| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GEMA Trojaner auf Aspire 8930G mit WinVistaWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.02.2012, 16:52
| #1 |
 |  GEMA Trojaner auf Aspire 8930G mit WinVista Grüß euch, habe von einem Bekannten seinen Laptop bekommen mit dem Gema Trojaner drauf. Habe mir einige Treads mit den gleichem Problem angeschaut und mir direkt OldTimer runtergeladen. Habe den Check durchlaufen lassen und habe folgende OTL.txt erhalten. Komischerweise nur die OTL die Extra nicht, habe aber die OTLPE exe nur ausgeführt. Würde mich über etwas Unterstützung hier freuen. Merce schon mal...... HB OTL logfile created on: 2/14/2012 4:43:57 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): c:\pagefile.sys 3000 4602 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144.04 Gb Total Space | 29.98 Gb Free Space | 20.82% Space Free | Partition Type: NTFS Drive D: | 139.50 Gb Total Space | 16.70 Gb Free Space | 11.97% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - [2012/01/22 09:15:32 | 002,230,416 | ---- | M] (Giraffic) [Auto] -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic) SRV - [2011/12/08 18:45:43 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2011/12/08 17:32:09 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/10/11 07:52:39 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/10/11 07:52:28 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011/10/11 07:52:26 | 000,616,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService) SRV - [2011/10/11 07:52:26 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/03/09 19:01:00 | 003,589,384 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2009/04/16 09:56:36 | 000,075,048 | ---- | M] () [Auto] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2008/09/22 17:43:20 | 003,520,512 | ---- | M] () [Auto] -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC) SRV - [2008/07/29 10:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008/07/20 10:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008/06/02 02:25:40 | 000,024,576 | ---- | M] () [Auto] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008/05/25 22:43:58 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService) SRV - [2008/04/30 13:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008/04/30 13:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008/01/10 10:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2007/12/10 22:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2007/12/06 10:15:28 | 000,110,592 | ---- | M] () [Auto] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand] -- -- (IpInIp) DRV - [2011/12/08 18:45:49 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011/10/11 07:52:55 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011/10/11 07:52:55 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011/10/11 07:52:53 | 000,111,160 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot) DRV - [2011/10/11 07:52:53 | 000,091,096 | ---- | M] (Avira GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim) DRV - [2011/03/27 14:11:27 | 000,443,448 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2011/01/07 22:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010/06/17 08:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/11/29 11:19:31 | 000,281,760 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009/11/29 11:19:31 | 000,025,888 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009/10/12 08:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009/09/11 10:43:38 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/08/20 00:19:21] [Kernel | Auto] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2009/09/10 07:55:58 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009/05/16 18:03:47 | 000,226,496 | ---- | M] (TrueCrypt Foundation) [Kernel | System] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt) DRV - [2008/10/09 06:50:08 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad) DRV - [2008/10/09 06:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2008/09/22 17:43:16 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\AlfaFF.sys -- (AlfaFF) DRV - [2008/06/25 12:35:06 | 000,044,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008/06/02 02:20:12 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008/05/26 04:54:28 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD) DRV - [2008/05/25 22:44:14 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x) DRV - [2008/05/19 11:23:00 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E) DRV - [2008/05/07 05:47:36 | 000,085,136 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008/04/27 17:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008/03/26 09:56:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008/03/26 09:55:00 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008/03/26 09:55:00 | 000,012,800 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2008/02/29 02:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008/01/16 11:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel) DRV - [2007/12/18 10:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\itecir.sys -- (itecir) DRV - [2007/04/10 16:17:40 | 000,007,680 | ---- | M] (SecureAction Research, LLC) [Kernel | Auto] -- C:\Windows\System32\drivers\cc_firewall.sys -- (cc_firewall) DRV - [2007/01/25 17:45:02 | 000,006,784 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\whfltr2k.sys -- (whfltr2k) DRV - [2006/11/02 08:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2006/08/11 08:47:13 | 000,059,776 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\Windows\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x) DRV - [2006/07/05 07:39:29 | 000,059,256 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2006/06/14 09:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2006/01/23 09:12:20 | 000,189,856 | ---- | M] (SecureAction Research, LLC) [Kernel | Boot] -- C:\Windows\System32\drivers\cc_4g.sys -- (cc_4g) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_8930 IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfi2.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {c2ed826e-8903-4a9d-b0df-3a8fb8ea918a} - C:\Program Files\Softonic_ES\tbSoft.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\chris_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_8930 IE - HKU\chris_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKU\chris_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\chris_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKU\chris_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_8930 IE - HKU\Chriser_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_8930 IE - HKU\Chriser_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKU\Chriser_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\Chriser_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com/ [binary data] IE - HKU\Chriser_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_8930 IE - HKU\Chriser_ON_C\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfi2.dll (Conduit Ltd.) IE - HKU\Chriser_ON_C\..\URLSearchHook: {c2ed826e-8903-4a9d-b0df-3a8fb8ea918a} - C:\Program Files\Softonic_ES\tbSoft.dll (Conduit Ltd.) IE - HKU\Chriser_ON_C\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.) IE - HKU\Chriser_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\Chriser_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: D:\Programme\Mozilla Firefox\components [2011/05/19 17:18:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2012/02/05 08:48:21 | 000,000,000 | ---D | M] O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfi2.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Softonic ES Toolbar) - {c2ed826e-8903-4a9d-b0df-3a8fb8ea918a} - C:\Program Files\Softonic_ES\tbSoft.dll (Conduit Ltd.) O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfi2.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Softonic ES Toolbar) - {c2ed826e-8903-4a9d-b0df-3a8fb8ea918a} - C:\Program Files\Softonic_ES\tbSoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\Chriser_ON_C\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKU\Chriser_ON_C\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKU\Chriser_ON_C\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DataCardMonitor] D:\Programme\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [InetAccelerator] C:\Windows\System32\InetAccelerator.exe (MacroSoft) O4 - HKLM..\Run: [InetAccelerator.] C:\ProgramData\InetAccelerator\InetAccelerator.exe (MacroSoft) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TQ566808] File not found O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKLM..\Run: [WheelMouse] C:\Advanced Wheel Mouse\wh_exec.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) O4 - HKU\chris_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\Chriser_ON_C..\Run: [34D27A2BB6A8FBF9] File not found O4 - HKU\Chriser_ON_C..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] D:\Programme\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.) O4 - HKU\Chriser_ON_C..\Run: [InetAccelerator] C:\Users\Chriser\AppData\Roaming\InetAccelerator\InetAccelerator.exe (MacroSoft) O4 - HKU\Chriser_ON_C..\Run: [Registry Reviver] File not found O4 - HKU\Chriser_ON_C..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\ProgramData\InetAccelerator\InetAccelerator.exe) - C:\ProgramData\InetAccelerator\InetAccelerator.exe (MacroSoft) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\InetAccelerator.exe) - C:\Windows\System32\InetAccelerator.exe (MacroSoft) O20 - HKU\Chriser_ON_C Winlogon: Shell - (C:\Users\Chriser\AppData\Roaming\InetAccelerator\InetAccelerator.exe) - C:\Users\Chriser\AppData\Roaming\InetAccelerator\InetAccelerator.exe (MacroSoft) O20 - HKU\Chriser_ON_C Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009/03/05 20:06:38 | 000,192,608 | ---- | M] () - D:\AUTO.pat -- [ NTFS ] O32 - AutoRun File - [2009/03/05 20:06:38 | 000,050,812 | ---- | M] () - D:\AUTO.pst -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/02/12 18:08:44 | 000,000,000 | ---D | C] -- C:\Users\Chriser\AppData\Roaming\InetAccelerator [2012/02/12 18:08:43 | 000,348,160 | ---- | C] (MacroSoft) -- C:\Windows\System32\InetAccelerator.exe [2012/02/12 18:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\InetAccelerator [2012/02/05 08:50:01 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012/02/05 08:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012/02/05 08:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/02/05 08:48:21 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2012/02/05 08:48:21 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012/02/05 08:48:21 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012/02/05 08:48:21 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012/02/05 08:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/01/18 14:29:53 | 001,259,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll [2008/07/22 03:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [7 C:\*.tmp files -> C:\*.tmp -> ] [2197 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\Chriser\AppData\Roaming\*.tmp files -> C:\Users\Chriser\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/02/14 07:57:40 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2012/02/14 07:57:20 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012/02/14 07:57:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/02/14 07:57:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/02/14 07:56:40 | 3215,978,496 | -HS- | M] () -- C:\hiberfil.sys [2012/02/13 07:23:28 | 000,680,916 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012/02/13 07:23:28 | 000,640,282 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/02/13 07:23:28 | 000,148,750 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012/02/13 07:23:28 | 000,122,166 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/02/13 07:16:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/02/13 07:16:03 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\Registry Reviver-Chriser-Startup.job [2012/02/13 07:15:56 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2012/02/12 18:08:43 | 000,348,160 | ---- | M] (MacroSoft) -- C:\Windows\System32\InetAccelerator.exe [2012/02/12 18:08:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/02/05 08:48:04 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2012/02/05 08:48:04 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012/02/05 08:48:04 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012/02/05 08:48:04 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012/02/01 18:38:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012/01/31 16:00:41 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/01/26 18:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2012/01/26 16:06:13 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/01/25 15:42:00 | 000,001,996 | ---- | M] () -- C:\Users\Chriser\Desktop\Veoh Web Player.lnk [7 C:\*.tmp files -> C:\*.tmp -> ] [2197 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\Chriser\AppData\Roaming\*.tmp files -> C:\Users\Chriser\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/02/14 07:56:40 | 3215,978,496 | -HS- | C] () -- C:\hiberfil.sys [2011/11/30 20:59:26 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2011/11/20 16:22:17 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini [2011/09/14 10:46:36 | 000,000,000 | ---- | C] () -- C:\Users\Chriser\AppData\Roaming\blckdom.res [2011/04/22 11:10:14 | 000,000,124 | ---- | C] () -- C:\Windows\Peter's Go.ini [2011/02/26 10:42:18 | 000,004,424 | ---- | C] () -- C:\Windows\FRED.INI [2010/11/20 22:24:10 | 000,103,736 | ---- | C] () -- C:\Users\Chriser\AppData\Roaming\PnkBstrB.exe [2010/07/01 13:49:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010/04/05 10:51:45 | 000,047,104 | ---- | C] () -- C:\Windows\System32\KMVIDC32.DLL [2010/04/02 10:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010/01/25 21:46:53 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2009/11/29 11:19:31 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009/11/29 11:19:31 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009/10/29 11:53:53 | 000,000,583 | ---- | C] () -- C:\Windows\VAMPIRE.INI [2009/09/18 17:36:16 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/09/18 17:36:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/07/03 20:10:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009/05/23 15:03:26 | 000,000,809 | ---- | C] () -- C:\Windows\NTIWVEDT.INI [2009/04/30 16:42:49 | 000,000,680 | ---- | C] () -- C:\Users\chris\AppData\Local\d3d9caps.dat [2009/04/21 12:30:30 | 000,000,077 | ---- | C] () -- C:\Windows\kaiser.ini [2009/04/01 17:39:27 | 000,000,096 | ---- | C] () -- C:\Users\Chriser\AppData\Roaming\AVSDVDPlayer.m3u [2009/04/01 16:03:01 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009/04/01 16:03:00 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009/03/21 12:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\JCMKR32.INI [2009/03/13 14:33:59 | 000,001,185 | ---- | C] () -- C:\Users\Chriser\AppData\Roaming\EasyToolz.ini [2009/03/08 16:37:52 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat [2009/03/04 20:23:44 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat [2009/03/04 12:39:31 | 000,028,672 | ---- | C] () -- C:\Windows\System32\qttask.exe [2008/12/27 15:55:03 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2008/12/21 13:39:38 | 000,000,206 | ---- | C] () -- C:\Users\Chriser\AppData\Roaming\wklnhst.dat [2008/12/20 19:38:02 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2008/12/20 19:38:02 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2008/12/20 19:38:02 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2008/12/20 19:34:41 | 000,000,403 | ---- | C] () -- C:\Windows\SIERRA.INI [2008/12/15 13:33:29 | 000,060,381 | ---- | C] () -- C:\Windows\War3Unin.dat [2008/12/06 19:16:03 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008/12/06 19:16:02 | 000,022,328 | ---- | C] () -- C:\Users\Chriser\AppData\Roaming\PnkBstrK.sys [2008/12/06 19:15:50 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2008/12/06 19:15:49 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2008/12/06 19:15:48 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2008/12/06 12:28:52 | 000,069,632 | ---- | C] () -- C:\Users\Chriser\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/12/06 11:07:28 | 000,000,680 | ---- | C] () -- C:\Users\Chriser\AppData\Local\d3d9caps.dat [2008/12/06 09:45:46 | 000,028,029 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008/12/06 09:45:44 | 000,028,029 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008/09/22 17:48:31 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2008/09/22 17:48:31 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2008/09/22 17:48:31 | 000,009,216 | ---- | C] () -- C:\Windows\usbvideo_reg.exe [2008/09/22 17:48:31 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2008/09/22 17:43:41 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll [2008/01/21 02:15:58 | 000,680,916 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008/01/21 02:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008/01/21 02:15:58 | 000,148,750 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008/01/21 02:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007/11/14 09:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll [2007/04/24 11:32:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2007/01/25 17:45:02 | 000,006,784 | ---- | C] () -- C:\Windows\System32\drivers\whfltr2k.sys [2006/11/02 07:57:28 | 000,067,584 | ---- | C] () -- C:\Windows\bootstat.dat [2006/11/02 07:47:37 | 000,310,480 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 05:33:01 | 000,640,282 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 05:33:01 | 000,122,166 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001/12/26 09:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001/11/14 06:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [2001/11/13 22:40:00 | 000,507,904 | ---- | C] () -- C:\Windows\Silent Hunter II remove.exe [2001/10/16 08:07:46 | 000,000,000 | ---- | C] () -- C:\Windows\System32\IR41_QCX.dll [2001/09/03 16:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001/07/30 09:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001/07/23 15:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [2001/01/08 17:32:31 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2001/01/08 09:47:34 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2001/01/08 09:47:34 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2001/01/08 09:28:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll [2001/01/08 09:24:55 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2001/01/08 09:20:57 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2001/01/08 09:20:57 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2001/01/08 09:20:57 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2001/01/08 09:19:03 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [1997/06/14 03:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll ========== LOP Check ========== [2001/01/08 09:45:51 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Acer GameZone Console [2009/04/30 16:40:36 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Validity [2009/04/01 15:40:51 | 000,000,000 | -HSD | M] -- C:\Users\Chriser\AppData\Roaming\.# [2011/09/14 07:46:44 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\5025 [2011/09/26 10:53:32 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\Acer [2001/01/08 09:45:51 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\Acer GameZone Console [2010/07/11 06:32:34 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\Alarmstufe Rot 3 Der Aufstand [2010/07/22 12:09:43 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\Command and Conquer 4 [2008/12/30 10:03:51 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\DAEMON Tools [2011/03/27 14:18:58 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\DAEMON Tools Pro [2008/12/06 18:34:25 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\eSobi [2010/02/22 09:17:52 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\Gearbox Software [2011/07/17 08:55:06 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\Hotel-Manager [2012/02/12 18:08:44 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\InetAccelerator [2011/07/26 13:44:08 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\Kalypso Media [2011/09/14 07:46:22 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\kock [2010/07/22 06:55:35 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\Leadertech [2009/01/10 12:19:19 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\LG Electronics [2011/09/24 10:50:16 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\Lionhead Studios [2011/11/28 07:02:01 | 000,000,000 | R--D | M] -- C:\Users\Chriser\AppData\Roaming\Meine Die Schlacht um Mittelerde 2 Dateien [2011/11/28 15:24:46 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien [2011/03/06 10:02:42 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\Mount&Blade Warband [2009/03/12 21:17:33 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\pokerth [2010/09/23 14:18:27 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\PowerCinema [2011/03/18 13:58:27 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\PunkBuster [2010/05/22 11:17:15 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\Red Alert 3 [2010/10/14 15:11:37 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\RenPy [2011/01/05 12:08:18 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\Reviversoft [2011/04/11 07:07:22 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\SoftDMA [2009/07/04 05:54:42 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\Stardock [2010/05/22 10:30:55 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\T-Mobile [2010/08/05 12:48:18 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\T-Mobile Internet Manager [2008/12/21 13:40:27 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\Template [2011/03/27 15:20:00 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\The Creative Assembly [2011/09/18 19:03:25 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\Tropico 3 [2009/05/16 18:09:45 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\TrueCrypt [2010/03/15 12:12:32 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\Ubisoft [2008/12/06 09:29:08 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\Validity [2011/03/28 13:17:42 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\WorldShift [2011/09/14 07:46:23 | 000,000,000 | ---D | M] -- C:\Users\Chriser\AppData\Roaming\xmldm [2001/01/08 09:45:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Acer GameZone Console [2008/12/06 09:25:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2010/09/19 11:17:45 | 000,000,000 | ---D | M] -- C:\ProgramData\CCP [2011/03/27 14:09:48 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Pro [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2011/03/06 08:44:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Divinity 2 DKS [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2008/12/06 09:25:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente [2011/09/24 10:50:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\DSS [2010/05/23 05:53:15 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core [2010/05/23 05:50:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts [2009/01/30 16:09:57 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi [2008/12/06 09:25:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2001/01/08 09:36:18 | 000,000,000 | ---D | M] -- C:\ProgramData\FloodLightGames [2011/10/28 14:40:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Giraffic [2012/02/12 18:08:44 | 000,000,000 | ---D | M] -- C:\ProgramData\InetAccelerator [2009/03/21 12:18:11 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe [2009/03/13 16:24:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Muzzy Lane Software [2009/05/24 14:05:01 | 000,000,000 | ---D | M] -- C:\ProgramData\NtiDvdCopy [2011/04/11 07:07:19 | 000,000,000 | ---D | M] -- C:\ProgramData\PlayMovie [2011/05/08 10:50:56 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files [2001/01/08 09:23:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Roaming [2011/11/05 15:57:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Solidshield [2009/07/04 06:03:00 | 000,000,000 | ---D | M] -- C:\ProgramData\Stardock [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2008/12/06 09:25:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü [2010/08/19 17:12:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp [2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2011/03/18 14:19:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft [2008/12/06 09:25:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen [2009/10/19 10:32:29 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch [2001/01/08 09:52:43 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} [2010/03/15 12:22:58 | 000,000,000 | -H-D | M] -- C:\ProgramData\{A4B500C8-F3EB-4AD9-9762-515CCA35FD16} [2009/06/18 11:05:11 | 000,000,000 | -H-D | M] -- C:\ProgramData\{EA77F737-0FEA-4800-BD99-D6AF1051C7A9} [2012/02/13 07:16:03 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\Registry Reviver-Chriser-Startup.job [2012/02/14 07:57:21 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
| Themen zu GEMA Trojaner auf Aspire 8930G mit WinVista |
| alert, antivir, autorun, avira, bho, browser, conduit, defender, desktop, exe, explorer, firefox, format, google earth, helper, home, launch, logfile, nvidia, opera, plug-in, popup, problem, realtek, registry, scan, softonic, software, t-mobile, trojaner, vista |
Baum-Darstellung