Trojaner-Board - HTML/Infected.WebPage.Gen2

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - HTML/Infected.WebPage.Gen2 (https://www.trojaner-board.de/131882-html-infected-webpage-gen2.html)

HTML/Infected.WebPage.Gen2

Hallo zusammen,
ich habe oben genanntes bei einem Scan mit Avira Antivirus gefunden. Mein Rechner war sehr langsam. Es gab bei Öffnung von Programmen z. T. Meldungen, dass kein Arbeitsspeicher zur Verfügung steht. Programm hängen sich ständig auf. Diese Zeilen hier zu schreiben dauern ewig...

Das ist der Report dazu:

Code:



Avira Free Antivirus

Erstellungsdatum der Reportdatei: Montag, 4. März 2013  23:14
 
 

Das Programm läuft als uneingeschränkte Vollversion.

Online-Dienste stehen zur Verfügung.
 

Lizenznehmer   : Avira Free Antivirus

Seriennummer   : 0000149996-ADJIE-0000001

Plattform      : Windows 7 Starter

Windowsversion : (Service Pack 1)  [6.1.7601]

Boot Modus     : Normal gebootet

Benutzername   : SYSTEM

Computername   : CARO-PC
 

Versionsinformationen:

BUILD.DAT      : 13.0.0.3185    47702 Bytes  30.01.2013 10:05:00

AVSCAN.EXE     : 13.6.0.584    640224 Bytes  12.02.2013 20:50:26

AVSCANRC.DLL   : 13.4.0.360     64800 Bytes  28.11.2012 14:09:15

LUKE.DLL       : 13.6.0.602     67808 Bytes  12.02.2013 20:50:51

AVSCPLR.DLL    : 13.6.0.628     94432 Bytes  05.02.2013 18:31:15

AVREG.DLL      : 13.6.0.600    250592 Bytes  05.02.2013 18:31:14

avlode.dll     : 13.6.2.624    434912 Bytes  05.02.2013 18:31:15

avlode.rdf     : 13.0.0.38      15231 Bytes  13.02.2013 19:45:56

VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 13:50:29

VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 13:50:31

VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 13:50:34

VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 13:50:36

VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 13:50:37

VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 13:42:40

VBASE006.VDF   : 7.11.41.250  4902400 Bytes  06.09.2012 13:42:40

VBASE007.VDF   : 7.11.50.230  3904512 Bytes  22.11.2012 12:43:11

VBASE008.VDF   : 7.11.60.10   6627328 Bytes  07.02.2013 17:51:09

VBASE009.VDF   : 7.11.60.11      2048 Bytes  07.02.2013 17:51:09

VBASE010.VDF   : 7.11.60.12      2048 Bytes  07.02.2013 17:51:10

VBASE011.VDF   : 7.11.60.13      2048 Bytes  07.02.2013 17:51:10

VBASE012.VDF   : 7.11.60.14      2048 Bytes  07.02.2013 17:51:10

VBASE013.VDF   : 7.11.60.62    351232 Bytes  08.02.2013 17:51:10

VBASE014.VDF   : 7.11.60.115   190976 Bytes  09.02.2013 16:58:29

VBASE015.VDF   : 7.11.60.177   282624 Bytes  11.02.2013 20:41:41

VBASE016.VDF   : 7.11.60.249   215552 Bytes  13.02.2013 19:45:52

VBASE017.VDF   : 7.11.61.65    151040 Bytes  15.02.2013 12:12:43

VBASE018.VDF   : 7.11.61.135   159232 Bytes  18.02.2013 20:01:37

VBASE019.VDF   : 7.11.61.163   152064 Bytes  18.02.2013 20:01:37

VBASE020.VDF   : 7.11.61.207   164352 Bytes  19.02.2013 20:01:38

VBASE021.VDF   : 7.11.62.43    206336 Bytes  21.02.2013 19:28:34

VBASE022.VDF   : 7.11.62.111   136192 Bytes  23.02.2013 17:59:31

VBASE023.VDF   : 7.11.62.157   143360 Bytes  25.02.2013 20:35:32

VBASE024.VDF   : 7.11.62.237   199168 Bytes  27.02.2013 17:39:17

VBASE025.VDF   : 7.11.63.71    209408 Bytes  01.03.2013 10:59:39

VBASE026.VDF   : 7.11.63.121   257536 Bytes  04.03.2013 19:02:29

VBASE027.VDF   : 7.11.63.122     2048 Bytes  04.03.2013 19:02:29

VBASE028.VDF   : 7.11.63.123     2048 Bytes  04.03.2013 19:02:29

VBASE029.VDF   : 7.11.63.124     2048 Bytes  04.03.2013 19:02:30

VBASE030.VDF   : 7.11.63.125     2048 Bytes  04.03.2013 19:02:30

VBASE031.VDF   : 7.11.63.136    45056 Bytes  04.03.2013 19:02:30

Engineversion  : 8.2.12.10 

AEVDF.DLL      : 8.1.2.10      102772 Bytes  19.09.2012 13:42:55

AESCRIPT.DLL   : 8.1.4.94      467324 Bytes  22.02.2013 18:35:13

AESCN.DLL      : 8.1.10.0      131445 Bytes  04.01.2013 15:30:25

AESBX.DLL      : 8.2.5.12      606578 Bytes  28.08.2012 15:58:06

AERDL.DLL      : 8.2.0.88      643444 Bytes  10.01.2013 19:42:56

AEPACK.DLL     : 8.3.1.12      815480 Bytes  28.02.2013 17:14:29

AEOFFICE.DLL   : 8.1.2.50      201084 Bytes  05.11.2012 14:00:38

AEHEUR.DLL     : 8.1.4.222    5767545 Bytes  28.02.2013 17:14:28

AEHELP.DLL     : 8.1.25.2      258423 Bytes  12.10.2012 14:52:32

AEGEN.DLL      : 8.1.6.16      434549 Bytes  25.01.2013 22:10:57

AEEXP.DLL      : 8.4.0.6       192885 Bytes  28.02.2013 17:14:29

AEEMU.DLL      : 8.1.3.2       393587 Bytes  19.09.2012 13:42:55

AECORE.DLL     : 8.1.31.2      201080 Bytes  20.02.2013 20:01:40

AEBB.DLL       : 8.1.1.4        53619 Bytes  05.11.2012 14:00:38

AVWINLL.DLL    : 13.6.0.480     26480 Bytes  12.02.2013 20:50:20

AVPREF.DLL     : 13.6.0.480     51056 Bytes  12.02.2013 20:50:25

AVREP.DLL      : 13.6.0.480    178544 Bytes  05.02.2013 18:31:15

AVARKT.DLL     : 13.6.0.624    260832 Bytes  12.02.2013 20:50:22

AVEVTLOG.DLL   : 13.6.0.600    167648 Bytes  12.02.2013 20:50:24

SQLITE3.DLL    : 3.7.0.1       397088 Bytes  19.09.2012 17:17:40

AVSMTP.DLL     : 13.6.0.480     62832 Bytes  12.02.2013 20:50:28

NETNT.DLL      : 13.6.0.480     16240 Bytes  12.02.2013 20:50:51

RCIMAGE.DLL    : 13.4.0.360   4780832 Bytes  28.11.2012 14:09:40

RCTEXT.DLL     : 13.6.0.480     68976 Bytes  12.02.2013 20:50:20
 

Konfiguration für den aktuellen Suchlauf:

Job Name..............................: Vollständige Systemprüfung

Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp

Protokollierung.......................: standard

Primäre Aktion........................: interaktiv

Sekundäre Aktion......................: ignorieren

Durchsuche Masterbootsektoren.........: ein

Durchsuche Bootsektoren...............: ein

Bootsektoren..........................: C:, D:, 

Durchsuche aktive Programme...........: ein

Laufende Programme erweitert..........: ein

Durchsuche Registrierung..............: ein

Suche nach Rootkits...................: ein

Integritätsprüfung von Systemdateien..: aus

Datei Suchmodus.......................: Alle Dateien

Durchsuche Archive....................: ein

Rekursionstiefe einschränken..........: 20

Archiv Smart Extensions...............: ein

Makrovirenheuristik...................: ein

Dateiheuristik........................: erweitert
 

Beginn des Suchlaufs: Montag, 4. März 2013  23:14
 

Der Suchlauf über die Masterbootsektoren wird begonnen:

Masterbootsektor HD0

    [INFO]      Es wurde kein Virus gefunden!
 

Der Suchlauf über die Bootsektoren wird begonnen:

Bootsektor 'C:\'

    [INFO]      Es wurde kein Virus gefunden!

Bootsektor 'D:\'

    [INFO]      Es wurde kein Virus gefunden!
 

Der Suchlauf nach versteckten Objekten wird begonnen.
 

Der Suchlauf über gestartete Prozesse wird begonnen:

Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht

Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht

Durchsuche Prozess 'Acer.scr' - '64' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht

Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht

Durchsuche Prozess 'avscan.exe' - '118' Modul(e) wurden durchsucht

Durchsuche Prozess 'avcenter.exe' - '85' Modul(e) wurden durchsucht

Durchsuche Prozess 'PresentationFontCache.exe' - '35' Modul(e) wurden durchsucht

Durchsuche Prozess 'taskhost.exe' - '48' Modul(e) wurden durchsucht

Durchsuche Prozess 'SeaPort.exe' - '51' Modul(e) wurden durchsucht

Durchsuche Prozess 'NASvc.exe' - '41' Modul(e) wurden durchsucht

Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '47' Modul(e) wurden durchsucht

Durchsuche Prozess 'AcerVCM.exe' - '38' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '68' Modul(e) wurden durchsucht

Durchsuche Prozess 'hpwuschd2.exe' - '22' Modul(e) wurden durchsucht

Durchsuche Prozess 'avgnt.exe' - '84' Modul(e) wurden durchsucht

Durchsuche Prozess 'ePowerEvent.exe' - '21' Modul(e) wurden durchsucht

Durchsuche Prozess 'igfxext.exe' - '28' Modul(e) wurden durchsucht

Durchsuche Prozess 'SynTPHelper.exe' - '22' Modul(e) wurden durchsucht

Durchsuche Prozess 'wmpnetwk.exe' - '85' Modul(e) wurden durchsucht

Durchsuche Prozess 'GrooveMonitor.exe' - '52' Modul(e) wurden durchsucht

Durchsuche Prozess 'ePowerTray.exe' - '51' Modul(e) wurden durchsucht

Durchsuche Prozess 'iUpdate.exe' - '41' Modul(e) wurden durchsucht

Durchsuche Prozess 'iSync.exe' - '36' Modul(e) wurden durchsucht

Durchsuche Prozess 'AthBtTray.exe' - '45' Modul(e) wurden durchsucht

Durchsuche Prozess 'BtvStack.exe' - '62' Modul(e) wurden durchsucht

Durchsuche Prozess 'SynTPEnh.exe' - '49' Modul(e) wurden durchsucht

Durchsuche Prozess 'igfxpers.exe' - '34' Modul(e) wurden durchsucht

Durchsuche Prozess 'hkcmd.exe' - '30' Modul(e) wurden durchsucht

Durchsuche Prozess 'EgisUpdate.exe' - '41' Modul(e) wurden durchsucht

Durchsuche Prozess 'igfxsrvc.exe' - '32' Modul(e) wurden durchsucht

Durchsuche Prozess 'igfxtray.exe' - '31' Modul(e) wurden durchsucht

Durchsuche Prozess 'SearchIndexer.exe' - '57' Modul(e) wurden durchsucht

Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht

Durchsuche Prozess 'mwlDaemon.exe' - '71' Modul(e) wurden durchsucht

Durchsuche Prozess 'unsecapp.exe' - '31' Modul(e) wurden durchsucht

Durchsuche Prozess 'PmmUpdate.exe' - '54' Modul(e) wurden durchsucht

Durchsuche Prozess 'LMworker.exe' - '23' Modul(e) wurden durchsucht

Durchsuche Prozess 'RtHDVCpl.exe' - '42' Modul(e) wurden durchsucht

Durchsuche Prozess 'IAStorIcon.exe' - '53' Modul(e) wurden durchsucht

Durchsuche Prozess 'LManager.exe' - '68' Modul(e) wurden durchsucht

Durchsuche Prozess 'rundll32.exe' - '36' Modul(e) wurden durchsucht

Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht

Durchsuche Prozess 'Explorer.EXE' - '198' Modul(e) wurden durchsucht

Durchsuche Prozess 'Dwm.exe' - '29' Modul(e) wurden durchsucht

Durchsuche Prozess 'taskhost.exe' - '52' Modul(e) wurden durchsucht

Durchsuche Prozess 'UpdaterService.exe' - '23' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht

Durchsuche Prozess 'RS_Service.exe' - '18' Modul(e) wurden durchsucht

Durchsuche Prozess 'GREGsvc.exe' - '9' Modul(e) wurden durchsucht

Durchsuche Prozess 'ePowerSvc.exe' - '45' Modul(e) wurden durchsucht

Durchsuche Prozess 'dsiwmis.exe' - '40' Modul(e) wurden durchsucht

Durchsuche Prozess 'adminservice.exe' - '30' Modul(e) wurden durchsucht

Durchsuche Prozess 'avguard.exe' - '71' Modul(e) wurden durchsucht

Durchsuche Prozess 'aavus.exe' - '39' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '67' Modul(e) wurden durchsucht

Durchsuche Prozess 'sched.exe' - '43' Modul(e) wurden durchsucht

Durchsuche Prozess 'spoolsv.exe' - '88' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '153' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '84' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '101' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '91' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht

Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht

Durchsuche Prozess 'lsass.exe' - '64' Modul(e) wurden durchsucht

Durchsuche Prozess 'winlogon.exe' - '32' Modul(e) wurden durchsucht

Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht

Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht

Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht

Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht

Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
 

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:

Die Registry wurde durchsucht ( '10925' Dateien ).
 
 

Der Suchlauf über die ausgewählten Dateien wird begonnen:
 

Beginne mit der Suche in 'C:\' <Acer>

    [0] Archivtyp: RSRC

    --> C:\$Recycle.Bin\S-1-5-21-480296688-884268188-3612197392-1000\$RGE0Y0X.exe

        [1] Archivtyp: NSIS

      --> C:\Program Files\Acer GameZone\Merriam Websters Spell Jam\SPELL-JAM.exe

          [2] Archivtyp: RSRC

        --> C:\Program Files\EgisTec MyWinLocker\HTCA_SelfExtract.bin

            [3] Archivtyp: OVL

          --> C:\Users\Caro\AppData\Roaming\Dropbox\bin\Dropbox.exe

              [4] Archivtyp: RSRC

            --> C:\Users\Caro\Documents\Bewerbung - Jobs\Bosch_1\Bosch_1.mht

                [5] Archivtyp: MIME

              --> object

                  [6] Archivtyp: MIME

                --> Users\Caroline\Documents\Bewerbung - Master\Jobs und Karriere - Studierende - Ihre Dissertation.mht

                    [FUND]      Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Infected.WebPage.Gen2

                    [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden

C:\Users\Caro\Documents\Bewerbung - Jobs\Bosch_1\Bosch_1.mht

  [FUND]      Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Infected.WebPage.Gen2

Beginne mit der Suche in 'D:\'
 

Beginne mit der Desinfektion:

C:\Users\Caro\Documents\Bewerbung - Jobs\Bosch_1\Bosch_1.mht

  [FUND]      Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Infected.WebPage.Gen2

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '57fbcb72.qua' verschoben!
 
 

Ende des Suchlaufs: Dienstag, 5. März 2013  22:31

Benötigte Zeit: 22:54:56 Stunde(n)
 

Der Suchlauf wurde vollständig durchgeführt.
 

  20539 Verzeichnisse wurden überprüft

 363021 Dateien wurden geprüft

      2 Viren bzw. unerwünschte Programme wurden gefunden

      0 Dateien wurden als verdächtig eingestuft

      0 Dateien wurden gelöscht

      0 Viren bzw. unerwünschte Programme wurden repariert

      1 Dateien wurden in die Quarantäne verschoben

      0 Dateien wurden umbenannt

      0 Dateien konnten nicht durchsucht werden

 363019 Dateien ohne Befall

   4558 Archive wurden durchsucht

      1 Warnungen

      1 Hinweise

 555046 Objekte wurden beim Rootkitscan durchsucht

      0 Versteckte Objekte wurden gefunden

Habe die Datei in Quarantäne verschoben. Und dann hier im Forum nach Maßnahmen gesucht.
Habe das AdwCleaner ausgeführt und auf löschen geklickt. Neustart ist erfolgt. Aber keine Ahnung was es bewirkt haben soll. Den AdwCleaner find ich auf dem Rechner auch gar nicht mehr.

Habe mir Malwarebyte runtergeladen und das ist der Report dazu.

Code:

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org
 

Datenbank Version: v2013.03.05.13
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Caro :: CARO-PC [Administrator]
 

05.03.2013 23:12:16

mbam-log-2013-03-05 (23-12-16).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 361702

Laufzeit: 2 Stunde(n), 23 Minute(n), 24 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Heißt es jetzt das alles wieder gut ist? Wieso ist mein Rechner dann so langsam? Lasse nun nochmal Avira laufen.

Würde mich über Hilfe bzw eine Rückmeldung sehr freuen. Danke.

Hallo und :hallo:

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

Super vielen Dank für die schnelle Reaktion. Anbei die Protokolle.

OTL

Code:

OTL logfile created on: 07.03.2013 19:12:11 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Caro\Desktop

 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1013,09 Mb Total Physical Memory | 188,22 Mb Available Physical Memory | 18,58% Memory free

2,43 Gb Paging File | 0,40 Gb Available in Paging File | 16,63% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 215,79 Gb Total Space | 153,45 Gb Free Space | 71,11% Space Free | Partition Type: NTFS

Drive D: | 4,00 Gb Total Space | 2,66 Gb Free Space | 66,51% Space Free | Partition Type: FAT32

 

Computer Name: CARO-PC | User Name: Caro | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Caro\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Programme\Bluetooth Suite\BtvStack.exe (Atheros Communications)

PRC - C:\Programme\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)

PRC - C:\Programme\Bluetooth Suite\AdminService.exe (Atheros Commnucations)

PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)

PRC - C:\Programme\Launch Manager\dsiwmis.exe (Dritek System Inc.)

PRC - C:\Programme\Launch Manager\LMworker.exe (Dritek System Inc.)

PRC - C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.)

PRC - C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

PRC - C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)

PRC - C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe (Acer Incorporated)

PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

PRC - C:\Programme\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)

PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)

PRC - C:\Programme\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)

PRC - C:\Programme\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)

PRC - C:\Programme\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)

PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)

PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)

PRC - C:\Programme\Acer\Registration\GREGsvc.exe (Acer Incorporated)

PRC - C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.)

PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Programme\Google\Chrome\Application\25.0.1364.97\ppgooglenaclpluginchrome.dll ()

MOD - C:\Programme\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll ()

MOD - C:\Programme\Google\Chrome\Application\25.0.1364.97\pdf.dll ()

MOD - C:\Programme\Google\Chrome\Application\25.0.1364.97\libglesv2.dll ()

MOD - C:\Programme\Google\Chrome\Application\25.0.1364.97\libegl.dll ()

MOD - C:\Programme\Google\Chrome\Application\25.0.1364.97\ffmpegsumo.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3f3abe5e86f6df8943d5d2802bdf964c\IAStorUtil.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\520a80ddcdd1084993516f4d42a73e05\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Programme\Acer\Android Manager\DEU.dll ()

MOD - C:\Programme\Launch Manager\CdDirIo.dll ()

MOD - C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)

SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)

SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (AtherosSvc) -- C:\Programme\Bluetooth Suite\AdminService.exe (Atheros Commnucations)

SRV - (DsiWMIService) -- C:\Programme\Launch Manager\dsiwmis.exe (Dritek System Inc.)

SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)

SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (MWLService) -- C:\Programme\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)

SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)

SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)

SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)

SRV - (GREGService) -- C:\Programme\Acer\Registration\GREGsvc.exe (Acer Incorporated)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)

SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()

SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)

DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (BTATH_A2DP) -- C:\Windows\System32\drivers\btath_a2dp.sys (Atheros)

DRV - (BtFilter) -- C:\Windows\System32\drivers\btfilter.sys (Atheros)

DRV - (BTATH_HCRP) -- C:\Windows\System32\drivers\btath_hcrp.sys (Atheros)

DRV - (BTATH_RCP) -- C:\Windows\System32\drivers\btath_rcp.sys (Atheros)

DRV - (BTATH_LWFLT) -- C:\Windows\System32\drivers\btath_lwflt.sys (Atheros)

DRV - (ATHDFU) -- C:\Windows\System32\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider)

DRV - (AthBTPort) -- C:\Windows\System32\drivers\btath_flt.sys (Atheros)

DRV - (BTATH_BUS) -- C:\Windows\System32\drivers\btath_bus.sys (Atheros)

DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (EUCR) -- C:\Windows\System32\drivers\EUCR6SK.sys (ENE Technology Inc.)

DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)

DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)

DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Technology Inc.)

DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Technology Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel-online.de/

IE - HKCU\..\SearchScopes,DefaultScope = 

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{B331A4D9-7F52-4727-817E-ED4A6AAE2AE6}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 
 ========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

 

 

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

 

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Programme\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4 - HKLM..\Run: [AndroidManager] C:\Programme\Acer\Android Manager\AML.exe ()

O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)

O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Bluetooth Suite\BtvStack.exe (Atheros Communications)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [EgisUpdate] C:\Program Files\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [iPatchData] C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.)

O4 - HKLM..\Run: [iSyncData] C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.)

O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [SuiteTray] C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Programme\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC175EB9-F0A0-468D-994F-96E67F77ECBB}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.03.07 19:02:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Caro\Desktop\OTL.exe

[2013.03.05 23:11:32 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2013.03.05 22:45:09 | 000,000,000 | ---D | C] -- C:\Users\Caro\AppData\Roaming\Malwarebytes

[2013.03.05 22:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013.03.05 22:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013.03.05 22:43:20 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2013.03.05 22:43:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013.03.05 22:42:48 | 000,000,000 | ---D | C] -- C:\Users\Caro\AppData\Local\Programs

[2013.02.27 22:16:22 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll

[2013.02.27 22:16:04 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll

[2013.02.27 22:15:56 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013.02.27 22:15:56 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013.02.27 22:15:56 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

[2013.02.27 22:15:54 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll

[2013.02.27 22:15:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013.02.27 22:15:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

[2013.02.27 22:15:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

[2013.02.27 22:15:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

[2013.02.27 22:15:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

[2013.02.27 22:15:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

[2013.02.27 22:15:52 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2013.02.27 22:15:51 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll

[2013.02.27 22:15:51 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll

[2013.02.27 22:15:51 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll

[2013.02.27 22:15:50 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll

[2013.02.27 22:15:50 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2013.02.27 22:15:50 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll

[2013.02.27 22:15:50 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2013.02.27 22:15:49 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2013.02.27 22:15:49 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2013.02.27 22:15:49 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll

[2013.02.27 22:15:49 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll

[2013.02.27 22:15:48 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2013.02.17 20:04:22 | 000,000,000 | ---D | C] -- C:\Users\Caro\AppData\Local\.elfohilfe

[2013.02.17 19:19:18 | 000,000,000 | ---D | C] -- C:\Users\Caro\AppData\Roaming\elsterformular

[2013.02.17 19:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular

[2013.02.17 19:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular

[2013.02.17 19:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\ElsterFormular

[2013.02.17 15:00:01 | 000,000,000 | ---D | C] -- C:\Users\Caro\Documents\Steuerfälle

[2013.02.17 15:00:01 | 000,000,000 | ---D | C] -- C:\Users\Caro\AppData\Local\AAV

[2013.02.17 14:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps

[2013.02.17 14:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\Akademische Arbeitsgemeinschaft

[2013.02.17 14:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AAV

[2013.02.14 15:06:16 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2013.02.14 15:06:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2013.02.14 15:06:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2013.02.14 15:06:13 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2013.02.14 15:06:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2013.02.14 15:06:10 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2013.02.14 15:06:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2013.02.14 15:06:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2013.02.13 21:52:43 | 000,000,000 | ---D | C] -- C:\Users\Caro\Documents\GE

[2013.02.13 20:54:47 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2013.02.13 20:54:16 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2013.02.13 20:54:15 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2013.02.13 20:54:10 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS

[2013.02.13 20:54:04 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.03.07 19:36:03 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013.03.07 19:32:42 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini

[2013.03.07 19:32:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.03.07 19:09:34 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.03.07 19:09:34 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.03.07 19:02:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Caro\Desktop\OTL.exe

[2013.03.07 19:01:10 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013.03.05 23:11:32 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2013.03.05 23:00:12 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys

[2013.03.03 21:56:27 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2013.03.03 21:56:27 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013.03.03 21:56:27 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2013.03.03 21:56:27 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013.02.17 21:37:35 | 000,099,764 | ---- | M] () -- C:\Users\Caro\ESt2010_caroline.elfo

[2013.02.17 19:18:47 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk

[2013.02.17 16:35:15 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\STEUEReasy 2011.lnk

[2013.02.17 14:47:30 | 000,002,191 | ---- | M] () -- C:\Users\Public\Desktop\Steuer-Spar-Erklärung 2010.lnk

[2013.02.16 21:43:33 | 000,002,209 | ---- | M] () -- C:\Users\Caro\Desktop\Finanzübersicht - Verknüpfung.lnk

[2013.02.14 15:37:18 | 000,403,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

 
 ========== Files Created - No Company Name ==========

 

[2013.02.17 21:34:55 | 000,099,764 | ---- | C] () -- C:\Users\Caro\ESt2010_caroline.elfo

[2013.02.17 19:18:47 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk

[2013.02.17 16:31:41 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\STEUEReasy 2011.lnk

[2013.02.17 14:42:09 | 000,002,191 | ---- | C] () -- C:\Users\Public\Desktop\Steuer-Spar-Erklärung 2010.lnk

[2013.02.16 21:43:33 | 000,002,209 | ---- | C] () -- C:\Users\Caro\Desktop\Finanzübersicht - Verknüpfung.lnk

[2013.01.26 12:02:07 | 000,007,620 | ---- | C] () -- C:\Users\Caro\AppData\Local\Resmon.ResmonCfg

[2012.12.29 08:37:52 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2012.12.29 08:37:51 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2012.12.29 08:37:51 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2012.12.29 08:37:51 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2010.09.17 10:24:14 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both
 

< End of report >

Extras

Code:

OTL Extras logfile created on: 07.03.2013 19:12:11 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Caro\Desktop

 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1013,09 Mb Total Physical Memory | 188,22 Mb Available Physical Memory | 18,58% Memory free

2,43 Gb Paging File | 0,40 Gb Available in Paging File | 16,63% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 215,79 Gb Total Space | 153,45 Gb Free Space | 71,11% Space Free | Partition Type: NTFS

Drive D: | 4,00 Gb Total Space | 2,66 Gb Free Space | 66,51% Space Free | Partition Type: FAT32

 

Computer Name: CARO-PC | User Name: Caro | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0824B0DD-3AF4-4F6B-80BD-4B2F99FC8BE1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 

"{72B0E487-E84C-4CAC-A85C-921BED5F8652}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{9C66B0BF-05BF-4FDA-A4DA-2D3FE8B57A36}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{003B0630-4739-4575-927A-5138472A8976}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{0F8FDF37-AE54-4230-915B-5B3F4F62DD8C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{20A5C867-274F-42F1-9D16-16A2D07B9D9D}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | 

"{23C3B22F-47EF-4E50-BC29-B75B97604A58}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3000 j310 series\bin\devicesetup.exe | 

"{643368C4-0D4C-466C-AAAF-B4391244E665}" = protocol=6 | dir=in | app=c:\users\caro\appdata\roaming\dropbox\bin\dropbox.exe | 

"{70CFBCA4-640F-47E9-8CD6-A59661A0D341}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{7DEE1628-877D-4831-8BE8-5016F5364319}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{8E1AE11E-5CE9-419A-95E6-F9CB24A09DA9}" = protocol=17 | dir=in | app=c:\users\caro\appdata\roaming\dropbox\bin\dropbox.exe | 

"{99FDBDD0-1696-410A-AE1E-5DBC0CEEC3A7}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 

"{A34B0244-6C53-4CAB-B3E5-D006F93E936A}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3000 j310 series\bin\devicesetup.exe | 

"{AD9F4F2B-9AD1-407B-BC4D-4DFF49F49689}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3000 j310 series\bin\hpnetworkcommunicator.exe | 

"{ADB98B71-E35F-4C63-891C-1D7075583D56}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 

"{AFDBBC5B-FAA5-4CDE-B959-BA402EC250DE}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3000 j310 series\bin\hpnetworkcommunicator.exe | 

"{C312C512-489A-4FE6-AACE-ABB3D6334D0B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 

"{D6007FF0-E302-4277-94AD-6649D4AC5171}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe | 

"{D644F5A6-2971-43F9-94E6-0A89ABDBB28F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{E75D8D9A-3B17-412E-9D76-DB76ADDF56C0}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 

"TCP Query User{AAB0DE4C-60C7-4BCE-A5E0-1FC607896585}C:\users\caro\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\caro\appdata\roaming\dropbox\bin\dropbox.exe | 

"UDP Query User{889BDC8A-DCE5-49E2-BB3A-500979C66F06}C:\users\caro\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\caro\appdata\roaming\dropbox\bin\dropbox.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM

"{0B3B35C8-5429-4A90-A447-D1B9ED499FE8}" = STEUEReasy 2011

"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker

"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite

"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback

"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology

"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam

"{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller

"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)

"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync

"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console

"{654A65DA-7173-4B51-ACEB-F855201EE033}" = HP Deskjet 3000 J310 series Hilfe

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)

"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite

"{7960E014-C02C-41C1-A996-4284F76515B2}" = HP Deskjet 3000 J310 series - Grundlegende Software für das Gerät

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2

"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{93C987F5-6563-4D29-A7C0-7DC85471D7C3}" = Nero Multimedia Suite 10 Essentials

"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI

"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger

"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update

"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)

"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials

"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call

"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide

"{E8C23EBE-EE3C-4299-9DB9-601AB3751454}" = AAVUpdateManager

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10

"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)

"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic

"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)

"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"3B29FD3CCF1F5B855DA0C521597413EBABE97DFB" = ENE USB Card Reader Driver

"Acer Registration" = Acer Registration

"Acer Screensaver" = Acer ScreenSaver

"Acer Welcome Center" = Welcome Center

"Adobe AIR" = Adobe AIR

"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Avira AntiVir Desktop" = Avira Free Antivirus

"ElsterFormular" = ElsterFormular

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Google Chrome" = Google Chrome

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"HP Photo Creations" = HP Photo Creations

"Identity Card" = Identity Card

"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"InstallShield_{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller

"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"WinLiveSuite_Wave3" = Windows Live Essentials

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 09.01.2013 15:37:21 | Computer Name = Caro-PC | Source = .NET Runtime Optimization Service | ID = 1101

Description = 

 

Error - 09.01.2013 15:37:23 | Computer Name = Caro-PC | Source = .NET Runtime Optimization Service | ID = 1101

Description = 

 

Error - 09.01.2013 15:37:23 | Computer Name = Caro-PC | Source = .NET Runtime Optimization Service | ID = 1101

Description = 

 

Error - 09.01.2013 15:37:24 | Computer Name = Caro-PC | Source = .NET Runtime Optimization Service | ID = 1101

Description = 

 

Error - 09.01.2013 15:37:24 | Computer Name = Caro-PC | Source = .NET Runtime Optimization Service | ID = 1101

Description = 

 

Error - 09.01.2013 15:40:57 | Computer Name = Caro-PC | Source = .NET Runtime Optimization Service | ID = 1107

Description = 

 

Error - 12.01.2013 10:03:10 | Computer Name = Caro-PC | Source = SideBySide | ID = 16842815

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common

 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei

 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.

Der

 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs

 im assemblyIdentity-Element ist ungültig.

 

Error - 18.01.2013 20:36:26 | Computer Name = Caro-PC | Source = SideBySide | ID = 16842815

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common

 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei

 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.

Der

 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs

 im assemblyIdentity-Element ist ungültig.

 

Error - 03.02.2013 10:46:51 | Computer Name = Caro-PC | Source = SideBySide | ID = 16842815

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common

 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei

 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.

Der

 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs

 im assemblyIdentity-Element ist ungültig.

 

Error - 03.02.2013 12:13:47 | Computer Name = Caro-PC | Source = SideBySide | ID = 16842815

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common

 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei

 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.

Der

 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs

 im assemblyIdentity-Element ist ungültig.

 

[ System Events ]

Error - 08.02.2013 03:40:21 | Computer Name = Caro-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst Wlansvc erreicht.

 

Error - 09.02.2013 02:16:03 | Computer Name = Caro-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst ShellHWDetection erreicht.

 

Error - 10.02.2013 12:57:24 | Computer Name = Caro-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst ShellHWDetection erreicht.

 

Error - 13.02.2013 15:40:46 | Computer Name = Caro-PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   cdrom

 

Error - 14.02.2013 09:47:41 | Computer Name = Caro-PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   cdrom

 

Error - 14.02.2013 10:37:47 | Computer Name = Caro-PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   cdrom

 

Error - 14.02.2013 19:53:43 | Computer Name = Caro-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst Wlansvc erreicht.

 

Error - 15.02.2013 11:56:19 | Computer Name = Caro-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst Netman erreicht.

 

Error - 15.02.2013 14:22:58 | Computer Name = Caro-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst ShellHWDetection erreicht.

 

Error - 16.02.2013 07:16:13 | Computer Name = Caro-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst AntiVirSchedulerService erreicht.

 

 

< End of report >

Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus.

Anleitung MBAR:

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Hallo, gmer ist zweimal abgestürzt. Anbei das Protokoll von mbar. Der hat leider nichts gefunden. Die Datei ist ja in Quarantäne, heißt es, dass es sich damit erledigt hat und mein System ist einfach nur langsam ist?

Code:

Malwarebytes Anti-Rootkit BETA 1.01.0.1021

www.malwarebytes.org
 

Database version: v2013.03.10.03
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Caro :: CARO-PC [administrator]
 

10.03.2013 17:21:02

mbar-log-2013-03-10 (17-21-02).txt
 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled: 

Objects scanned: 28405

Time elapsed: 21 minute(s), 6 second(s)
 

Memory Processes Detected: 0

(No malicious items detected)
 

Memory Modules Detected: 0

(No malicious items detected)
 

Registry Keys Detected: 0

(No malicious items detected)
 

Registry Values Detected: 0

(No malicious items detected)
 

Registry Data Items Detected: 0

(No malicious items detected)
 

Folders Detected: 0

(No malicious items detected)
 

Files Detected: 0

(No malicious items detected)
 

(end)

Bitte GMER nochmal so probieren:

Rootkitscan mit GMER

Bitte lade dir

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Hallo Cosinus,

gmer hat im Abgesicherten Modus funktioniert. Anbei das Ergebnis. Sind das gute oder schlechte Rootkits?

Falls ich nochmal etwas scannen soll ist das morgen oder erst dann wieder am Montag Abend möglich, da ich ein paar Tage außer Haus sein werde.

Code:

GMER 2.1.19155 - hxxp://www.gmer.net

Rootkit scan 2013-03-12 22:30:26

Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.PB2O 232,89GB

Running: gmer_2.1.19155.exe; Driver: C:\Users\Caro\AppData\Local\Temp\kwldqpog.sys
 
 

---- Kernel code sections - GMER 2.1 ----
 

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                         81C829E9 1 Byte  [06]

.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           81CBC1C2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
 

---- Devices - GMER 2.1 ----
 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys

AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys
 

---- Registry - GMER 2.1 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4c0f6e700a25                      

Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4c0f6e700a25 (not active ControlSet)  
 

---- EOF - GMER 2.1 ----

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Hallo Cosinus,

anbei die Reports, TDSS hat nichts gefunden. Ich bin dann erst wieder am Montag da.

Code:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software

Run date: 2013-03-13 21:25:23

-----------------------------

21:25:23.350    OS Version: Windows 6.1.7601 Service Pack 1

21:25:23.350    Number of processors: 4 586 0x1C0A

21:25:23.350    ComputerName: CARO-PC  UserName: Caro

21:25:24.458    Initialize success

21:25:55.608    AVAST engine defs: 13031301

21:48:21.045    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

21:48:21.108    Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 3

21:48:21.139    Disk 0 MBR read successfully

21:48:21.154    Disk 0 MBR scan

21:48:21.763    Disk 0 Windows 7 default MBR code

21:48:21.794    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        13312 MB offset 2048

21:48:21.966    Disk 0 Partition 2 00     0C    FAT32 LBA MSDOS5.0     4096 MB offset 27265024

21:48:22.075    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 35653632

21:48:22.090    Disk 0 Partition - 00     0F Extended LBA            220965 MB offset 35858432

21:48:22.137    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       220964 MB offset 35860480

21:48:22.215    Disk 0 scanning sectors +488394752

21:48:22.527    Disk 0 scanning C:\Windows\system32\drivers

21:48:50.295    Service scanning

21:49:42.540    Modules scanning

21:50:02.399    Disk 0 trace - called modules:

21:50:02.445    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys 

21:50:02.477    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f75400]

21:50:02.492    3 CLASSPNP.SYS[86bac59e] -> nt!IofCallDriver -> [0x84452e50]

21:50:02.508    5 ACPI.sys[864b13d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84436028]

21:50:05.877    AVAST engine scan C:\Windows

21:50:10.589    AVAST engine scan C:\Windows\system32

21:55:27.441    AVAST engine scan C:\Windows\system32\drivers

21:55:50.186    AVAST engine scan C:\Users\Caro

22:00:44.012    Disk 0 MBR has been saved successfully to "C:\Users\Caro\Desktop\MBR.dat"

22:00:44.043    The log file has been saved successfully to "C:\Users\Caro\Desktop\aswMBR.txt"
 
 

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software

Run date: 2013-03-13 22:01:55

-----------------------------

22:01:55.695    OS Version: Windows 6.1.7601 Service Pack 1

22:01:55.695    Number of processors: 4 586 0x1C0A

22:01:55.710    ComputerName: CARO-PC  UserName: Caro

22:01:57.052    Initialize success

22:02:27.253    AVAST engine defs: 13031301

22:02:36.395    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

22:02:36.395    Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 3

22:02:36.442    Disk 0 MBR read successfully

22:02:36.442    Disk 0 MBR scan

22:02:36.457    Disk 0 Windows 7 default MBR code

22:02:36.489    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        13312 MB offset 2048

22:02:36.535    Disk 0 Partition 2 00     0C    FAT32 LBA MSDOS5.0     4096 MB offset 27265024

22:02:36.567    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 35653632

22:02:36.582    Disk 0 Partition - 00     0F Extended LBA            220965 MB offset 35858432

22:02:36.629    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       220964 MB offset 35860480

22:02:36.660    Disk 0 scanning sectors +488394752

22:02:36.785    Disk 0 scanning C:\Windows\system32\drivers

22:02:59.764    Service scanning

22:03:56.408    Modules scanning

22:04:22.288    Disk 0 trace - called modules:

22:04:22.350    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys 

22:04:22.366    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f75400]

22:04:22.382    3 CLASSPNP.SYS[86bac59e] -> nt!IofCallDriver -> [0x84452e50]

22:04:22.397    5 ACPI.sys[864b13d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84436028]

22:04:23.224    AVAST engine scan C:\Windows

22:04:38.559    AVAST engine scan C:\Windows\system32

22:11:12.460    AVAST engine scan C:\Windows\system32\drivers

22:11:35.454    AVAST engine scan C:\Users\Caro

22:18:54.801    AVAST engine scan C:\ProgramData

22:19:31.601    Scan finished successfully

22:20:46.871    Disk 0 MBR has been saved successfully to "C:\Users\Caro\Desktop\MBR.dat"

22:20:46.902    The log file has been saved successfully to "C:\Users\Caro\Desktop\aswMBR.txt"

Code:

22:22:40.0780 3124  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

22:22:40.0889 3124  ============================================================

22:22:40.0889 3124  Current date / time: 2013/03/13 22:22:40.0889

22:22:40.0889 3124  SystemInfo:

22:22:40.0889 3124  

22:22:40.0889 3124  OS Version: 6.1.7601 ServicePack: 1.0

22:22:40.0889 3124  Product type: Workstation

22:22:40.0889 3124  ComputerName: CARO-PC

22:22:40.0889 3124  UserName: Caro

22:22:40.0889 3124  Windows directory: C:\Windows

22:22:40.0889 3124  System windows directory: C:\Windows

22:22:40.0889 3124  Processor architecture: Intel x86

22:22:40.0889 3124  Number of processors: 4

22:22:40.0889 3124  Page size: 0x1000

22:22:40.0889 3124  Boot type: Normal boot

22:22:40.0889 3124  ============================================================

22:22:41.0373 3124  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

22:22:41.0373 3124  ============================================================

22:22:41.0373 3124  \Device\Harddisk0\DR0:

22:22:41.0373 3124  MBR partitions:

22:22:41.0373 3124  \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x1A00800, BlocksNum 0x800000

22:22:41.0373 3124  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2200800, BlocksNum 0x32000

22:22:41.0388 3124  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2233000, BlocksNum 0x1AF92000

22:22:41.0388 3124  ============================================================

22:22:41.0435 3124  C: <-> \Device\Harddisk0\DR0\Partition3

22:22:41.0451 3124  D: <-> \Device\Harddisk0\DR0\Partition1

22:22:41.0451 3124  ============================================================

22:22:41.0451 3124  Initialize success

22:22:41.0451 3124  ============================================================

22:22:42.0730 1836  ============================================================

22:22:42.0730 1836  Scan started

22:22:42.0730 1836  Mode: Manual; 

22:22:42.0730 1836  ============================================================

22:22:42.0855 1836  ================ Scan system memory ========================

22:22:42.0855 1836  System memory - ok

22:22:42.0870 1836  ================ Scan services =============================

22:22:43.0089 1836  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys

22:22:43.0089 1836  1394ohci - ok

22:22:43.0229 1836  [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe

22:22:43.0229 1836  AAV UpdateService - ok

22:22:43.0323 1836  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys

22:22:43.0338 1836  ACPI - ok

22:22:43.0385 1836  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys

22:22:43.0385 1836  AcpiPmi - ok

22:22:43.0432 1836  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys

22:22:43.0447 1836  adp94xx - ok

22:22:43.0479 1836  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\drivers\adpahci.sys

22:22:43.0479 1836  adpahci - ok

22:22:43.0494 1836  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\drivers\adpu320.sys

22:22:43.0494 1836  adpu320 - ok

22:22:43.0541 1836  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll

22:22:43.0541 1836  AeLookupSvc - ok

22:22:43.0603 1836  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys

22:22:43.0619 1836  AFD - ok

22:22:43.0650 1836  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys

22:22:43.0666 1836  agp440 - ok

22:22:43.0713 1836  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys

22:22:43.0713 1836  aic78xx - ok

22:22:43.0759 1836  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe

22:22:43.0759 1836  ALG - ok

22:22:43.0822 1836  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys

22:22:43.0822 1836  aliide - ok

22:22:43.0837 1836  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys

22:22:43.0853 1836  amdagp - ok

22:22:43.0884 1836  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys

22:22:43.0884 1836  amdide - ok

22:22:43.0931 1836  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys

22:22:43.0931 1836  AmdK8 - ok

22:22:43.0947 1836  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys

22:22:43.0947 1836  AmdPPM - ok

22:22:44.0009 1836  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys

22:22:44.0009 1836  amdsata - ok

22:22:44.0056 1836  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys

22:22:44.0056 1836  amdsbs - ok

22:22:44.0087 1836  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys

22:22:44.0087 1836  amdxata - ok

22:22:44.0181 1836  [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe

22:22:44.0181 1836  AntiVirSchedulerService - ok

22:22:44.0227 1836  [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe

22:22:44.0227 1836  AntiVirService - ok

22:22:44.0305 1836  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys

22:22:44.0305 1836  AppID - ok

22:22:44.0352 1836  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll

22:22:44.0352 1836  AppIDSvc - ok

22:22:44.0399 1836  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll

22:22:44.0399 1836  Appinfo - ok

22:22:44.0430 1836  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\drivers\arc.sys

22:22:44.0430 1836  arc - ok

22:22:44.0461 1836  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\drivers\arcsas.sys

22:22:44.0461 1836  arcsas - ok

22:22:44.0477 1836  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys

22:22:44.0477 1836  AsyncMac - ok

22:22:44.0524 1836  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys

22:22:44.0524 1836  atapi - ok

22:22:44.0571 1836  [ 61361A8A62A193C339DACB341D246E63 ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys

22:22:44.0571 1836  AthBTPort - ok

22:22:44.0617 1836  [ 70441751B1D988608E135D4F903ABA5C ] ATHDFU          C:\Windows\system32\Drivers\AthDfu.sys

22:22:44.0617 1836  ATHDFU - ok

22:22:44.0680 1836  [ 935B12A4795F7B81596D128FC869B534 ] AtherosSvc      C:\Program Files\Bluetooth Suite\adminservice.exe

22:22:44.0680 1836  AtherosSvc - ok

22:22:44.0773 1836  [ C35AF075C15827D74B5C9702CBCB175B ] athr            C:\Windows\system32\DRIVERS\athr.sys

22:22:44.0805 1836  athr - ok

22:22:44.0851 1836  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

22:22:44.0867 1836  AudioEndpointBuilder - ok

22:22:44.0883 1836  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll

22:22:44.0898 1836  Audiosrv - ok

22:22:44.0929 1836  [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys

22:22:44.0945 1836  avgntflt - ok

22:22:44.0992 1836  [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys

22:22:44.0992 1836  avipbb - ok

22:22:45.0023 1836  [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys

22:22:45.0023 1836  avkmgr - ok

22:22:45.0070 1836  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll

22:22:45.0085 1836  AxInstSV - ok

22:22:45.0148 1836  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys

22:22:45.0148 1836  b06bdrv - ok

22:22:45.0195 1836  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys

22:22:45.0195 1836  b57nd60x - ok

22:22:45.0319 1836  [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc           C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe

22:22:45.0319 1836  BBSvc - ok

22:22:45.0366 1836  [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate        C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe

22:22:45.0366 1836  BBUpdate - ok

22:22:45.0413 1836  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll

22:22:45.0413 1836  BDESVC - ok

22:22:45.0444 1836  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys

22:22:45.0444 1836  Beep - ok

22:22:45.0507 1836  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll

22:22:45.0569 1836  BFE - ok

22:22:45.0616 1836  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll

22:22:45.0694 1836  BITS - ok

22:22:45.0725 1836  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys

22:22:45.0756 1836  blbdrive - ok

22:22:45.0819 1836  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys

22:22:45.0865 1836  bowser - ok

22:22:45.0897 1836  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys

22:22:45.0928 1836  BrFiltLo - ok

22:22:45.0943 1836  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys

22:22:45.0959 1836  BrFiltUp - ok

22:22:46.0006 1836  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll

22:22:46.0037 1836  Browser - ok

22:22:46.0099 1836  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys

22:22:46.0146 1836  Brserid - ok

22:22:46.0177 1836  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys

22:22:46.0209 1836  BrSerWdm - ok

22:22:46.0224 1836  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys

22:22:46.0240 1836  BrUsbMdm - ok

22:22:46.0255 1836  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys

22:22:46.0287 1836  BrUsbSer - ok

22:22:46.0349 1836  [ ED84067704F7CB92C5DCE0FA9CC1616A ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys

22:22:46.0380 1836  BTATH_A2DP - ok

22:22:46.0411 1836  [ 3D58BED2BFA9EC2F060811B8F5EF1D3B ] BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys

22:22:46.0443 1836  BTATH_BUS - ok

22:22:46.0474 1836  [ C1D73E8E7570F8BBD27A034F8E3F890B ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys

22:22:46.0521 1836  BTATH_HCRP - ok

22:22:46.0552 1836  [ CB2A26BA734C58DCBDE4BA444D21DE3B ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys

22:22:46.0567 1836  BTATH_LWFLT - ok

22:22:46.0599 1836  [ 954678976BBACCAB3F7D7ACE875AA193 ] BTATH_RCP       C:\Windows\system32\DRIVERS\btath_rcp.sys

22:22:46.0645 1836  BTATH_RCP - ok

22:22:46.0692 1836  [ 0A53B4F35A035A46AAC08D8BF8B470B0 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys

22:22:46.0723 1836  BtFilter - ok

22:22:46.0770 1836  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys

22:22:46.0817 1836  BthEnum - ok

22:22:46.0833 1836  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys

22:22:46.0879 1836  BTHMODEM - ok

22:22:46.0926 1836  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys

22:22:46.0957 1836  BthPan - ok

22:22:47.0051 1836  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys

22:22:47.0098 1836  BTHPORT - ok

22:22:47.0145 1836  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll

22:22:47.0191 1836  bthserv - ok

22:22:47.0223 1836  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys

22:22:47.0254 1836  BTHUSB - ok

22:22:47.0301 1836  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys

22:22:47.0332 1836  cdfs - ok

22:22:47.0394 1836  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys

22:22:47.0441 1836  cdrom - ok

22:22:47.0503 1836  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll

22:22:47.0566 1836  CertPropSvc - ok

22:22:47.0613 1836  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\drivers\circlass.sys

22:22:47.0644 1836  circlass - ok

22:22:47.0691 1836  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys

22:22:47.0737 1836  CLFS - ok

22:22:47.0815 1836  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:22:47.0862 1836  clr_optimization_v2.0.50727_32 - ok

22:22:47.0956 1836  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

22:22:48.0018 1836  clr_optimization_v4.0.30319_32 - ok

22:22:48.0065 1836  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys

22:22:48.0096 1836  CmBatt - ok

22:22:48.0127 1836  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys

22:22:48.0143 1836  cmdide - ok

22:22:48.0174 1836  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\Windows\system32\Drivers\cng.sys

22:22:48.0237 1836  CNG - ok

22:22:48.0268 1836  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\drivers\compbatt.sys

22:22:48.0299 1836  Compbatt - ok

22:22:48.0361 1836  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys

22:22:48.0393 1836  CompositeBus - ok

22:22:48.0424 1836  COMSysApp - ok

22:22:48.0471 1836  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys

22:22:48.0502 1836  crcdisk - ok

22:22:48.0549 1836  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll

22:22:48.0595 1836  CryptSvc - ok

22:22:48.0658 1836  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll

22:22:48.0673 1836  DcomLaunch - ok

22:22:48.0705 1836  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll

22:22:48.0767 1836  defragsvc - ok

22:22:48.0814 1836  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys

22:22:48.0845 1836  DfsC - ok

22:22:48.0907 1836  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll

22:22:48.0954 1836  Dhcp - ok

22:22:48.0970 1836  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys

22:22:49.0001 1836  discache - ok

22:22:49.0079 1836  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\drivers\disk.sys

22:22:49.0126 1836  Disk - ok

22:22:49.0157 1836  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll

22:22:49.0188 1836  Dnscache - ok

22:22:49.0251 1836  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll

22:22:49.0313 1836  dot3svc - ok

22:22:49.0360 1836  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll

22:22:49.0407 1836  DPS - ok

22:22:49.0438 1836  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys

22:22:49.0469 1836  drmkaud - ok

22:22:49.0563 1836  [ 9CF46FDF163E06B83D03FF929EF2296C ] DsiWMIService   C:\Program Files\Launch Manager\dsiwmis.exe

22:22:49.0609 1836  DsiWMIService - ok

22:22:49.0672 1836  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys

22:22:49.0734 1836  DXGKrnl - ok

22:22:49.0765 1836  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll

22:22:49.0812 1836  EapHost - ok

22:22:49.0953 1836  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys

22:22:50.0140 1836  ebdrv - ok

22:22:50.0187 1836  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe

22:22:50.0218 1836  EFS - ok

22:22:50.0280 1836  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\drivers\elxstor.sys

22:22:50.0311 1836  elxstor - ok

22:22:50.0389 1836  [ 2609A5B13DE9B2EEB38F3A83A406D079 ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

22:22:50.0467 1836  ePowerSvc - ok

22:22:50.0514 1836  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys

22:22:50.0530 1836  ErrDev - ok

22:22:50.0608 1836  [ 4FAB8DFAF156E048AD514EABD268AB3A ] EUCR            C:\Windows\system32\DRIVERS\EUCR6SK.SYS

22:22:50.0639 1836  EUCR - ok

22:22:50.0701 1836  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll

22:22:50.0748 1836  EventSystem - ok

22:22:50.0779 1836  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys

22:22:50.0811 1836  exfat - ok

22:22:50.0842 1836  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys

22:22:50.0873 1836  fastfat - ok

22:22:50.0935 1836  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe

22:22:51.0060 1836  Fax - ok

22:22:51.0107 1836  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\drivers\fdc.sys

22:22:51.0138 1836  fdc - ok

22:22:51.0185 1836  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll

22:22:51.0216 1836  fdPHost - ok

22:22:51.0247 1836  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll

22:22:51.0279 1836  FDResPub - ok

22:22:51.0310 1836  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys

22:22:51.0325 1836  FileInfo - ok

22:22:51.0357 1836  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys

22:22:51.0388 1836  Filetrace - ok

22:22:51.0419 1836  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys

22:22:51.0435 1836  flpydisk - ok

22:22:51.0481 1836  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys

22:22:51.0528 1836  FltMgr - ok

22:22:51.0591 1836  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll

22:22:51.0637 1836  FontCache - ok

22:22:51.0715 1836  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

22:22:51.0747 1836  FontCache3.0.0.0 - ok

22:22:51.0778 1836  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys

22:22:51.0825 1836  FsDepends - ok

22:22:51.0871 1836  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys

22:22:51.0918 1836  Fs_Rec - ok

22:22:51.0965 1836  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys

22:22:52.0027 1836  fvevol - ok

22:22:52.0074 1836  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys

22:22:52.0090 1836  gagp30kx - ok

22:22:52.0137 1836  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll

22:22:52.0199 1836  gpsvc - ok

22:22:52.0261 1836  [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService     C:\Program Files\Acer\Registration\GREGsvc.exe

22:22:52.0293 1836  GREGService - ok

22:22:52.0371 1836  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe

22:22:52.0433 1836  gupdate - ok

22:22:52.0464 1836  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe

22:22:52.0464 1836  gupdatem - ok

22:22:52.0511 1836  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys

22:22:52.0542 1836  hcw85cir - ok

22:22:52.0620 1836  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

22:22:52.0667 1836  HdAudAddService - ok

22:22:52.0714 1836  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys

22:22:52.0729 1836  HDAudBus - ok

22:22:52.0776 1836  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys

22:22:52.0823 1836  HidBatt - ok

22:22:52.0839 1836  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\drivers\hidbth.sys

22:22:52.0870 1836  HidBth - ok

22:22:52.0901 1836  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\drivers\hidir.sys

22:22:52.0932 1836  HidIr - ok

22:22:52.0995 1836  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll

22:22:53.0041 1836  hidserv - ok

22:22:53.0104 1836  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\drivers\hidusb.sys

22:22:53.0135 1836  HidUsb - ok

22:22:53.0166 1836  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll

22:22:53.0213 1836  hkmsvc - ok

22:22:53.0260 1836  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

22:22:53.0307 1836  HomeGroupListener - ok

22:22:53.0353 1836  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

22:22:53.0416 1836  HomeGroupProvider - ok

22:22:53.0494 1836  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys

22:22:53.0525 1836  HpSAMD - ok

22:22:53.0603 1836  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys

22:22:53.0681 1836  HTTP - ok

22:22:53.0712 1836  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys

22:22:53.0743 1836  hwpolicy - ok

22:22:53.0806 1836  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys

22:22:53.0853 1836  i8042prt - ok

22:22:53.0946 1836  [ D80AA0907748D7CC8EFAB3773F32629B ] iaStor          C:\Windows\system32\drivers\iaStor.sys

22:22:53.0946 1836  iaStor - ok

22:22:54.0024 1836  [ A9BE186ABF28B3D3D698CB855EDF457E ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

22:22:54.0055 1836  IAStorDataMgrSvc - ok

22:22:54.0102 1836  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys

22:22:54.0165 1836  iaStorV - ok

22:22:54.0243 1836  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

22:22:54.0383 1836  idsvc - ok

22:22:54.0555 1836  [ D0074897C6BC132F3980EA4654BF7FB9 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys

22:22:54.0773 1836  igfx - ok

22:22:54.0820 1836  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\drivers\iirsp.sys

22:22:54.0867 1836  iirsp - ok

22:22:54.0945 1836  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll

22:22:55.0023 1836  IKEEXT - ok

22:22:55.0179 1836  [ 8C92829CCAE93139B90C46389FBEF4CF ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

22:22:55.0350 1836  IntcAzAudAddService - ok

22:22:55.0397 1836  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys

22:22:55.0413 1836  intelide - ok

22:22:55.0459 1836  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys

22:22:55.0506 1836  intelppm - ok

22:22:55.0537 1836  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll

22:22:55.0600 1836  IPBusEnum - ok

22:22:55.0631 1836  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:22:55.0678 1836  IpFilterDriver - ok

22:22:55.0756 1836  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll

22:22:55.0803 1836  iphlpsvc - ok

22:22:55.0849 1836  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys

22:22:55.0865 1836  IPMIDRV - ok

22:22:55.0896 1836  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys

22:22:55.0943 1836  IPNAT - ok

22:22:55.0990 1836  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys

22:22:55.0990 1836  IRENUM - ok

22:22:56.0021 1836  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys

22:22:56.0052 1836  isapnp - ok

22:22:56.0083 1836  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys

22:22:56.0130 1836  iScsiPrt - ok

22:22:56.0146 1836  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys

22:22:56.0177 1836  kbdclass - ok

22:22:56.0224 1836  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys

22:22:56.0239 1836  kbdhid - ok

22:22:56.0271 1836  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe

22:22:56.0271 1836  KeyIso - ok

22:22:56.0317 1836  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys

22:22:56.0349 1836  KSecDD - ok

22:22:56.0380 1836  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys

22:22:56.0427 1836  KSecPkg - ok

22:22:56.0473 1836  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll

22:22:56.0536 1836  KtmRm - ok

22:22:56.0583 1836  [ 1A91EAAD2D73758140B3B7B6AD736573 ] L1C             C:\Windows\system32\DRIVERS\L1C62x86.sys

22:22:56.0614 1836  L1C - ok

22:22:56.0692 1836  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll

22:22:56.0754 1836  LanmanServer - ok

22:22:56.0785 1836  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

22:22:56.0832 1836  LanmanWorkstation - ok

22:22:56.0895 1836  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys

22:22:56.0926 1836  lltdio - ok

22:22:56.0988 1836  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll

22:22:57.0051 1836  lltdsvc - ok

22:22:57.0082 1836  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll

22:22:57.0097 1836  lmhosts - ok

22:22:57.0144 1836  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys

22:22:57.0175 1836  LSI_FC - ok

22:22:57.0207 1836  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys

22:22:57.0222 1836  LSI_SAS - ok

22:22:57.0238 1836  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys

22:22:57.0269 1836  LSI_SAS2 - ok

22:22:57.0285 1836  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys

22:22:57.0300 1836  LSI_SCSI - ok

22:22:57.0347 1836  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys

22:22:57.0363 1836  luafv - ok

22:22:57.0394 1836  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\drivers\megasas.sys

22:22:57.0409 1836  megasas - ok

22:22:57.0456 1836  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys

22:22:57.0503 1836  MegaSR - ok

22:22:57.0597 1836  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

22:22:57.0628 1836  Microsoft Office Groove Audit Service - ok

22:22:57.0659 1836  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll

22:22:57.0675 1836  MMCSS - ok

22:22:57.0706 1836  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys

22:22:57.0737 1836  Modem - ok

22:22:57.0768 1836  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys

22:22:57.0799 1836  monitor - ok

22:22:57.0831 1836  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\drivers\mouclass.sys

22:22:57.0877 1836  mouclass - ok

22:22:57.0924 1836  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\drivers\mouhid.sys

22:22:57.0924 1836  mouhid - ok

22:22:57.0971 1836  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys

22:22:58.0002 1836  mountmgr - ok

22:22:58.0033 1836  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys

22:22:58.0065 1836  mpio - ok

22:22:58.0096 1836  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys

22:22:58.0143 1836  mpsdrv - ok

22:22:58.0189 1836  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll

22:22:58.0267 1836  MpsSvc - ok

22:22:58.0299 1836  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys

22:22:58.0330 1836  MRxDAV - ok

22:22:58.0392 1836  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys

22:22:58.0408 1836  mrxsmb - ok

22:22:58.0439 1836  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:22:58.0486 1836  mrxsmb10 - ok

22:22:58.0517 1836  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:22:58.0533 1836  mrxsmb20 - ok

22:22:58.0564 1836  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys

22:22:58.0595 1836  msahci - ok

22:22:58.0642 1836  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys

22:22:58.0657 1836  msdsm - ok

22:22:58.0689 1836  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe

22:22:58.0720 1836  MSDTC - ok

22:22:58.0782 1836  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys

22:22:58.0813 1836  Msfs - ok

22:22:58.0829 1836  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys

22:22:58.0860 1836  mshidkmdf - ok

22:22:58.0907 1836  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys

22:22:58.0938 1836  msisadrv - ok

22:22:59.0001 1836  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll

22:22:59.0047 1836  MSiSCSI - ok

22:22:59.0047 1836  msiserver - ok

22:22:59.0094 1836  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys

22:22:59.0125 1836  MSKSSRV - ok

22:22:59.0141 1836  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys

22:22:59.0157 1836  MSPCLOCK - ok

22:22:59.0172 1836  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys

22:22:59.0188 1836  MSPQM - ok

22:22:59.0203 1836  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys

22:22:59.0250 1836  MsRPC - ok

22:22:59.0297 1836  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys

22:22:59.0328 1836  mssmbios - ok

22:22:59.0375 1836  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys

22:22:59.0375 1836  MSTEE - ok

22:22:59.0391 1836  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys

22:22:59.0406 1836  MTConfig - ok

22:22:59.0437 1836  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys

22:22:59.0453 1836  Mup - ok

22:22:59.0484 1836  [ CB47C414E083CA6E50E634B148F28F64 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys

22:22:59.0531 1836  mwlPSDFilter - ok

22:22:59.0547 1836  [ 647B953019559BFF07536F5C6121F333 ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys

22:22:59.0562 1836  mwlPSDNServ - ok

22:22:59.0578 1836  [ 5A236A36DB8687D1E64DC81C03EAABE1 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys

22:22:59.0593 1836  mwlPSDVDisk - ok

22:22:59.0671 1836  [ 3E5E20817259F7328C8F3BE5421F35B9 ] MWLService      C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe

22:22:59.0718 1836  MWLService - ok

22:22:59.0765 1836  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll

22:22:59.0796 1836  napagent - ok

22:22:59.0843 1836  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys

22:22:59.0890 1836  NativeWifiP - ok

22:22:59.0983 1836  [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate        C:\Program Files\Nero\Update\NASvc.exe

22:23:00.0030 1836  NAUpdate - ok

22:23:00.0093 1836  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys

22:23:00.0186 1836  NDIS - ok

22:23:00.0217 1836  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys

22:23:00.0264 1836  NdisCap - ok

22:23:00.0295 1836  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys

22:23:00.0311 1836  NdisTapi - ok

22:23:00.0358 1836  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys

22:23:00.0389 1836  Ndisuio - ok

22:23:00.0436 1836  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys

22:23:00.0483 1836  NdisWan - ok

22:23:00.0529 1836  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys

22:23:00.0592 1836  NDProxy - ok

22:23:00.0639 1836  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys

22:23:00.0685 1836  NetBIOS - ok

22:23:00.0732 1836  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys

22:23:00.0779 1836  NetBT - ok

22:23:00.0810 1836  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe

22:23:00.0810 1836  Netlogon - ok

22:23:00.0857 1836  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll

22:23:00.0904 1836  Netman - ok

22:23:00.0920 1836  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll

22:23:00.0998 1836  netprofm - ok

22:23:01.0044 1836  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

22:23:01.0107 1836  NetTcpPortSharing - ok

22:23:01.0154 1836  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys

22:23:01.0185 1836  nfrd960 - ok

22:23:01.0232 1836  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll

22:23:01.0278 1836  NlaSvc - ok

22:23:01.0310 1836  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys

22:23:01.0341 1836  Npfs - ok

22:23:01.0388 1836  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll

22:23:01.0419 1836  nsi - ok

22:23:01.0450 1836  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys

22:23:01.0466 1836  nsiproxy - ok

22:23:01.0544 1836  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys

22:23:01.0606 1836  Ntfs - ok

22:23:01.0637 1836  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys

22:23:01.0668 1836  Null - ok

22:23:01.0715 1836  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys

22:23:01.0762 1836  nvraid - ok

22:23:01.0809 1836  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys

22:23:01.0840 1836  nvstor - ok

22:23:01.0887 1836  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys

22:23:01.0902 1836  nv_agp - ok

22:23:01.0996 1836  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

22:23:02.0074 1836  odserv - ok

22:23:02.0105 1836  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys

22:23:02.0152 1836  ohci1394 - ok

22:23:02.0199 1836  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

22:23:02.0230 1836  ose - ok

22:23:02.0292 1836  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll

22:23:02.0355 1836  p2pimsvc - ok

22:23:02.0386 1836  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll

22:23:02.0448 1836  p2psvc - ok

22:23:02.0495 1836  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\drivers\parport.sys

22:23:02.0511 1836  Parport - ok

22:23:02.0542 1836  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys

22:23:02.0589 1836  partmgr - ok

22:23:02.0604 1836  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\drivers\parvdm.sys

22:23:02.0620 1836  Parvdm - ok

22:23:02.0651 1836  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll

22:23:02.0714 1836  PcaSvc - ok

22:23:02.0745 1836  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys

22:23:02.0792 1836  pci - ok

22:23:02.0807 1836  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys

22:23:02.0838 1836  pciide - ok

22:23:02.0885 1836  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys

22:23:02.0916 1836  pcmcia - ok

22:23:02.0948 1836  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys

22:23:02.0979 1836  pcw - ok

22:23:03.0026 1836  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys

22:23:03.0088 1836  PEAUTH - ok

22:23:03.0197 1836  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll

22:23:03.0275 1836  pla - ok

22:23:03.0322 1836  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll

22:23:03.0384 1836  PlugPlay - ok

22:23:03.0431 1836  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll

22:23:03.0462 1836  PNRPAutoReg - ok

22:23:03.0478 1836  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll

22:23:03.0494 1836  PNRPsvc - ok

22:23:03.0540 1836  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll

22:23:03.0603 1836  PolicyAgent - ok

22:23:03.0650 1836  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll

22:23:03.0681 1836  Power - ok

22:23:03.0712 1836  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys

22:23:03.0743 1836  PptpMiniport - ok

22:23:03.0759 1836  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\drivers\processr.sys

22:23:03.0806 1836  Processor - ok

22:23:03.0852 1836  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll

22:23:03.0884 1836  ProfSvc - ok

22:23:03.0915 1836  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe

22:23:03.0915 1836  ProtectedStorage - ok

22:23:03.0962 1836  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys

22:23:03.0977 1836  Psched - ok

22:23:04.0055 1836  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\drivers\ql2300.sys

22:23:04.0118 1836  ql2300 - ok

22:23:04.0149 1836  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys

22:23:04.0180 1836  ql40xx - ok

22:23:04.0211 1836  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll

22:23:04.0258 1836  QWAVE - ok

22:23:04.0305 1836  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys

22:23:04.0336 1836  QWAVEdrv - ok

22:23:04.0352 1836  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys

22:23:04.0383 1836  RasAcd - ok

22:23:04.0445 1836  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys

22:23:04.0476 1836  RasAgileVpn - ok

22:23:04.0523 1836  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll

22:23:04.0554 1836  RasAuto - ok

22:23:04.0586 1836  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys

22:23:04.0617 1836  Rasl2tp - ok

22:23:04.0695 1836  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll

22:23:04.0726 1836  RasMan - ok

22:23:04.0757 1836  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys

22:23:04.0773 1836  RasPppoe - ok

22:23:04.0788 1836  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys

22:23:04.0835 1836  RasSstp - ok

22:23:04.0882 1836  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys

22:23:04.0929 1836  rdbss - ok

22:23:04.0960 1836  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys

22:23:04.0991 1836  rdpbus - ok

22:23:05.0038 1836  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys

22:23:05.0069 1836  RDPCDD - ok

22:23:05.0132 1836  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys

22:23:05.0163 1836  RDPENCDD - ok

22:23:05.0225 1836  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys

22:23:05.0256 1836  RDPREFMP - ok

22:23:05.0350 1836  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

22:23:05.0350 1836  RdpVideoMiniport - ok

22:23:05.0381 1836  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys

22:23:05.0428 1836  RDPWD - ok

22:23:05.0506 1836  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys

22:23:05.0537 1836  rdyboost - ok

22:23:05.0568 1836  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll

22:23:05.0615 1836  RemoteAccess - ok

22:23:05.0662 1836  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll

22:23:05.0709 1836  RemoteRegistry - ok

22:23:05.0740 1836  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys

22:23:05.0756 1836  RFCOMM - ok

22:23:05.0787 1836  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll

22:23:05.0818 1836  RpcEptMapper - ok

22:23:05.0834 1836  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe

22:23:05.0865 1836  RpcLocator - ok

22:23:05.0912 1836  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll

22:23:05.0927 1836  RpcSs - ok

22:23:05.0958 1836  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys

22:23:06.0005 1836  rspndr - ok

22:23:06.0083 1836  [ 7CB9F0FDD730F4A4ECF6CDE15EA12E8A ] RS_Service      C:\Program Files\Acer\Acer VCM\RS_Service.exe

22:23:06.0146 1836  RS_Service - ok

22:23:06.0177 1836  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe

22:23:06.0177 1836  SamSs - ok

22:23:06.0224 1836  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys

22:23:06.0255 1836  sbp2port - ok

22:23:06.0286 1836  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll

22:23:06.0348 1836  SCardSvr - ok

22:23:06.0395 1836  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys

22:23:06.0426 1836  scfilter - ok

22:23:06.0489 1836  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll

22:23:06.0567 1836  Schedule - ok

22:23:06.0598 1836  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll

22:23:06.0598 1836  SCPolicySvc - ok

22:23:06.0645 1836  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll

22:23:06.0692 1836  SDRSVC - ok

22:23:06.0738 1836  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys

22:23:06.0754 1836  secdrv - ok

22:23:06.0785 1836  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll

22:23:06.0816 1836  seclogon - ok

22:23:06.0863 1836  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll

22:23:06.0910 1836  SENS - ok

22:23:06.0926 1836  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\drivers\serenum.sys

22:23:06.0972 1836  Serenum - ok

22:23:07.0035 1836  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\drivers\serial.sys

22:23:07.0082 1836  Serial - ok

22:23:07.0144 1836  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\drivers\sermouse.sys

22:23:07.0175 1836  sermouse - ok

22:23:07.0238 1836  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll

22:23:07.0284 1836  SessionEnv - ok

22:23:07.0316 1836  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys

22:23:07.0331 1836  sffdisk - ok

22:23:07.0362 1836  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys

22:23:07.0362 1836  sffp_mmc - ok

22:23:07.0394 1836  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys

22:23:07.0425 1836  sffp_sd - ok

22:23:07.0456 1836  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys

22:23:07.0503 1836  sfloppy - ok

22:23:07.0550 1836  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll

22:23:07.0581 1836  SharedAccess - ok

22:23:07.0643 1836  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

22:23:07.0706 1836  ShellHWDetection - ok

22:23:07.0752 1836  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys

22:23:07.0799 1836  sisagp - ok

22:23:07.0846 1836  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys

22:23:07.0877 1836  SiSRaid2 - ok

22:23:07.0908 1836  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys

22:23:07.0924 1836  SiSRaid4 - ok

22:23:07.0955 1836  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys

22:23:08.0002 1836  Smb - ok

22:23:08.0049 1836  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe

22:23:08.0080 1836  SNMPTRAP - ok

22:23:08.0127 1836  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys

22:23:08.0158 1836  spldr - ok

22:23:08.0236 1836  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe

22:23:08.0314 1836  Spooler - ok

22:23:08.0423 1836  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe

22:23:08.0595 1836  sppsvc - ok

22:23:08.0642 1836  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll

22:23:08.0688 1836  sppuinotify - ok

22:23:08.0735 1836  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys

22:23:08.0766 1836  srv - ok

22:23:08.0782 1836  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys

22:23:08.0829 1836  srv2 - ok

22:23:08.0860 1836  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys

22:23:08.0891 1836  srvnet - ok

22:23:08.0938 1836  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll

22:23:08.0969 1836  SSDPSRV - ok

22:23:09.0016 1836  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys

22:23:09.0047 1836  ssmdrv - ok

22:23:09.0078 1836  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll

22:23:09.0110 1836  SstpSvc - ok

22:23:09.0156 1836  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\drivers\stexstor.sys

22:23:09.0203 1836  stexstor - ok

22:23:09.0266 1836  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll

22:23:09.0328 1836  StiSvc - ok

22:23:09.0375 1836  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys

22:23:09.0390 1836  swenum - ok

22:23:09.0437 1836  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll

22:23:09.0500 1836  swprv - ok

22:23:09.0562 1836  [ 5CDD124913E91C7F79B4D5CAE1C7C4DE ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys

22:23:09.0609 1836  SynTP - ok

22:23:09.0671 1836  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll

22:23:09.0765 1836  SysMain - ok

22:23:09.0812 1836  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll

22:23:09.0843 1836  TabletInputService - ok

22:23:09.0890 1836  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll

22:23:09.0936 1836  TapiSrv - ok

22:23:09.0983 1836  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll

22:23:09.0999 1836  TBS - ok

22:23:10.0092 1836  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys

22:23:10.0155 1836  Tcpip - ok

22:23:10.0202 1836  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys

22:23:10.0217 1836  TCPIP6 - ok

22:23:10.0280 1836  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys

22:23:10.0311 1836  tcpipreg - ok

22:23:10.0358 1836  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys

22:23:10.0389 1836  TDPIPE - ok

22:23:10.0420 1836  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys

22:23:10.0436 1836  TDTCP - ok

22:23:10.0482 1836  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys

22:23:10.0514 1836  tdx - ok

22:23:10.0529 1836  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys

22:23:10.0576 1836  TermDD - ok

22:23:10.0623 1836  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll

22:23:10.0701 1836  TermService - ok

22:23:10.0748 1836  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll

22:23:10.0794 1836  Themes - ok

22:23:10.0810 1836  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll

22:23:10.0826 1836  THREADORDER - ok

22:23:10.0857 1836  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll

22:23:10.0904 1836  TrkWks - ok

22:23:10.0982 1836  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

22:23:11.0028 1836  TrustedInstaller - ok

22:23:11.0075 1836  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys

22:23:11.0106 1836  tssecsrv - ok

22:23:11.0184 1836  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys

22:23:11.0216 1836  TsUsbFlt - ok

22:23:11.0278 1836  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys

22:23:11.0340 1836  tunnel - ok

22:23:11.0387 1836  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\drivers\uagp35.sys

22:23:11.0418 1836  uagp35 - ok

22:23:11.0465 1836  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys

22:23:11.0496 1836  udfs - ok

22:23:11.0559 1836  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe

22:23:11.0590 1836  UI0Detect - ok

22:23:11.0606 1836  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys

22:23:11.0621 1836  uliagpkx - ok

22:23:11.0668 1836  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys

22:23:11.0684 1836  umbus - ok

22:23:11.0730 1836  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\drivers\umpass.sys

22:23:11.0746 1836  UmPass - ok

22:23:11.0808 1836  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe

22:23:11.0871 1836  Updater Service - ok

22:23:11.0918 1836  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll

22:23:11.0996 1836  upnphost - ok

22:23:12.0042 1836  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys

22:23:12.0074 1836  usbccgp - ok

22:23:12.0120 1836  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys

22:23:12.0152 1836  usbcir - ok

22:23:12.0183 1836  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\drivers\usbehci.sys

22:23:12.0214 1836  usbehci - ok

22:23:12.0276 1836  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys

22:23:12.0292 1836  usbhub - ok

22:23:12.0323 1836  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys

22:23:12.0354 1836  usbohci - ok

22:23:12.0417 1836  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys

22:23:12.0464 1836  usbprint - ok

22:23:12.0495 1836  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys

22:23:12.0526 1836  usbscan - ok

22:23:12.0542 1836  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:23:12.0588 1836  USBSTOR - ok

22:23:12.0620 1836  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys

22:23:12.0635 1836  usbuhci - ok

22:23:12.0682 1836  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys

22:23:12.0713 1836  usbvideo - ok

22:23:12.0760 1836  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll

22:23:12.0791 1836  UxSms - ok

22:23:12.0807 1836  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe

22:23:12.0822 1836  VaultSvc - ok

22:23:12.0854 1836  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys

22:23:12.0869 1836  vdrvroot - ok

22:23:12.0932 1836  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe

22:23:12.0994 1836  vds - ok

22:23:13.0041 1836  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys

22:23:13.0072 1836  vga - ok

22:23:13.0103 1836  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys

22:23:13.0134 1836  VgaSave - ok

22:23:13.0166 1836  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys

22:23:13.0212 1836  vhdmp - ok

22:23:13.0259 1836  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys

22:23:13.0275 1836  viaagp - ok

22:23:13.0322 1836  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\drivers\viac7.sys

22:23:13.0353 1836  ViaC7 - ok

22:23:13.0368 1836  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys

22:23:13.0400 1836  viaide - ok

22:23:13.0446 1836  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys

22:23:13.0478 1836  volmgr - ok

22:23:13.0524 1836  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys

22:23:13.0556 1836  volmgrx - ok

22:23:13.0571 1836  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys

22:23:13.0618 1836  volsnap - ok

22:23:13.0680 1836  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys

22:23:13.0696 1836  vsmraid - ok

22:23:13.0774 1836  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe

22:23:13.0836 1836  VSS - ok

22:23:13.0868 1836  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys

22:23:13.0883 1836  vwifibus - ok

22:23:13.0914 1836  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys

22:23:13.0946 1836  vwififlt - ok

22:23:13.0977 1836  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys

22:23:14.0008 1836  vwifimp - ok

22:23:14.0055 1836  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll

22:23:14.0102 1836  W32Time - ok

22:23:14.0133 1836  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys

22:23:14.0164 1836  WacomPen - ok

22:23:14.0226 1836  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys

22:23:14.0242 1836  WANARP - ok

22:23:14.0242 1836  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys

22:23:14.0242 1836  Wanarpv6 - ok

22:23:14.0320 1836  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe

22:23:14.0398 1836  wbengine - ok

22:23:14.0445 1836  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll

22:23:14.0492 1836  WbioSrvc - ok

22:23:14.0538 1836  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll

22:23:14.0570 1836  wcncsvc - ok

22:23:14.0601 1836  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

22:23:14.0648 1836  WcsPlugInService - ok

22:23:14.0679 1836  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\drivers\wd.sys

22:23:14.0694 1836  Wd - ok

22:23:14.0757 1836  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys

22:23:14.0804 1836  Wdf01000 - ok

22:23:14.0835 1836  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll

22:23:14.0882 1836  WdiServiceHost - ok

22:23:14.0897 1836  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll

22:23:14.0897 1836  WdiSystemHost - ok

22:23:14.0944 1836  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll

22:23:15.0022 1836  WebClient - ok

22:23:15.0069 1836  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll

22:23:15.0100 1836  Wecsvc - ok

22:23:15.0131 1836  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll

22:23:15.0162 1836  wercplsupport - ok

22:23:15.0194 1836  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll

22:23:15.0225 1836  WerSvc - ok

22:23:15.0256 1836  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys

22:23:15.0272 1836  WfpLwf - ok

22:23:15.0303 1836  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys

22:23:15.0334 1836  WIMMount - ok

22:23:15.0428 1836  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll

22:23:15.0490 1836  WinDefend - ok

22:23:15.0506 1836  WinHttpAutoProxySvc - ok

22:23:15.0584 1836  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll

22:23:15.0646 1836  Winmgmt - ok

22:23:15.0724 1836  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll

22:23:15.0786 1836  WinRM - ok

22:23:15.0864 1836  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll

22:23:15.0942 1836  Wlansvc - ok

22:23:15.0989 1836  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys

22:23:16.0020 1836  WmiAcpi - ok

22:23:16.0083 1836  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe

22:23:16.0130 1836  wmiApSrv - ok

22:23:16.0223 1836  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe

22:23:16.0317 1836  WMPNetworkSvc - ok

22:23:16.0348 1836  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll

22:23:16.0395 1836  WPCSvc - ok

22:23:16.0457 1836  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll

22:23:16.0488 1836  WPDBusEnum - ok

22:23:16.0520 1836  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys

22:23:16.0535 1836  ws2ifsl - ok

22:23:16.0551 1836  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll

22:23:16.0582 1836  wscsvc - ok

22:23:16.0598 1836  WSearch - ok

22:23:16.0691 1836  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll

22:23:16.0800 1836  wuauserv - ok

22:23:16.0832 1836  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys

22:23:16.0894 1836  WudfPf - ok

22:23:16.0925 1836  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys

22:23:16.0972 1836  WUDFRd - ok

22:23:17.0034 1836  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll

22:23:17.0066 1836  wudfsvc - ok

22:23:17.0097 1836  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll

22:23:17.0144 1836  WwanSvc - ok

22:23:17.0190 1836  ================ Scan global ===============================

22:23:17.0237 1836  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll

22:23:17.0300 1836  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll

22:23:17.0378 1836  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll

22:23:17.0424 1836  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll

22:23:17.0487 1836  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe

22:23:17.0534 1836  [Global] - ok

22:23:17.0534 1836  ================ Scan MBR ==================================

22:23:17.0565 1836  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

22:23:17.0861 1836  \Device\Harddisk0\DR0 - ok

22:23:17.0861 1836  ================ Scan VBR ==================================

22:23:17.0877 1836  [ 87130BE9E3A2FA33850D82E6ECD5E531 ] \Device\Harddisk0\DR0\Partition1

22:23:17.0877 1836  \Device\Harddisk0\DR0\Partition1 - ok

22:23:17.0892 1836  [ D14EA2AC0BAA1B887EE80DCD8FC7A50B ] \Device\Harddisk0\DR0\Partition2

22:23:17.0892 1836  \Device\Harddisk0\DR0\Partition2 - ok

22:23:17.0924 1836  [ C63114A257BC9085562BBB878E8A0C8A ] \Device\Harddisk0\DR0\Partition3

22:23:17.0924 1836  \Device\Harddisk0\DR0\Partition3 - ok

22:23:17.0924 1836  ============================================================

22:23:17.0924 1836  Scan finished

22:23:17.0924 1836  ============================================================

22:23:17.0955 6080  Detected object count: 0

22:23:17.0955 6080  Actual detected object count: 0

Unauffällig

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Hallo Cosinus,

anbei die Reports, aber ich glaube da ist nichts zu finden....

Mein Rechner ist immer noch langsam, zwar nicht mehr sooo langsam aber schnell ist er nicht, dafür, dass er erst vor Kurzem neu aufgesetzt wurde.

JRT

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.7.2 (03.15.2013:1)

OS: Windows 7 Starter x86

Ran by Caro on 17.03.2013 at 20:54:06,53

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 17.03.2013 at 21:01:36,18

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Habe bei den alten Report von AdwCleaner nun auch gefunden und da wurde was gelöscht.

Code:

# AdwCleaner v2.113 - Datei am 05/03/2013 um 22:51:33 erstellt

# Aktualisiert am 23/02/2013 von Xplode

# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)

# Benutzer : Caro - CARO-PC

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\Caro\Downloads\adwcleaner_2113 (1).exe

# Option [Suche]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16464
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Google Chrome v25.0.1364.97
 

Datei : C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Preferences
 

[OK] Die Datei ist sauber.
 

Datei : C:\Users\Surfen\AppData\Local\Google\Chrome\User Data\Default\Preferences
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[R1].txt - [1211 octets] - [05/03/2013 22:51:33]
 

########## EOF - C:\AdwCleaner[R1].txt - [1271 octets] ##########

Das ist das neue:

Code:

# AdwCleaner v2.115 - Datei am 17/03/2013 um 21:28:24 erstellt

# Aktualisiert am 17/03/2013 von Xplode

# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)

# Benutzer : Caro - CARO-PC

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\Caro\Downloads\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 
 

***** [Registrierungsdatenbank] *****
 
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16470
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Google Chrome v25.0.1364.172
 

Datei : C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Preferences
 

[OK] Die Datei ist sauber.
 

Datei : C:\Users\Surfen\AppData\Local\Google\Chrome\User Data\Default\Preferences
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[R1].txt - [1340 octets] - [05/03/2013 22:51:33]

AdwCleaner[R2].txt - [1400 octets] - [05/03/2013 22:53:38]

AdwCleaner[S1].txt - [1462 octets] - [05/03/2013 22:54:07]

AdwCleaner[S2].txt - [1004 octets] - [17/03/2013 21:28:24]
 

########## EOF - C:\AdwCleaner[S2].txt - [1064 octets] ##########

Und hier OTL:

Code:

OTL logfile created on: 17.03.2013 21:40:52 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Caro\Desktop

 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1013,09 Mb Total Physical Memory | 194,19 Mb Available Physical Memory | 19,17% Memory free

1,99 Gb Paging File | 0,84 Gb Available in Paging File | 42,45% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 215,79 Gb Total Space | 153,48 Gb Free Space | 71,13% Space Free | Partition Type: NTFS

Drive D: | 4,00 Gb Total Space | 2,66 Gb Free Space | 66,51% Space Free | Partition Type: FAT32

 

Computer Name: CARO-PC | User Name: Caro | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Users\Caro\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Programme\Bluetooth Suite\BtvStack.exe (Atheros Communications)

PRC - C:\Programme\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)

PRC - C:\Programme\Bluetooth Suite\AdminService.exe (Atheros Commnucations)

PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)

PRC - C:\Programme\Launch Manager\dsiwmis.exe (Dritek System Inc.)

PRC - C:\Programme\Launch Manager\LMworker.exe (Dritek System Inc.)

PRC - C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.)

PRC - C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

PRC - C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)

PRC - C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe (Acer Incorporated)

PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

PRC - C:\Programme\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)

PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)

PRC - C:\Programme\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)

PRC - C:\Programme\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)

PRC - C:\Programme\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)

PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)

PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)

PRC - C:\Programme\Acer\Registration\GREGsvc.exe (Acer Incorporated)

PRC - C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.)

PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Programme\Google\Chrome\Application\25.0.1364.172\ppgooglenaclpluginchrome.dll ()

MOD - C:\Programme\Google\Chrome\Application\25.0.1364.172\pdf.dll ()

MOD - C:\Programme\Google\Chrome\Application\25.0.1364.172\libglesv2.dll ()

MOD - C:\Programme\Google\Chrome\Application\25.0.1364.172\libegl.dll ()

MOD - C:\Programme\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3f3abe5e86f6df8943d5d2802bdf964c\IAStorUtil.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\520a80ddcdd1084993516f4d42a73e05\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Programme\Acer\Android Manager\DEU.dll ()

MOD - C:\Programme\Launch Manager\CdDirIo.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)

SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)

SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (AtherosSvc) -- C:\Programme\Bluetooth Suite\AdminService.exe (Atheros Commnucations)

SRV - (DsiWMIService) -- C:\Programme\Launch Manager\dsiwmis.exe (Dritek System Inc.)

SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)

SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (MWLService) -- C:\Programme\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)

SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)

SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)

SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)

SRV - (GREGService) -- C:\Programme\Acer\Registration\GREGsvc.exe (Acer Incorporated)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)

SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()

SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)

DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (BTATH_A2DP) -- C:\Windows\System32\drivers\btath_a2dp.sys (Atheros)

DRV - (BtFilter) -- C:\Windows\System32\drivers\btfilter.sys (Atheros)

DRV - (BTATH_HCRP) -- C:\Windows\System32\drivers\btath_hcrp.sys (Atheros)

DRV - (BTATH_RCP) -- C:\Windows\System32\drivers\btath_rcp.sys (Atheros)

DRV - (BTATH_LWFLT) -- C:\Windows\System32\drivers\btath_lwflt.sys (Atheros)

DRV - (ATHDFU) -- C:\Windows\System32\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider)

DRV - (AthBTPort) -- C:\Windows\System32\drivers\btath_flt.sys (Atheros)

DRV - (BTATH_BUS) -- C:\Windows\System32\drivers\btath_bus.sys (Atheros)

DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (EUCR) -- C:\Windows\System32\drivers\EUCR6SK.sys (ENE Technology Inc.)

DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)

DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)

DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Technology Inc.)

DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Technology Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-480296688-884268188-3612197392-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com

IE - HKU\S-1-5-21-480296688-884268188-3612197392-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel-online.de/

IE - HKU\S-1-5-21-480296688-884268188-3612197392-1000\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-480296688-884268188-3612197392-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-480296688-884268188-3612197392-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-480296688-884268188-3612197392-1000\..\SearchScopes\{B331A4D9-7F52-4727-817E-ED4A6AAE2AE6}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}

IE - HKU\S-1-5-21-480296688-884268188-3612197392-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 
 ========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

 

 

 
 ========== Chrome  ==========

 

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll

 

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Programme\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4 - HKLM..\Run: [AndroidManager] C:\Programme\Acer\Android Manager\AML.exe ()

O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)

O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Bluetooth Suite\BtvStack.exe (Atheros Communications)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [EgisUpdate] C:\Program Files\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [iPatchData] C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.)

O4 - HKLM..\Run: [iSyncData] C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.)

O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [SuiteTray] C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Programme\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC175EB9-F0A0-468D-994F-96E67F77ECBB}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.03.17 20:53:56 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013.03.17 20:53:33 | 000,000,000 | ---D | C] -- C:\JRT

[2013.03.17 20:41:54 | 000,549,920 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Caro\Desktop\JRT.exe

[2013.03.13 23:38:03 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2013.03.13 23:38:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2013.03.13 23:38:01 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2013.03.13 23:38:00 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2013.03.13 23:38:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2013.03.13 23:37:57 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2013.03.13 23:37:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2013.03.13 23:37:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2013.03.13 21:19:35 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Caro\Desktop\tdsskiller.exe

[2013.03.13 21:12:22 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Caro\Desktop\aswMBR.exe

[2013.03.10 16:49:35 | 000,000,000 | ---D | C] -- C:\Users\Caro\Desktop\mbar-1.01.0.1021

[2013.03.10 16:33:44 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2013.03.07 19:02:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Caro\Desktop\OTL.exe

[2013.03.05 22:45:09 | 000,000,000 | ---D | C] -- C:\Users\Caro\AppData\Roaming\Malwarebytes

[2013.03.05 22:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013.03.05 22:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013.03.05 22:43:20 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2013.03.05 22:43:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013.03.05 22:42:48 | 000,000,000 | ---D | C] -- C:\Users\Caro\AppData\Local\Programs

[2013.02.27 22:16:22 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll

[2013.02.27 22:16:04 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll

[2013.02.27 22:15:56 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013.02.27 22:15:56 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013.02.27 22:15:56 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

[2013.02.27 22:15:54 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll

[2013.02.27 22:15:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013.02.27 22:15:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

[2013.02.27 22:15:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

[2013.02.27 22:15:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

[2013.02.27 22:15:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

[2013.02.27 22:15:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

[2013.02.27 22:15:52 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2013.02.27 22:15:51 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll

[2013.02.27 22:15:51 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll

[2013.02.27 22:15:51 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll

[2013.02.27 22:15:50 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll

[2013.02.27 22:15:50 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2013.02.27 22:15:50 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll

[2013.02.27 22:15:50 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2013.02.27 22:15:49 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2013.02.27 22:15:49 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2013.02.27 22:15:49 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll

[2013.02.27 22:15:49 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll

[2013.02.27 22:15:48 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2013.02.17 20:04:22 | 000,000,000 | ---D | C] -- C:\Users\Caro\AppData\Local\.elfohilfe

[2013.02.17 19:19:18 | 000,000,000 | ---D | C] -- C:\Users\Caro\AppData\Roaming\elsterformular

[2013.02.17 19:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular

[2013.02.17 19:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular

[2013.02.17 19:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\ElsterFormular

[2013.02.17 15:00:01 | 000,000,000 | ---D | C] -- C:\Users\Caro\Documents\Steuerfälle

[2013.02.17 15:00:01 | 000,000,000 | ---D | C] -- C:\Users\Caro\AppData\Local\AAV

[2013.02.17 14:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps

[2013.02.17 14:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\Akademische Arbeitsgemeinschaft

[2013.02.17 14:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AAV

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.03.17 21:40:57 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.03.17 21:40:57 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.03.17 21:36:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013.03.17 21:35:02 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini

[2013.03.17 21:34:44 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013.03.17 21:32:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.03.17 21:32:20 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys

[2013.03.17 20:42:20 | 000,549,920 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Caro\Desktop\JRT.exe

[2013.03.13 22:20:46 | 000,000,512 | ---- | M] () -- C:\Users\Caro\Desktop\MBR.dat

[2013.03.13 21:19:38 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Caro\Desktop\tdsskiller.exe

[2013.03.13 21:14:10 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Caro\Desktop\aswMBR.exe

[2013.03.12 22:00:07 | 205,930,538 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2013.03.10 16:20:26 | 013,786,977 | ---- | M] () -- C:\Users\Caro\Desktop\mbar-1.01.0.1021.zip

[2013.03.10 16:20:26 | 000,377,856 | ---- | M] () -- C:\Users\Caro\Desktop\gmer_2.1.19155.exe

[2013.03.07 19:02:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Caro\Desktop\OTL.exe

[2013.03.03 21:56:27 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2013.03.03 21:56:27 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013.03.03 21:56:27 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2013.03.03 21:56:27 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013.02.17 21:37:35 | 000,099,764 | ---- | M] () -- C:\Users\Caro\ESt2010__caroline.elfo

[2013.02.16 21:43:33 | 000,002,209 | ---- | M] () -- C:\Users\Caro\Desktop\Finanzübersicht - Verknüpfung.lnk

 
 ========== Files Created - No Company Name ==========

 

[2013.03.13 22:00:44 | 000,000,512 | ---- | C] () -- C:\Users\Caro\Desktop\MBR.dat

[2013.03.10 16:33:36 | 205,930,538 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2013.03.10 16:20:18 | 000,377,856 | ---- | C] () -- C:\Users\Caro\Desktop\gmer_2.1.19155.exe

[2013.03.10 16:20:09 | 013,786,977 | ---- | C] () -- C:\Users\Caro\Desktop\mbar-1.01.0.1021.zip

[2013.02.17 21:34:55 | 000,099,764 | ---- | C] () -- C:\Users\Caro\ESt2010_caroline.elfo

[2013.02.16 21:43:33 | 000,002,209 | ---- | C] () -- C:\Users\Caro\Desktop\Finanzübersicht - Verknüpfung.lnk

[2013.01.26 12:02:07 | 000,007,620 | ---- | C] () -- C:\Users\Caro\AppData\Local\Resmon.ResmonCfg

[2012.12.29 08:37:52 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2012.12.29 08:37:51 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2012.12.29 08:37:51 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2012.12.29 08:37:51 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2010.09.17 10:24:14 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both
 

< End of report >

Code:

OTL Extras logfile created on: 17.03.2013 21:40:52 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Caro\Desktop

 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1013,09 Mb Total Physical Memory | 194,19 Mb Available Physical Memory | 19,17% Memory free

1,99 Gb Paging File | 0,84 Gb Available in Paging File | 42,45% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 215,79 Gb Total Space | 153,48 Gb Free Space | 71,13% Space Free | Partition Type: NTFS

Drive D: | 4,00 Gb Total Space | 2,66 Gb Free Space | 66,51% Space Free | Partition Type: FAT32

 

Computer Name: CARO-PC | User Name: Caro | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-480296688-884268188-3612197392-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0559BC2A-B694-4B33-8502-59E45A379431}" = lport=138 | protocol=17 | dir=in | app=system | 

"{0824B0DD-3AF4-4F6B-80BD-4B2F99FC8BE1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 

"{1584B6F4-B29A-46C9-81DC-49D6BCF45206}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{26AF2D29-2743-4A3E-81F3-74890AFE029E}" = rport=139 | protocol=6 | dir=out | app=system | 

"{46E03643-CDC8-4A5D-9CBF-C772394CADC5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{72B0E487-E84C-4CAC-A85C-921BED5F8652}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{7A125B33-6CB8-4D4A-BBB0-2A716F21A1FA}" = lport=139 | protocol=6 | dir=in | app=system | 

"{8505DEE5-362A-491B-B99B-505B8DB292AD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{8A84B67D-D3A7-4552-8C9C-9D56B69E8BFB}" = lport=137 | protocol=17 | dir=in | app=system | 

"{9C66B0BF-05BF-4FDA-A4DA-2D3FE8B57A36}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{AE074367-8D38-45C1-BEB0-85414900B30A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{BC3969A9-F838-4897-9D88-A76B38788A4C}" = lport=445 | protocol=6 | dir=in | app=system | 

"{C02BB798-32C7-4BD8-B32B-835BE33937BD}" = rport=138 | protocol=17 | dir=out | app=system | 

"{C35C17B2-4C6E-4FE1-BBCB-FB7CE919331A}" = rport=445 | protocol=6 | dir=out | app=system | 

"{FEDB517F-2CDC-4D12-8FFF-C2EBD1247EFB}" = rport=137 | protocol=17 | dir=out | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{003B0630-4739-4575-927A-5138472A8976}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{0F8FDF37-AE54-4230-915B-5B3F4F62DD8C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{20A5C867-274F-42F1-9D16-16A2D07B9D9D}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | 

"{23C3B22F-47EF-4E50-BC29-B75B97604A58}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3000 j310 series\bin\devicesetup.exe | 

"{643368C4-0D4C-466C-AAAF-B4391244E665}" = protocol=6 | dir=in | app=c:\users\caro\appdata\roaming\dropbox\bin\dropbox.exe | 

"{70CFBCA4-640F-47E9-8CD6-A59661A0D341}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{7DEE1628-877D-4831-8BE8-5016F5364319}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{8E1AE11E-5CE9-419A-95E6-F9CB24A09DA9}" = protocol=17 | dir=in | app=c:\users\caro\appdata\roaming\dropbox\bin\dropbox.exe | 

"{99FDBDD0-1696-410A-AE1E-5DBC0CEEC3A7}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 

"{A34B0244-6C53-4CAB-B3E5-D006F93E936A}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3000 j310 series\bin\devicesetup.exe | 

"{AD9F4F2B-9AD1-407B-BC4D-4DFF49F49689}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3000 j310 series\bin\hpnetworkcommunicator.exe | 

"{ADB98B71-E35F-4C63-891C-1D7075583D56}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 

"{AFDBBC5B-FAA5-4CDE-B959-BA402EC250DE}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3000 j310 series\bin\hpnetworkcommunicator.exe | 

"{C312C512-489A-4FE6-AACE-ABB3D6334D0B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 

"{D01AB48C-9FF4-4FCC-8686-706E8EB808A8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{D6007FF0-E302-4277-94AD-6649D4AC5171}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe | 

"{D644F5A6-2971-43F9-94E6-0A89ABDBB28F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{DC311B31-3EB7-40E5-9816-81AA7784D129}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{E75D8D9A-3B17-412E-9D76-DB76ADDF56C0}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 

"{F3EA35B9-CFC7-44CF-9FA5-2D885BB1A626}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{F9537FBF-8317-4B02-8C3B-504947AAA95A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"TCP Query User{AAB0DE4C-60C7-4BCE-A5E0-1FC607896585}C:\users\caro\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\caro\appdata\roaming\dropbox\bin\dropbox.exe | 

"UDP Query User{889BDC8A-DCE5-49E2-BB3A-500979C66F06}C:\users\caro\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\caro\appdata\roaming\dropbox\bin\dropbox.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM

"{0B3B35C8-5429-4A90-A447-D1B9ED499FE8}" = STEUEReasy 2011

"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker

"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite

"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback

"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology

"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam

"{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller

"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)

"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync

"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console

"{654A65DA-7173-4B51-ACEB-F855201EE033}" = HP Deskjet 3000 J310 series Hilfe

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)

"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite

"{7960E014-C02C-41C1-A996-4284F76515B2}" = HP Deskjet 3000 J310 series - Grundlegende Software für das Gerät

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2

"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{93C987F5-6563-4D29-A7C0-7DC85471D7C3}" = Nero Multimedia Suite 10 Essentials

"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI

"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger

"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update

"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)

"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials

"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call

"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide

"{E8C23EBE-EE3C-4299-9DB9-601AB3751454}" = AAVUpdateManager

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10

"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)

"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic

"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)

"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"3B29FD3CCF1F5B855DA0C521597413EBABE97DFB" = ENE USB Card Reader Driver

"Acer Registration" = Acer Registration

"Acer Screensaver" = Acer ScreenSaver

"Acer Welcome Center" = Welcome Center

"Adobe AIR" = Adobe AIR

"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Avira AntiVir Desktop" = Avira Free Antivirus

"ElsterFormular" = ElsterFormular

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Google Chrome" = Google Chrome

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"HP Photo Creations" = HP Photo Creations

"Identity Card" = Identity Card

"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"InstallShield_{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller

"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"WinLiveSuite_Wave3" = Windows Live Essentials

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-480296688-884268188-3612197392-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

 
 ========== Last 20 Event Log Errors ==========

 

[ System Events ]

Error - 17.03.2013 16:33:04 | Computer Name = Caro-PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   cdrom

 

 

< End of report >

Ich habe noch einen Hinweis. Nutze Google Chrome (keine Ahnung wann zuletzt Internet Explorer), jedoch taucht bei OTL etwas mit Firefox auf. Das Programm habe ich gar nicht. Wie ist das zu verstehen?

Firefox war wohl mal installiert und OTL listet noch die verbliebenen FF-Profile auf
Jedenfalls zeigt OTL nichts was nicht existiert

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hallo Cosinus,

kann mich an Firefox nicht erinnern zumal ich mein Netbook erst vor kurzem neu aufgesetzt habe, aber sei's drum.

Anbei der Report zu Malwarebytes

Code:

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org
 

Datenbank Version: v2013.03.19.08
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Caro :: CARO-PC [Administrator]
 

19.03.2013 19:56:11

mbam-log-2013-03-19 (19-56-11).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 243406

Laufzeit: 15 Minute(n), 34 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Was jetzt echt schon lang nicht mehr kam, aber mich heute wieder überrascht hat ist diese Meldung:

"Server ist ausgelastet: Dieser Vorgang kann nicht ausgeführt werden, da die andere Anwendung aktiv ist. Klicken Sie auf „Wechseln zu“, um zu der anderen Anwendungen zu wechseln und das Problem zu beheben. "

ESET lass ich jetzt laufen.

ESET hat etwas länger gedauert. Anbei der Report.

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=47d20fd05cadda4eaf266eb69835a310

# engine=13441

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-03-21 12:05:58

# local_time=2013-03-21 01:05:58 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1799 16775165 100 97 61734 229290848 54458 0

# compatibility_mode=5893 16776574 100 94 6558771 115498749 0 0

# scanned=254694

# found=0

# cleaned=0

# scan_time=55995

Sieht soweit ok aus :daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?