                                                                                   \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder                                                                           \DosDevices\C:\Program Files
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder                                                                                 \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen                                                                              1
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswSP                                                                                                         
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type                                                                                                   1
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start                                                                                                  1
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl                                                                                           1
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName                                                                                            avast! Network Shield Support
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group                                                                                                  PNP_TDI
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService                                                                                        tcpip?
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description                                                                                            avast! Network Shield TDI driver
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag                                                                                                    11
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswTdi                                                                                                        
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type                                                                                                   1
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start                                                                                                  0
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl                                                                                           1
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName                                                                                            aswVmm
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description                                                                                            avast! VM Monitor
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters                                                                                             
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswVmm                                                                                                        
Reg       HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type                                                                                         32
Reg       HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start                                                                                        2
Reg       HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl                                                                                 1
Reg       HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath                                                                                    "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg       HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName                                                                                  avast! Antivirus
Reg       HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group                                                                                        ShellSvcGroup
Reg       HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService                                                                              aswMonFlt?RpcSS?
Reg       HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64                                                                                        1
Reg       HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName                                                                                   LocalSystem
Reg       HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType                                                                               1
Reg       HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description                                                                                  Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg       HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus                                                                                              
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\844bf5a75a0e                                                                          
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c018855b6f38                                                                          
Reg       HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{899AC9CD-C277-40F6-88FB-A8BC50C6E288}@InterfaceName                               isatap.{637B9800-7C80-4D5C-91D8-2880EB94C04D}
Reg       HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{899AC9CD-C277-40F6-88FB-A8BC50C6E288}@ReusableType                                0
Reg       HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type                                                                                                     2
Reg       HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start                                                                                                    2
Reg       HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl                                                                                             1
Reg       HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName                                                                                              aswFsBlk
Reg       HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group                                                                                                    FSFilter Activity Monitor
Reg       HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService                                                                                          FltMgr?
Reg       HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description                                                                                              avast! mini-filter driver (aswFsBlk)
Reg       HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag                                                                                                      3
Reg       HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)                                                                        
Reg       HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance                                                                                aswFsBlk Instance
Reg       HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)                                                      
Reg       HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                                                                     388400
Reg       HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                                                                        0
Reg       HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type                                                                                                    2
Reg       HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start                                                                                                   2
Reg       HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl                                                                                            1
Reg       HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath                                                                                               \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg       HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName                                                                                             aswMonFlt
Reg       HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group                                                                                                   FSFilter Anti-Virus
Reg       HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService                                                                                         FltMgr?
Reg       HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description                                                                                             avast! mini-filter driver (aswMonFlt)
Reg       HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)                                                                       
Reg       HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance                                                                               aswMonFlt Instance
Reg       HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)                                                    
Reg       HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                                                                   320700
Reg       HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                                                                      0
Reg       HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath                                                                                                  \SystemRoot\System32\Drivers\aswrdr2.sys
Reg       HKLM\SYSTEM\ControlSet002\services\aswRdr@Type                                                                                                       1
Reg       HKLM\SYSTEM\ControlSet002\services\aswRdr@Start                                                                                                      1
Reg       HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl                                                                                               1
Reg       HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName                                                                                                aswRdr
Reg       HKLM\SYSTEM\ControlSet002\services\aswRdr@Group                                                                                                      PNP_TDI
Reg       HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService                                                                                            tcpip?
Reg       HKLM\SYSTEM\ControlSet002\services\aswRdr@Description                                                                                                avast! WFP Redirect driver
Reg       HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)                                                                         
Reg       HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault                                                                              
Reg       HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault                                                                              nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg       HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type                                                                                                      1
Reg       HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start                                                                                                     0
Reg       HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl                                                                                              1
Reg       HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName                                                                                               aswRvrt
Reg       HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description                                                                                               avast! Revert
Reg       HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)                                                                        
Reg       HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter                                                                                    91
Reg       HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter                                                                                    7658193
Reg       HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot                                                                                     \Device\Harddisk0\Partition3\Windows
Reg       HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown                                                                               1
Reg       HKLM\SYSTEM\ControlSet002\services\aswSnx@Type                                                                                                       2
Reg       HKLM\SYSTEM\ControlSet002\services\aswSnx@Start                                                                                                      1
Reg       HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl                                                                                               1
Reg       HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName                                                                                                aswSnx
Reg       HKLM\SYSTEM\ControlSet002\services\aswSnx@Group                                                                                                      FSFilter Virtualization
Reg       HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService                                                                                            FltMgr?
Reg       HKLM\SYSTEM\ControlSet002\services\aswSnx@Description                                                                                                avast! virtualization driver (aswSnx)
Reg       HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag                                                                                                        2
Reg       HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)                                                                          
Reg       HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance                                                                                  aswSnx Instance
Reg       HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)                                                          
Reg       HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude                                                                         137600
Reg       HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags                                                                            0
Reg       HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)                                                                         
Reg       HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder                                                                                   \DosDevices\C:\Program Files\AVAST Software\Avast
Reg       HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder                                                                                      \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg       HKLM\SYSTEM\ControlSet002\services\aswSP@Type                                                                                                        1
Reg       HKLM\SYSTEM\ControlSet002\services\aswSP@Start                                                                                                       1
Reg       HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl                                                                                                1
Reg       HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName                                                                                                 aswSP
Reg       HKLM\SYSTEM\ControlSet002\services\aswSP@Description                                                                                                 avast! Self Protection
Reg       HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)                                                                          
Reg       HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield                                                                                      1
Reg       HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder                                                                                    \DosDevices\C:\Program Files\AVAST Software\Avast
Reg       HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder                                                                                       \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg       HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder                                                                               \DosDevices\C:\Program Files
Reg       HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder                                                                                     \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg       HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen                                                                                  1
Reg       HKLM\SYSTEM\ControlSet002\services\aswTdi@Type                                                                                                       1
Reg       HKLM\SYSTEM\ControlSet002\services\aswTdi@Start                                                                                                      1
Reg       HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl                                                                                               1
Reg       HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName                                                                                                avast! Network Shield Support
Reg       HKLM\SYSTEM\ControlSet002\services\aswTdi@Group                                                                                                      PNP_TDI
Reg       HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService                                                                                            tcpip?
Reg       HKLM\SYSTEM\ControlSet002\services\aswTdi@Description                                                                                                avast! Network Shield TDI driver
Reg       HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag                                                                                                        11
Reg       HKLM\SYSTEM\ControlSet002\services\aswVmm@Type                                                                                                       1
Reg       HKLM\SYSTEM\ControlSet002\services\aswVmm@Start                                                                                                      0
Reg       HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl                                                                                               1
Reg       HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName                                                                                                aswVmm
Reg       HKLM\SYSTEM\ControlSet002\services\aswVmm@Description                                                                                                avast! VM Monitor
Reg       HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)                                                                         
Reg       HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type                                                                                             32
Reg       HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start                                                                                            2
Reg       HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl                                                                                     1
Reg       HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath                                                                                        "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg       HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName                                                                                      avast! Antivirus
Reg       HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group                                                                                            ShellSvcGroup
Reg       HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService                                                                                  aswMonFlt?RpcSS?
Reg       HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64                                                                                            1
Reg       HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName                                                                                       LocalSystem
Reg       HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType                                                                                   1
Reg       HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description                                                                                      Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\844bf5a75a0e (not active ControlSet)                                                      
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c018855b6f38 (not active ControlSet)                                                      

---- EOF - GMER 2.1 ----
         
MWBA - MALWARE

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.30.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
APB :: ACER-ULTRA [Administrator]

Schutz: Aktiviert

30.12.2013 14:15:37
mbam-log-2013-12-30 (14-15-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 381989
Laufzeit: 47 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
MWBA Root-Kill:

Code:
ATTFilter
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16476

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.696000 GHz
Memory total: 4125470720, free: 999219200

Downloaded database version: v2013.12.30.04
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
     12/30/2013 15:19:20
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\system32\DRIVERS\excsd.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\system32\DRIVERS\excfs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\irstrtdv.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\System32\Drivers\rimvndis6_AMD64.sys
\SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\LEqdUsb.Sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\LHidEqd.Sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\TurboB.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Users\APB\AppData\Local\Temp\kxdoakob.sys
\SystemRoot\system32\DRIVERS\umpass.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\WSDPrint.sys
\SystemRoot\system32\drivers\WSDScan.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\psapi.dll
\Windows\System32\user32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\kernel32.dll
\Windows\System32\advapi32.dll
\Windows\System32\msctf.dll
\Windows\System32\setupapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\nsi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\difxapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\usp10.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007d45060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8006aed050
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007d44060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xfffffa8006ae9050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007d44060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007be18e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007be2880, DeviceName: \Device\excsd0\, DriverName: \Driver\excsd\
DevicePointer: 0xfffffa8007d44060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006ae9050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\excsd0\, DriverName: \Driver\excsd\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6E8CE96C

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 31744000

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 31746048  Numsec = 204800
    Partition is not bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 31950848  Numsec = 944820224

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007d45060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007d45b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007be3880, DeviceName: \Device\excsd1\, DriverName: \Driver\excsd\
DevicePointer: 0xfffffa8007d45060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006aed050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\excsd1\, DriverName: \Driver\excsd\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 37A019CD

Partition information:

    Partition 0 type is Other (0x84)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 7835648

    Partition 1 type is Other (0x73)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 7839744  Numsec = 31246336

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 20014718976 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_31746048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removal finished
         

Alt 31.12.2013, 09:17   #5
JoeCool
 
VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ? - Standard

VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ?



OTL
Code:
ATTFilter
OTL logfile created on: 30.12.2013 15:39:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\APB\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,84 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 33,21% Memory free
7,68 Gb Paging File | 4,18 Gb Available in Paging File | 54,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,53 Gb Total Space | 387,89 Gb Free Space | 86,10% Space Free | Partition Type: NTFS
 
Computer Name: ACER-ULTRA | User Name: APB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\APB\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\APB\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\PeerManager.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH)
PRC - C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GmbH)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe ()
PRC - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe ()
PRC - C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe (Atheros)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\APB\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf ()
MOD - C:\Users\APB\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\c9786062fbb311c543497e28c1e1a0c5\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe ()
MOD - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe ()
MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeARMservice) -- c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (RIM MDNS) -- C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe (Apple Inc.)
SRV - (RIM Tunnel Service) -- C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe (Research In Motion Limited)
SRV - (PDF Architect Helper Service) -- C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH)
SRV - (PDF Architect Service) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GmbH)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (BlackBerry Device Manager) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
SRV - (CCDMonitorService) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated)
SRV - (USecuAppSvc) -- C:\Programme\Acer\Acer Theft Shield\USecuAppSvc.exe (Acer Incorporated)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (irstrtsv) -- C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (ZAtheros Wlan Agent) -- C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe (Atheros)
SRV - (ExpressCache) -- C:\Programme\Diskeeper Corporation\ExpressCache\ExpressCache.exe (Diskeeper Corporation)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (Live Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
SRV - (FFSOpzSvc) -- C:\Programme\Sleep Memory Optimizer\FFSService.exe (Acer Incorporated)
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (rimvndis) -- C:\Windows\SysNative\drivers\rimvndis6_AMD64.sys (Research in Motion Limited)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (usbrndis6) -- C:\Windows\SysNative\drivers\usb80236.sys (Microsoft Corporation)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (irstrtdv) -- C:\Windows\SysNative\drivers\irstrtdv.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\RtsUVStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (excsd) -- C:\Windows\SysNative\drivers\excsd.sys (Diskeeper Corporation)
DRV:64bit: - (excfs) -- C:\Windows\SysNative\drivers\excfs.sys (Diskeeper Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1497
FF - prefs.js..extensions.enabledAddons: FFPDFArchitectConverter%40pdfarchitect.com:1.0
FF - prefs.js..extensions.enabledAddons: %7BF003DA68-8256-4b37-A6C4-350FA04494DF%7D:6.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.09.11 07:45:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.06.16 05:56:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.06.24 09:43:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.05.04 12:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\APB\AppData\Roaming\mozilla\Extensions
[2013.12.29 17:57:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\APB\AppData\Roaming\mozilla\Firefox\Profiles\h3p0lpdr.default\extensions
[2013.12.20 09:24:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.12.20 09:24:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.12.20 09:24:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.06.16 05:56:15 | 000,000,000 | ---D | M] (PDF Architect Converter For Firefox) -- C:\PROGRAM FILES (X86)\PDF ARCHITECT\FFPDFARCHITECTEXT
[2013.09.11 07:45:36 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013.06.24 09:43:16 | 000,000,000 | ---D | M] (Logitech SetPoint) -- C:\PROGRAM FILES\LOGITECH\SETPOINTP\LOGISMOOTHFIREFOXEXT
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Logitech SetPoint = C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0\
CHR - Extension: Google Wallet = C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Mail = C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [InstantUpdate] C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\72c2e4d7-871f-4dee-b80b-4301baba235d.exe (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [RIM PeerManager] C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [Personal ID] C:\coolspot AG\Personal ID\pid.exe (coolspot AG, Düsseldorf)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\APB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\APB\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 10.25.2)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E733ADF-00F4-4012-AA5C-A807FDCD2CBD}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1cdabc58-bf86-11e2-a8d0-917478fbae53}\Shell - "" = AutoRun
O33 - MountPoints2\{1cdabc58-bf86-11e2-a8d0-917478fbae53}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 60 Days ==========
 
[2013.12.30 15:19:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.12.30 15:19:19 | 000,117,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2013.12.30 15:18:25 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013.12.30 15:18:21 | 000,000,000 | ---D | C] -- C:\Users\APB\Desktop\mbar
[2013.12.30 14:13:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.12.30 14:12:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\APB\Desktop\OTL.exe
[2013.12.30 13:30:06 | 000,000,000 | ---D | C] -- C:\FRST
[2013.12.30 13:16:33 | 001,931,302 | ---- | C] (Farbar) -- C:\Users\APB\Desktop\FRST64.exe
[2013.12.30 10:52:29 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\MigWiz
[2013.12.30 10:10:58 | 000,000,000 | ---D | C] -- C:\Users\APB\Desktop\ACER_DESKTOP
[2013.12.30 10:07:52 | 000,000,000 | ---D | C] -- C:\Users\APB\Desktop\ACER_SAS
[2013.12.29 12:17:06 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.12.29 11:23:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.12.28 19:35:04 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Roaming\Malwarebytes
[2013.12.28 19:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.12.28 19:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.12.28 19:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.12.23 05:15:36 | 000,000,000 | ---D | C] -- C:\Users\APB\dwhelper
[2013.12.20 09:24:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.12.20 09:01:32 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{BDF73505-64CB-4A28-9990-C822EFCE3D12}
[2013.12.19 07:37:09 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{2B140492-5FC5-41A1-94C9-74DCB4805487}
[2013.12.18 10:49:59 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{E1DF1BD8-A55C-40BD-A4E9-1AAD3BE3CC2B}
[2013.12.17 09:10:51 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{B17FE4F4-478F-4693-8B38-598A83554B4A}
[2013.12.16 11:49:35 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{6325584A-A627-4E06-BD5E-DD2C49885B55}
[2013.12.15 10:40:25 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{D2324234-C310-4EC8-8C46-2FF3583558B6}
[2013.12.14 18:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.12.14 09:23:04 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{9BFB83A7-93D0-4DCE-87D0-07612EBEDCD1}
[2013.12.13 09:14:43 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{CEB7D5C0-24F2-42AB-887F-A269488BE7EF}
[2013.12.13 07:28:16 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013.12.13 07:28:15 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013.12.13 07:28:15 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013.12.13 07:28:13 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013.12.13 07:26:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013.12.13 07:26:30 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.12.13 07:26:29 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.12.13 07:26:29 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.12.13 07:26:29 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.12.13 07:26:29 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.12.13 07:26:28 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013.12.13 07:26:28 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.12.13 07:26:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013.12.13 07:26:27 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.12.13 07:26:27 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013.12.13 07:26:27 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.12.13 07:26:27 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013.12.13 07:26:24 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.12.13 07:26:24 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.12.13 07:26:22 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.12.12 20:25:23 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013.12.12 20:25:21 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013.12.12 20:25:20 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.12.12 20:25:20 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.12.12 20:25:19 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013.12.12 20:25:07 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013.12.12 20:25:06 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013.12.12 20:25:06 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013.12.12 20:25:05 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013.12.12 20:25:05 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013.12.12 20:25:05 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013.12.12 20:25:05 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013.12.12 20:25:05 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013.12.12 11:24:21 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{2F47591A-C639-46DF-99D6-B49855015C7F}
[2013.12.11 12:17:21 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{A4C4C9D7-1E95-47E6-8D33-173BA47A781F}
[2013.12.03 15:04:38 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{C7FABDC8-6BE3-4822-84B3-8A90A30124BB}
[2013.12.01 09:57:37 | 000,000,000 | ---D | C] -- C:\Users\APB\Application Data
[2013.12.01 09:40:12 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{270D3B0E-0616-4AB3-A772-75895074453C}
[2013.11.30 15:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Personal ID
[2013.11.30 15:08:28 | 000,000,000 | ---D | C] -- C:\coolspot AG
[2013.11.30 10:20:46 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{ABE5A90D-DB41-433E-801C-91BFF6DC92EC}
[2013.11.29 10:58:52 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{44231D47-34AB-4D3F-9F4A-F9F867514BEC}
[2013.11.28 19:44:44 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{DC06D0A3-0B3D-4D74-B884-9D71AE1932F6}
[2013.11.28 09:46:15 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\.elfohilfe
[2013.11.28 09:43:17 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Roaming\elsterformular
[2013.11.28 09:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2013.11.28 09:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2013.11.28 09:42:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular
[2013.11.28 06:21:59 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{FDBF0089-7962-42C5-B792-2B4AA57F0B7B}
[2013.11.27 11:45:14 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{0B14E3BE-F507-4BB9-9BAD-B7B69972D9BA}
[2013.11.25 10:32:10 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{7DA4428D-449B-48BE-AE5D-D1E0A228B667}
[2013.11.24 10:52:53 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{D2831063-2855-4D8F-B8A1-FCF3396191BE}
[2013.11.23 09:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Buderus
[2013.11.23 09:48:11 | 000,000,000 | ---D | C] -- C:\Users\APB\Documents\Buderus
[2013.11.23 09:48:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Buderus
[2013.11.23 08:06:16 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{E759CCF0-AF69-42F6-9378-73A3A247BDF8}
[2013.11.22 12:26:40 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{BEBB9594-A8BA-484B-967B-D8058C5A7025}
[2013.11.21 10:29:58 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{39DAADD9-ACC9-4F96-BA25-AE1D5CDBD812}
[2013.11.20 16:30:54 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\FullTiltPoker.eu
[2013.11.20 16:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker.Eu
[2013.11.20 16:30:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Full Tilt Poker.Eu
[2013.11.20 16:27:53 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\cache
[2013.11.20 16:27:47 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\FullTiltPoker
[2013.11.20 16:27:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker
[2013.11.20 16:27:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Full Tilt Poker
[2013.11.20 08:14:18 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{91583922-03CE-48C5-8987-D0B82C31A7DA}
[2013.11.20 07:35:04 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013.11.20 07:27:29 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.11.20 07:27:29 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.11.20 07:27:26 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.11.20 07:27:26 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.11.20 07:27:26 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013.11.20 07:27:26 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.11.20 07:27:26 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013.11.20 07:27:26 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.11.20 07:27:26 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.11.20 07:27:26 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.11.20 07:27:26 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.11.20 07:27:26 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.11.20 07:27:26 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.11.20 07:27:26 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.11.20 07:27:26 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.11.20 07:27:26 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.11.20 07:27:26 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.11.20 07:27:26 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.11.20 07:27:26 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.11.20 07:27:26 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.11.20 07:27:26 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.11.20 07:27:26 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.11.20 07:27:26 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.11.20 07:27:26 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.11.20 07:27:26 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.11.20 07:27:26 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.11.20 07:27:26 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.11.20 07:27:26 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.11.20 07:27:26 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.11.20 07:27:26 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.11.20 07:27:26 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.11.20 07:27:26 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.11.20 07:27:26 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.11.20 07:27:26 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.11.20 07:27:26 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.11.20 07:27:26 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.11.20 07:27:26 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.11.20 07:27:26 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.11.20 07:27:26 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.11.20 07:27:26 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013.11.20 07:27:26 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.11.20 07:27:26 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.11.20 07:27:26 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.11.20 07:27:26 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.11.20 07:27:26 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.11.20 07:27:26 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.11.20 07:27:26 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.11.20 07:27:26 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.11.20 07:27:26 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.11.20 07:27:26 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013.11.20 07:27:26 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.11.20 07:27:26 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.11.20 07:27:26 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013.11.20 07:27:26 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.11.20 07:27:26 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.11.20 07:27:26 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.11.20 07:27:26 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013.11.20 07:27:26 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013.11.20 07:27:26 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.11.20 07:27:26 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.11.20 07:27:26 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.11.20 07:27:26 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.11.20 07:27:26 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.11.20 07:27:26 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.11.19 19:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\partypoker
[2013.11.19 17:02:29 | 000,000,000 | ---D | C] -- C:\Users\APB\PARTYPOKERPokerDir
[2013.11.19 13:15:50 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{FB1A619F-E64A-440F-9D14-421C43A94066}
[2013.11.18 08:45:01 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{051C067B-CA6D-41F1-87D8-3A2C8FE76FC5}
[2013.11.16 17:49:35 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Roaming\cef-cache
[2013.11.16 17:49:31 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Roaming\Party
[2013.11.16 17:49:08 | 000,000,000 | ---D | C] -- C:\Programs
[2013.11.16 17:26:33 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{1865F77F-CFB2-4ACF-ACB7-66C28C429C2A}
[2013.11.15 20:33:30 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{D28A5EFD-C381-4640-87B9-9E61093E4A84}
[2013.11.15 12:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.11.15 12:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.11.15 11:17:41 | 000,000,000 | ---D | C] -- C:\Windows\Offline Address Books
[2013.11.15 08:33:04 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{D6B39F1C-5489-4E24-BE4B-BE1E9ECD63EB}
[2013.11.14 07:52:09 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{754DA478-7EC0-4FB6-AEEB-1F7828ED5D63}
[2013.11.13 07:25:20 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{176EA23E-A1B6-4DCF-8B64-A2EE816029E0}
[2013.11.13 07:22:56 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.11.13 07:22:48 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.11.13 07:22:47 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.11.13 07:22:46 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2013.11.13 07:22:46 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2013.11.13 07:22:46 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2013.11.13 07:22:38 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013.11.13 07:22:38 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.11.13 07:22:38 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013.11.13 07:22:37 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013.11.13 07:22:37 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013.11.13 07:22:33 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013.11.13 07:22:30 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013.11.13 07:22:30 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013.11.13 07:22:30 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013.11.13 07:22:30 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013.11.12 13:53:09 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\Citrix
[2013.11.12 07:52:28 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{F11E7D11-2937-48B2-A702-A10625B22078}
[2013.11.11 19:52:06 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{CD841451-6712-481A-85EC-E0A2717E3AAD}
[2013.11.11 07:51:42 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{8D6C97A9-F929-4105-A37F-B2D048FA8243}
[2013.11.10 10:37:54 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{B007BD3B-DB79-482E-A35D-5FE225F3FCD9}
[2013.11.09 10:13:10 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{87578B61-976E-4E06-94C3-8489247E39DC}
[2013.11.08 10:40:34 | 000,000,000 | ---D | C] -- C:\Users\APB\.pdfsam
[2013.11.08 10:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge Basic
[2013.11.08 10:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Split And Merge Basic
[2013.11.08 09:13:44 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{33BFB54D-CFA5-4899-BD6B-C60EE3AC5CB2}
[2013.11.07 13:14:05 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{E72E13C9-9399-42EF-87CB-3D249A177C96}
[2013.11.06 16:54:47 | 000,000,000 | ---D | C] -- C:\Users\APB\AppData\Local\{6A44BC39-62EA-4A6F-A46A-29848E98009F}
[2 C:\Users\APB\Desktop\*.tmp files -> C:\Users\APB\Desktop\*.tmp -> ]
 
========== Files - Modified Within 60 Days ==========
 
[2013.12.30 15:19:19 | 000,117,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2013.12.30 15:19:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.12.30 15:18:25 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013.12.30 14:55:35 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.12.30 14:19:27 | 001,233,962 | ---- | M] () -- C:\Users\APB\Desktop\adwcleaner.exe
[2013.12.30 14:13:34 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.12.30 14:12:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\APB\Desktop\OTL.exe
[2013.12.30 13:21:16 | 000,377,856 | ---- | M] () -- C:\Users\APB\Desktop\4s7438ut.exe
[2013.12.30 13:16:58 | 001,931,302 | ---- | M] (Farbar) -- C:\Users\APB\Desktop\FRST64.exe
[2013.12.30 11:55:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.12.30 11:41:38 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.12.30 11:41:38 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.12.30 11:33:02 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013.12.30 11:32:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.12.30 11:32:14 | 3094,102,016 | -HS- | M] () -- C:\hiberfil.sys
[2013.12.30 11:31:46 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2013.12.30 10:38:43 | 001,621,308 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.12.30 10:38:43 | 000,700,418 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.12.30 10:38:43 | 000,655,090 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.12.30 10:38:43 | 000,149,182 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.12.30 10:38:43 | 000,121,962 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.12.29 17:54:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.12.28 11:30:11 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013.12.23 11:38:09 | 000,000,973 | ---- | M] () -- C:\Windows\wininit.ini
[2013.12.23 11:38:08 | 000,001,053 | ---- | M] () -- C:\Users\APB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.12.13 08:24:22 | 000,469,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.12.11 16:19:15 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.12.11 16:19:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.11.26 11:18:23 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013.11.26 10:48:07 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.11.26 10:46:25 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013.11.26 10:27:54 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.11.26 10:21:24 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.11.26 10:18:39 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.11.26 10:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013.11.26 10:16:57 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013.11.26 09:57:44 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.11.26 09:35:02 | 005,769,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.11.26 09:32:08 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.11.26 09:28:16 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013.11.26 09:02:16 | 001,995,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.11.26 08:32:06 | 001,928,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.11.26 07:34:55 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.11.26 07:34:27 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.11.24 11:23:14 | 000,000,106 | ---- | M] () -- C:\Windows\DTABegleit.INI
[2013.11.23 19:26:20 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.11.23 18:47:34 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.11.20 16:28:49 | 022,734,832 | ---- | M] () -- C:\Users\APB\AppData\Local\TempFullTiltPokerEuSetup.exe
[2013.11.20 07:27:29 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.11.20 07:27:29 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.11.20 07:27:26 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.11.20 07:27:26 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.11.20 07:27:26 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013.11.20 07:27:26 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.11.20 07:27:26 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013.11.20 07:27:26 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.11.20 07:27:26 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.11.20 07:27:26 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.11.20 07:27:26 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.11.20 07:27:26 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.11.20 07:27:26 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.11.20 07:27:26 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.11.20 07:27:26 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.11.20 07:27:26 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.11.20 07:27:26 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.11.20 07:27:26 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.11.20 07:27:26 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.11.20 07:27:26 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.11.20 07:27:26 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.11.20 07:27:26 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.11.20 07:27:26 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.11.20 07:27:26 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.11.20 07:27:26 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.11.20 07:27:26 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.11.20 07:27:26 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.11.20 07:27:26 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.11.20 07:27:26 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.11.20 07:27:26 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.11.20 07:27:26 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.11.20 07:27:26 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.11.20 07:27:26 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.11.20 07:27:26 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.11.20 07:27:26 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.11.20 07:27:26 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.11.20 07:27:26 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.11.20 07:27:26 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.11.20 07:27:26 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.11.20 07:27:26 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013.11.20 07:27:26 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.11.20 07:27:26 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.11.20 07:27:26 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.11.20 07:27:26 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.11.20 07:27:26 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.11.20 07:27:26 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.11.20 07:27:26 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.11.20 07:27:26 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.11.20 07:27:26 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.11.20 07:27:26 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013.11.20 07:27:26 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.11.20 07:27:26 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.11.20 07:27:26 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013.11.20 07:27:26 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.11.20 07:27:26 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.11.20 07:27:26 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.11.20 07:27:26 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013.11.20 07:27:26 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013.11.20 07:27:26 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.11.20 07:27:26 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.11.20 07:27:26 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.11.20 07:27:26 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.11.20 07:27:26 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.11.20 07:27:26 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.11.20 07:27:26 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.11.20 07:27:26 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.11.12 13:53:05 | 000,102,248 | ---- | M] () -- C:\Users\APB\GoToAssistDownloadHelper.exe
[2 C:\Users\APB\Desktop\*.tmp files -> C:\Users\APB\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.12.30 14:19:19 | 001,233,962 | ---- | C] () -- C:\Users\APB\Desktop\adwcleaner.exe
[2013.12.30 14:13:34 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.12.30 13:21:05 | 000,377,856 | ---- | C] () -- C:\Users\APB\Desktop\4s7438ut.exe
[2013.12.30 11:31:46 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2013.12.30 10:19:21 | 000,001,228 | ---- | C] () -- C:\Users\APB\Desktop\Explorer.lnk
[2013.12.30 10:19:21 | 000,000,700 | ---- | C] () -- C:\Users\APB\Desktop\Biblio.lnk
[2013.11.20 16:28:49 | 022,734,832 | ---- | C] () -- C:\Users\APB\AppData\Local\TempFullTiltPokerEuSetup.exe
[2013.11.20 07:27:26 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.11.20 07:27:26 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.11.12 13:53:04 | 000,102,248 | ---- | C] () -- C:\Users\APB\GoToAssistDownloadHelper.exe
[2013.10.19 10:04:45 | 000,000,106 | ---- | C] () -- C:\Windows\DTABegleit.INI
[2013.10.04 14:21:16 | 000,000,017 | ---- | C] () -- C:\Users\APB\AppData\Local\resmon.resmoncfg
[2013.09.22 14:04:13 | 000,013,312 | ---- | C] () -- C:\Users\APB\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.08.25 08:51:52 | 000,000,179 | ---- | C] () -- C:\Windows\ODBC.INI
[2013.06.22 07:15:44 | 000,000,421 | ---- | C] () -- C:\Users\APB\AppData\Roaming\1_and_1_redirect.xml
[2013.06.09 08:58:08 | 000,000,160 | ---- | C] () -- C:\Windows\DeskCalc.INI
[2013.05.18 08:12:31 | 001,599,202 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.05.05 13:15:06 | 000,000,973 | ---- | C] () -- C:\Windows\wininit.ini
[2013.05.04 13:10:46 | 000,007,053 | ---- | C] () -- C:\Users\APB\AppData\Roaming\e458452195.prf
[2013.05.04 13:10:38 | 000,000,417 | ---- | C] () -- C:\Users\APB\AppData\Roaming\redirect.xml
[2013.05.01 00:03:19 | 000,000,267 | ---- | C] () -- C:\Windows\LaunApp.ini
[2013.04.30 23:55:55 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2013.04.30 23:55:55 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2013.04.30 23:55:54 | 013,024,768 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2013.04.30 23:55:54 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013.04.30 23:54:41 | 000,001,327 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2012.10.07 11:23:10 | 000,207,488 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll
[2012.10.07 11:23:08 | 000,138,368 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll
[2012.10.07 11:23:08 | 000,074,368 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll
[2012.10.07 11:23:06 | 000,318,592 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll
[2012.03.27 20:17:54 | 000,000,445 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2012.03.27 20:17:54 | 000,000,395 | ---- | C] () -- C:\Windows\WisPriority.ini
[2012.03.27 20:17:54 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2012.03.07 00:40:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         


Alt 31.12.2013, 09:22   #6
JoeCool
 
VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ? - Standard

VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ?



OTL Extras:

Code:
ATTFilter
OTL Extras logfile created on: 30.12.2013 15:39:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\APB\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,84 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 33,21% Memory free
7,68 Gb Paging File | 4,18 Gb Available in Paging File | 54,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,53 Gb Total Space | 387,89 Gb Free Space | 86,10% Space Free | Partition Type: NTFS
 
Computer Name: ACER-ULTRA | User Name: APB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- Reg Error: Value error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- Reg Error: Value error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{036ECD61-665B-4800-84EB-346492F853D9}" = lport=8080 | protocol=6 | dir=in | app=c:\program files (x86)\common files\research in motion\nginx\nginx.exe | 
"{0B8A38DF-65FA-4788-99A0-79BBA5D7BDBF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{0D942463-9853-4E9B-A4A5-6DA1344E47A6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{1427466A-B1D9-462E-AD3C-8835E757188A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1D59C561-62E1-462B-8634-42DE0247FB47}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{283EDACB-9CAE-45D1-B034-EBD0FC9578E3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2F7E7CD7-8D52-4723-82D0-12DA0E230071}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3540CCDD-89D3-4012-B9A2-0BDE088FE243}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{36E4D13D-3A1F-4F5E-96F9-7BF62A6BA9E0}" = rport=445 | protocol=6 | dir=out | app=system | 
"{4350D173-2DD9-4405-9A13-639278A0B0D9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{491A05A3-FC23-4184-9090-7BC1CD1E5CF8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6EA027FC-C9DA-4094-B5BC-E44A55CBCEB4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{737A6122-B71B-4274-8FC3-6CA95E300473}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7575D93E-D9D1-40E3-B66E-4C4C4A77F9BC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8EDB2601-9A23-45AA-93FA-446788A011BD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{97ACFF37-642D-46E2-A8F2-18F7B2887FFB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A1C952B8-5BAB-4F79-B4C0-BCD7DF8E24F6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{AD229DC5-BAC4-4292-A274-6175A0FBBE5F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{AF483AF8-CA82-4151-A396-461A1F3FE95B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B02E0073-EAE9-49D3-A926-C273FF8C5898}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B9D75F4C-C67C-4B2A-90AF-F499373FB1D9}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C9948D02-CA64-43DC-8253-FD7A40664727}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CF05244A-C76A-42E5-9789-337EA4A4FE81}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{ED457866-9FE5-493E-8CB1-1A72D2B88C68}" = rport=137 | protocol=17 | dir=out | app=system | 
"{FA3D8509-0268-4D9C-BD46-7CE7C058D431}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04BFB58E-7F0B-491F-9FB8-DEDD92D1B09A}" = protocol=6 | dir=in | app=c:\users\apb\appdata\roaming\dropbox\bin\dropbox.exe | 
"{08F6C765-3723-4096-B2F5-8E6788AF93F9}" = protocol=6 | dir=in | svc=* | app=c:\program files (x86)\common files\research in motion\tunnel manager\tunmgr.exe | 
"{0D5BCA22-479C-422C-9283-ED723573DFC9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0F1CADB4-1EC3-4AC6-B578-CAFD8FF8A784}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{11E2E1EE-6842-4E7C-B608-DEF4C35EFEEC}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{17602986-267F-44BC-A523-4EAE209A09D5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1976D439-C1D3-4298-A16D-1D75806A47FB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{1B6BDF63-0C4A-4960-8941-D055EDA1A38C}" = protocol=6 | dir=in | svc=* | app=c:\program files (x86)\common files\research in motion\tunnel manager\mdnsresponder.exe | 
"{1C3E3C6C-1A2B-4F3D-8E54-FBE938CABF76}" = protocol=17 | dir=in | app=c:\users\apb\appdata\local\temp\smallinstaller\installfiles\ccdd.exe | 
"{1E2AACED-747E-40ED-9EF2-7D9C38CC4EF0}" = protocol=17 | dir=in | svc=* | app=c:\program files (x86)\common files\research in motion\tunnel manager\tunmgr.exe | 
"{24DB28D7-D17C-4383-B1C9-F857D2149C40}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | 
"{2C4BC1C5-F510-487B-BC74-572396894DB4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2C91CB71-D229-4AA5-9E94-94E5DBB7A5F3}" = protocol=6 | dir=in | app=c:\program files (x86)\sdsd\ssf editor\ssfeditor.exe | 
"{31A6A4D9-C983-431C-B508-1AB8C3D570F1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{32A3C026-B7BE-4E77-9672-DC45FEF3A986}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | 
"{3AC1E7F3-32F1-4161-BA87-1F020ADA09D0}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{40069544-5AB1-4596-8F31-9E8F19319174}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{45A67AF6-AEBC-4819-967C-9023297F2289}" = protocol=58 | dir=in | app=system | 
"{4D480D2A-822F-4F13-8EF7-2E092B766E50}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | 
"{4FCE9769-DA42-4598-96B5-C1B4C37F7B99}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{567EB23C-C461-4FED-8E42-30C5EAF7F3D9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{5A7BCB0C-3CAA-4D9A-A780-675AD582C740}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | 
"{61854202-5C83-4BCE-9A9A-DAF6BCE79CB0}" = dir=in | app=c:\program files\acer\acer theft shield\usecuappclient.exe | 
"{64B5ABB9-511C-469C-BCFB-7EE8188AF49E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{65D4E9CB-458B-43B4-843E-449812300F59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6F23BC36-9165-44FE-92CB-2634D262B4FC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{76E2A7F9-2B4E-4712-8BDD-8C68EA84D10A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{787F8A49-BE93-4372-BB3E-D54F6AAA2E9A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7A63FA1A-335A-4483-B649-BF3460F9047E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe | 
"{7E38CDFC-43CE-44AA-897B-4995D6F3D29E}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe | 
"{7F61D764-2350-43ED-A442-FB6C9A82510A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{80D76908-1E1A-40D2-BF97-CAFFF6321E2D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{863C1002-7F5B-4B44-8C84-6B8FC2BD2DF3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8672422C-2C3D-41B0-8B62-D47D8526CE5D}" = protocol=17 | dir=in | svc=* | app=c:\program files (x86)\common files\research in motion\tunnel manager\mdnsresponder.exe | 
"{86F87E59-6227-4FE5-A49F-44BDE47FBBF3}" = protocol=17 | dir=in | app=c:\users\apb\appdata\roaming\dropbox\bin\dropbox.exe | 
"{A0331BE6-7988-41E2-8EAD-B3D9B6B55A28}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | 
"{A19F079E-F930-46C3-B7AA-BF49789C65A7}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | 
"{A370B58E-6C64-4E64-B771-590DC6996FB0}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe | 
"{A69D056D-DE79-4C01-B205-BB81CC3DF544}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{AB4BAFF7-F46D-4D6D-903D-A21815216EE5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C65A4485-7EF5-4C24-8379-BA0C8FAC20F8}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk20\movie\playmovie.exe | 
"{C75C906D-2F31-46F9-8760-DAB3DB9AAFFE}" = protocol=6 | dir=in | app=c:\users\apb\appdata\local\temp\smallinstaller\installfiles\ccdd.exe | 
"{C8B77245-BD31-40C1-B7B1-A6C4D57967B4}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\movie\playmovie.exe | 
"{CA791863-3B18-4923-90EA-A9E783181CC9}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{CD74CFEE-EB7B-4B45-BA21-21CDC77E450D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CFB8EFFE-E96E-470A-ABB1-D06CE65D554A}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\musicplayer.exe | 
"{D29E1956-B2E1-42D9-AC50-81623E7EE659}" = protocol=6 | dir=out | app=system | 
"{E6A1B84C-39EE-44A7-9544-449346257A09}" = protocol=17 | dir=in | app=c:\program files (x86)\sdsd\ssf editor\ssfeditor.exe | 
"{E704795C-AC5F-4EB6-95D8-A989BCE90839}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{E76DF1C7-9FAC-41A3-BE24-6493F480E320}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | 
"{EA6B5601-F9FB-4EAF-B0A6-868B0FB47F48}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | 
"{F492F653-3690-4B30-A6ED-ED24933E4DA5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F5624989-CAE1-412E-8592-BB372D110A1A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F9133A55-84AD-4105-A6B2-6030B00B17C6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FB99D473-23F7-46BF-92A0-F478A096404B}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe | 
"TCP Query User{040CCEA6-0A04-4171-9B41-9A8ACA820B30}C:\program files (x86)\nas utility\pnmd\pnmd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nas utility\pnmd\pnmd.exe | 
"TCP Query User{0F798DB0-69D9-4197-9691-22207FAE3455}C:\users\apb\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\apb\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{513A8EF8-6274-49F5-BBDE-272EF9BC6CF9}C:\users\apb\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\apb\appdata\local\temp\_istmp1.dir\_ins5576._mp | 
"TCP Query User{5939E3E8-073C-4951-A6B8-40B05C1C0720}C:\program files (x86)\acer\acer cloud\sdd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\sdd.exe | 
"TCP Query User{6057385B-A57F-495D-9212-9AAC0CECE5E2}C:\program files (x86)\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\frifax32.exe | 
"TCP Query User{6528D010-CD58-43A1-A6D3-1A20853E46DE}C:\users\apb\downloads\dtrace_fuer_fritzbox_fon_1.03\dtrace32.exe" = protocol=6 | dir=in | app=c:\users\apb\downloads\dtrace_fuer_fritzbox_fon_1.03\dtrace32.exe | 
"TCP Query User{A3A5A6F6-807A-4010-89E1-E63BDFAEDFF3}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"TCP Query User{D7A03031-BA3A-43E0-BFA2-2A746282E7DD}C:\users\apb\downloads\longshine\pnmd\pnmd\program files\nas utility\pnmd\pnmd.exe" = protocol=6 | dir=in | app=c:\users\apb\downloads\longshine\pnmd\pnmd\program files\nas utility\pnmd\pnmd.exe | 
"UDP Query User{30AF1455-26F1-4FF6-B2A0-C6256AFDDCF8}C:\program files (x86)\acer\acer cloud\sdd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\sdd.exe | 
"UDP Query User{430E0D5B-9D5B-4D9B-803E-73F3A815AD66}C:\users\apb\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\apb\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{A0BF85E2-5970-4C30-9607-BAF6F1BF85F5}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"UDP Query User{C2672462-F539-491B-8B61-1EE203792B2C}C:\program files (x86)\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\frifax32.exe | 
"UDP Query User{C7F3CCE7-98B0-4AFB-A1BB-98381D85404E}C:\users\apb\downloads\longshine\pnmd\pnmd\program files\nas utility\pnmd\pnmd.exe" = protocol=17 | dir=in | app=c:\users\apb\downloads\longshine\pnmd\pnmd\program files\nas utility\pnmd\pnmd.exe | 
"UDP Query User{D30BAA69-C238-474F-8FB6-2387AE1E2593}C:\users\apb\downloads\dtrace_fuer_fritzbox_fon_1.03\dtrace32.exe" = protocol=17 | dir=in | app=c:\users\apb\downloads\dtrace_fuer_fritzbox_fon_1.03\dtrace32.exe | 
"UDP Query User{F35FD89E-A146-4361-8CED-B7D9CA15F7A9}C:\program files (x86)\nas utility\pnmd\pnmd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nas utility\pnmd\pnmd.exe | 
"UDP Query User{FE9FFAC2-B56A-4713-8EFC-058B730F295E}C:\users\apb\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\apb\appdata\local\temp\_istmp1.dir\_ins5576._mp | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{171C7193-1BB5-4619-BF23-E962598CAB13}" = Intel® Trusted Connect Service Client
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E084588-8CC6-4D1B-B904-B1A09DA22A52}" = ExpressCache
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit)
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.5
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{86B80582-A4F2-4F12-B29F-49D3309C7024}" = Acer Instant Update Service
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADB0CD2-4E5A-452F-BB3B-3A2984CAC749}" = Acer Theft Shield
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C91B24F6-1629-11E2-B696-21676188709B}" = PDF Split And Merge Basic
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Elantech" = ETDWare PS/2-X64 10.6.9.8_WHQL
"Logitech Unifying" = Logitech Unifying-Software 2.10
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"sp6" = Logitech SetPoint 6.52
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{024FC197-6D2C-425C-8E04-606158E19ADC}" = Hydrostatix Master Suite
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{064A929A-4DE8-40CF-A901-BD40C14E4D25}" = PDF Architect
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{127BEFB3-24B2-4B44-8E99-AD22C2A5A8ED}" = Full Tilt Poker.Eu
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C227C2E-2295-4820-87B1-4B13E98E6C66}" = Lexware Elster
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{1FCC073B-CC01-4443-AD20-E559F66E6E83}" = Office Addin 2003
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21C289A1-5974-4D13-A13C-D698FA757D82}" = Lexware Abschreibungsrechner
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34BE2594-1D20-4A2E-97A0-B9E2837520AE}" = Sleep Memory Optimizer
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" =  clear.fi SDK- Movie 2
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{41115DDB-A8D9-48D9-B530-4A0252DFAF20}" = Lexware Zeiterfassung
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{4FB87656-466A-49A5-AFEA-75FA2624AB61}" = Lexware büro easy 2013
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{54A168C9-2250-4058-80EB-1F4A4192548A}" = AX88772B Windows 7 Drivers
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{6308DF89-68B0-F4E6-FFE7-6DCC7843A5E3}" = FleetMon Explorer
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B364EC1-9735-4BD6-9321-6D81C94DF70E}" = Lexware online banking
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89DB52FC-EA72-468F-A0C7-150AF8B7AB74}" = Smart Timer
"{8AE7E507-BC49-4DF0-A236-26878691AB53}" = Lexware Info Service
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A3583E44-1343-406A-87B8-90FF089F9EE3}" = Lexware Sepa Check
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud Portal
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.8) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE7FAFE7-1F10-48BD-BC3B-2E135CC74039}" = SSF Editor
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6EC987A-1E19-47F3-8172-60511412D1DD}" = PNMD
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" =  clear.fi SDK - Video 2
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F53EE198-4318-43C4-ADDF-9CCE032E2FD1}" = BlackBerry Link
"{F722209B-739E-40E4-ADB1-062BD032A0DB}" = Personal ID
"{F77EF646-19EB-11E1-9A9E-984BE15F174E}" = Evernote v. 4.5.2
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel(R) Rapid Start Technology
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"BlackBerry_10_Desktop" = BlackBerry Link
"com.fleetmon.fmx" = FleetMon Explorer
"ElsterFormular" = ElsterFormular
"Flachheizkörper-Auswahl 2011_is1" = Flachheizkörper-Auswahl 2011 Version 2.0
"FormDocs" = FormDocs 8.3.0
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"Google Chrome" = Google Chrome
"Identity Card" = Identity Card
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{54A168C9-2250-4058-80EB-1F4A4192548A}" = AX88772B Windows 7 Drivers
"InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"InstallShield_{D6EC987A-1E19-47F3-8172-60511412D1DD}" = PNMD
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"IrfanView" = IrfanView (remove only)
"Kobo" = Kobo
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 26.0 (x86 de)" = Mozilla Firefox 26.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"PartyPoker" = partypoker
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"WTA-05e331ba-1196-4352-8af4-5cb06296cf59" = Slingo Deluxe
"WTA-07670c6d-8403-4dca-8f87-762a2fa71926" = Chuzzle Deluxe
"WTA-148d2ec2-e207-416c-99a9-e8193a683105" = Wedding Dash
"WTA-3498f084-e8fd-44d2-835f-5ba1293c27e6" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-357245f2-665c-413a-b9a4-4a77d044dcbb" = Final Drive: Nitro
"WTA-497d1d25-ea8b-4a87-9ddf-3d282eec075b" = Insaniquarium Deluxe
"WTA-8417fbe2-7d07-42b6-a340-1f739046d32b" = Polar Bowler
"WTA-84e19ed7-31b3-479f-b627-8db3cdf11ec7" = Zuma Deluxe
"WTA-9a180a10-f33f-4424-973a-517d112e3822" = FATE
"WTA-a387f6e5-5ece-42e2-8a4b-6aae4a44eb64" = Plants vs. Zombies - Game of the Year
"WTA-a8b32f7b-ea12-4d9f-8f18-a3ccd9f13ac7" = Bejeweled 3
"WTA-b699f051-ff08-4662-8673-2c6f05ab7329" = Penguins!
"WTA-bd32458a-b9a3-49e4-83ee-72cf1b61fd38" = Virtual Villagers 4 - The Tree of Life
"WTA-c43d57bd-8b96-47b9-bd8f-9426e6cdab75" = Agatha Christie - Death on the Nile
"WTA-d1881591-afb3-4eed-94c5-efd0b4e2ab13" = Torchlight
"WTA-ddb0f776-ac7f-4986-8fd4-3a6236eea6b1" = Jewel Match 3
"WTA-ed3b739a-0237-4745-aafd-050b36808fd2" = John Deere Drive Green
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.12.2013 06:01:25 | Computer Name = ACER-ULTRA | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\WindowsAnytimeUpgradeUI.exe".
 Fehler in Manifest- oder Richtliniendatei "C:\Windows\system32\WindowsAnytimeUpgradeUI.exe"
 in Zeile 0.  Ungültige XML-Syntax.
 
Error - 30.12.2013 06:01:25 | Computer Name = ACER-ULTRA | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\ehome\ehshell.exe".
 Fehler in Manifest- oder Richtliniendatei "C:\Windows\ehome\ehshell.exe" in Zeile
 0.  Ungültige XML-Syntax.
 
Error - 30.12.2013 06:01:26 | Computer Name = ACER-ULTRA | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" in Zeile 0.  Ungültige
 XML-Syntax.
 
Error - 30.12.2013 06:01:26 | Computer Name = ACER-ULTRA | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" in Zeile 0.  Ungültige
 XML-Syntax.
 
Error - 30.12.2013 06:01:26 | Computer Name = ACER-ULTRA | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" in Zeile 0.  Ungültige
 XML-Syntax.
 
Error - 30.12.2013 06:01:26 | Computer Name = ACER-ULTRA | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\WFS.exe".
 Fehler in Manifest- oder Richtliniendatei "C:\Windows\system32\WFS.exe" in Zeile
 0.  Ungültige XML-Syntax.
 
Error - 30.12.2013 06:01:26 | Computer Name = ACER-ULTRA | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" in Zeile 0.  Ungültige
 XML-Syntax.
 
Error - 30.12.2013 06:01:26 | Computer Name = ACER-ULTRA | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\WFS.exe".
 Fehler in Manifest- oder Richtliniendatei "C:\Windows\system32\WFS.exe" in Zeile
 0.  Ungültige XML-Syntax.
 
Error - 30.12.2013 08:46:26 | Computer Name = ACER-ULTRA | Source = RIM MDNS | ID = 100
Description = send_msg ERROR: failed to write 65 of 65 bytes to fd 608 errno 10053
 (Eine bestehende Verbindung wurde softwaregesteuert  durch den Hostcomputer abgebrochen.)
 
Error - 30.12.2013 08:46:26 | Computer Name = ACER-ULTRA | Source = RIM MDNS | ID = 100
Description = 608: Could not write data to client because of error - aborting connection
 
Error - 30.12.2013 08:46:26 | Computer Name = ACER-ULTRA | Source = RIM MDNS | ID = 100
Description = 608: DNSServiceGetAddrInfo      v4v6 Q10.local.
 
[ System Events ]
Error - 04.10.2013 08:16:14 | Computer Name = ACER-ULTRA | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 04.10.2013 09:16:16 | Computer Name = ACER-ULTRA | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 04.10.2013 10:16:18 | Computer Name = ACER-ULTRA | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 04.10.2013 11:16:20 | Computer Name = ACER-ULTRA | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 04.10.2013 12:16:22 | Computer Name = ACER-ULTRA | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 04.10.2013 13:16:24 | Computer Name = ACER-ULTRA | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 04.10.2013 14:16:27 | Computer Name = ACER-ULTRA | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 04.10.2013 16:19:08 | Computer Name = ACER-ULTRA | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 04.10.2013 17:19:15 | Computer Name = ACER-ULTRA | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 05.10.2013 01:23:11 | Computer Name = ACER-ULTRA | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
 
< End of report >
         
ADWCLEAN

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.016 - Bericht erstellt am 29/12/2013 um 11:23:38
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : APB - ACER-ULTRA
# Gestartet von : C:\Users\APB\Downloads\ANTIVIR\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gefunden C:\Users\APB\AppData\Roaming\pdfforge

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\APB\AppData\Roaming\Mozilla\Firefox\Profiles\ccllyq4m.default-1388255121798\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1477 octets] - [29/12/2013 11:23:38]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1537 octets] ##########
         
--- --- ---
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.016 - Bericht erstellt am 30/12/2013 um 15:56:55
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : APB - ACER-ULTRA
# Gestartet von : C:\Users\APB\Desktop\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gefunden C:\Users\APB\AppData\Roaming\pdfforge

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\APB\AppData\Roaming\Mozilla\Firefox\Profiles\h3p0lpdr.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3070 octets] - [29/12/2013 11:23:38]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3130 octets] ##########
         
--- --- ---


ADWCLEAN 2
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.016 - Bericht erstellt am 30/12/2013 um 15:59:50
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : APB - ACER-ULTRA
# Gestartet von : C:\Users\APB\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\APB\AppData\Roaming\pdfforge

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\APB\AppData\Roaming\Mozilla\Firefox\Profiles\h3p0lpdr.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\APB\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3210 octets] - [29/12/2013 11:23:38]
AdwCleaner[S0].txt - [1516 octets] - [30/12/2013 15:59:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1576 octets] ##########
         
--- --- ---

EMISOFT:

Code:
ATTFilter
Emsisoft Anti-Malware - Version 8.1
Letztes Update: 30.12.2013 16:24:04
Benutzerkonto: ACER-ULTRA\APB

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\

PUPs-Erkennung: An
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:	30.12.2013 16:26:55
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> 1 	gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> 10 	gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> 2 	gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> 4 	gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> 5 	gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> 6 	gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> 7 	gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> 9 	gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> ADSLASTKNOWNSTATE 	gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> APPPATH 	gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> FOURCOLOURDECK 	gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> HHENABLELOG 	gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> HHLOGDAYS 	gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> HHLOGSIZE 	gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> ID 	gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> INITIALPORT 	gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> INSTALLSTATE 	gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> SL 	gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> TABLETYPE 	gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> USECOUNT 	gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING -> CFDIALOGSHOWN 	gefunden: PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING -> FRESHINSTALL 	gefunden: PartyPoker (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PARTYPOKER -> DISPLAYICON 	gefunden: PartyPoker (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PARTYPOKER -> DISPLAYNAME 	gefunden: PartyPoker (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PARTYPOKER -> INSTALLLOCATION 	gefunden: PartyPoker (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PARTYPOKER -> PUBLISHER 	gefunden: PartyPoker (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PARTYPOKER -> UNINSTALLSTRING 	gefunden: PartyPoker (A)

Gescannt	503883
Gefunden	27

Scan Ende:	30.12.2013 17:22:33
Scan Zeit:	0:55:38

Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> 1	Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> 10	Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> 2	Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> 4	Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> 5	Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> 6	Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> 7	Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> 9	Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> ADSLASTKNOWNSTATE	Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> APPPATH	Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> FOURCOLOURDECK	Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> HHENABLELOG	Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> HHLOGDAYS	Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> HHLOGSIZE	Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> ID	Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> INITIALPORT	Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> INSTALLSTATE	Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> SL	Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> TABLETYPE	Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING\PARTYPOKER -> USECOUNT	Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING -> CFDIALOGSHOWN	Quarantäne PartyPoker (A)
Value: HKEY_USERS\S-1-5-21-3589557773-1875082947-414929417-1000\SOFTWARE\PARTYGAMING -> FRESHINSTALL	Quarantäne PartyPoker (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PARTYPOKER -> DISPLAYICON	Quarantäne PartyPoker (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PARTYPOKER -> DISPLAYNAME	Quarantäne PartyPoker (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PARTYPOKER -> INSTALLLOCATION	Quarantäne PartyPoker (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PARTYPOKER -> PUBLISHER	Quarantäne PartyPoker (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PARTYPOKER -> UNINSTALLSTRING	Quarantäne PartyPoker (A)

Quarantäne	27
         
Das wär erstmal alles was ich gemacht hab. Und wie gesagt - im moment läuft der Laptop wieder rund.

Schon mal vielen Dank im Voraus und guten Rutsch!

Alt 31.12.2013, 15:54   #7
schrauber
/// the machine
/// TB-Ausbilder
 

VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ? - Standard

VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ?



sieht gut aus
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.01.2014, 12:33   #8
JoeCool
 
VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ? - Standard

VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ?



Moin Schrauber

Wie meinen? Alles sauber & gut?
Kann ja über Nacht trotzdem nochmal Esset laufen lassen.

LG & Frohes Neues!

Alt 02.01.2014, 08:54   #9
schrauber
/// the machine
/// TB-Ausbilder
 

VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ? - Standard

VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ?



Kannst Du machen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.01.2014, 09:57   #10
JoeCool
 
VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ? - Standard

VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ?



Ok, hab ich gestern verpennt. Aber wenn fertig stell ich das hier noch rein.

Auf jeden Fall vielen Dank!

Alt 03.01.2014, 09:49   #11
schrauber
/// the machine
/// TB-Ausbilder
 

VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ? - Standard

VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ?



ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ?
abstürze, avast, bildschirm, code, eset, fehlermeldungen, firefox, folge, friert, gen, gmer, logfiles, malwarebytes, meldung, programme, registry, scan, scanner, schwarzer bildschirm, suche, system, total, virus, win, win7



Ähnliche Themen: VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ?


  1. Endlich läuft wieder alles dank Schrauber!
    Lob, Kritik und Wünsche - 09.06.2015 (1)
  2. Alles läuft wieder rund - Danke, Cosinus
    Lob, Kritik und Wünsche - 11.02.2014 (0)
  3. Virus LyricsPal.exe gefunden und mit Avira entfernt. Ist der Rechner jetzt wieder sauber oder noch verseucht?
    Log-Analyse und Auswertung - 22.09.2013 (13)
  4. BKA/GVU Trojaner und jetzt läuft alles wieder normal ?
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (4)
  5. Win7 Verschlüsselungstrojaner, Rechner läuft wieder aber hab ich alles weg?
    Log-Analyse und Auswertung - 13.06.2012 (28)
  6. Schadsoftware HDD-Repair entdeckt und entfernt, jetzt alles wieder gut?
    Log-Analyse und Auswertung - 31.08.2011 (5)
  7. Windowsdienste funktionieren nicht, screen friert ein oder system läuft langsam!
    Plagegeister aller Art und deren Bekämpfung - 29.05.2011 (1)
  8. System nach Malware Angriff neu aufgesetzt, jetzt alles sicher ?
    Plagegeister aller Art und deren Bekämpfung - 15.12.2010 (3)
  9. Rootkit.Win32.TDSS und andere Trojaner desinfiziert, ist jetzt wieder alles sicher?
    Plagegeister aller Art und deren Bekämpfung - 14.06.2010 (1)
  10. Hatte den ICQ Virus auf meinen System ist es jetzt wieder Sauber?
    Log-Analyse und Auswertung - 08.06.2010 (1)
  11. Total PC Defender 2010 Maleware - System wieder sauber?
    Plagegeister aller Art und deren Bekämpfung - 05.04.2010 (37)
  12. Malware gefunden und eliminiert: ist jetzt alles wieder in Ordnung?
    Plagegeister aller Art und deren Bekämpfung - 23.11.2009 (5)
  13. Hab ich jetzt einen Virus oder nicht ?!
    Plagegeister aller Art und deren Bekämpfung - 08.03.2009 (2)
  14. Antivir2008 Befall - Jetzt wieder alles save?!
    Log-Analyse und Auswertung - 11.08.2008 (2)
  15. Trojanerbefall/Jetzt wieder alles sauber?
    Mülltonne - 09.08.2008 (0)
  16. Hab ich jetzt ein Wurm/Virus/PiPaPo oder nicht????
    Plagegeister aller Art und deren Bekämpfung - 01.12.2007 (3)
  17. System unstabil
    Log-Analyse und Auswertung - 19.03.2006 (3)

Zum Thema VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ? - Moin, Ich weiss nicht wirklich weiter. Zunächst war ich recht sicher das ich mir nen Virus oder so eingefangen hatte. Seit ca. 1-2 Wochen folgende Symptome: Latop (Win7) friert manchmal - VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ?...
Archiv
Du betrachtest: VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.