Jup also Malwarebytes hat bisher als einziges Programm was gefunden. Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Datenbank Version: v2013.04.07.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16521
Max Mustermann :: MaxMustermann-PC [Administrator]
07.04.2013 15:16:14
MBAM-log-2013-04-07 (15-30-20).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 230070
Laufzeit: 7 Minute(n), 28 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\loadtbs-3.0 (PUP.LoadTubes) -> Keine Aktion durchgeführt.
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 3
C:\Users\Max Mustermann\AppData\Roaming\loadtbs (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Max Mustermann\AppData\Roaming\loadtbs\chrome@loadtubes.com (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Max Mustermann\AppData\Roaming\loadtbs\html (PUP.LoadTubes) -> Keine Aktion durchgeführt.
Infizierte Dateien: 17
C:\Users\Max Mustermann\AppData\Roaming\loadtbs\ytdl.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Max Mustermann\AppData\Roaming\loadtbs\keyHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Max Mustermann\AppData\Roaming\loadtbs\config.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Max Mustermann\AppData\Roaming\loadtbs\domHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Max Mustermann\AppData\Roaming\loadtbs\evHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Max Mustermann\AppData\Roaming\loadtbs\license.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Max Mustermann\AppData\Roaming\loadtbs\uninstall.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Max Mustermann\AppData\Roaming\loadtbs\updateHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Max Mustermann\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.html (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Max Mustermann\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.js (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Max Mustermann\AppData\Roaming\loadtbs\chrome@loadtubes.com\download.js (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Max Mustermann\AppData\Roaming\loadtbs\chrome@loadtubes.com\fire.js (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Max Mustermann\AppData\Roaming\loadtbs\chrome@loadtubes.com\manifest.json (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Max Mustermann\AppData\Roaming\loadtbs\html\dimensions.ini (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Max Mustermann\AppData\Roaming\loadtbs\html\install.html (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Max Mustermann\AppData\Roaming\loadtbs\html\uninstall.html (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Max Mustermann\AppData\Roaming\loadtbs\html\uninstallComplete.html (PUP.LoadTubes) -> Keine Aktion durchgeführt.
(Ende)
Im Avira Log sind keine Funde enthalten. Einziges sind 2 x Warnungen vom Browserschutz am 13.03. (Rechner hab ich grade nicht vor Ort) Reiche die Logs gerne nach.
Ich hab noch die OLT: Code:
OTL logfile created on: 07.04.2013 15:47:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
766,30 Mb Total Physical Memory | 297,34 Mb Available Physical Memory | 38,80% Memory free
1,75 Gb Paging File | 0,90 Gb Available in Paging File | 51,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219,79 Gb Total Space | 159,42 Gb Free Space | 72,54% Space Free | Partition Type: NTFS
Drive D: | 3,61 Gb Total Space | 3,60 Gb Free Space | 99,98% Space Free | Partition Type: FAT32
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.04.07 15:36:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2013.04.02 20:42:06 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.04.02 20:41:45 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.04.02 20:41:41 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.04.02 20:41:40 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.07.23 15:42:15 | 000,871,536 | ---- | M] (BitLeader) -- C:\Programme\lg_fwupdate\fwupdate.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.05.25 19:36:33 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010.04.23 10:46:32 | 000,735,776 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2010.04.01 09:26:44 | 000,027,224 | ---- | M] (Atheros Communications) -- C:\Programme\Bluetooth Suite\AdminService.exe
PRC - [2010.03.17 16:17:26 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.03.17 16:16:56 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.03.03 15:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\dsiwmis.exe
PRC - [2010.03.03 15:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LMworker.exe
PRC - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Registration\GREGsvc.exe
PRC - [2009.12.15 14:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.07.13 05:48:50 | 000,716,800 | ---- | M] () -- C:\Programme\ShrewSoft\VPN Client\iked.exe
PRC - [2009.07.11 23:29:50 | 000,049,152 | ---- | M] () -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe
PRC - [2009.07.11 23:29:48 | 000,536,576 | ---- | M] () -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe
PRC - [2005.08.11 15:52:12 | 000,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Programme\ScanSoft\OmniPage15.0\OpWare15.exe
========== Modules (No Company Name) ==========
MOD - [2013.02.14 16:24:33 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013.02.14 16:22:44 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.01.10 16:51:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 16:50:57 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 16:50:19 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1a66b44c4780c039576eaf18f4cd8dc\System.Xml.ni.dll
MOD - [2013.01.10 16:50:14 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.10 16:50:12 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 16:49:52 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.05.25 19:36:33 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2010.05.25 19:28:16 | 001,708,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3728.37183__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll
MOD - [2010.05.25 19:28:16 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3728.37148__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010.05.25 19:28:16 | 000,380,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3728.37040__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010.05.25 19:28:16 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3728.37065__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010.05.25 19:28:16 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3728.37125__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010.05.25 19:28:16 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3728.37103__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010.05.25 19:28:16 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3728.37091__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010.05.25 19:28:16 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3728.37058__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010.05.25 19:28:16 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3728.37052__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010.05.25 19:28:15 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3728.37109__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010.05.25 19:28:15 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3728.37147__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2010.05.25 19:28:15 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3728.37109__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010.05.25 19:28:15 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3728.37051__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010.05.25 19:28:15 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3728.37149__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010.05.25 19:28:15 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3728.37108__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010.05.25 19:28:15 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3728.37146__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2010.05.25 19:28:15 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3728.37183__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll
MOD - [2010.05.25 19:28:14 | 001,294,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3728.37179__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
MOD - [2010.05.25 19:28:14 | 000,827,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3728.37094__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010.05.25 19:28:14 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3728.37066__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010.05.25 19:28:14 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3728.37118__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010.05.25 19:28:14 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3728.37093__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010.05.25 19:28:14 | 000,376,832 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3728.37087__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2010.05.25 19:28:14 | 000,323,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3728.37102__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2010.05.25 19:28:14 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3728.37071__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2010.05.25 19:28:14 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.05.25 19:28:14 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3728.37066__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010.05.25 19:28:14 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3728.37093__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010.05.25 19:28:14 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3728.37100__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010.05.25 19:28:14 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3728.37092__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010.05.25 19:28:14 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3728.37093__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010.05.25 19:28:14 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3728.37099__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010.05.25 19:28:14 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3728.37070__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010.05.25 19:28:14 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3728.37101__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010.05.25 19:28:14 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3728.37034__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010.05.25 19:28:14 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3728.37029__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010.05.25 19:28:14 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3728.37146__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010.05.25 19:28:14 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3728.37034__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010.05.25 19:28:14 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3728.37155__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010.05.25 19:28:14 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3728.37039__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010.05.25 19:28:14 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3728.37034__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010.05.25 19:28:13 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3728.37032__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010.05.25 19:28:13 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3728.37029__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010.05.25 19:28:13 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3728.37125__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010.05.25 19:28:13 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3728.37083__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010.05.25 19:28:13 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3728.37108__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010.05.25 19:28:13 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3728.37062__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010.05.25 19:28:13 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3728.37092__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010.05.25 19:28:13 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3728.37051__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010.05.25 19:28:13 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010.05.25 19:28:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3728.37147__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010.05.25 19:28:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3728.37103__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010.05.25 19:28:13 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3728.37027__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010.05.25 19:28:13 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3728.37051__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010.05.25 19:28:13 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3728.37141__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010.05.25 19:28:13 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3728.37119__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2010.05.25 19:28:13 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3728.37051__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010.05.25 19:28:13 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3728.37062__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010.05.25 19:28:13 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3728.37030__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010.05.25 19:28:13 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3728.37099__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010.05.25 19:28:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3728.37031__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010.05.25 19:28:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3728.37039__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010.05.25 19:28:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3728.37030__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010.05.25 19:28:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010.05.25 19:28:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010.05.25 19:28:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3728.37058__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010.05.25 19:28:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3728.37050__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010.05.25 19:28:13 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3728.37029__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010.05.25 19:28:13 | 000,009,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3728.37148__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll
MOD - [2010.05.25 19:28:13 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3728.37030__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010.05.25 19:28:13 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010.05.25 19:28:13 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3728.37039__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010.05.25 19:28:13 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3728.37032__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010.05.25 19:28:13 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3728.37033__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010.05.25 19:28:12 | 001,220,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3728.37046__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010.05.25 19:28:12 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3728.37057__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010.05.25 19:28:12 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3728.37142__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010.05.25 19:28:12 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3728.37139__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010.05.25 19:28:12 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3728.37037__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010.05.25 19:28:12 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3728.37038__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010.05.25 19:28:12 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3728.37034__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010.05.25 19:28:12 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3728.37155__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010.05.25 19:28:12 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3728.37033__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010.05.25 19:28:12 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3728.37044__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010.05.25 19:28:12 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3728.37031__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010.05.25 19:28:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3728.37032__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010.05.25 19:28:12 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3728.37057__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010.05.25 19:28:12 | 000,010,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3728.37044__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010.05.25 19:28:12 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3728.37037__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010.05.25 19:28:12 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3728.37035__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010.05.25 19:28:12 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3728.37035__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010.05.25 19:28:11 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3728.37036__90ba9c70f846762e\APM.Server.dll
MOD - [2010.05.25 19:28:11 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3728.37035__90ba9c70f846762e\AEM.Server.dll
MOD - [2010.05.25 19:28:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010.05.25 19:28:11 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3728.37141__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010.05.25 19:28:11 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3728.37064__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2010.03.08 10:57:44 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009.12.15 14:49:20 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.12.15 14:46:38 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Programme\Launch Manager\CdDirIo.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe /McCoreSvc -- (McAfee SiteAdvisor Service)
SRV - [2013.04.02 20:42:06 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.04.02 20:41:41 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.13 21:03:29 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.11.23 18:13:50 | 001,483,072 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.11.23 18:11:36 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.04.23 10:46:32 | 000,735,776 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.04.17 07:56:48 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Programme\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.04.01 09:26:44 | 000,027,224 | ---- | M] (Atheros Communications) [Auto | Running] -- C:\Programme\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010.03.17 16:16:56 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Programme\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.13 05:48:50 | 000,716,800 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\iked.exe -- (iked)
SRV - [2009.07.11 23:29:50 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe -- (dtpd)
SRV - [2009.07.11 23:29:48 | 000,536,576 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd)
========== Driver Services (SafeList) ==========
DRV - [2013.04.02 20:42:12 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.04.02 20:42:12 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.04.02 20:42:12 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.11 20:02:58 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010.10.07 13:34:32 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.04.21 09:47:38 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010.04.07 04:04:42 | 001,792,512 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010.03.31 08:49:52 | 000,517,688 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2010.03.30 19:15:44 | 000,047,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AthDfu.sys -- (ATHDFU)
DRV - [2010.03.30 19:11:24 | 000,230,952 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2010.03.30 19:11:18 | 000,048,168 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV - [2010.03.30 19:11:08 | 000,177,704 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV - [2010.03.30 19:11:00 | 000,038,440 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)
DRV - [2010.03.30 19:10:44 | 000,141,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV - [2010.03.30 19:10:30 | 000,257,064 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV - [2010.03.30 19:10:22 | 000,028,200 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV - [2010.03.17 19:23:40 | 005,341,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2010.03.17 15:21:02 | 000,152,064 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.01.28 04:33:30 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.12.22 02:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009.08.23 11:55:32 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2009.06.03 04:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2009.06.03 04:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009.06.03 04:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2009.05.26 15:32:56 | 000,025,600 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmUStor.sys -- (AmUStor)
DRV - [2009.01.16 09:58:30 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\System32\drivers\vfilter.sys -- (vflt)
DRV - [2008.12.11 05:52:02 | 000,009,728 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\virtualnet.sys -- (vnet)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\IECleanupTempUserHive\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=ao521&r=27b51010y206l0403ww75w4611s036
IE - HKU\IECleanupTempUserHive\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\IECleanupTempUserHive\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=ao521&r=27b51010y206l0403ww75w4611s036
IE - HKU\IECleanupTempUserHive\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\IECleanupTempUserHive\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\IECleanupTempUserHive\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3030714274-741536063-3896117500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
IE - HKU\S-1-5-21-3030714274-741536063-3896117500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3030714274-741536063-3896117500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 BB 49 5F 86 33 CE 01 [binary data]
IE - HKU\S-1-5-21-3030714274-741536063-3896117500-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3030714274-741536063-3896117500-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3030714274-741536063-3896117500-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011.02.28 23:16:12 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\IECleanupTempUserHive\..\Toolbar\WebBrowser: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\lgfw.exe (Bitleader)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [OpScheduler] "C:\Program Files\ScanSoft\OmniPage15.0\OpScheduler.exe" File not found
O4 - HKLM..\Run: [Opware15] C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\IECleanupTempUserHive..\Run: [OpAgent] C:\Program Files\ScanSoft\OmniPage15.0\OpAgent.exe (ScanSoft, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\IECleanupTempUserHive..\RunOnce: [Application Restart #0] C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\IECleanupTempUserHive\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3030714274-741536063-3896117500-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66D10CA9-C14D-4F33-9A08-3096D8FAAD75}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A32D6594-C067-4E00-9232-D57F9C30AE59}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA70E1FF-0F80-48DB-91DC-6DE058F900B8}: NameServer = 192.109.135.70
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.07 15:41:13 | 000,000,000 | ---D | C] -- C:\Users\TEMP\Desktop\Neuer Ordner
[2013.04.07 14:42:26 | 000,000,000 | ---D | C] -- C:\Users\TEMP\AppData\Roaming\Malwarebytes
[2013.04.07 14:41:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.07 14:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.07 14:41:49 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.04.07 14:41:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.04.07 14:41:39 | 000,000,000 | ---D | C] -- C:\Users\TEMP\AppData\Local\Programs
[2013.04.07 13:57:51 | 000,000,000 | ---D | C] -- C:\Users\TEMP\AppData\Local\Adobe
[2013.04.07 12:18:19 | 000,000,000 | ---D | C] -- C:\Users\TEMP\AppData\Roaming\Avira
[2013.04.07 12:13:49 | 000,000,000 | ---D | C] -- C:\Users\TEMP\AppData\Roaming\ATI
[2013.04.07 12:13:49 | 000,000,000 | ---D | C] -- C:\Users\TEMP\AppData\Local\ATI
[2013.04.07 12:13:06 | 000,000,000 | ---D | C] -- C:\Users\TEMP\AppData\Roaming\Macromedia
[2013.04.07 12:12:53 | 000,000,000 | ---D | C] -- C:\Users\TEMP\AppData\Local\Power2Go
[2013.04.07 12:12:53 | 000,000,000 | ---D | C] -- C:\Users\TEMP\AppData\Roaming\Apple Computer
[2013.04.07 12:12:10 | 000,000,000 | R--D | C] -- C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.04.07 12:12:10 | 000,000,000 | R--D | C] -- C:\Users\TEMP\Searches
[2013.04.07 12:12:10 | 000,000,000 | R--D | C] -- C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.04.07 12:11:57 | 000,000,000 | ---D | C] -- C:\Users\TEMP\AppData\Roaming\Identities
[2013.04.07 12:11:53 | 000,000,000 | R--D | C] -- C:\Users\TEMP\Contacts
[2013.04.07 12:11:36 | 000,000,000 | ---D | C] -- C:\Users\TEMP\AppData\Roaming\Adobe
[2013.04.07 12:11:19 | 000,000,000 | -HSD | C] -- C:\Users\TEMP\Vorlagen
[2013.04.07 12:11:19 | 000,000,000 | -HSD | C] -- C:\Users\TEMP\AppData\Local\Verlauf
[2013.04.07 12:11:19 | 000,000,000 | -HSD | C] -- C:\Users\TEMP\AppData\Local\Temporary Internet Files
[2013.04.07 12:11:19 | 000,000,000 | -HSD | C] -- C:\Users\TEMP\Startmenü
[2013.04.07 12:11:19 | 000,000,000 | -HSD | C] -- C:\Users\TEMP\SendTo
[2013.04.07 12:11:19 | 000,000,000 | -HSD | C] -- C:\Users\TEMP\Recent
[2013.04.07 12:11:19 | 000,000,000 | -HSD | C] -- C:\Users\TEMP\Netzwerkumgebung
[2013.04.07 12:11:19 | 000,000,000 | -HSD | C] -- C:\Users\TEMP\Lokale Einstellungen
[2013.04.07 12:11:19 | 000,000,000 | -HSD | C] -- C:\Users\TEMP\Druckumgebung
[2013.04.07 12:11:19 | 000,000,000 | -HSD | C] -- C:\Users\TEMP\Cookies
[2013.04.07 12:11:19 | 000,000,000 | -HSD | C] -- C:\Users\TEMP\AppData\Local\Anwendungsdaten
[2013.04.07 12:11:19 | 000,000,000 | -HSD | C] -- C:\Users\TEMP\Anwendungsdaten
[2013.04.07 12:11:18 | 000,000,000 | -HSD | C] -- C:\Users\TEMP\Documents\Eigene Videos
[2013.04.07 12:11:18 | 000,000,000 | -HSD | C] -- C:\Users\TEMP\Documents\Eigene Musik
[2013.04.07 12:11:18 | 000,000,000 | -HSD | C] -- C:\Users\TEMP\Eigene Dateien
[2013.04.07 12:11:18 | 000,000,000 | -HSD | C] -- C:\Users\TEMP\Documents\Eigene Bilder
[2013.04.07 12:11:16 | 000,000,000 | ---D | C] -- C:\Users\TEMP\AppData\Local\Microsoft Help
[2013.04.07 12:11:16 | 000,000,000 | ---D | C] -- C:\Users\TEMP\AppData\Local\Microsoft
[2013.04.07 12:11:15 | 000,000,000 | R--D | C] -- C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.04.07 12:11:15 | 000,000,000 | R--D | C] -- C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.04.07 12:11:15 | 000,000,000 | ---D | C] -- C:\Users\TEMP\AppData\Local\Temp
[2013.04.07 12:11:15 | 000,000,000 | ---D | C] -- C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LG Power Tools
[2013.04.07 12:11:14 | 000,000,000 | --SD | C] -- C:\Users\TEMP\AppData\Roaming\Microsoft
[2013.04.07 12:11:14 | 000,000,000 | R--D | C] -- C:\Users\TEMP\Videos
[2013.04.07 12:11:14 | 000,000,000 | R--D | C] -- C:\Users\TEMP\Saved Games
[2013.04.07 12:11:14 | 000,000,000 | R--D | C] -- C:\Users\TEMP\Pictures
[2013.04.07 12:11:14 | 000,000,000 | R--D | C] -- C:\Users\TEMP\Music
[2013.04.07 12:11:14 | 000,000,000 | R--D | C] -- C:\Users\TEMP\Links
[2013.04.07 12:11:14 | 000,000,000 | R--D | C] -- C:\Users\TEMP\Favorites
[2013.04.07 12:11:14 | 000,000,000 | R--D | C] -- C:\Users\TEMP\Downloads
[2013.04.07 12:11:14 | 000,000,000 | R--D | C] -- C:\Users\TEMP\Documents
[2013.04.07 12:11:14 | 000,000,000 | R--D | C] -- C:\Users\TEMP\Desktop
[2013.04.07 12:11:14 | 000,000,000 | -H-D | C] -- C:\Users\TEMP\AppData
[2013.04.05 18:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.03.10 23:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java
========== Files - Modified Within 30 Days ==========
[2013.04.07 15:44:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.07 15:43:54 | 000,657,910 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.07 15:43:54 | 000,619,146 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.07 15:43:54 | 000,131,250 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.07 15:43:54 | 000,107,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.07 15:29:01 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3030714274-741536063-3896117500-1000UA.job
[2013.04.07 14:41:57 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.07 14:32:04 | 000,000,338 | ---- | M] () -- C:\Windows\lgfwup.ini
[2013.04.07 14:31:25 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.07 14:31:25 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.07 13:46:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.07 12:12:58 | 000,002,022 | ---- | M] () -- C:\Users\TEMP\Desktop\LG Burning Tool.lnk
[2013.04.07 12:12:45 | 000,001,134 | ---- | M] () -- C:\Users\TEMP\Desktop\LG Power Tools.lnk
[2013.04.07 11:46:47 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\EUCMIZLQSO.job
[2013.04.07 11:46:16 | 602,640,384 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.07 11:41:07 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3030714274-741536063-3896117500-1000Core.job
[2013.04.05 10:21:58 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.04.02 20:42:12 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.04.02 20:42:12 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.04.02 20:42:12 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.10 23:39:33 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
========== Files Created - No Company Name ==========
[2013.04.07 14:41:57 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.07 12:11:35 | 000,001,425 | ---- | C] () -- C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.04.07 12:11:16 | 000,002,022 | ---- | C] () -- C:\Users\TEMP\Desktop\LG Burning Tool.lnk
[2013.04.07 12:11:16 | 000,001,134 | ---- | C] () -- C:\Users\TEMP\Desktop\LG Power Tools.lnk
[2013.04.05 10:21:58 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.01.04 18:13:23 | 000,000,399 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2013.01.04 17:47:23 | 000,064,000 | ---- | C] () -- C:\Windows\System32\esfw52.bin
[2012.02.26 20:45:00 | 000,122,880 | RHS- | C] () -- C:\Windows\System32\mfc100fra3.dll
[2011.12.31 14:59:51 | 000,000,112 | ---- | C] () -- C:\Windows\ActiveSkin.INI
[2011.12.31 14:54:01 | 000,000,338 | ---- | C] () -- C:\Windows\lgfwup.ini
[2010.05.11 13:34:17 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.07.08 23:09:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\convert
[2010.11.11 20:01:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2013.03.29 19:07:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2013.01.04 18:34:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EPSON
[2012.07.29 21:56:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\loadtbs
[2013.01.04 18:12:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScanSoft
[2012.12.23 23:34:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.03.11 16:49:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
========== Purity Check ==========
< End of report >
Die Extras.txt Code:
OTL Extras logfile created on: 07.04.2013 15:47:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
766,30 Mb Total Physical Memory | 297,34 Mb Available Physical Memory | 38,80% Memory free
1,75 Gb Paging File | 0,90 Gb Available in Paging File | 51,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219,79 Gb Total Space | 159,42 Gb Free Space | 72,54% Space Free | Partition Type: NTFS
Drive D: | 3,61 Gb Total Space | 3,60 Gb Free Space | 99,98% Space Free | Partition Type: FAT32
Computer Name: MaxMustermann-PC | User Name: Max Mustermann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06AE3423-5154-444B-A9CA-8830435F7264}" = lport=2869 | protocol=6 | dir=in | app=system |
"{08C2703B-5A3A-4B28-8DCD-166EE1126422}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{834F3FA4-4BC0-4A63-9A8F-ECE366E2175E}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{8D568047-DA4A-434E-89EB-25E0942185C3}" = lport=28883 | protocol=6 | dir=in | name=windows core service |
"{D79663C9-6986-4BE2-B552-73C31272D959}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{F3E430E0-9341-4215-8E04-CC91EE915B81}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F60786-9468-4589-9A66-9A8F9798D5D6}" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe |
"{0C0902BA-77B8-4A43-9E59-5454740B70C3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3019A4C6-37E5-4D2C-9C12-96868634C39B}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe |
"{38157963-84F9-453B-9F06-FA46E7FE983C}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{523D3022-08B5-42F2-A2C8-EA7EB735CD58}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{5696D2C0-ED99-4647-A936-E95EE46F5691}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{671E1202-B643-4BF5-A1DB-BC99B1383F22}" = protocol=17 | dir=in | app=c:\users\Max Mustermann\appdata\roaming\dropbox\bin\dropbox.exe |
"{6BE8C82E-2DC2-4B75-A3C9-066C2345EAB0}" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe |
"{70AE6545-795E-4387-8333-F6E2DBB939D7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{7CE8AA06-EC5E-4532-A655-1FCAE72F68F6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{91F6DBB8-6055-4EF5-8927-7DFE0A6A0844}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{A1F07959-7C93-4ECC-B436-FCE124A991E7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{BE2AE7A5-66B4-40FF-8966-0DF04C9629A8}" = protocol=6 | dir=in | app=c:\users\Max Mustermann\appdata\roaming\dropbox\bin\dropbox.exe |
"{C186281A-47F7-4CB9-A49A-52DB1126D5F7}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{C218806E-3A2B-4BEC-9150-BE3C92786157}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CFB957DF-5E9E-4AFB-8489-B175B79AD7BA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{EFBD6A49-4AFA-4A5D-8425-DB28902A1022}" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe |
"{F243532F-A8E7-4CD8-AC35-1D5EAD3A9BED}" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe |
"TCP Query User{75CF14CB-92A9-4A66-A8F1-7ED80E5D9BCF}C:\users\Max Mustermann\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\Max Mustermann\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{7ED00B5A-56EF-4F99-9D2D-3C38FA157C64}C:\users\Max Mustermann\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\Max Mustermann\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{09D816C9-81E7-9CF4-2F70-4665CDE8CF22}" = CCC Help Swedish
"{0C11CE22-B6E6-5EF1-26A3-67AB377E4544}" = CCC Help Thai
"{0D3BCEB7-2F03-ACCA-3108-3888A4139E05}" = CCC Help Russian
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{16C25121-24BE-0724-569D-F76E08BFF067}" = CCC Help Danish
"{16E7B680-D5F9-ED88-910A-41139D9D0523}" = CCC Help Hungarian
"{1E6340DC-51E5-5F11-3A2F-FC0175923671}" = CCC Help Turkish
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A4BA38-316B-65EB-497A-DA212E1A560A}" = Catalyst Control Center Localization All
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A023941-B1E7-90A5-44A2-50F40F5B5EF2}" = CCC Help Italian
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D13FC7D-42A8-4BF1-AF0C-B3DC68C59448}_is1" = Atheros_7.0.2.13_patch2_32
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{32950AC0-90A9-A331-9A0A-A53E25135C36}" = CCC Help German
"{37B84CDE-B76D-067A-979D-1A7013677181}" = Catalyst Control Center Core Implementation
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BD6FAED-95C2-6052-1263-5451780B8022}" = CCC Help Chinese Traditional
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DC6E081-DC9D-EB50-5B87-FE582F9EE86B}" = CCC Help Polish
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{62AF3B34-41F3-803E-2F69-CD66974B958E}" = CCC Help French
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78D7D616-B9E8-38F0-708C-4C098F20E28D}" = CCC Help Chinese Standard
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7EF7783D-8474-8B27-D2A9-BD1FCA69BA2A}" = Catalyst Control Center Graphics Full New
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83C872F7-DE54-5837-D112-B39122EE3C2B}" = CCC Help Greek
"{84CC59D3-9F73-98B3-5BFE-E0F1F98313FD}" = CCC Help Norwegian
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{930F4BA6-53B3-E73C-2E7B-AB39D804C6D5}" = CCC Help Czech
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3E27909-446C-0494-14FC-5C7A27035C0D}" = ccc-utility
"{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1" = Acer GameZone Console
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.4 MUI
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{AE0CDE19-8212-97F1-B53F-F0B5CB2B1B89}" = Catalyst Control Center Graphics Previews Common
"{BFFAA35C-CE19-4FAF-1766-D499F58C1E81}" = CCC Help Finnish
"{C15BCA23-3080-7F99-7D9D-E39C5FBCD275}" = CCC Help Dutch
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C55CA6B4-811D-99B0-A80E-C13616683EC2}" = Catalyst Control Center Graphics Full Existing
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"{CBA047D0-64B3-BA72-3505-7C153B9481E1}" = CCC Help Japanese
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.174.419
"{D1AA79CE-0F31-38F4-424B-16A8EC161F6B}" = Catalyst Control Center Graphics Light
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"{E6C049AB-5A32-A46F-1068-2EA943CE07DA}" = CCC Help Spanish
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE426B11-ECEE-4811-8FE5-DDCDC1750CC4}" = CCC Help Korean
"{EFEC373B-FF11-1FD8-DD3F-D4A556591E93}" = Catalyst Control Center InstallProxy
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0DAEC21-207C-E969-150D-8BE3F097BDC8}" = CCC Help Portuguese
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F13F589E-00BB-0469-C4E0-B7CEC73F7831}" = ccc-core-static
"{F41D214A-E6C2-D3AC-12A1-101994909F3E}" = ATI Catalyst Install Manager
"{F46DC3C4-65C7-4686-A6B4-EA19B2BDA029}" = ScanSoft OmniPage 15.0
"{F8FBC8E6-CFBC-522A-5477-93020C479A84}" = CCC Help English
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FC635D8E-FFBA-4B2C-BE68-A37D56BDFB74}" = Catalyst Control Center - Branding
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EPSON Scanner" = EPSON Scan
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"InstallShield_{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"LManager" = Launch Manager
"loadtbs-3.0" = loadtbs-3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Shrew Soft VPN Client" = Shrew Soft VPN Client
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"VLC media player" = VLC media player 1.1.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\IECleanupTempUserHive\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.09.2012 13:15:37 | Computer Name = MaxMustermann-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13260
Error - 27.09.2012 13:15:38 | Computer Name = MaxMustermann-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 27.09.2012 13:15:38 | Computer Name = MaxMustermann-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14336
Error - 27.09.2012 13:15:38 | Computer Name = MaxMustermann-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14336
Error - 27.09.2012 13:54:54 | Computer Name = MaxMustermann-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 27.09.2012 13:54:54 | Computer Name = MaxMustermann-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1232
Error - 27.09.2012 13:54:54 | Computer Name = MaxMustermann-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1232
Error - 27.09.2012 13:54:57 | Computer Name = MaxMustermann-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 27.09.2012 13:54:57 | Computer Name = MaxMustermann-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4071
Error - 27.09.2012 13:54:57 | Computer Name = MaxMustermann-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4071
[ System Events ]
Error - 07.04.2013 07:53:08 | Computer Name = MaxMustermann-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 07.04.2013 07:53:08 | Computer Name = MaxMustermann-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 07.04.2013 07:53:08 | Computer Name = MaxMustermann-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 07.04.2013 07:53:11 | Computer Name = MaxMustermann-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 07.04.2013 07:57:18 | Computer Name = MaxMustermann-PC | Source = DCOM | ID = 10010
Description =
Error - 07.04.2013 09:42:56 | Computer Name = MaxMustermann-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 07.04.2013 09:42:57 | Computer Name = MaxMustermann-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 07.04.2013 09:42:57 | Computer Name = MaxMustermann-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 07.04.2013 09:42:58 | Computer Name = MaxMustermann-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 07.04.2013 09:42:58 | Computer Name = MaxMustermann-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
< End of report >
und die Gmer.log Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-07 16:51:01
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVT-22A23T0 rev.01.01A01 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\TEMP\AppData\Local\Temp\awrcypob.sys
---- System - GMER 2.1 ----
SSDT 89CE80C6 ZwCreateSection
SSDT 89CE80D0 ZwRequestWaitReplyPort
SSDT 89CE80CB ZwSetContextThread
SSDT 89CE80D5 ZwSetSecurityObject
SSDT 89CE80DA ZwSystemDebugControl
SSDT 89CE8067 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 81C919E9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81CCB1C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 81CD230C 1 Byte [C6]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 81CD230C 4 Bytes [C6, 80, CE, 89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 81CD2668 4 Bytes [D0, 80, CE, 89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 81CD26AC 4 Bytes [CB, 80, CE, 89] {RETF ; OR DH, 0x89}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 81CD2728 4 Bytes [D5, 80, CE, 89]
.text ...
? System32\Drivers\spvx.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\atipmdag.sys section is writeable [0x8A803000, 0x2ED370, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Windows\Explorer.EXE[3496] SHELL32.dll!SHCreateDefaultExtractIcon + 736B 76503454 4 Bytes [80, 1B, 00, 10]
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs 83E7E1F8
Device \FileSystem\fastfat \FatCdrom 84142500
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
Device \Driver\volmgr \Device\VolMgrControl 835881F8
Device \Driver\usbohci \Device\USBPDO-0 8458E1F8
Device \Driver\usbehci \Device\USBPDO-1 8458F1F8
Device \Driver\usbohci \Device\USBPDO-2 8458E1F8
Device \Driver\usbehci \Device\USBPDO-3 8458F1F8
Device \Driver\volmgr \Device\HarddiskVolume1 835881F8
Device \Driver\volmgr \Device\HarddiskVolume2 835881F8
Device \Driver\volmgr \Device\HarddiskVolume3 835881F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8358A1F8
Device \Driver\atapi \Device\Ide\IdePort0 8358A1F8
Device \Driver\atapi \Device\Ide\IdePort1 8358A1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 8358B1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel3 8358B1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{66D10CA9-C14D-4F33-9A08-3096D8FAAD75} 8448F1F8
Device \Driver\volmgr \Device\HarddiskVolume4 835881F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8448F1F8
Device \Driver\USBSTOR \Device\00000078 83EB41F8
Device \Driver\USBSTOR \Device\00000079 83EB41F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{A32D6594-C067-4E00-9232-D57F9C30AE59} 8448F1F8
Device \Driver\usbohci \Device\USBFDO-0 8458E1F8
Device \Driver\usbehci \Device\USBFDO-1 8458F1F8
Device \Driver\usbohci \Device\USBFDO-2 8458E1F8
Device \Driver\usbehci \Device\USBFDO-3 8458F1F8
Device \FileSystem\fastfat \Fat 84142500
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Trace I/O - GMER 2.1 ----
Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8358a1f8]<< 8358a1f8
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x843cf030] 843cf030
Trace 3 CLASSPNP.SYS[869a259e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x842a6030] 842a6030
Trace \Driver\atapi[0x842b7608] -> IRP_MJ_CREATE -> 0x8358a1f8 8358a1f8
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\78e400ad21ed
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\78e400ad21ed (not active ControlSet)
---- EOF - GMER 2.1 ----
Sind halt die Dateien die ich oben schon angefügt hatte.
Evtl bin ich auch nur einfach Doof und es ist kein Trojaner oder so...
Aber nen Benutzerkonto wird doch nicht mal einfach so zurückgesetzt.
Haben wa da ne Chance mit z.B. EasyRecovery oder ähnlichem, einfach mal zu schauen ob die Datein einfach nur normal "gelöscht" worden sind. ?
Danke Schonmal im Voraus, echt Super euer Service :applaus: |
Lesestoff:
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
aswMBR.exe und speichere die Datei auf deinem Desktop.
TDSSKiller.exe und speichere diese Datei auf dem Desktop
AdwCleaner auf deinen Desktop.
Textbox. 