Super, danke, dasmit der Fehlermeldung ist ja schon lange weg, aber die Firewall und der Bankingschutz funktionieren noch immer nicht. Die Firewall ist immer ausgeschaltet, selbst wenn ich sie bei den Einstellungen von F-Secure wieder eischalte ist sie nicht aktiv...
Hier die logs: Code:
OTL Extras logfile created on: 04.05.2013 10:57:11 - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 35,65% Memory free
6,19 Gb Paging File | 4,08 Gb Available in Paging File | 65,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 71,49 Gb Free Space | 47,96% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 14,91 Gb Total Space | 3,99 Gb Free Space | 26,76% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-3947447856-4048759787-670979307-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 1
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{5955D14E-AE8A-4CCD-8354-55ED8131B1CF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{7DC2B97C-B819-4F34-B866-3FCA03222D37}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{847ECF70-1CE4-40C8-9F84-E095BE71D641}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8EBA8FC0-6684-47D7-B353-22499456B20A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{96A6A76B-05AB-40B6-ACB3-B8243B376FDF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D26D6525-4BFF-4448-934A-692EA5BD862B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6185DFE-F9F8-48EB-814B-7B15A8590A5E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DCE2B7DF-CAD5-44F2-BFE4-8BF93EAE9209}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E42BC40E-481D-4AB5-8818-49D1F0C3BCE8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0796758E-6A13-4EF3-983A-FF7C4C31EEB5}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
"{09E33169-1D92-4D9D-B21C-B7487D8F6341}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{10419082-F00B-49D4-ADED-C50AA67750A9}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
"{113C2737-FDC3-4F7C-9BCC-DAFE745E23F2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{14EC0B0D-F2E4-491B-B9E8-A51A5358DAFC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1AB15F70-6081-4A82-BF5F-18E42529DBF4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{20B2D9E1-90D5-45CC-BF2D-02E161E8918F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{28E9EFED-AFCE-4246-AA83-585B6106A9F8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{40E4911E-C624-4206-9890-9900D791D526}" = protocol=6 | dir=in | app=c:\program files\pandora.tv\panservice\panprocess.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4F60BC4F-76C2-4C1C-8401-80FF9862BAEA}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7112FA55-14CF-444D-8D43-4020DCC1B513}" = protocol=6 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe |
"{72ED7C3D-0F9E-4C73-96BF-5954CAB1CD9F}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{7DF507FE-15F7-471B-BAE5-9F9814B31A97}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{90381B6C-A05D-47ED-A445-DE636401A178}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{93224B18-899D-4C54-944B-A100ED0B0171}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9CA7DFB1-A373-452C-9585-38800EEC7685}" = protocol=6 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe |
"{A1FEB69F-E3A2-46CC-8F11-62B0E5AD57F1}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AFF2545C-7679-4BF1-87D4-E69BCB6178A5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BA38A0EA-42A3-4394-823B-F5BCE8319A53}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BA5704E6-7579-4DBE-82FD-FACEAAA38A4F}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{BC973743-7235-4237-A16D-5F2BBC9E1660}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
"{C5915738-8AAB-4534-9117-FB1FD0037D0F}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{C7861AA6-22F4-4C6E-B4FD-865083C23C90}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{C9BA6B16-451C-4E8E-9F91-800704B8DA90}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D70B2A78-9778-4ABC-8296-D3881A0EF9D9}" = protocol=17 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe |
"{D7ACBFEB-92C2-4B79-969A-BA01D1857762}" = protocol=6 | dir=out | app=system |
"{DA7CAA41-BCB9-4771-BB7D-5F7A523C2F86}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DB34D47F-B6D5-4AE5-8EBE-0DE3DE4AE5A1}" = protocol=17 | dir=in | app=c:\program files\pandora.tv\panservice\panprocess.exe |
"{DCB1E7DF-F3AC-4D97-B4F3-F982F8630BCE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DED04606-F8AA-4AC2-BEF5-17FCDF878830}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E29255A9-41D3-4E0A-91D8-714275947D9E}" = protocol=17 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FDA65CEF-9200-4DFD-ADB3-1F3BB2F300C8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{61082C35-3C36-438D-ABC5-8BF01BB20806}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{A3C94172-89F8-4E5E-8661-AF952E9BAEC9}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{CB0E7640-3457-4A4E-8301-1C148A9B8D74}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{68D19666-D0DE-4FEF-BAAA-205D7581BFFF}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{B2D66F0C-3202-4FEC-B218-9DCC2D85AD38}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{F7408A52-2529-4C6F-A98F-5D1731144998}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-2778-5BED-8199-52EB14D8D22F}" = F-Secure CCF Reputation
"{03F39988-365B-3491-2DE8-47D2F40B658C}" = Catalyst Control Center Localization Dutch
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Create
"{0BF78E88-A7C9-4406-89CF-0BA473BA7821}" = Orion
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{1962A938-85FA-AEC7-A533-5D78D976621D}" = Catalyst Control Center Localization Danish
"{1D54B4A2-9CF9-BEC1-BF40-FB67B64FBD37}" = Catalyst Control Center Localization Korean
"{2077FEAB-E2DE-A9C9-52EA-D059F78507A7}" = Catalyst Control Center Localization Turkish
"{232A093A-208F-5A12-1B55-199C0126D140}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2A13103F-809F-4A5F-D5D5-0462B463CE26}" = Catalyst Control Center Localization German
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{31F4E894-2B51-890F-3A04-89AA16C1B667}" = Catalyst Control Center Localization Russian
"{34AFE453-F544-4269-89C9-CAB7F0744963}" = Nuance OmniPage 17
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3594EE90-B157-4519-9E82-8B6F4711A0A1}" = Catalyst Control Center - Branding
"{363D1E82-40C5-C298-4C73-BD72E58168B4}" = Catalyst Control Center Localization Greek
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4097D40F-FB75-869F-18A0-637635A5FAA0}" = Catalyst Control Center Localization Chinese Traditional
"{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers
"{432B7B0E-D471-1A8A-B43D-99C52D0DF092}" = Catalyst Control Center Localization Norwegian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4EBE5044-43A3-49CC-9848-E5A11CA33E64}" = F-Secure CCF Scanning 1.18.127.7931 (release)
"{506C49D5-1A41-FEBF-8A0B-F4481C73F1DD}" = Catalyst Control Center Localization Swedish
"{50B9EFAD-9AD3-4E6A-A9B7-1C02669D4907}" = Online Safety 2.77.1170.803
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{584BFB71-3D12-8720-F222-7739726C3E7C}" = Catalyst Control Center Core Implementation
"{58A5DF2E-E32A-DDD5-2724-181DFB0FDD98}" = Kolay gelsin! Vokabeltrainer
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5D5D742B-171C-2C00-810F-3DD837FDE520}" = Catalyst Control Center Localization Hungarian
"{61232CEF-6A36-A4F2-4242-605518175098}" = Catalyst Control Center Localization Finnish
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{658FDBCA-B7A1-43E4-A849-9F0812473331}" = Computer Security 12.77.100.0 (release)
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D4E3662-A321-4D98-84B8-934229348575}" = F-Secure Network CCF 1.02.128
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77B74177-25E3-6801-D4F6-514E0926F3B8}" = Catalyst Control Center Localization Chinese Standard
"{77BDD5AF-E4AC-E3F7-449C-5F5621A84A73}" = Catalyst Control Center Localization Italian
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F149393-7D14-B0EF-154F-3B83D57725AA}" = Catalyst Control Center Localization French
"{821D7BFA-918B-EDCE-15A5-6C6BAB0528A1}" = Catalyst Control Center Localization Thai
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{851DE017-C00B-4A50-B413-4C05740AF56E}" = Nuance PDF Create! 5
"{8EAA36CC-E2CA-44AA-B113-CD65FD0F3AC8}" = ScanSoft PaperPort 11
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0F147B7-115C-A8D8-EFB8-B891D0DB39D1}" = ATI Catalyst Install Manager
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF04BC19-3F00-2F3A-2499-19A998E84B95}" = Catalyst Control Center Localization Japanese
"{B1C2147A-54CE-070A-C844-E69C203A3202}" = ccc-core-static
"{B298BB58-D68C-48C5-BC79-5E7EBB2FC922}" = F-Secure
"{B3251D6A-05E1-252C-64A6-4E6A7FE8F6B4}" = Catalyst Control Center Localization Portuguese
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C40AEEAE-DB5D-F537-0A90-A5F75DEE192D}" = Catalyst Control Center Localization Spanish
"{CDBE2FB7-5098-0277-2AE9-145ECE3C0773}" = Catalyst Control Center Localization Czech
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{DA472378-2901-09E2-E9B9-019342B8CCD0}" = ccc-utility
"{DEAFFA41-FCE8-EBA5-3918-55F9672F75F8}" = Catalyst Control Center Localization Polish
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon Browser Bar" = Amazon Browser Bar
"am-hoteldashtmsuitesuccesstm" = Hotel Dash(TM) - Suite Success(TM)
"AudibleManager" = AudibleManager
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"de.klett.vokabeltrainer.kolaygelsin.994B08470047E3B9846080C577877A5B72079D21.1" = Kolay gelsin! Vokabeltrainer
"F-Secure ServiceEnabler 666" = F-Secure
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"LManager" = Launch Manager
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.14.1738" = Opera 12.14
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The KMPlayer" = The KMPlayer (remove only)
"Verbindungsassistent" = Verbindungsassistent
"Winamp" = Winamp
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3947447856-4048759787-670979307-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.05.2013 03:31:44 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.05.2013 12:55:01 | Computer Name = ***-PC | Source = EventSystem | ID = 4621
Description =
Error - 02.05.2013 14:02:43 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.05.2013 15:02:40 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.05.2013 16:12:49 | Computer Name = ***-PC | Source = EventSystem | ID = 4621
Description =
Error - 02.05.2013 16:12:57 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung PanProcess.exe, Version 1.0.1.2, Zeitstempel
0x506004cc, fehlerhaftes Modul PanStreamer.dll, Version 2.0.5.36, Zeitstempel 0x507fb217,
Ausnahmecode 0xc0000005, Fehleroffset 0x0001dbd4, Prozess-ID 0xb08, Anwendungsstartzeit
01ce476792ec0463.
Error - 03.05.2013 01:29:53 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.05.2013 08:08:01 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.05.2013 18:34:40 | Computer Name = ***-PC | Source = EventSystem | ID = 4621
Description =
Error - 04.05.2013 04:49:08 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 23.01.2013 13:07:37 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 03.05.2013 08:11:37 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 03.05.2013 14:03:27 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 03.05.2013 18:34:38 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description =
Error - 04.05.2013 04:49:09 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 04.05.2013 04:49:09 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 04.05.2013 04:49:09 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 04.05.2013 04:49:09 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 04.05.2013 04:49:09 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 04.05.2013 04:49:09 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 04.05.2013 04:49:09 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
< End of report >
Code:
OTL logfile created on: 04.05.2013 10:57:11 - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 35,65% Memory free
6,19 Gb Paging File | 4,08 Gb Available in Paging File | 65,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 71,49 Gb Free Space | 47,96% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 14,91 Gb Total Space | 3,99 Gb Free Space | 26,76% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Programme\F-Secure\fshoster32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Programme\PANDORA.TV\PanService\PanProcess.exe (PandoraTV)
PRC - C:\Programme\PANDORA.TV\PanService\PandoraService.exe (Pandora.TV)
PRC - C:\Programme\F-Secure\apps\CCF_Reputation\fsorsp.exe (F-Secure Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Programme\Amazon Browser Bar\ToolbarUpdaterService.exe ()
PRC - C:\Programme\Verbindungsassistent\WTGService.exe ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Nuance\PDF Create 5\PdfCreate5Hook.exe (Nuance Communications, Inc.)
PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Programme\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)
PRC - C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
PRC - C:\Acer\Empowering Technology\eNet\eNMTray.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15e2d7f51f15830591727d6d6a1e4032\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
MOD - C:\Programme\F-Secure\apps\ComputerSecurity\FSGUI\strres.eng ()
MOD - C:\Programme\F-Secure\apps\ComputerSecurity\FSGUI\fsavures.eng ()
MOD - C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.65_none_b59e1e0911fd55ab\QtMultimediaKit1.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2951.26929__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2951.26938__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2951.27176__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2951.26891__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2951.26953__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2951.27166__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2951.27121__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2886.28804__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2951.27066__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2886.28801__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2886.28885__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2886.28803__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2886.28837__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2951.26912__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2886.28812__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2886.28829__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2886.28836__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2886.28837__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2886.28862__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2886.28831__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2886.28863__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2886.28823__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2886.28849__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2886.28830__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2886.28832__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2886.28801__90ba9c70f846762e\AEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2886.28813__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2886.28831__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2886.28819__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2951.26922__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2951.27193__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2951.26881__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2951.27190__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2886.28834__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2886.28809__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2951.27229__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2886.28814__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2886.28826__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2886.28834__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2951.26878__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2951.26882__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2951.26880__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2951.26879__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2951.27192__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2886.28851__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll ()
MOD - C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll ()
MOD - C:\Acer\Empowering Technology\eLock\eLockCTL.dll ()
MOD - C:\Acer\Empowering Technology\eLock\de\eLockCTL.resources.dll ()
MOD - C:\Acer\Empowering Technology\eNet\eNetPlugin.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\eSettings.View.dll ()
MOD - C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll ()
MOD - C:\Acer\Empowering Technology\eAudio\eAudioUI.dll ()
MOD - C:\Acer\Empowering Technology\ePower\SysHook.dll ()
MOD - C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll ()
MOD - C:\Acer\Empowering Technology\ePresentation\de\ePresentationCTL.resources.dll ()
MOD - C:\Acer\Empowering Technology\eAudio\de\eAudioUI.resources.dll ()
========== Services (SafeList) ==========
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (fshoster) -- C:\Programme\F-Secure\fshoster32.exe (F-Secure Corporation)
SRV - (FSMA) -- C:\Programme\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (PanService) -- C:\Programme\PANDORA.TV\PanService\PandoraService.exe (Pandora.TV)
SRV - (FSORSPClient) -- C:\Programme\F-Secure\apps\CCF_Reputation\fsorsp.exe (F-Secure Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Updater Service for AMZN) -- C:\Programme\Amazon Browser Bar\ToolbarUpdaterService.exe ()
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (WTGService) -- C:\Programme\Verbindungsassistent\WTGService.exe ()
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (A2DDA) -- C:\Users\***\Downloads\EMSISOFTEMERGENCYKIT_3.0.0.3\RUN\a2ddax86.sys (Emsisoft GmbH)
DRV - (F-Secure HIPS) -- C:\Programme\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (fsbts) -- C:\Windows\System32\drivers\fsbts.sys ()
DRV - (F-Secure Gatekeeper) -- C:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys ()
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (fsni) -- C:\Programme\F-Secure\apps\CCF_Scanning\fsni32.sys (F-Secure Corporation)
DRV - (fsvista) -- C:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3947447856-4048759787-670979307-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-3947447856-4048759787-670979307-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3947447856-4048759787-670979307-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3947447856-4048759787-670979307-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3947447856-4048759787-670979307-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3947447856-4048759787-670979307-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3947447856-4048759787-670979307-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
IE - HKU\S-1-5-21-3947447856-4048759787-670979307-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: abb%40amazon.com:3.0.20121130
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 11:33:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.12 11:33:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 11:33:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.12 11:33:32 | 000,000,000 | ---D | M]
[2012.12.27 12:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.04.20 11:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\9rdhqelb.default\extensions
[2013.04.14 12:59:53 | 000,000,000 | ---D | M] ("Amazon Browser Bar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\9rdhqelb.default\extensions\abb@amazon.com
[2013.04.20 11:31:36 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\9rdhqelb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.12 11:33:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.12 11:33:43 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2013.02.06 18:48:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.06 18:48:45 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.06 18:48:45 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.06 18:48:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.06 18:48:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.06 18:48:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2013.05.02 20:57:24 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Programme\Nuance\PDF Create 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AlxHelper Class) - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Programme\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Programme\Nuance\PDF Create 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKU\S-1-5-21-3947447856-4048759787-670979307-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [F-Secure Hoster (666)] C:\Program Files\F-Secure\fshoster32.exe (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [Nuance OmniPage 17-reminder] C:\Program Files\Nuance\OmniPage17\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Programme\Nuance\PDF Create 5\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Programme\Nuance\PDF Create 5\PdfCreate5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-3947447856-4048759787-670979307-1000..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-3947447856-4048759787-670979307-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3947447856-4048759787-670979307-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3947447856-4048759787-670979307-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: PDF-Datei erstellen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B8CE4B8-76C8-47A6-9288-B2D17DC6DE95}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013.02.20 23:22:22 | 000,000,000 | ---D | M] - E:\Autogenes Training -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.04 00:13:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Zeon
[2013.05.02 20:51:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.04.30 11:58:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.30 11:58:11 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.27 13:07:54 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013.04.27 10:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.04.27 10:15:28 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.04.27 10:15:28 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.04.27 10:15:28 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.04.26 11:49:04 | 000,545,926 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe
[2013.04.26 10:05:38 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.26 10:05:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp
[2013.04.26 09:57:01 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.04.26 09:39:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.26 09:39:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.26 09:39:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.26 09:38:44 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.04.26 09:17:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.26 09:15:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.25 20:38:22 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2013.04.25 20:12:14 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2013.04.25 15:06:39 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar
[2013.04.25 13:17:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.04.22 17:42:28 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\My Kindle Content
[2013.04.22 17:42:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2013.04.22 17:41:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Amazon
[2013.04.19 12:59:41 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Eigene PaperPort-Dokumente
[2013.04.19 12:58:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FLEXnet
[2013.04.19 12:57:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ScanSoft
[2013.04.14 13:00:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Amazon Browser Bar
[2013.04.14 12:59:27 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon Browser Bar
[2013.04.12 11:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.04.12 07:26:35 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.12 07:26:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.12 07:26:34 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.12 07:26:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.12 07:26:33 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.12 07:26:32 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.04.12 07:26:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.12 07:26:31 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.10 11:57:41 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 11:57:41 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 11:57:41 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.10 11:57:35 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.04.10 11:57:31 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.06 20:39:34 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Samuel_56cm_10.32_5.4.13
========== Files - Modified Within 30 Days ==========
[2013.05.04 11:05:07 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.04 10:49:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.04 10:48:53 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.04 10:48:53 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.04 10:48:52 | 000,000,614 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job
[2013.05.04 10:48:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.04 10:48:45 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.03 20:11:03 | 006,680,030 | ---- | M] () -- C:\Users\Public\Desktop\fsdiag.zip
[2013.05.02 20:57:24 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013.04.30 11:39:02 | 000,545,926 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe
[2013.04.27 00:18:06 | 000,619,461 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.04.27 00:13:19 | 000,000,120 | ---- | M] () -- C:\Users\***\Desktop\r45oi9ke.htm.part
[2013.04.26 11:31:17 | 000,015,162 | ---- | M] () -- C:\Users\***\Desktop\get-mirror-server.html
[2013.04.25 20:38:31 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2013.04.25 20:13:35 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2013.04.25 13:17:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.04.23 11:18:51 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.23 11:18:51 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.23 11:18:51 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.23 11:18:51 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.22 17:42:05 | 000,002,022 | ---- | M] () -- C:\Users\***\Desktop\Kindle.lnk
[2013.04.19 13:01:43 | 000,014,973 | ---- | M] () -- C:\Users\***\Documents\Mutterschaftsgeldbescheinigung.pdf
[2013.04.15 13:21:44 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.04.15 13:21:44 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.04.12 07:34:50 | 000,297,504 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2013.04.27 00:18:03 | 000,619,461 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.04.27 00:13:18 | 000,000,120 | ---- | C] () -- C:\Users\***\Desktop\r45oi9ke.htm.part
[2013.04.26 11:31:17 | 000,015,162 | ---- | C] () -- C:\Users\***\Desktop\get-mirror-server.html
[2013.04.26 09:39:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.26 09:39:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.26 09:39:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.26 09:39:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.26 09:39:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.24 11:28:52 | 006,680,030 | ---- | C] () -- C:\Users\Public\Desktop\fsdiag.zip
[2013.04.22 17:42:05 | 000,002,022 | ---- | C] () -- C:\Users\***\Desktop\Kindle.lnk
[2013.04.19 13:01:43 | 000,014,973 | ---- | C] () -- C:\Users\***\Documents\Mutterschaftsgeldbescheinigung.pdf
[2013.02.12 11:26:39 | 005,230,041 | ---- | C] () -- C:\Users\***\Broschüre_WB_2012.pdf
[2013.02.12 11:12:03 | 000,022,576 | ---- | C] () -- C:\Users\***\eA-light-Antrag_01.pdf
[2013.02.09 23:06:36 | 000,276,615 | ---- | C] () -- C:\Users\***\Babyhaekel.pdf
[2013.02.08 16:07:30 | 002,486,815 | ---- | C] () -- C:\Users\***\Häkelanleitung Ballerinas pdf.pdf
[2013.02.05 18:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.02.05 18:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013.02.05 18:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013.02.05 18:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013.02.05 18:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013.01.30 23:40:08 | 000,000,583 | ---- | C] () -- C:\Windows\wiso.ini
[2013.01.30 14:52:37 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013.01.30 14:41:30 | 000,032,228 | ---- | C] () -- C:\Windows\maxlink.ini
[2013.01.02 20:50:58 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013.01.02 20:50:58 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2013.01.02 20:24:29 | 000,000,212 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2013.01.02 20:24:29 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2013.01.02 20:24:29 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
[2013.01.02 20:16:58 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.12.28 14:02:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012.12.28 14:02:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.12.27 12:34:08 | 000,044,240 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys
[2012.12.27 12:33:40 | 000,019,403 | ---- | C] () -- C:\Windows\prodsett_copy.ini
[2012.12.27 06:51:49 | 000,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini
[2012.12.27 06:51:20 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2012.12.27 00:25:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012.12.26 22:21:07 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2012.12.26 22:21:07 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2012.12.26 22:18:31 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2012.12.26 22:18:30 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2012.12.26 21:57:17 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2012.12.26 21:57:17 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2012.12.26 21:56:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
========== ZeroAccess Check ==========
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:FED912DB
< End of report >
|
Textbox.