| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: HTML/Infected.WebPage.Gen2Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.03.2013, 22:32
| #1 |
 |  HTML/Infected.WebPage.Gen2 Hallo zusammen, ich habe oben genanntes bei einem Scan mit Avira Antivirus gefunden. Mein Rechner war sehr langsam. Es gab bei Öffnung von Programmen z. T. Meldungen, dass kein Arbeitsspeicher zur Verfügung steht. Programm hängen sich ständig auf. Diese Zeilen hier zu schreiben dauern ewig... Das ist der Report dazu: Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 4. März 2013 23:14
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Starter
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : CARO-PC
Versionsinformationen:
BUILD.DAT : 13.0.0.3185 47702 Bytes 30.01.2013 10:05:00
AVSCAN.EXE : 13.6.0.584 640224 Bytes 12.02.2013 20:50:26
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 28.11.2012 14:09:15
LUKE.DLL : 13.6.0.602 67808 Bytes 12.02.2013 20:50:51
AVSCPLR.DLL : 13.6.0.628 94432 Bytes 05.02.2013 18:31:15
AVREG.DLL : 13.6.0.600 250592 Bytes 05.02.2013 18:31:14
avlode.dll : 13.6.2.624 434912 Bytes 05.02.2013 18:31:15
avlode.rdf : 13.0.0.38 15231 Bytes 13.02.2013 19:45:56
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 13:50:29
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:50:31
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 13:50:34
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 13:50:36
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 13:50:37
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 13:42:40
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 13:42:40
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 12:43:11
VBASE008.VDF : 7.11.60.10 6627328 Bytes 07.02.2013 17:51:09
VBASE009.VDF : 7.11.60.11 2048 Bytes 07.02.2013 17:51:09
VBASE010.VDF : 7.11.60.12 2048 Bytes 07.02.2013 17:51:10
VBASE011.VDF : 7.11.60.13 2048 Bytes 07.02.2013 17:51:10
VBASE012.VDF : 7.11.60.14 2048 Bytes 07.02.2013 17:51:10
VBASE013.VDF : 7.11.60.62 351232 Bytes 08.02.2013 17:51:10
VBASE014.VDF : 7.11.60.115 190976 Bytes 09.02.2013 16:58:29
VBASE015.VDF : 7.11.60.177 282624 Bytes 11.02.2013 20:41:41
VBASE016.VDF : 7.11.60.249 215552 Bytes 13.02.2013 19:45:52
VBASE017.VDF : 7.11.61.65 151040 Bytes 15.02.2013 12:12:43
VBASE018.VDF : 7.11.61.135 159232 Bytes 18.02.2013 20:01:37
VBASE019.VDF : 7.11.61.163 152064 Bytes 18.02.2013 20:01:37
VBASE020.VDF : 7.11.61.207 164352 Bytes 19.02.2013 20:01:38
VBASE021.VDF : 7.11.62.43 206336 Bytes 21.02.2013 19:28:34
VBASE022.VDF : 7.11.62.111 136192 Bytes 23.02.2013 17:59:31
VBASE023.VDF : 7.11.62.157 143360 Bytes 25.02.2013 20:35:32
VBASE024.VDF : 7.11.62.237 199168 Bytes 27.02.2013 17:39:17
VBASE025.VDF : 7.11.63.71 209408 Bytes 01.03.2013 10:59:39
VBASE026.VDF : 7.11.63.121 257536 Bytes 04.03.2013 19:02:29
VBASE027.VDF : 7.11.63.122 2048 Bytes 04.03.2013 19:02:29
VBASE028.VDF : 7.11.63.123 2048 Bytes 04.03.2013 19:02:29
VBASE029.VDF : 7.11.63.124 2048 Bytes 04.03.2013 19:02:30
VBASE030.VDF : 7.11.63.125 2048 Bytes 04.03.2013 19:02:30
VBASE031.VDF : 7.11.63.136 45056 Bytes 04.03.2013 19:02:30
Engineversion : 8.2.12.10
AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 13:42:55
AESCRIPT.DLL : 8.1.4.94 467324 Bytes 22.02.2013 18:35:13
AESCN.DLL : 8.1.10.0 131445 Bytes 04.01.2013 15:30:25
AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 15:58:06
AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 19:42:56
AEPACK.DLL : 8.3.1.12 815480 Bytes 28.02.2013 17:14:29
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 14:00:38
AEHEUR.DLL : 8.1.4.222 5767545 Bytes 28.02.2013 17:14:28
AEHELP.DLL : 8.1.25.2 258423 Bytes 12.10.2012 14:52:32
AEGEN.DLL : 8.1.6.16 434549 Bytes 25.01.2013 22:10:57
AEEXP.DLL : 8.4.0.6 192885 Bytes 28.02.2013 17:14:29
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55
AECORE.DLL : 8.1.31.2 201080 Bytes 20.02.2013 20:01:40
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 14:00:38
AVWINLL.DLL : 13.6.0.480 26480 Bytes 12.02.2013 20:50:20
AVPREF.DLL : 13.6.0.480 51056 Bytes 12.02.2013 20:50:25
AVREP.DLL : 13.6.0.480 178544 Bytes 05.02.2013 18:31:15
AVARKT.DLL : 13.6.0.624 260832 Bytes 12.02.2013 20:50:22
AVEVTLOG.DLL : 13.6.0.600 167648 Bytes 12.02.2013 20:50:24
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40
AVSMTP.DLL : 13.6.0.480 62832 Bytes 12.02.2013 20:50:28
NETNT.DLL : 13.6.0.480 16240 Bytes 12.02.2013 20:50:51
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 28.11.2012 14:09:40
RCTEXT.DLL : 13.6.0.480 68976 Bytes 12.02.2013 20:50:20
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Montag, 4. März 2013 23:14
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'Acer.scr' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'NASvc.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcerVCM.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuschd2.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerEvent.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxext.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'GrooveMonitor.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerTray.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'iUpdate.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'iSync.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'AthBtTray.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'BtvStack.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'EgisUpdate.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'mwlDaemon.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'PmmUpdate.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMworker.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '198' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'UpdaterService.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'RS_Service.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'GREGsvc.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerSvc.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'dsiwmis.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'adminservice.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'aavus.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '153' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '10925' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <Acer>
[0] Archivtyp: RSRC
--> C:\$Recycle.Bin\S-1-5-21-480296688-884268188-3612197392-1000\$RGE0Y0X.exe
[1] Archivtyp: NSIS
--> C:\Program Files\Acer GameZone\Merriam Websters Spell Jam\SPELL-JAM.exe
[2] Archivtyp: RSRC
--> C:\Program Files\EgisTec MyWinLocker\HTCA_SelfExtract.bin
[3] Archivtyp: OVL
--> C:\Users\Caro\AppData\Roaming\Dropbox\bin\Dropbox.exe
[4] Archivtyp: RSRC
--> C:\Users\Caro\Documents\Bewerbung - Jobs\Bosch_1\Bosch_1.mht
[5] Archivtyp: MIME
--> object
[6] Archivtyp: MIME
--> Users\Caroline\Documents\Bewerbung - Master\Jobs und Karriere - Studierende - Ihre Dissertation.mht
[FUND] Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Infected.WebPage.Gen2
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Caro\Documents\Bewerbung - Jobs\Bosch_1\Bosch_1.mht
[FUND] Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Infected.WebPage.Gen2
Beginne mit der Suche in 'D:\'
Beginne mit der Desinfektion:
C:\Users\Caro\Documents\Bewerbung - Jobs\Bosch_1\Bosch_1.mht
[FUND] Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Infected.WebPage.Gen2
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '57fbcb72.qua' verschoben!
Ende des Suchlaufs: Dienstag, 5. März 2013 22:31
Benötigte Zeit: 22:54:56 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
20539 Verzeichnisse wurden überprüft
363021 Dateien wurden geprüft
2 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
363019 Dateien ohne Befall
4558 Archive wurden durchsucht
1 Warnungen
1 Hinweise
555046 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Habe das AdwCleaner ausgeführt und auf löschen geklickt. Neustart ist erfolgt. Aber keine Ahnung was es bewirkt haben soll. Den AdwCleaner find ich auf dem Rechner auch gar nicht mehr. Habe mir Malwarebyte runtergeladen und das ist der Report dazu. Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.05.13 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Caro :: CARO-PC [Administrator] 05.03.2013 23:12:16 mbam-log-2013-03-05 (23-12-16).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 361702 Laufzeit: 2 Stunde(n), 23 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Würde mich über Hilfe bzw eine Rückmeldung sehr freuen. Danke. |
|
06.03.2013, 23:44
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | HTML/Infected.WebPage.Gen2 Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ |
|
09.03.2013, 01:11
| #3 |
| | HTML/Infected.WebPage.Gen2 Super vielen Dank für die schnelle Reaktion. Anbei die Protokolle.
__________________OTL Code:
ATTFilter OTL logfile created on: 07.03.2013 19:12:11 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Caro\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,09 Mb Total Physical Memory | 188,22 Mb Available Physical Memory | 18,58% Memory free 2,43 Gb Paging File | 0,40 Gb Available in Paging File | 16,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 215,79 Gb Total Space | 153,45 Gb Free Space | 71,11% Space Free | Partition Type: NTFS Drive D: | 4,00 Gb Total Space | 2,66 Gb Free Space | 66,51% Space Free | Partition Type: FAT32 Computer Name: CARO-PC | User Name: Caro | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Caro\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Bluetooth Suite\BtvStack.exe (Atheros Communications) PRC - C:\Programme\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) PRC - C:\Programme\Bluetooth Suite\AdminService.exe (Atheros Commnucations) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Programme\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.) PRC - C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe (Acer Incorporated) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Programme\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Programme\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) PRC - C:\Programme\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Programme\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) PRC - C:\Programme\Acer\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () ========== Modules (No Company Name) ========== MOD - C:\Programme\Google\Chrome\Application\25.0.1364.97\ppgooglenaclpluginchrome.dll () MOD - C:\Programme\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll () MOD - C:\Programme\Google\Chrome\Application\25.0.1364.97\pdf.dll () MOD - C:\Programme\Google\Chrome\Application\25.0.1364.97\libglesv2.dll () MOD - C:\Programme\Google\Chrome\Application\25.0.1364.97\libegl.dll () MOD - C:\Programme\Google\Chrome\Application\25.0.1364.97\ffmpegsumo.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3f3abe5e86f6df8943d5d2802bdf964c\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\520a80ddcdd1084993516f4d42a73e05\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\Acer\Android Manager\DEU.dll () MOD - C:\Programme\Launch Manager\CdDirIo.dll () MOD - C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll () ========== Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (AtherosSvc) -- C:\Programme\Bluetooth Suite\AdminService.exe (Atheros Commnucations) SRV - (DsiWMIService) -- C:\Programme\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (MWLService) -- C:\Programme\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.) SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG) SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) SRV - (GREGService) -- C:\Programme\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (BTATH_A2DP) -- C:\Windows\System32\drivers\btath_a2dp.sys (Atheros) DRV - (BtFilter) -- C:\Windows\System32\drivers\btfilter.sys (Atheros) DRV - (BTATH_HCRP) -- C:\Windows\System32\drivers\btath_hcrp.sys (Atheros) DRV - (BTATH_RCP) -- C:\Windows\System32\drivers\btath_rcp.sys (Atheros) DRV - (BTATH_LWFLT) -- C:\Windows\System32\drivers\btath_lwflt.sys (Atheros) DRV - (ATHDFU) -- C:\Windows\System32\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider) DRV - (AthBTPort) -- C:\Windows\System32\drivers\btath_flt.sys (Atheros) DRV - (BTATH_BUS) -- C:\Windows\System32\drivers\btath_bus.sys (Atheros) DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (EUCR) -- C:\Windows\System32\drivers\EUCR6SK.sys (ENE Technology Inc.) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Technology Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel-online.de/ IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{B331A4D9-7F52-4727-817E-ED4A6AAE2AE6}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Programme\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4 - HKLM..\Run: [AndroidManager] C:\Programme\Acer\Android Manager\AML.exe () O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [iPatchData] C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.) O4 - HKLM..\Run: [iSyncData] C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4 - HKLM..\Run: [SuiteTray] C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Programme\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC175EB9-F0A0-468D-994F-96E67F77ECBB}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.07 19:02:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Caro\Desktop\OTL.exe [2013.03.05 23:11:32 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.03.05 22:45:09 | 000,000,000 | ---D | C] -- C:\Users\Caro\AppData\Roaming\Malwarebytes [2013.03.05 22:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.05 22:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.05 22:43:20 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.05 22:43:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.05 22:42:48 | 000,000,000 | ---D | C] -- C:\Users\Caro\AppData\Local\Programs [2013.02.27 22:16:22 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2013.02.27 22:16:04 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2013.02.27 22:15:56 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.27 22:15:56 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.27 22:15:56 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.27 22:15:54 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013.02.27 22:15:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.27 22:15:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.27 22:15:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.27 22:15:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.27 22:15:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.27 22:15:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.27 22:15:52 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013.02.27 22:15:51 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2013.02.27 22:15:51 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.02.27 22:15:51 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2013.02.27 22:15:50 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013.02.27 22:15:50 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013.02.27 22:15:50 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013.02.27 22:15:50 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.02.27 22:15:49 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.02.27 22:15:49 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013.02.27 22:15:49 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013.02.27 22:15:49 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013.02.27 22:15:48 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013.02.17 20:04:22 | 000,000,000 | ---D | C] -- C:\Users\Caro\AppData\Local\.elfohilfe [2013.02.17 19:19:18 | 000,000,000 | ---D | C] -- C:\Users\Caro\AppData\Roaming\elsterformular [2013.02.17 19:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular [2013.02.17 19:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular [2013.02.17 19:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\ElsterFormular [2013.02.17 15:00:01 | 000,000,000 | ---D | C] -- C:\Users\Caro\Documents\Steuerfälle [2013.02.17 15:00:01 | 000,000,000 | ---D | C] -- C:\Users\Caro\AppData\Local\AAV [2013.02.17 14:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps [2013.02.17 14:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\Akademische Arbeitsgemeinschaft [2013.02.17 14:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AAV [2013.02.14 15:06:16 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.02.14 15:06:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.02.14 15:06:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.02.14 15:06:13 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.02.14 15:06:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.02.14 15:06:10 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.02.14 15:06:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.02.14 15:06:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.02.13 21:52:43 | 000,000,000 | ---D | C] -- C:\Users\Caro\Documents\GE [2013.02.13 20:54:47 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.02.13 20:54:16 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.02.13 20:54:15 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.02.13 20:54:10 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2013.02.13 20:54:04 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll ========== Files - Modified Within 30 Days ========== [2013.03.07 19:36:03 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.07 19:32:42 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2013.03.07 19:32:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.07 19:09:34 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.07 19:09:34 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.07 19:02:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Caro\Desktop\OTL.exe [2013.03.07 19:01:10 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.05 23:11:32 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.03.05 23:00:12 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys [2013.03.03 21:56:27 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.03 21:56:27 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.03 21:56:27 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.03 21:56:27 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.17 21:37:35 | 000,099,764 | ---- | M] () -- C:\Users\Caro\ESt2010_caroline.elfo [2013.02.17 19:18:47 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2013.02.17 16:35:15 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\STEUEReasy 2011.lnk [2013.02.17 14:47:30 | 000,002,191 | ---- | M] () -- C:\Users\Public\Desktop\Steuer-Spar-Erklärung 2010.lnk [2013.02.16 21:43:33 | 000,002,209 | ---- | M] () -- C:\Users\Caro\Desktop\Finanzübersicht - Verknüpfung.lnk [2013.02.14 15:37:18 | 000,403,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.02.17 21:34:55 | 000,099,764 | ---- | C] () -- C:\Users\Caro\ESt2010_caroline.elfo [2013.02.17 19:18:47 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2013.02.17 16:31:41 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\STEUEReasy 2011.lnk [2013.02.17 14:42:09 | 000,002,191 | ---- | C] () -- C:\Users\Public\Desktop\Steuer-Spar-Erklärung 2010.lnk [2013.02.16 21:43:33 | 000,002,209 | ---- | C] () -- C:\Users\Caro\Desktop\Finanzübersicht - Verknüpfung.lnk [2013.01.26 12:02:07 | 000,007,620 | ---- | C] () -- C:\Users\Caro\AppData\Local\Resmon.ResmonCfg [2012.12.29 08:37:52 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2012.12.29 08:37:51 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2012.12.29 08:37:51 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2012.12.29 08:37:51 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010.09.17 10:24:14 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 07.03.2013 19:12:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Caro\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1013,09 Mb Total Physical Memory | 188,22 Mb Available Physical Memory | 18,58% Memory free
2,43 Gb Paging File | 0,40 Gb Available in Paging File | 16,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 215,79 Gb Total Space | 153,45 Gb Free Space | 71,11% Space Free | Partition Type: NTFS
Drive D: | 4,00 Gb Total Space | 2,66 Gb Free Space | 66,51% Space Free | Partition Type: FAT32
Computer Name: CARO-PC | User Name: Caro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0824B0DD-3AF4-4F6B-80BD-4B2F99FC8BE1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{72B0E487-E84C-4CAC-A85C-921BED5F8652}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9C66B0BF-05BF-4FDA-A4DA-2D3FE8B57A36}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003B0630-4739-4575-927A-5138472A8976}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0F8FDF37-AE54-4230-915B-5B3F4F62DD8C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{20A5C867-274F-42F1-9D16-16A2D07B9D9D}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{23C3B22F-47EF-4E50-BC29-B75B97604A58}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3000 j310 series\bin\devicesetup.exe |
"{643368C4-0D4C-466C-AAAF-B4391244E665}" = protocol=6 | dir=in | app=c:\users\caro\appdata\roaming\dropbox\bin\dropbox.exe |
"{70CFBCA4-640F-47E9-8CD6-A59661A0D341}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{7DEE1628-877D-4831-8BE8-5016F5364319}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{8E1AE11E-5CE9-419A-95E6-F9CB24A09DA9}" = protocol=17 | dir=in | app=c:\users\caro\appdata\roaming\dropbox\bin\dropbox.exe |
"{99FDBDD0-1696-410A-AE1E-5DBC0CEEC3A7}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{A34B0244-6C53-4CAB-B3E5-D006F93E936A}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3000 j310 series\bin\devicesetup.exe |
"{AD9F4F2B-9AD1-407B-BC4D-4DFF49F49689}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3000 j310 series\bin\hpnetworkcommunicator.exe |
"{ADB98B71-E35F-4C63-891C-1D7075583D56}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{AFDBBC5B-FAA5-4CDE-B959-BA402EC250DE}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3000 j310 series\bin\hpnetworkcommunicator.exe |
"{C312C512-489A-4FE6-AACE-ABB3D6334D0B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{D6007FF0-E302-4277-94AD-6649D4AC5171}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe |
"{D644F5A6-2971-43F9-94E6-0A89ABDBB28F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E75D8D9A-3B17-412E-9D76-DB76ADDF56C0}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"TCP Query User{AAB0DE4C-60C7-4BCE-A5E0-1FC607896585}C:\users\caro\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\caro\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{889BDC8A-DCE5-49E2-BB3A-500979C66F06}C:\users\caro\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\caro\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0B3B35C8-5429-4A90-A447-D1B9ED499FE8}" = STEUEReasy 2011
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{654A65DA-7173-4B51-ACEB-F855201EE033}" = HP Deskjet 3000 J310 series Hilfe
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{7960E014-C02C-41C1-A996-4284F76515B2}" = HP Deskjet 3000 J310 series - Grundlegende Software für das Gerät
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{93C987F5-6563-4D29-A7C0-7DC85471D7C3}" = Nero Multimedia Suite 10 Essentials
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E8C23EBE-EE3C-4299-9DB9-601AB3751454}" = AAVUpdateManager
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"3B29FD3CCF1F5B855DA0C521597413EBABE97DFB" = ENE USB Card Reader Driver
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"ElsterFormular" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Photo Creations" = HP Photo Creations
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.01.2013 15:37:21 | Computer Name = Caro-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 09.01.2013 15:37:23 | Computer Name = Caro-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 09.01.2013 15:37:23 | Computer Name = Caro-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 09.01.2013 15:37:24 | Computer Name = Caro-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 09.01.2013 15:37:24 | Computer Name = Caro-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 09.01.2013 15:40:57 | Computer Name = Caro-PC | Source = .NET Runtime Optimization Service | ID = 1107
Description =
Error - 12.01.2013 10:03:10 | Computer Name = Caro-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 18.01.2013 20:36:26 | Computer Name = Caro-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 03.02.2013 10:46:51 | Computer Name = Caro-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 03.02.2013 12:13:47 | Computer Name = Caro-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
[ System Events ]
Error - 08.02.2013 03:40:21 | Computer Name = Caro-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 09.02.2013 02:16:03 | Computer Name = Caro-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 10.02.2013 12:57:24 | Computer Name = Caro-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 13.02.2013 15:40:46 | Computer Name = Caro-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 14.02.2013 09:47:41 | Computer Name = Caro-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 14.02.2013 10:37:47 | Computer Name = Caro-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 14.02.2013 19:53:43 | Computer Name = Caro-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 15.02.2013 11:56:19 | Computer Name = Caro-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.
Error - 15.02.2013 14:22:58 | Computer Name = Caro-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 16.02.2013 07:16:13 | Computer Name = Caro-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst AntiVirSchedulerService erreicht.
< End of report >
|
|
10.03.2013, 15:17
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HTML/Infected.WebPage.Gen2 Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus. Anleitung MBAR: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.03.2013, 18:08
| #5 |
| | HTML/Infected.WebPage.Gen2 Hallo, gmer ist zweimal abgestürzt. Anbei das Protokoll von mbar. Der hat leider nichts gefunden. Die Datei ist ja in Quarantäne, heißt es, dass es sich damit erledigt hat und mein System ist einfach nur langsam ist? Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.10.03
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Caro :: CARO-PC [administrator]
10.03.2013 17:21:02
mbar-log-2013-03-10 (17-21-02).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28405
Time elapsed: 21 minute(s), 6 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
10.03.2013, 20:34
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HTML/Infected.WebPage.Gen2 Bitte GMER nochmal so probieren: Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
 Tauchen Probleme auf?
__________________ --> HTML/Infected.WebPage.Gen2 |
|
12.03.2013, 22:38
| #7 |
| | HTML/Infected.WebPage.Gen2 Hallo Cosinus, gmer hat im Abgesicherten Modus funktioniert. Anbei das Ergebnis. Sind das gute oder schlechte Rootkits? Falls ich nochmal etwas scannen soll ist das morgen oder erst dann wieder am Montag Abend möglich, da ich ein paar Tage außer Haus sein werde. Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-12 22:30:26
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.PB2O 232,89GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Caro\AppData\Local\Temp\kwldqpog.sys
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 81C829E9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81CBC1C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4c0f6e700a25
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4c0f6e700a25 (not active ControlSet)
---- EOF - GMER 2.1 ----
|
|
12.03.2013, 23:53
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HTML/Infected.WebPage.Gen2 aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.03.2013, 22:30
| #9 |
| | HTML/Infected.WebPage.Gen2 Hallo Cosinus, anbei die Reports, TDSS hat nichts gefunden. Ich bin dann erst wieder am Montag da. Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-13 21:25:23
-----------------------------
21:25:23.350 OS Version: Windows 6.1.7601 Service Pack 1
21:25:23.350 Number of processors: 4 586 0x1C0A
21:25:23.350 ComputerName: CARO-PC UserName: Caro
21:25:24.458 Initialize success
21:25:55.608 AVAST engine defs: 13031301
21:48:21.045 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:48:21.108 Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 3
21:48:21.139 Disk 0 MBR read successfully
21:48:21.154 Disk 0 MBR scan
21:48:21.763 Disk 0 Windows 7 default MBR code
21:48:21.794 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
21:48:21.966 Disk 0 Partition 2 00 0C FAT32 LBA MSDOS5.0 4096 MB offset 27265024
21:48:22.075 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 35653632
21:48:22.090 Disk 0 Partition - 00 0F Extended LBA 220965 MB offset 35858432
21:48:22.137 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 220964 MB offset 35860480
21:48:22.215 Disk 0 scanning sectors +488394752
21:48:22.527 Disk 0 scanning C:\Windows\system32\drivers
21:48:50.295 Service scanning
21:49:42.540 Modules scanning
21:50:02.399 Disk 0 trace - called modules:
21:50:02.445 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
21:50:02.477 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f75400]
21:50:02.492 3 CLASSPNP.SYS[86bac59e] -> nt!IofCallDriver -> [0x84452e50]
21:50:02.508 5 ACPI.sys[864b13d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84436028]
21:50:05.877 AVAST engine scan C:\Windows
21:50:10.589 AVAST engine scan C:\Windows\system32
21:55:27.441 AVAST engine scan C:\Windows\system32\drivers
21:55:50.186 AVAST engine scan C:\Users\Caro
22:00:44.012 Disk 0 MBR has been saved successfully to "C:\Users\Caro\Desktop\MBR.dat"
22:00:44.043 The log file has been saved successfully to "C:\Users\Caro\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-13 22:01:55
-----------------------------
22:01:55.695 OS Version: Windows 6.1.7601 Service Pack 1
22:01:55.695 Number of processors: 4 586 0x1C0A
22:01:55.710 ComputerName: CARO-PC UserName: Caro
22:01:57.052 Initialize success
22:02:27.253 AVAST engine defs: 13031301
22:02:36.395 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:02:36.395 Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 3
22:02:36.442 Disk 0 MBR read successfully
22:02:36.442 Disk 0 MBR scan
22:02:36.457 Disk 0 Windows 7 default MBR code
22:02:36.489 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
22:02:36.535 Disk 0 Partition 2 00 0C FAT32 LBA MSDOS5.0 4096 MB offset 27265024
22:02:36.567 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 35653632
22:02:36.582 Disk 0 Partition - 00 0F Extended LBA 220965 MB offset 35858432
22:02:36.629 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 220964 MB offset 35860480
22:02:36.660 Disk 0 scanning sectors +488394752
22:02:36.785 Disk 0 scanning C:\Windows\system32\drivers
22:02:59.764 Service scanning
22:03:56.408 Modules scanning
22:04:22.288 Disk 0 trace - called modules:
22:04:22.350 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
22:04:22.366 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f75400]
22:04:22.382 3 CLASSPNP.SYS[86bac59e] -> nt!IofCallDriver -> [0x84452e50]
22:04:22.397 5 ACPI.sys[864b13d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84436028]
22:04:23.224 AVAST engine scan C:\Windows
22:04:38.559 AVAST engine scan C:\Windows\system32
22:11:12.460 AVAST engine scan C:\Windows\system32\drivers
22:11:35.454 AVAST engine scan C:\Users\Caro
22:18:54.801 AVAST engine scan C:\ProgramData
22:19:31.601 Scan finished successfully
22:20:46.871 Disk 0 MBR has been saved successfully to "C:\Users\Caro\Desktop\MBR.dat"
22:20:46.902 The log file has been saved successfully to "C:\Users\Caro\Desktop\aswMBR.txt"
Code:
ATTFilter 22:22:40.0780 3124 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:22:40.0889 3124 ============================================================
22:22:40.0889 3124 Current date / time: 2013/03/13 22:22:40.0889
22:22:40.0889 3124 SystemInfo:
22:22:40.0889 3124
22:22:40.0889 3124 OS Version: 6.1.7601 ServicePack: 1.0
22:22:40.0889 3124 Product type: Workstation
22:22:40.0889 3124 ComputerName: CARO-PC
22:22:40.0889 3124 UserName: Caro
22:22:40.0889 3124 Windows directory: C:\Windows
22:22:40.0889 3124 System windows directory: C:\Windows
22:22:40.0889 3124 Processor architecture: Intel x86
22:22:40.0889 3124 Number of processors: 4
22:22:40.0889 3124 Page size: 0x1000
22:22:40.0889 3124 Boot type: Normal boot
22:22:40.0889 3124 ============================================================
22:22:41.0373 3124 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:22:41.0373 3124 ============================================================
22:22:41.0373 3124 \Device\Harddisk0\DR0:
22:22:41.0373 3124 MBR partitions:
22:22:41.0373 3124 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x1A00800, BlocksNum 0x800000
22:22:41.0373 3124 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2200800, BlocksNum 0x32000
22:22:41.0388 3124 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2233000, BlocksNum 0x1AF92000
22:22:41.0388 3124 ============================================================
22:22:41.0435 3124 C: <-> \Device\Harddisk0\DR0\Partition3
22:22:41.0451 3124 D: <-> \Device\Harddisk0\DR0\Partition1
22:22:41.0451 3124 ============================================================
22:22:41.0451 3124 Initialize success
22:22:41.0451 3124 ============================================================
22:22:42.0730 1836 ============================================================
22:22:42.0730 1836 Scan started
22:22:42.0730 1836 Mode: Manual;
22:22:42.0730 1836 ============================================================
22:22:42.0855 1836 ================ Scan system memory ========================
22:22:42.0855 1836 System memory - ok
22:22:42.0870 1836 ================ Scan services =============================
22:22:43.0089 1836 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:22:43.0089 1836 1394ohci - ok
22:22:43.0229 1836 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
22:22:43.0229 1836 AAV UpdateService - ok
22:22:43.0323 1836 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:22:43.0338 1836 ACPI - ok
22:22:43.0385 1836 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:22:43.0385 1836 AcpiPmi - ok
22:22:43.0432 1836 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:22:43.0447 1836 adp94xx - ok
22:22:43.0479 1836 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:22:43.0479 1836 adpahci - ok
22:22:43.0494 1836 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:22:43.0494 1836 adpu320 - ok
22:22:43.0541 1836 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:22:43.0541 1836 AeLookupSvc - ok
22:22:43.0603 1836 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
22:22:43.0619 1836 AFD - ok
22:22:43.0650 1836 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
22:22:43.0666 1836 agp440 - ok
22:22:43.0713 1836 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
22:22:43.0713 1836 aic78xx - ok
22:22:43.0759 1836 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
22:22:43.0759 1836 ALG - ok
22:22:43.0822 1836 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
22:22:43.0822 1836 aliide - ok
22:22:43.0837 1836 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
22:22:43.0853 1836 amdagp - ok
22:22:43.0884 1836 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
22:22:43.0884 1836 amdide - ok
22:22:43.0931 1836 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:22:43.0931 1836 AmdK8 - ok
22:22:43.0947 1836 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
22:22:43.0947 1836 AmdPPM - ok
22:22:44.0009 1836 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:22:44.0009 1836 amdsata - ok
22:22:44.0056 1836 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
22:22:44.0056 1836 amdsbs - ok
22:22:44.0087 1836 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:22:44.0087 1836 amdxata - ok
22:22:44.0181 1836 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:22:44.0181 1836 AntiVirSchedulerService - ok
22:22:44.0227 1836 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:22:44.0227 1836 AntiVirService - ok
22:22:44.0305 1836 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
22:22:44.0305 1836 AppID - ok
22:22:44.0352 1836 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:22:44.0352 1836 AppIDSvc - ok
22:22:44.0399 1836 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
22:22:44.0399 1836 Appinfo - ok
22:22:44.0430 1836 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
22:22:44.0430 1836 arc - ok
22:22:44.0461 1836 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:22:44.0461 1836 arcsas - ok
22:22:44.0477 1836 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:22:44.0477 1836 AsyncMac - ok
22:22:44.0524 1836 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
22:22:44.0524 1836 atapi - ok
22:22:44.0571 1836 [ 61361A8A62A193C339DACB341D246E63 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
22:22:44.0571 1836 AthBTPort - ok
22:22:44.0617 1836 [ 70441751B1D988608E135D4F903ABA5C ] ATHDFU C:\Windows\system32\Drivers\AthDfu.sys
22:22:44.0617 1836 ATHDFU - ok
22:22:44.0680 1836 [ 935B12A4795F7B81596D128FC869B534 ] AtherosSvc C:\Program Files\Bluetooth Suite\adminservice.exe
22:22:44.0680 1836 AtherosSvc - ok
22:22:44.0773 1836 [ C35AF075C15827D74B5C9702CBCB175B ] athr C:\Windows\system32\DRIVERS\athr.sys
22:22:44.0805 1836 athr - ok
22:22:44.0851 1836 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:22:44.0867 1836 AudioEndpointBuilder - ok
22:22:44.0883 1836 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:22:44.0898 1836 Audiosrv - ok
22:22:44.0929 1836 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
22:22:44.0945 1836 avgntflt - ok
22:22:44.0992 1836 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
22:22:44.0992 1836 avipbb - ok
22:22:45.0023 1836 [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
22:22:45.0023 1836 avkmgr - ok
22:22:45.0070 1836 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:22:45.0085 1836 AxInstSV - ok
22:22:45.0148 1836 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
22:22:45.0148 1836 b06bdrv - ok
22:22:45.0195 1836 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
22:22:45.0195 1836 b57nd60x - ok
22:22:45.0319 1836 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
22:22:45.0319 1836 BBSvc - ok
22:22:45.0366 1836 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
22:22:45.0366 1836 BBUpdate - ok
22:22:45.0413 1836 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
22:22:45.0413 1836 BDESVC - ok
22:22:45.0444 1836 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
22:22:45.0444 1836 Beep - ok
22:22:45.0507 1836 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
22:22:45.0569 1836 BFE - ok
22:22:45.0616 1836 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
22:22:45.0694 1836 BITS - ok
22:22:45.0725 1836 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
22:22:45.0756 1836 blbdrive - ok
22:22:45.0819 1836 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:22:45.0865 1836 bowser - ok
22:22:45.0897 1836 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
22:22:45.0928 1836 BrFiltLo - ok
22:22:45.0943 1836 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
22:22:45.0959 1836 BrFiltUp - ok
22:22:46.0006 1836 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
22:22:46.0037 1836 Browser - ok
22:22:46.0099 1836 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:22:46.0146 1836 Brserid - ok
22:22:46.0177 1836 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:22:46.0209 1836 BrSerWdm - ok
22:22:46.0224 1836 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:22:46.0240 1836 BrUsbMdm - ok
22:22:46.0255 1836 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:22:46.0287 1836 BrUsbSer - ok
22:22:46.0349 1836 [ ED84067704F7CB92C5DCE0FA9CC1616A ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
22:22:46.0380 1836 BTATH_A2DP - ok
22:22:46.0411 1836 [ 3D58BED2BFA9EC2F060811B8F5EF1D3B ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
22:22:46.0443 1836 BTATH_BUS - ok
22:22:46.0474 1836 [ C1D73E8E7570F8BBD27A034F8E3F890B ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
22:22:46.0521 1836 BTATH_HCRP - ok
22:22:46.0552 1836 [ CB2A26BA734C58DCBDE4BA444D21DE3B ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
22:22:46.0567 1836 BTATH_LWFLT - ok
22:22:46.0599 1836 [ 954678976BBACCAB3F7D7ACE875AA193 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
22:22:46.0645 1836 BTATH_RCP - ok
22:22:46.0692 1836 [ 0A53B4F35A035A46AAC08D8BF8B470B0 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
22:22:46.0723 1836 BtFilter - ok
22:22:46.0770 1836 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
22:22:46.0817 1836 BthEnum - ok
22:22:46.0833 1836 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:22:46.0879 1836 BTHMODEM - ok
22:22:46.0926 1836 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
22:22:46.0957 1836 BthPan - ok
22:22:47.0051 1836 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
22:22:47.0098 1836 BTHPORT - ok
22:22:47.0145 1836 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
22:22:47.0191 1836 bthserv - ok
22:22:47.0223 1836 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
22:22:47.0254 1836 BTHUSB - ok
22:22:47.0301 1836 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:22:47.0332 1836 cdfs - ok
22:22:47.0394 1836 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
22:22:47.0441 1836 cdrom - ok
22:22:47.0503 1836 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
22:22:47.0566 1836 CertPropSvc - ok
22:22:47.0613 1836 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
22:22:47.0644 1836 circlass - ok
22:22:47.0691 1836 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
22:22:47.0737 1836 CLFS - ok
22:22:47.0815 1836 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:22:47.0862 1836 clr_optimization_v2.0.50727_32 - ok
22:22:47.0956 1836 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:22:48.0018 1836 clr_optimization_v4.0.30319_32 - ok
22:22:48.0065 1836 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
22:22:48.0096 1836 CmBatt - ok
22:22:48.0127 1836 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:22:48.0143 1836 cmdide - ok
22:22:48.0174 1836 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
22:22:48.0237 1836 CNG - ok
22:22:48.0268 1836 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
22:22:48.0299 1836 Compbatt - ok
22:22:48.0361 1836 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:22:48.0393 1836 CompositeBus - ok
22:22:48.0424 1836 COMSysApp - ok
22:22:48.0471 1836 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:22:48.0502 1836 crcdisk - ok
22:22:48.0549 1836 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:22:48.0595 1836 CryptSvc - ok
22:22:48.0658 1836 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
22:22:48.0673 1836 DcomLaunch - ok
22:22:48.0705 1836 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
22:22:48.0767 1836 defragsvc - ok
22:22:48.0814 1836 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:22:48.0845 1836 DfsC - ok
22:22:48.0907 1836 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
22:22:48.0954 1836 Dhcp - ok
22:22:48.0970 1836 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
22:22:49.0001 1836 discache - ok
22:22:49.0079 1836 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
22:22:49.0126 1836 Disk - ok
22:22:49.0157 1836 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:22:49.0188 1836 Dnscache - ok
22:22:49.0251 1836 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
22:22:49.0313 1836 dot3svc - ok
22:22:49.0360 1836 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
22:22:49.0407 1836 DPS - ok
22:22:49.0438 1836 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:22:49.0469 1836 drmkaud - ok
22:22:49.0563 1836 [ 9CF46FDF163E06B83D03FF929EF2296C ] DsiWMIService C:\Program Files\Launch Manager\dsiwmis.exe
22:22:49.0609 1836 DsiWMIService - ok
22:22:49.0672 1836 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:22:49.0734 1836 DXGKrnl - ok
22:22:49.0765 1836 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
22:22:49.0812 1836 EapHost - ok
22:22:49.0953 1836 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
22:22:50.0140 1836 ebdrv - ok
22:22:50.0187 1836 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
22:22:50.0218 1836 EFS - ok
22:22:50.0280 1836 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:22:50.0311 1836 elxstor - ok
22:22:50.0389 1836 [ 2609A5B13DE9B2EEB38F3A83A406D079 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
22:22:50.0467 1836 ePowerSvc - ok
22:22:50.0514 1836 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:22:50.0530 1836 ErrDev - ok
22:22:50.0608 1836 [ 4FAB8DFAF156E048AD514EABD268AB3A ] EUCR C:\Windows\system32\DRIVERS\EUCR6SK.SYS
22:22:50.0639 1836 EUCR - ok
22:22:50.0701 1836 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
22:22:50.0748 1836 EventSystem - ok
22:22:50.0779 1836 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
22:22:50.0811 1836 exfat - ok
22:22:50.0842 1836 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:22:50.0873 1836 fastfat - ok
22:22:50.0935 1836 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
22:22:51.0060 1836 Fax - ok
22:22:51.0107 1836 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
22:22:51.0138 1836 fdc - ok
22:22:51.0185 1836 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
22:22:51.0216 1836 fdPHost - ok
22:22:51.0247 1836 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
22:22:51.0279 1836 FDResPub - ok
22:22:51.0310 1836 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:22:51.0325 1836 FileInfo - ok
22:22:51.0357 1836 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:22:51.0388 1836 Filetrace - ok
22:22:51.0419 1836 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
22:22:51.0435 1836 flpydisk - ok
22:22:51.0481 1836 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:22:51.0528 1836 FltMgr - ok
22:22:51.0591 1836 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
22:22:51.0637 1836 FontCache - ok
22:22:51.0715 1836 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:22:51.0747 1836 FontCache3.0.0.0 - ok
22:22:51.0778 1836 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:22:51.0825 1836 FsDepends - ok
22:22:51.0871 1836 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:22:51.0918 1836 Fs_Rec - ok
22:22:51.0965 1836 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:22:52.0027 1836 fvevol - ok
22:22:52.0074 1836 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:22:52.0090 1836 gagp30kx - ok
22:22:52.0137 1836 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
22:22:52.0199 1836 gpsvc - ok
22:22:52.0261 1836 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files\Acer\Registration\GREGsvc.exe
22:22:52.0293 1836 GREGService - ok
22:22:52.0371 1836 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
22:22:52.0433 1836 gupdate - ok
22:22:52.0464 1836 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:22:52.0464 1836 gupdatem - ok
22:22:52.0511 1836 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:22:52.0542 1836 hcw85cir - ok
22:22:52.0620 1836 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:22:52.0667 1836 HdAudAddService - ok
22:22:52.0714 1836 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:22:52.0729 1836 HDAudBus - ok
22:22:52.0776 1836 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
22:22:52.0823 1836 HidBatt - ok
22:22:52.0839 1836 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:22:52.0870 1836 HidBth - ok
22:22:52.0901 1836 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
22:22:52.0932 1836 HidIr - ok
22:22:52.0995 1836 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
22:22:53.0041 1836 hidserv - ok
22:22:53.0104 1836 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
22:22:53.0135 1836 HidUsb - ok
22:22:53.0166 1836 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:22:53.0213 1836 hkmsvc - ok
22:22:53.0260 1836 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:22:53.0307 1836 HomeGroupListener - ok
22:22:53.0353 1836 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:22:53.0416 1836 HomeGroupProvider - ok
22:22:53.0494 1836 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:22:53.0525 1836 HpSAMD - ok
22:22:53.0603 1836 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:22:53.0681 1836 HTTP - ok
22:22:53.0712 1836 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:22:53.0743 1836 hwpolicy - ok
22:22:53.0806 1836 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:22:53.0853 1836 i8042prt - ok
22:22:53.0946 1836 [ D80AA0907748D7CC8EFAB3773F32629B ] iaStor C:\Windows\system32\drivers\iaStor.sys
22:22:53.0946 1836 iaStor - ok
22:22:54.0024 1836 [ A9BE186ABF28B3D3D698CB855EDF457E ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
22:22:54.0055 1836 IAStorDataMgrSvc - ok
22:22:54.0102 1836 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:22:54.0165 1836 iaStorV - ok
22:22:54.0243 1836 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:22:54.0383 1836 idsvc - ok
22:22:54.0555 1836 [ D0074897C6BC132F3980EA4654BF7FB9 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
22:22:54.0773 1836 igfx - ok
22:22:54.0820 1836 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:22:54.0867 1836 iirsp - ok
22:22:54.0945 1836 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
22:22:55.0023 1836 IKEEXT - ok
22:22:55.0179 1836 [ 8C92829CCAE93139B90C46389FBEF4CF ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
22:22:55.0350 1836 IntcAzAudAddService - ok
22:22:55.0397 1836 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
22:22:55.0413 1836 intelide - ok
22:22:55.0459 1836 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:22:55.0506 1836 intelppm - ok
22:22:55.0537 1836 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:22:55.0600 1836 IPBusEnum - ok
22:22:55.0631 1836 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:22:55.0678 1836 IpFilterDriver - ok
22:22:55.0756 1836 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:22:55.0803 1836 iphlpsvc - ok
22:22:55.0849 1836 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:22:55.0865 1836 IPMIDRV - ok
22:22:55.0896 1836 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:22:55.0943 1836 IPNAT - ok
22:22:55.0990 1836 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:22:55.0990 1836 IRENUM - ok
22:22:56.0021 1836 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:22:56.0052 1836 isapnp - ok
22:22:56.0083 1836 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:22:56.0130 1836 iScsiPrt - ok
22:22:56.0146 1836 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
22:22:56.0177 1836 kbdclass - ok
22:22:56.0224 1836 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
22:22:56.0239 1836 kbdhid - ok
22:22:56.0271 1836 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
22:22:56.0271 1836 KeyIso - ok
22:22:56.0317 1836 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:22:56.0349 1836 KSecDD - ok
22:22:56.0380 1836 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:22:56.0427 1836 KSecPkg - ok
22:22:56.0473 1836 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
22:22:56.0536 1836 KtmRm - ok
22:22:56.0583 1836 [ 1A91EAAD2D73758140B3B7B6AD736573 ] L1C C:\Windows\system32\DRIVERS\L1C62x86.sys
22:22:56.0614 1836 L1C - ok
22:22:56.0692 1836 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
22:22:56.0754 1836 LanmanServer - ok
22:22:56.0785 1836 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:22:56.0832 1836 LanmanWorkstation - ok
22:22:56.0895 1836 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:22:56.0926 1836 lltdio - ok
22:22:56.0988 1836 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:22:57.0051 1836 lltdsvc - ok
22:22:57.0082 1836 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
22:22:57.0097 1836 lmhosts - ok
22:22:57.0144 1836 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:22:57.0175 1836 LSI_FC - ok
22:22:57.0207 1836 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:22:57.0222 1836 LSI_SAS - ok
22:22:57.0238 1836 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
22:22:57.0269 1836 LSI_SAS2 - ok
22:22:57.0285 1836 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:22:57.0300 1836 LSI_SCSI - ok
22:22:57.0347 1836 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
22:22:57.0363 1836 luafv - ok
22:22:57.0394 1836 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
22:22:57.0409 1836 megasas - ok
22:22:57.0456 1836 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
22:22:57.0503 1836 MegaSR - ok
22:22:57.0597 1836 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
22:22:57.0628 1836 Microsoft Office Groove Audit Service - ok
22:22:57.0659 1836 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
22:22:57.0675 1836 MMCSS - ok
22:22:57.0706 1836 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
22:22:57.0737 1836 Modem - ok
22:22:57.0768 1836 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:22:57.0799 1836 monitor - ok
22:22:57.0831 1836 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
22:22:57.0877 1836 mouclass - ok
22:22:57.0924 1836 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\drivers\mouhid.sys
22:22:57.0924 1836 mouhid - ok
22:22:57.0971 1836 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:22:58.0002 1836 mountmgr - ok
22:22:58.0033 1836 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
22:22:58.0065 1836 mpio - ok
22:22:58.0096 1836 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:22:58.0143 1836 mpsdrv - ok
22:22:58.0189 1836 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:22:58.0267 1836 MpsSvc - ok
22:22:58.0299 1836 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:22:58.0330 1836 MRxDAV - ok
22:22:58.0392 1836 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:22:58.0408 1836 mrxsmb - ok
22:22:58.0439 1836 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:22:58.0486 1836 mrxsmb10 - ok
22:22:58.0517 1836 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:22:58.0533 1836 mrxsmb20 - ok
22:22:58.0564 1836 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
22:22:58.0595 1836 msahci - ok
22:22:58.0642 1836 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:22:58.0657 1836 msdsm - ok
22:22:58.0689 1836 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
22:22:58.0720 1836 MSDTC - ok
22:22:58.0782 1836 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:22:58.0813 1836 Msfs - ok
22:22:58.0829 1836 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:22:58.0860 1836 mshidkmdf - ok
22:22:58.0907 1836 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:22:58.0938 1836 msisadrv - ok
22:22:59.0001 1836 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:22:59.0047 1836 MSiSCSI - ok
22:22:59.0047 1836 msiserver - ok
22:22:59.0094 1836 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:22:59.0125 1836 MSKSSRV - ok
22:22:59.0141 1836 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:22:59.0157 1836 MSPCLOCK - ok
22:22:59.0172 1836 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:22:59.0188 1836 MSPQM - ok
22:22:59.0203 1836 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:22:59.0250 1836 MsRPC - ok
22:22:59.0297 1836 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:22:59.0328 1836 mssmbios - ok
22:22:59.0375 1836 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:22:59.0375 1836 MSTEE - ok
22:22:59.0391 1836 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
22:22:59.0406 1836 MTConfig - ok
22:22:59.0437 1836 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
22:22:59.0453 1836 Mup - ok
22:22:59.0484 1836 [ CB47C414E083CA6E50E634B148F28F64 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
22:22:59.0531 1836 mwlPSDFilter - ok
22:22:59.0547 1836 [ 647B953019559BFF07536F5C6121F333 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
22:22:59.0562 1836 mwlPSDNServ - ok
22:22:59.0578 1836 [ 5A236A36DB8687D1E64DC81C03EAABE1 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
22:22:59.0593 1836 mwlPSDVDisk - ok
22:22:59.0671 1836 [ 3E5E20817259F7328C8F3BE5421F35B9 ] MWLService C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe
22:22:59.0718 1836 MWLService - ok
22:22:59.0765 1836 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
22:22:59.0796 1836 napagent - ok
22:22:59.0843 1836 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:22:59.0890 1836 NativeWifiP - ok
22:22:59.0983 1836 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
22:23:00.0030 1836 NAUpdate - ok
22:23:00.0093 1836 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:23:00.0186 1836 NDIS - ok
22:23:00.0217 1836 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:23:00.0264 1836 NdisCap - ok
22:23:00.0295 1836 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:23:00.0311 1836 NdisTapi - ok
22:23:00.0358 1836 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:23:00.0389 1836 Ndisuio - ok
22:23:00.0436 1836 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:23:00.0483 1836 NdisWan - ok
22:23:00.0529 1836 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:23:00.0592 1836 NDProxy - ok
22:23:00.0639 1836 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:23:00.0685 1836 NetBIOS - ok
22:23:00.0732 1836 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:23:00.0779 1836 NetBT - ok
22:23:00.0810 1836 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
22:23:00.0810 1836 Netlogon - ok
22:23:00.0857 1836 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
22:23:00.0904 1836 Netman - ok
22:23:00.0920 1836 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
22:23:00.0998 1836 netprofm - ok
22:23:01.0044 1836 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:23:01.0107 1836 NetTcpPortSharing - ok
22:23:01.0154 1836 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:23:01.0185 1836 nfrd960 - ok
22:23:01.0232 1836 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
22:23:01.0278 1836 NlaSvc - ok
22:23:01.0310 1836 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:23:01.0341 1836 Npfs - ok
22:23:01.0388 1836 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
22:23:01.0419 1836 nsi - ok
22:23:01.0450 1836 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:23:01.0466 1836 nsiproxy - ok
22:23:01.0544 1836 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:23:01.0606 1836 Ntfs - ok
22:23:01.0637 1836 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
22:23:01.0668 1836 Null - ok
22:23:01.0715 1836 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:23:01.0762 1836 nvraid - ok
22:23:01.0809 1836 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:23:01.0840 1836 nvstor - ok
22:23:01.0887 1836 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:23:01.0902 1836 nv_agp - ok
22:23:01.0996 1836 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:23:02.0074 1836 odserv - ok
22:23:02.0105 1836 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:23:02.0152 1836 ohci1394 - ok
22:23:02.0199 1836 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:23:02.0230 1836 ose - ok
22:23:02.0292 1836 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:23:02.0355 1836 p2pimsvc - ok
22:23:02.0386 1836 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
22:23:02.0448 1836 p2psvc - ok
22:23:02.0495 1836 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
22:23:02.0511 1836 Parport - ok
22:23:02.0542 1836 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:23:02.0589 1836 partmgr - ok
22:23:02.0604 1836 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
22:23:02.0620 1836 Parvdm - ok
22:23:02.0651 1836 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:23:02.0714 1836 PcaSvc - ok
22:23:02.0745 1836 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
22:23:02.0792 1836 pci - ok
22:23:02.0807 1836 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
22:23:02.0838 1836 pciide - ok
22:23:02.0885 1836 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:23:02.0916 1836 pcmcia - ok
22:23:02.0948 1836 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
22:23:02.0979 1836 pcw - ok
22:23:03.0026 1836 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:23:03.0088 1836 PEAUTH - ok
22:23:03.0197 1836 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
22:23:03.0275 1836 pla - ok
22:23:03.0322 1836 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:23:03.0384 1836 PlugPlay - ok
22:23:03.0431 1836 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:23:03.0462 1836 PNRPAutoReg - ok
22:23:03.0478 1836 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:23:03.0494 1836 PNRPsvc - ok
22:23:03.0540 1836 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:23:03.0603 1836 PolicyAgent - ok
22:23:03.0650 1836 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
22:23:03.0681 1836 Power - ok
22:23:03.0712 1836 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:23:03.0743 1836 PptpMiniport - ok
22:23:03.0759 1836 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
22:23:03.0806 1836 Processor - ok
22:23:03.0852 1836 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
22:23:03.0884 1836 ProfSvc - ok
22:23:03.0915 1836 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:23:03.0915 1836 ProtectedStorage - ok
22:23:03.0962 1836 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:23:03.0977 1836 Psched - ok
22:23:04.0055 1836 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:23:04.0118 1836 ql2300 - ok
22:23:04.0149 1836 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:23:04.0180 1836 ql40xx - ok
22:23:04.0211 1836 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
22:23:04.0258 1836 QWAVE - ok
22:23:04.0305 1836 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:23:04.0336 1836 QWAVEdrv - ok
22:23:04.0352 1836 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:23:04.0383 1836 RasAcd - ok
22:23:04.0445 1836 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:23:04.0476 1836 RasAgileVpn - ok
22:23:04.0523 1836 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
22:23:04.0554 1836 RasAuto - ok
22:23:04.0586 1836 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:23:04.0617 1836 Rasl2tp - ok
22:23:04.0695 1836 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
22:23:04.0726 1836 RasMan - ok
22:23:04.0757 1836 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:23:04.0773 1836 RasPppoe - ok
22:23:04.0788 1836 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:23:04.0835 1836 RasSstp - ok
22:23:04.0882 1836 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:23:04.0929 1836 rdbss - ok
22:23:04.0960 1836 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
22:23:04.0991 1836 rdpbus - ok
22:23:05.0038 1836 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:23:05.0069 1836 RDPCDD - ok
22:23:05.0132 1836 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:23:05.0163 1836 RDPENCDD - ok
22:23:05.0225 1836 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:23:05.0256 1836 RDPREFMP - ok
22:23:05.0350 1836 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:23:05.0350 1836 RdpVideoMiniport - ok
22:23:05.0381 1836 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:23:05.0428 1836 RDPWD - ok
22:23:05.0506 1836 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:23:05.0537 1836 rdyboost - ok
22:23:05.0568 1836 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
22:23:05.0615 1836 RemoteAccess - ok
22:23:05.0662 1836 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:23:05.0709 1836 RemoteRegistry - ok
22:23:05.0740 1836 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
22:23:05.0756 1836 RFCOMM - ok
22:23:05.0787 1836 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:23:05.0818 1836 RpcEptMapper - ok
22:23:05.0834 1836 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
22:23:05.0865 1836 RpcLocator - ok
22:23:05.0912 1836 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
22:23:05.0927 1836 RpcSs - ok
22:23:05.0958 1836 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:23:06.0005 1836 rspndr - ok
22:23:06.0083 1836 [ 7CB9F0FDD730F4A4ECF6CDE15EA12E8A ] RS_Service C:\Program Files\Acer\Acer VCM\RS_Service.exe
22:23:06.0146 1836 RS_Service - ok
22:23:06.0177 1836 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
22:23:06.0177 1836 SamSs - ok
22:23:06.0224 1836 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:23:06.0255 1836 sbp2port - ok
22:23:06.0286 1836 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:23:06.0348 1836 SCardSvr - ok
22:23:06.0395 1836 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:23:06.0426 1836 scfilter - ok
22:23:06.0489 1836 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
22:23:06.0567 1836 Schedule - ok
22:23:06.0598 1836 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:23:06.0598 1836 SCPolicySvc - ok
22:23:06.0645 1836 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:23:06.0692 1836 SDRSVC - ok
22:23:06.0738 1836 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:23:06.0754 1836 secdrv - ok
22:23:06.0785 1836 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
22:23:06.0816 1836 seclogon - ok
22:23:06.0863 1836 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
22:23:06.0910 1836 SENS - ok
22:23:06.0926 1836 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys
22:23:06.0972 1836 Serenum - ok
22:23:07.0035 1836 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys
22:23:07.0082 1836 Serial - ok
22:23:07.0144 1836 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:23:07.0175 1836 sermouse - ok
22:23:07.0238 1836 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
22:23:07.0284 1836 SessionEnv - ok
22:23:07.0316 1836 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:23:07.0331 1836 sffdisk - ok
22:23:07.0362 1836 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:23:07.0362 1836 sffp_mmc - ok
22:23:07.0394 1836 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:23:07.0425 1836 sffp_sd - ok
22:23:07.0456 1836 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:23:07.0503 1836 sfloppy - ok
22:23:07.0550 1836 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:23:07.0581 1836 SharedAccess - ok
22:23:07.0643 1836 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:23:07.0706 1836 ShellHWDetection - ok
22:23:07.0752 1836 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
22:23:07.0799 1836 sisagp - ok
22:23:07.0846 1836 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
22:23:07.0877 1836 SiSRaid2 - ok
22:23:07.0908 1836 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:23:07.0924 1836 SiSRaid4 - ok
22:23:07.0955 1836 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:23:08.0002 1836 Smb - ok
22:23:08.0049 1836 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:23:08.0080 1836 SNMPTRAP - ok
22:23:08.0127 1836 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
22:23:08.0158 1836 spldr - ok
22:23:08.0236 1836 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
22:23:08.0314 1836 Spooler - ok
22:23:08.0423 1836 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
22:23:08.0595 1836 sppsvc - ok
22:23:08.0642 1836 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:23:08.0688 1836 sppuinotify - ok
22:23:08.0735 1836 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:23:08.0766 1836 srv - ok
22:23:08.0782 1836 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:23:08.0829 1836 srv2 - ok
22:23:08.0860 1836 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:23:08.0891 1836 srvnet - ok
22:23:08.0938 1836 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:23:08.0969 1836 SSDPSRV - ok
22:23:09.0016 1836 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
22:23:09.0047 1836 ssmdrv - ok
22:23:09.0078 1836 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:23:09.0110 1836 SstpSvc - ok
22:23:09.0156 1836 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
22:23:09.0203 1836 stexstor - ok
22:23:09.0266 1836 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
22:23:09.0328 1836 StiSvc - ok
22:23:09.0375 1836 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
22:23:09.0390 1836 swenum - ok
22:23:09.0437 1836 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
22:23:09.0500 1836 swprv - ok
22:23:09.0562 1836 [ 5CDD124913E91C7F79B4D5CAE1C7C4DE ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:23:09.0609 1836 SynTP - ok
22:23:09.0671 1836 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
22:23:09.0765 1836 SysMain - ok
22:23:09.0812 1836 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:23:09.0843 1836 TabletInputService - ok
22:23:09.0890 1836 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
22:23:09.0936 1836 TapiSrv - ok
22:23:09.0983 1836 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
22:23:09.0999 1836 TBS - ok
22:23:10.0092 1836 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:23:10.0155 1836 Tcpip - ok
22:23:10.0202 1836 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:23:10.0217 1836 TCPIP6 - ok
22:23:10.0280 1836 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:23:10.0311 1836 tcpipreg - ok
22:23:10.0358 1836 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:23:10.0389 1836 TDPIPE - ok
22:23:10.0420 1836 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:23:10.0436 1836 TDTCP - ok
22:23:10.0482 1836 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:23:10.0514 1836 tdx - ok
22:23:10.0529 1836 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:23:10.0576 1836 TermDD - ok
22:23:10.0623 1836 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
22:23:10.0701 1836 TermService - ok
22:23:10.0748 1836 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
22:23:10.0794 1836 Themes - ok
22:23:10.0810 1836 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
22:23:10.0826 1836 THREADORDER - ok
22:23:10.0857 1836 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
22:23:10.0904 1836 TrkWks - ok
22:23:10.0982 1836 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:23:11.0028 1836 TrustedInstaller - ok
22:23:11.0075 1836 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:23:11.0106 1836 tssecsrv - ok
22:23:11.0184 1836 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:23:11.0216 1836 TsUsbFlt - ok
22:23:11.0278 1836 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:23:11.0340 1836 tunnel - ok
22:23:11.0387 1836 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:23:11.0418 1836 uagp35 - ok
22:23:11.0465 1836 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:23:11.0496 1836 udfs - ok
22:23:11.0559 1836 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:23:11.0590 1836 UI0Detect - ok
22:23:11.0606 1836 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:23:11.0621 1836 uliagpkx - ok
22:23:11.0668 1836 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
22:23:11.0684 1836 umbus - ok
22:23:11.0730 1836 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
22:23:11.0746 1836 UmPass - ok
22:23:11.0808 1836 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
22:23:11.0871 1836 Updater Service - ok
22:23:11.0918 1836 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
22:23:11.0996 1836 upnphost - ok
22:23:12.0042 1836 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:23:12.0074 1836 usbccgp - ok
22:23:12.0120 1836 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:23:12.0152 1836 usbcir - ok
22:23:12.0183 1836 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:23:12.0214 1836 usbehci - ok
22:23:12.0276 1836 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:23:12.0292 1836 usbhub - ok
22:23:12.0323 1836 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:23:12.0354 1836 usbohci - ok
22:23:12.0417 1836 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:23:12.0464 1836 usbprint - ok
22:23:12.0495 1836 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:23:12.0526 1836 usbscan - ok
22:23:12.0542 1836 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:23:12.0588 1836 USBSTOR - ok
22:23:12.0620 1836 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:23:12.0635 1836 usbuhci - ok
22:23:12.0682 1836 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
22:23:12.0713 1836 usbvideo - ok
22:23:12.0760 1836 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
22:23:12.0791 1836 UxSms - ok
22:23:12.0807 1836 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
22:23:12.0822 1836 VaultSvc - ok
22:23:12.0854 1836 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:23:12.0869 1836 vdrvroot - ok
22:23:12.0932 1836 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
22:23:12.0994 1836 vds - ok
22:23:13.0041 1836 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:23:13.0072 1836 vga - ok
22:23:13.0103 1836 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
22:23:13.0134 1836 VgaSave - ok
22:23:13.0166 1836 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:23:13.0212 1836 vhdmp - ok
22:23:13.0259 1836 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
22:23:13.0275 1836 viaagp - ok
22:23:13.0322 1836 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
22:23:13.0353 1836 ViaC7 - ok
22:23:13.0368 1836 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
22:23:13.0400 1836 viaide - ok
22:23:13.0446 1836 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:23:13.0478 1836 volmgr - ok
22:23:13.0524 1836 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:23:13.0556 1836 volmgrx - ok
22:23:13.0571 1836 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:23:13.0618 1836 volsnap - ok
22:23:13.0680 1836 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:23:13.0696 1836 vsmraid - ok
22:23:13.0774 1836 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
22:23:13.0836 1836 VSS - ok
22:23:13.0868 1836 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:23:13.0883 1836 vwifibus - ok
22:23:13.0914 1836 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:23:13.0946 1836 vwififlt - ok
22:23:13.0977 1836 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:23:14.0008 1836 vwifimp - ok
22:23:14.0055 1836 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
22:23:14.0102 1836 W32Time - ok
22:23:14.0133 1836 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:23:14.0164 1836 WacomPen - ok
22:23:14.0226 1836 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:23:14.0242 1836 WANARP - ok
22:23:14.0242 1836 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:23:14.0242 1836 Wanarpv6 - ok
22:23:14.0320 1836 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
22:23:14.0398 1836 wbengine - ok
22:23:14.0445 1836 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:23:14.0492 1836 WbioSrvc - ok
22:23:14.0538 1836 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:23:14.0570 1836 wcncsvc - ok
22:23:14.0601 1836 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:23:14.0648 1836 WcsPlugInService - ok
22:23:14.0679 1836 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
22:23:14.0694 1836 Wd - ok
22:23:14.0757 1836 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:23:14.0804 1836 Wdf01000 - ok
22:23:14.0835 1836 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:23:14.0882 1836 WdiServiceHost - ok
22:23:14.0897 1836 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:23:14.0897 1836 WdiSystemHost - ok
22:23:14.0944 1836 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
22:23:15.0022 1836 WebClient - ok
22:23:15.0069 1836 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:23:15.0100 1836 Wecsvc - ok
22:23:15.0131 1836 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:23:15.0162 1836 wercplsupport - ok
22:23:15.0194 1836 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
22:23:15.0225 1836 WerSvc - ok
22:23:15.0256 1836 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:23:15.0272 1836 WfpLwf - ok
22:23:15.0303 1836 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:23:15.0334 1836 WIMMount - ok
22:23:15.0428 1836 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
22:23:15.0490 1836 WinDefend - ok
22:23:15.0506 1836 WinHttpAutoProxySvc - ok
22:23:15.0584 1836 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:23:15.0646 1836 Winmgmt - ok
22:23:15.0724 1836 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
22:23:15.0786 1836 WinRM - ok
22:23:15.0864 1836 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:23:15.0942 1836 Wlansvc - ok
22:23:15.0989 1836 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:23:16.0020 1836 WmiAcpi - ok
22:23:16.0083 1836 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:23:16.0130 1836 wmiApSrv - ok
22:23:16.0223 1836 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:23:16.0317 1836 WMPNetworkSvc - ok
22:23:16.0348 1836 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:23:16.0395 1836 WPCSvc - ok
22:23:16.0457 1836 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:23:16.0488 1836 WPDBusEnum - ok
22:23:16.0520 1836 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:23:16.0535 1836 ws2ifsl - ok
22:23:16.0551 1836 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
22:23:16.0582 1836 wscsvc - ok
22:23:16.0598 1836 WSearch - ok
22:23:16.0691 1836 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
22:23:16.0800 1836 wuauserv - ok
22:23:16.0832 1836 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:23:16.0894 1836 WudfPf - ok
22:23:16.0925 1836 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:23:16.0972 1836 WUDFRd - ok
22:23:17.0034 1836 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:23:17.0066 1836 wudfsvc - ok
22:23:17.0097 1836 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
22:23:17.0144 1836 WwanSvc - ok
22:23:17.0190 1836 ================ Scan global ===============================
22:23:17.0237 1836 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
22:23:17.0300 1836 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
22:23:17.0378 1836 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
22:23:17.0424 1836 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
22:23:17.0487 1836 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
22:23:17.0534 1836 [Global] - ok
22:23:17.0534 1836 ================ Scan MBR ==================================
22:23:17.0565 1836 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:23:17.0861 1836 \Device\Harddisk0\DR0 - ok
22:23:17.0861 1836 ================ Scan VBR ==================================
22:23:17.0877 1836 [ 87130BE9E3A2FA33850D82E6ECD5E531 ] \Device\Harddisk0\DR0\Partition1
22:23:17.0877 1836 \Device\Harddisk0\DR0\Partition1 - ok
22:23:17.0892 1836 [ D14EA2AC0BAA1B887EE80DCD8FC7A50B ] \Device\Harddisk0\DR0\Partition2
22:23:17.0892 1836 \Device\Harddisk0\DR0\Partition2 - ok
22:23:17.0924 1836 [ C63114A257BC9085562BBB878E8A0C8A ] \Device\Harddisk0\DR0\Partition3
22:23:17.0924 1836 \Device\Harddisk0\DR0\Partition3 - ok
22:23:17.0924 1836 ============================================================
22:23:17.0924 1836 Scan finished
22:23:17.0924 1836 ============================================================
22:23:17.0955 6080 Detected object count: 0
22:23:17.0955 6080 Actual detected object count: 0
|
|
14.03.2013, 14:23
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HTML/Infected.WebPage.Gen2 Unauffällig JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.03.2013, 20:44
| #11 |
| | HTML/Infected.WebPage.Gen2 Hallo Cosinus, anbei die Reports, aber ich glaube da ist nichts zu finden.... Mein Rechner ist immer noch langsam, zwar nicht mehr sooo langsam aber schnell ist er nicht, dafür, dass er erst vor Kurzem neu aufgesetzt wurde. JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Starter x86
Ran by Caro on 17.03.2013 at 20:54:06,53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.03.2013 at 21:01:36,18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.113 - Datei am 05/03/2013 um 22:51:33 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzer : Caro - CARO-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Caro\Downloads\adwcleaner_2113 (1).exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v25.0.1364.97
Datei : C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
Datei : C:\Users\Surfen\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1211 octets] - [05/03/2013 22:51:33]
########## EOF - C:\AdwCleaner[R1].txt - [1271 octets] ##########
Code:
ATTFilter # AdwCleaner v2.115 - Datei am 17/03/2013 um 21:28:24 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzer : Caro - CARO-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Caro\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v25.0.1364.172
Datei : C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
Datei : C:\Users\Surfen\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1340 octets] - [05/03/2013 22:51:33]
AdwCleaner[R2].txt - [1400 octets] - [05/03/2013 22:53:38]
AdwCleaner[S1].txt - [1462 octets] - [05/03/2013 22:54:07]
AdwCleaner[S2].txt - [1004 octets] - [17/03/2013 21:28:24]
########## EOF - C:\AdwCleaner[S2].txt - [1064 octets] ##########
Code:
ATTFilter OTL logfile created on: 17.03.2013 21:40:52 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Caro\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,09 Mb Total Physical Memory | 194,19 Mb Available Physical Memory | 19,17% Memory free 1,99 Gb Paging File | 0,84 Gb Available in Paging File | 42,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 215,79 Gb Total Space | 153,48 Gb Free Space | 71,13% Space Free | Partition Type: NTFS Drive D: | 4,00 Gb Total Space | 2,66 Gb Free Space | 66,51% Space Free | Partition Type: FAT32 Computer Name: CARO-PC | User Name: Caro | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Users\Caro\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Bluetooth Suite\BtvStack.exe (Atheros Communications) PRC - C:\Programme\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) PRC - C:\Programme\Bluetooth Suite\AdminService.exe (Atheros Commnucations) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Programme\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.) PRC - C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe (Acer Incorporated) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Programme\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Programme\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) PRC - C:\Programme\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Programme\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) PRC - C:\Programme\Acer\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () ========== Modules (No Company Name) ========== MOD - C:\Programme\Google\Chrome\Application\25.0.1364.172\ppgooglenaclpluginchrome.dll () MOD - C:\Programme\Google\Chrome\Application\25.0.1364.172\pdf.dll () MOD - C:\Programme\Google\Chrome\Application\25.0.1364.172\libglesv2.dll () MOD - C:\Programme\Google\Chrome\Application\25.0.1364.172\libegl.dll () MOD - C:\Programme\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3f3abe5e86f6df8943d5d2802bdf964c\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\520a80ddcdd1084993516f4d42a73e05\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\Acer\Android Manager\DEU.dll () MOD - C:\Programme\Launch Manager\CdDirIo.dll () ========== Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (AtherosSvc) -- C:\Programme\Bluetooth Suite\AdminService.exe (Atheros Commnucations) SRV - (DsiWMIService) -- C:\Programme\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (MWLService) -- C:\Programme\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.) SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG) SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) SRV - (GREGService) -- C:\Programme\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (BTATH_A2DP) -- C:\Windows\System32\drivers\btath_a2dp.sys (Atheros) DRV - (BtFilter) -- C:\Windows\System32\drivers\btfilter.sys (Atheros) DRV - (BTATH_HCRP) -- C:\Windows\System32\drivers\btath_hcrp.sys (Atheros) DRV - (BTATH_RCP) -- C:\Windows\System32\drivers\btath_rcp.sys (Atheros) DRV - (BTATH_LWFLT) -- C:\Windows\System32\drivers\btath_lwflt.sys (Atheros) DRV - (ATHDFU) -- C:\Windows\System32\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider) DRV - (AthBTPort) -- C:\Windows\System32\drivers\btath_flt.sys (Atheros) DRV - (BTATH_BUS) -- C:\Windows\System32\drivers\btath_bus.sys (Atheros) DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (EUCR) -- C:\Windows\System32\drivers\EUCR6SK.sys (ENE Technology Inc.) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Technology Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-480296688-884268188-3612197392-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKU\S-1-5-21-480296688-884268188-3612197392-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel-online.de/ IE - HKU\S-1-5-21-480296688-884268188-3612197392-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-480296688-884268188-3612197392-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-480296688-884268188-3612197392-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-480296688-884268188-3612197392-1000\..\SearchScopes\{B331A4D9-7F52-4727-817E-ED4A6AAE2AE6}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-480296688-884268188-3612197392-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Programme\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4 - HKLM..\Run: [AndroidManager] C:\Programme\Acer\Android Manager\AML.exe () O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [iPatchData] C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.) O4 - HKLM..\Run: [iSyncData] C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4 - HKLM..\Run: [SuiteTray] C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Programme\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC175EB9-F0A0-468D-994F-96E67F77ECBB}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.17 20:53:56 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.17 20:53:33 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.17 20:41:54 | 000,549,920 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Caro\Desktop\JRT.exe [2013.03.13 23:38:03 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.03.13 23:38:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.03.13 23:38:01 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.03.13 23:38:00 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.03.13 23:38:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.03.13 23:37:57 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.03.13 23:37:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.03.13 23:37:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.03.13 21:19:35 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Caro\Desktop\tdsskiller.exe [2013.03.13 21:12:22 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Caro\Desktop\aswMBR.exe [2013.03.10 16:49:35 | 000,000,000 | ---D | C] -- C:\Users\Caro\Desktop\mbar-1.01.0.1021 [2013.03.10 16:33:44 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.03.07 19:02:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Caro\Desktop\OTL.exe [2013.03.05 22:45:09 | 000,000,000 | ---D | C] -- C:\Users\Caro\AppData\Roaming\Malwarebytes [2013.03.05 22:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.05 22:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.05 22:43:20 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.05 22:43:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.05 22:42:48 | 000,000,000 | ---D | C] -- C:\Users\Caro\AppData\Local\Programs [2013.02.27 22:16:22 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2013.02.27 22:16:04 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2013.02.27 22:15:56 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.27 22:15:56 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.27 22:15:56 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.27 22:15:54 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013.02.27 22:15:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.27 22:15:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.27 22:15:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.27 22:15:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.27 22:15:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.27 22:15:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.27 22:15:52 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013.02.27 22:15:51 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2013.02.27 22:15:51 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.02.27 22:15:51 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2013.02.27 22:15:50 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013.02.27 22:15:50 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013.02.27 22:15:50 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013.02.27 22:15:50 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.02.27 22:15:49 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.02.27 22:15:49 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013.02.27 22:15:49 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013.02.27 22:15:49 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013.02.27 22:15:48 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013.02.17 20:04:22 | 000,000,000 | ---D | C] -- C:\Users\Caro\AppData\Local\.elfohilfe [2013.02.17 19:19:18 | 000,000,000 | ---D | C] -- C:\Users\Caro\AppData\Roaming\elsterformular [2013.02.17 19:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular [2013.02.17 19:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular [2013.02.17 19:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\ElsterFormular [2013.02.17 15:00:01 | 000,000,000 | ---D | C] -- C:\Users\Caro\Documents\Steuerfälle [2013.02.17 15:00:01 | 000,000,000 | ---D | C] -- C:\Users\Caro\AppData\Local\AAV [2013.02.17 14:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps [2013.02.17 14:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\Akademische Arbeitsgemeinschaft [2013.02.17 14:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AAV ========== Files - Modified Within 30 Days ========== [2013.03.17 21:40:57 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.17 21:40:57 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.17 21:36:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.17 21:35:02 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2013.03.17 21:34:44 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.17 21:32:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.17 21:32:20 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys [2013.03.17 20:42:20 | 000,549,920 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Caro\Desktop\JRT.exe [2013.03.13 22:20:46 | 000,000,512 | ---- | M] () -- C:\Users\Caro\Desktop\MBR.dat [2013.03.13 21:19:38 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Caro\Desktop\tdsskiller.exe [2013.03.13 21:14:10 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Caro\Desktop\aswMBR.exe [2013.03.12 22:00:07 | 205,930,538 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.03.10 16:20:26 | 013,786,977 | ---- | M] () -- C:\Users\Caro\Desktop\mbar-1.01.0.1021.zip [2013.03.10 16:20:26 | 000,377,856 | ---- | M] () -- C:\Users\Caro\Desktop\gmer_2.1.19155.exe [2013.03.07 19:02:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Caro\Desktop\OTL.exe [2013.03.03 21:56:27 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.03 21:56:27 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.03 21:56:27 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.03 21:56:27 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.17 21:37:35 | 000,099,764 | ---- | M] () -- C:\Users\Caro\ESt2010__caroline.elfo [2013.02.16 21:43:33 | 000,002,209 | ---- | M] () -- C:\Users\Caro\Desktop\Finanzübersicht - Verknüpfung.lnk ========== Files Created - No Company Name ========== [2013.03.13 22:00:44 | 000,000,512 | ---- | C] () -- C:\Users\Caro\Desktop\MBR.dat [2013.03.10 16:33:36 | 205,930,538 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.03.10 16:20:18 | 000,377,856 | ---- | C] () -- C:\Users\Caro\Desktop\gmer_2.1.19155.exe [2013.03.10 16:20:09 | 013,786,977 | ---- | C] () -- C:\Users\Caro\Desktop\mbar-1.01.0.1021.zip [2013.02.17 21:34:55 | 000,099,764 | ---- | C] () -- C:\Users\Caro\ESt2010_caroline.elfo [2013.02.16 21:43:33 | 000,002,209 | ---- | C] () -- C:\Users\Caro\Desktop\Finanzübersicht - Verknüpfung.lnk [2013.01.26 12:02:07 | 000,007,620 | ---- | C] () -- C:\Users\Caro\AppData\Local\Resmon.ResmonCfg [2012.12.29 08:37:52 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2012.12.29 08:37:51 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2012.12.29 08:37:51 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2012.12.29 08:37:51 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010.09.17 10:24:14 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 17.03.2013 21:40:52 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Caro\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1013,09 Mb Total Physical Memory | 194,19 Mb Available Physical Memory | 19,17% Memory free
1,99 Gb Paging File | 0,84 Gb Available in Paging File | 42,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 215,79 Gb Total Space | 153,48 Gb Free Space | 71,13% Space Free | Partition Type: NTFS
Drive D: | 4,00 Gb Total Space | 2,66 Gb Free Space | 66,51% Space Free | Partition Type: FAT32
Computer Name: CARO-PC | User Name: Caro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-480296688-884268188-3612197392-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0559BC2A-B694-4B33-8502-59E45A379431}" = lport=138 | protocol=17 | dir=in | app=system |
"{0824B0DD-3AF4-4F6B-80BD-4B2F99FC8BE1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{1584B6F4-B29A-46C9-81DC-49D6BCF45206}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{26AF2D29-2743-4A3E-81F3-74890AFE029E}" = rport=139 | protocol=6 | dir=out | app=system |
"{46E03643-CDC8-4A5D-9CBF-C772394CADC5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{72B0E487-E84C-4CAC-A85C-921BED5F8652}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7A125B33-6CB8-4D4A-BBB0-2A716F21A1FA}" = lport=139 | protocol=6 | dir=in | app=system |
"{8505DEE5-362A-491B-B99B-505B8DB292AD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8A84B67D-D3A7-4552-8C9C-9D56B69E8BFB}" = lport=137 | protocol=17 | dir=in | app=system |
"{9C66B0BF-05BF-4FDA-A4DA-2D3FE8B57A36}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AE074367-8D38-45C1-BEB0-85414900B30A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BC3969A9-F838-4897-9D88-A76B38788A4C}" = lport=445 | protocol=6 | dir=in | app=system |
"{C02BB798-32C7-4BD8-B32B-835BE33937BD}" = rport=138 | protocol=17 | dir=out | app=system |
"{C35C17B2-4C6E-4FE1-BBCB-FB7CE919331A}" = rport=445 | protocol=6 | dir=out | app=system |
"{FEDB517F-2CDC-4D12-8FFF-C2EBD1247EFB}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003B0630-4739-4575-927A-5138472A8976}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0F8FDF37-AE54-4230-915B-5B3F4F62DD8C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{20A5C867-274F-42F1-9D16-16A2D07B9D9D}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{23C3B22F-47EF-4E50-BC29-B75B97604A58}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3000 j310 series\bin\devicesetup.exe |
"{643368C4-0D4C-466C-AAAF-B4391244E665}" = protocol=6 | dir=in | app=c:\users\caro\appdata\roaming\dropbox\bin\dropbox.exe |
"{70CFBCA4-640F-47E9-8CD6-A59661A0D341}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{7DEE1628-877D-4831-8BE8-5016F5364319}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{8E1AE11E-5CE9-419A-95E6-F9CB24A09DA9}" = protocol=17 | dir=in | app=c:\users\caro\appdata\roaming\dropbox\bin\dropbox.exe |
"{99FDBDD0-1696-410A-AE1E-5DBC0CEEC3A7}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{A34B0244-6C53-4CAB-B3E5-D006F93E936A}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3000 j310 series\bin\devicesetup.exe |
"{AD9F4F2B-9AD1-407B-BC4D-4DFF49F49689}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3000 j310 series\bin\hpnetworkcommunicator.exe |
"{ADB98B71-E35F-4C63-891C-1D7075583D56}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{AFDBBC5B-FAA5-4CDE-B959-BA402EC250DE}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3000 j310 series\bin\hpnetworkcommunicator.exe |
"{C312C512-489A-4FE6-AACE-ABB3D6334D0B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{D01AB48C-9FF4-4FCC-8686-706E8EB808A8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D6007FF0-E302-4277-94AD-6649D4AC5171}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe |
"{D644F5A6-2971-43F9-94E6-0A89ABDBB28F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DC311B31-3EB7-40E5-9816-81AA7784D129}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E75D8D9A-3B17-412E-9D76-DB76ADDF56C0}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{F3EA35B9-CFC7-44CF-9FA5-2D885BB1A626}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F9537FBF-8317-4B02-8C3B-504947AAA95A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{AAB0DE4C-60C7-4BCE-A5E0-1FC607896585}C:\users\caro\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\caro\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{889BDC8A-DCE5-49E2-BB3A-500979C66F06}C:\users\caro\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\caro\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0B3B35C8-5429-4A90-A447-D1B9ED499FE8}" = STEUEReasy 2011
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{654A65DA-7173-4B51-ACEB-F855201EE033}" = HP Deskjet 3000 J310 series Hilfe
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{7960E014-C02C-41C1-A996-4284F76515B2}" = HP Deskjet 3000 J310 series - Grundlegende Software für das Gerät
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{93C987F5-6563-4D29-A7C0-7DC85471D7C3}" = Nero Multimedia Suite 10 Essentials
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E8C23EBE-EE3C-4299-9DB9-601AB3751454}" = AAVUpdateManager
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"3B29FD3CCF1F5B855DA0C521597413EBABE97DFB" = ENE USB Card Reader Driver
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"ElsterFormular" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Photo Creations" = HP Photo Creations
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-480296688-884268188-3612197392-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 17.03.2013 16:33:04 | Computer Name = Caro-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
< End of report >
|
|
18.03.2013, 23:56
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HTML/Infected.WebPage.Gen2 Firefox war wohl mal installiert und OTL listet noch die verbliebenen FF-Profile auf Jedenfalls zeigt OTL nichts was nicht existiert Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.03.2013, 21:18
| #13 |
| | HTML/Infected.WebPage.Gen2 Hallo Cosinus, kann mich an Firefox nicht erinnern zumal ich mein Netbook erst vor kurzem neu aufgesetzt habe, aber sei's drum. Anbei der Report zu Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.19.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Caro :: CARO-PC [Administrator] 19.03.2013 19:56:11 mbam-log-2013-03-19 (19-56-11).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 243406 Laufzeit: 15 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) "Server ist ausgelastet: Dieser Vorgang kann nicht ausgeführt werden, da die andere Anwendung aktiv ist. Klicken Sie auf „Wechseln zu“, um zu der anderen Anwendungen zu wechseln und das Problem zu beheben. " ESET lass ich jetzt laufen. |
|
21.03.2013, 19:22
| #14 |
| | HTML/Infected.WebPage.Gen2 ESET hat etwas länger gedauert. Anbei der Report. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=47d20fd05cadda4eaf266eb69835a310
# engine=13441
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-21 12:05:58
# local_time=2013-03-21 01:05:58 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 61734 229290848 54458 0
# compatibility_mode=5893 16776574 100 94 6558771 115498749 0 0
# scanned=254694
# found=0
# cleaned=0
# scan_time=55995
|
|
22.03.2013, 10:59
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HTML/Infected.WebPage.Gen2 Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu HTML/Infected.WebPage.Gen2 |
| administrator, antivirus, avg, avira, desktop, hängen, infizierte, lsass.exe, löschen, malwarebytes, modul, namen, neustart, pmmupdate.exe, programme, prozesse, recycle.bin, registry, rundll, scan, services.exe, svchost.exe, taskhost.exe, warnung, windows, winlogon.exe, wmp |
Linear-Darstellung
