Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Nach Befall von Live Security Platinum unter Vista

Nach Befall von Live Security Platinum unter Vista


Log-Analyse und Auswertung: Nach Befall von Live Security Platinum unter Vista

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 25.07.2012, 15:05   #1
havevasum
 
Nach Befall von Live Security Platinum unter Vista - Icon27

Nach Befall von Live Security Platinum unter Vista


Ich habe bereits in einem anderen Forum das Problem beschrieben, wurdeaber hierher verwiesen daher kopiere ich es mal hier rein:

Hallo liebe Leute,


meine Mutter hat sich einen Trojaner eingefangen: "Live Security Platinum".

Ich konnte mich der Sache nicht sofort annehmen, aber sie hat die Nacht rumprobiert und irgendwie geschafft, die Programmteile zu entfernen. Mit ein paar Tools wie Spybot, etc. hat sie sogar die Registry gesäubert.

Ich habe ihr gesagt, dass (und das steht auch oft in den Themen, die ich so gelesen habe) eine Neuinstallation unvermeidlich sei, weil eine komplette Säuberung unmöglich ist wegen der Rootkit-Infiltrierung.

Da hat sie aber keinen Bock drauf wegen ihrem AOL und den Mails und die ganzen Programme neu installieren... verstehe ich natürlich, aber so richtig helfen kann ich ihr daher nicht.

Im Internet finde ich zwar einige Anleitungen zur Entfernung (Googlesuche "Live Security Platinum Virus entfernen" und soweit scheint auch alles sauber zu sein (div. Tools und Rootkit-Scanner finden nichts), aber da gibt es ein Problem mit der Windows-eigenen services.exe, die vom Virusprogramm als befallen erkannt wird.

Nun weiß ich nicht... kann man diese services.exe durch eine saubere ersetzen, wenn ich z. B. mit einem Linux die Datei überschreibe? Kann man das so beheben, und wenn ja, wo bekomme ich eine saubere Vista-services.exe her?

Oder gibt es noch einen anderen Rat?

Was gemacht wurde:
- Mutter hat mit Avira Antivir einiges entfernen können, dadurch funktionierten Task-Manager und Adminrechte wieder.
- Spybot lief drüber.
- Ich habe einige Removal Tools aus den Anleitungen von Kaspersky drüberlaufen lassen. Keine Treffer.
- Malwarebytes, Anti-Malware Tool hat einiges gefunden, wurde entfernt.
- Virenscanner meldet die services.exe als befallen.
- Vom Trojaner selber ist visuell nichts mehr zu sehen.

Derzeit sichert meine Mutter ihre ganzen Daten auf eine externe separate Festplatte, falls doch eine Neuinst. erforderlich ist.

P.S.: Als Antivirenprogramm habe ich Avast draufgespielt, da Antivir sich nicht mehr starten ließ.


Da schon einiges gemacht/repariert wurde und nicht wie hier gewünscht, weiß ich nicht, inwieweit noch was zu retten ist. Sollte Euch was an Datn fehlen lasst es mich wissen, vielen Dank im Voraus.



Wollte den OTL als Anhang beifügen aber Datei ist zu groß dafür.
Log von OTL von Oldtimer:
OTL logfile created on: 25.07.2012 15:32:23 - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Neuer Ordner
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 55,65% Memory free
6,19 Gb Paging File | 4,47 Gb Available in Paging File | 72,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,77 Gb Total Space | 12,77 Gb Free Space | 18,85% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 52,96 Gb Free Space | 35,53% Space Free | Partition Type: NTFS
Drive E: | 64,27 Gb Total Space | 51,11 Gb Free Space | 79,52% Space Free | Partition Type: NTFS

Computer Name: ACER-PC | User Name: Acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.25 15:30:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Neuer Ordner\OTL.exe
PRC - [2012.07.03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- D:\Avast\AvastUI.exe
PRC - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- D:\Avast\AvastSvc.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- D:\MWBAnti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- D:\MWBAnti-Malware\mbamgui.exe
PRC - [2012.06.29 18:28:45 | 000,748,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2010.04.27 17:06:02 | 000,138,072 | ---- | M] () -- C:\Programme\Join Air\UIExec.exe
PRC - [2010.04.27 16:57:32 | 000,247,152 | ---- | M] () -- C:\Programme\Join Air\AssistantServices.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.01.26 16:31:12 | 005,365,592 | RHS- | M] (Safer Networking Limited) -- D:\SpyBot\Spybot - Search & Destroy\SpybotSD.exe
PRC - [2008.10.16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.10.16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.07.20 17:24:14 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.11.20 19:20:22 | 002,272,256 | ---- | M] (DALAND communications) -- C:\Programme\Geburtstagsmanager\burz.exe
PRC - [2007.07.03 11:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007.06.28 18:50:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007.06.28 06:35:20 | 000,784,904 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2007.06.21 16:12:03 | 000,054,576 | ---- | M] (AOL, LLC.) -- C:\Programme\AOL 9.0 VRa\shellmon.exe
PRC - [2007.06.13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007.06.13 11:23:54 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007.06.11 14:54:58 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2007.05.24 14:38:22 | 000,206,952 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Play Movie\PMVService.exe
PRC - [2007.05.24 10:15:27 | 000,039,472 | ---- | M] (AOL, LLC.) -- C:\Programme\AOL 9.0 VRa\waol.exe
PRC - [2007.05.10 11:10:00 | 004,468,736 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.05.08 11:45:28 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.05.08 11:45:26 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007.04.25 16:33:36 | 000,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
PRC - [2007.04.23 09:53:48 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2006.11.29 17:48:22 | 000,118,784 | ---- | M] (Nikon Corporation) -- D:\NkbMonitor.exe
PRC - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Programme\Common Files\aol\acs\AOLacsd.exe
PRC - [2006.09.26 02:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Programme\Common Files\aol\1210613837\ee\aolsoftware.exe
PRC - [2001.02.13 01:58:54 | 000,226,720 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Shortcu\MSOFFICE.EXE


========== Modules (No Company Name) ==========

MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.04.27 17:06:02 | 000,138,072 | ---- | M] () -- C:\Programme\Join Air\UIExec.exe
MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008.06.19 18:35:36 | 000,333,288 | ---- | M] () -- D:\SpyBot\Spybot - Search & Destroy\sqlite3.dll
MOD - [2008.03.05 10:34:32 | 000,795,520 | ---- | M] () -- D:\SpyBot\Spybot - Search & Destroy\Plugins\Fennel.dll
MOD - [2008.03.04 15:52:00 | 000,790,392 | ---- | M] () -- D:\SpyBot\Spybot - Search & Destroy\Plugins\Chai.dll
MOD - [2008.02.26 12:04:40 | 000,717,176 | ---- | M] () -- D:\SpyBot\Spybot - Search & Destroy\Plugins\Mate.dll
MOD - [2007.12.24 02:05:00 | 000,121,344 | ---- | M] () -- D:\SpyBot\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll
MOD - [2007.04.25 16:31:00 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll
MOD - [2007.04.25 16:30:44 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll
MOD - [2004.01.09 22:02:48 | 000,045,056 | ---- | M] () -- C:\Programme\AOL 9.0 VRa\zlib.dll
MOD - [2003.06.07 07:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll
MOD - [2002.04.22 23:08:37 | 000,081,920 | ---- | M] () -- C:\Programme\AOL 9.0 VRa\xmltok.dll
MOD - [2002.04.22 23:08:27 | 000,053,248 | ---- | M] () -- C:\Programme\AOL 9.0 VRa\xmlparse.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2012.07.20 17:20:56 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- D:\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\MWBAnti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.04.27 16:57:32 | 000,247,152 | ---- | M] () [Auto | Running] -- C:\Programme\Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.10.16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.10.16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.07.03 11:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007.06.28 18:50:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.06.13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007.06.13 11:23:54 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007.05.08 11:45:28 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007.04.23 09:53:48 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007.03.11 21:24:50 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- D:\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Programme\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Acer\Downloads\v1.20\v1.20\winphlash-1665x\PHLASHNT.SYS -- (WinPhlash)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\npf.sys -- (npf)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motswch.sys -- (MotoSwitchService)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\crcdisk.sys -- (crcdisk)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.07.03 18:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.07.03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.01.31 15:04:13 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2012.01.31 15:04:12 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.25 17:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010.01.05 11:31:28 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010.01.05 11:31:28 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010.01.05 11:31:28 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010.01.05 11:31:28 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.12.01 22:17:42 | 000,579,712 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2009.12.01 22:17:06 | 000,543,744 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2008.11.17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.08.12 12:51:39 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2008.03.18 16:13:34 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007.09.26 14:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.08.13 04:48:45 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007.06.20 13:49:06 | 000,049,664 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007.06.06 10:07:00 | 007,120,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.05.01 21:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007.02.07 12:35:10 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2006.12.07 19:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006.11.30 00:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw)
DRV - [2006.11.28 10:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.11.02 17:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2006.11.02 15:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2005.04.11 15:26:04 | 000,121,472 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mr97310c.sys -- (mr97310c)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.funmoods.com/results.php?f=4&a=pvl&q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Neuer Ordner
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=pvl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {6778613D-616B-4A6C-9856-65DE943CF424} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU3&o=15380&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=UJ&apn_dtid=YYYYYYYYDE&apn_uid=528B9045-453E-40A4-AD06-A4D3EF7D9159&apn_sauid=E5B949D1-94F6-4770-904E-D7AC77F4648E
IE - HKCU\..\SearchScopes\{1880A316-D4AE-4C05-A3AC-03D7CA8B084D}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=
IE - HKCU\..\SearchScopes\{9181ED87-22F7-41FA-9646-38AA12963FED}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Ms2010\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Ms2010\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Acer\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Acer\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: D:\Avast\WebRep\FF [2012.07.25 12:46:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 17:20:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.17 13:24:02 | 000,000,000 | ---D | M]

[2010.04.01 19:49:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Extensions
[2010.01.22 19:31:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.12 02:00:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\2ilbel56.default\extensions
[2012.03.30 23:29:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\2ilbel56.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.09.28 23:39:14 | 000,002,333 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\2ilbel56.default\searchplugins\askcom.xml
[2012.03.04 16:18:30 | 000,001,797 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\2ilbel56.default\searchplugins\funmoods.xml
[2012.06.07 10:25:03 | 000,001,210 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\2ilbel56.default\searchplugins\search.xml
[2012.03.05 02:06:13 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.12 02:00:24 | 000,525,390 | ---- | M] () (No name found) -- C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2ILBEL56.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012.07.20 17:20:56 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.17 13:23:43 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.07.20 17:20:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.20 17:20:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.20 17:20:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.20 17:20:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.20 17:20:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.20 17:20:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage: hxxp://start.funmoods.com/?f=1&a=pvl
CHR - default_search_provider: Search (Enabled)
CHR - default_search_provider: search_url = hxxp://start.funmoods.com/results.php?f=4&a=pvl&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://start.funmoods.com/?f=1&a=pvl
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Acer\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Acer\AppData\Local\Google\Chrome\Application\20.0.1132.57\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Acer\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U16 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\

O1 HOSTS File: ([2012.07.25 12:30:45 | 000,443,818 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15246 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Ms2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] D:\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [Geburtstagsmanager] C:\Program Files\Geburtstagsmanager\burz.exe (DALAND communications)
O4 - HKLM..\Run: [HostManager] C:\Programme\Common Files\aol\1210613837\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\MWBAnti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UIExec] C:\Program Files\Join Air\UIExec.exe ()
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.0 VRa\AOL.EXE (AOL, LLC.)
O4 - HKCU..\Run: [SmartSerialMail Versand] E:\MailOut\SmartSerialMail\SmartSerialMailServiceApp.exe (JAM Software GmbH)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSOFFICE - Verknüpfung.lnk = C:\Programme\Microsoft Shortcu\MSOFFICE.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: An SchnapperPlus senden - C:\Programme\SchnapperPlus\SchnapperPlusMenu.js ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\OfficeXP\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - D:\Norton\Norton Cleanup\WCQuick.lnk File not found
O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - D:\Norton\Norton Cleanup\WCQuick.lnk File not found
O9 - Extra Button: SchnapperPlus - {D6243B39-211B-440D-B4C5-26D2A579CAC8} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A4DB8B6-E407-4664-BD25-A6F24A20D1FC}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7706DA7-2994-4523-983C-051D26B7E82F}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7706DA7-2994-4523-983C-051D26B7E82F}: NameServer = 85.214.73.63,204.152.184.76,194.150.168.168,213.73.91.35,80.237.196.2,194.95.202.198
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Neuer Ordner\acatmaylookataking.jpg
O24 - Desktop BackupWallPaper: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Neuer Ordner\acatmaylookataking.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{05d6d29a-1e1d-11dd-8973-0013e845f191}\Shell - "" = AutoRun
O33 - MountPoints2\{05d6d29a-1e1d-11dd-8973-0013e845f191}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{05d6d2b6-1e1d-11dd-8973-0013e845f191}\Shell - "" = AutoRun
O33 - MountPoints2\{05d6d2b6-1e1d-11dd-8973-0013e845f191}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{0ffe7400-45cd-11dd-a4fa-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{0ffe7400-45cd-11dd-a4fa-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{88bccbff-1eb7-11de-bc49-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{88bccbff-1eb7-11de-bc49-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{88bccc1f-1eb7-11de-bc49-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{88bccc1f-1eb7-11de-bc49-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8a930461-9308-11df-8514-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{8a930461-9308-11df-8514-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8a930462-9308-11df-8514-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{8a930462-9308-11df-8514-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8a93046e-9308-11df-8514-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{8a93046e-9308-11df-8514-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8a930490-9308-11df-8514-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{8a930490-9308-11df-8514-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8a93049a-9308-11df-8514-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{8a93049a-9308-11df-8514-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8a93049c-9308-11df-8514-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{8a93049c-9308-11df-8514-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{97ed33d2-90c2-11df-ab38-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{97ed33d2-90c2-11df-ab38-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{97ed33d4-90c2-11df-ab38-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{97ed33d4-90c2-11df-ab38-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{a04a9acd-284a-11dd-99b5-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{a04a9acd-284a-11dd-99b5-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b2d1717c-06f2-11de-8754-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{b2d1717c-06f2-11de-8754-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b4d801c9-2849-11dd-9d5e-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{b4d801c9-2849-11dd-9d5e-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c6e12cf5-1c2a-11dd-b23d-0013e845f191}\Shell - "" = AutoRun
O33 - MountPoints2\{c6e12cf5-1c2a-11dd-b23d-0013e845f191}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c6e12d14-1c2a-11dd-b23d-0013e845f191}\Shell - "" = AutoRun
O33 - MountPoints2\{c6e12d14-1c2a-11dd-b23d-0013e845f191}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fd839bdc-04f0-11de-b1bd-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{fd839bdc-04f0-11de-b1bd-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fd839bfd-04f0-11de-b1bd-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{fd839bfd-04f0-11de-b1bd-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.25 12:53:21 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\Malwarebytes
[2012.07.25 12:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.25 12:53:09 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.25 12:46:51 | 000,353,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.07.25 12:46:51 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.07.25 12:46:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.07.25 12:46:50 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012.07.25 12:46:49 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.07.25 12:46:46 | 000,721,000 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.07.25 12:46:45 | 000,057,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.07.25 12:46:18 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.07.25 12:46:17 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.07.25 12:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.07.25 00:35:31 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF860007BFC3025359A32F3B707C
[2012.07.21 02:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Rumbic Studio
[2012.07.21 02:30:58 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\JewelMatch2
[2012.07.21 01:37:38 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\Amulet_of_time_DE
[2012.07.16 18:47:26 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\SunwardGames
[2012.07.12 17:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter
[2012.07.12 03:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\CannyGames
[2012.07.12 02:39:27 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fishdom - Seasons Under the Sea
[2012.07.12 02:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fishdom - Seasons Under the Sea
[2012.07.05 02:06:13 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\Dark Blue Games
[2012.07.02 18:56:48 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\Mystery of Mortlake Mansion
[2012.07.02 10:17:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2012.07.02 09:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Deutsche Post AG
[2012.07.01 16:29:52 | 000,000,000 | ---D | C] -- C:\Program Files\intellidownload
[2012.06.29 18:28:47 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012.06.29 18:28:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.06.29 18:28:46 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012.06.29 18:28:44 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.06.29 18:28:44 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012.06.29 18:28:44 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012.06.29 18:28:44 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012.06.29 18:28:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.06.29 18:28:42 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012.06.29 18:28:42 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012.06.29 18:28:42 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.06.29 18:28:42 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012.06.29 18:28:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.06.29 18:28:42 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012.06.29 18:28:42 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.06.29 18:28:42 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.06.29 18:28:42 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.06.29 18:28:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.06.29 18:28:41 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.06.29 18:28:41 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.06.29 18:28:41 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012.06.29 18:28:41 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012.06.29 18:28:41 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012.06.29 18:28:41 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.06.29 18:28:39 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.06.29 18:28:39 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012.06.29 18:28:39 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012.06.29 18:28:39 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.06.29 18:28:39 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012.06.29 18:28:39 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012.06.29 18:28:38 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.06.29 18:28:38 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012.06.29 18:28:38 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.06.29 18:28:38 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012.06.29 18:28:38 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.06.29 18:28:38 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012.06.29 18:28:38 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.06.29 18:18:17 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.06.29 18:18:15 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.06.29 18:18:15 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.06.29 18:18:15 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.06.29 18:18:14 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.06.29 18:18:14 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.06.29 18:18:14 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.06.29 18:18:13 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.06.29 17:46:25 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.29 17:46:25 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.29 17:46:01 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.29 17:46:01 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.29 17:46:01 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.29 17:45:54 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.29 17:45:54 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2008.11.14 11:56:44 | 000,092,064 | ---- | C] (MCCI) -- C:\Users\Acer\mqdmmdm.sys
[2008.11.14 11:56:44 | 000,079,328 | ---- | C] (MCCI) -- C:\Users\Acer\mqdmserd.sys
[2008.11.14 11:56:44 | 000,066,656 | ---- | C] (MCCI) -- C:\Users\Acer\mqdmbus.sys
[2008.11.14 11:56:44 | 000,009,232 | ---- | C] (MCCI) -- C:\Users\Acer\mqdmmdfl.sys
[2008.11.14 11:56:44 | 000,006,208 | ---- | C] (MCCI) -- C:\Users\Acer\mqdmcmnt.sys
[2008.11.14 11:56:44 | 000,005,936 | ---- | C] (MCCI) -- C:\Users\Acer\mqdmwhnt.sys
[2008.11.14 11:56:44 | 000,004,048 | ---- | C] (MCCI) -- C:\Users\Acer\mqdmcr.sys
[2008.08.12 12:51:39 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Users\Acer\usbsermptxp.sys
[2008.08.12 12:51:39 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Users\Acer\usbsermpt.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.07.25 14:43:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4279209792-3060838603-2230904326-1000UA.job
[2012.07.25 14:42:21 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.25 14:42:21 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.25 14:42:21 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.25 14:42:21 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.25 14:21:10 | 000,174,676 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\nvModes.001
[2012.07.25 14:18:38 | 000,005,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 14:18:38 | 000,005,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 14:18:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.25 14:18:29 | 3219,574,784 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.25 14:03:02 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.07.25 12:46:45 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.07.25 12:30:45 | 000,443,818 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.07.25 04:18:28 | 000,443,515 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120725-123045.backup
[2012.07.25 00:44:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4279209792-3060838603-2230904326-1000Core.job
[2012.07.24 22:01:59 | 000,174,676 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\nvModes.dat
[2012.07.21 11:09:10 | 000,000,206 | ---- | M] () -- C:\Windows\ktel.ini
[2012.07.21 02:33:24 | 000,001,196 | ---- | M] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
[2012.07.20 16:49:50 | 000,040,960 | ---- | M] () -- C:\Users\Acer\Documents\Mitglieder Aktuell.wdb
[2012.07.12 15:02:21 | 000,443,459 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120725-041828.backup
[2012.07.12 02:39:55 | 000,000,905 | ---- | M] () -- C:\Users\Public\Desktop\Spiel Fishdom - Seasons Under the Sea.lnk
[2012.07.08 17:06:30 | 000,442,985 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120712-150221.backup
[2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.07.03 18:21:53 | 000,057,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.07.03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.07.03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.07.03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.02 12:41:00 | 000,015,360 | ---- | M] () -- C:\Users\Acer\Documents\WK41XXXX
[2012.07.02 09:25:32 | 000,000,661 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.06.29 19:34:13 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.06.29 18:35:05 | 000,437,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.29 18:28:55 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012.06.29 18:28:55 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012.06.29 18:28:47 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012.06.29 18:28:47 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.06.29 18:28:46 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012.06.29 18:28:44 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.06.29 18:28:44 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012.06.29 18:28:44 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012.06.29 18:28:44 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012.06.29 18:28:43 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.06.29 18:28:42 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012.06.29 18:28:42 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012.06.29 18:28:42 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.06.29 18:28:42 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012.06.29 18:28:42 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.06.29 18:28:42 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012.06.29 18:28:42 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.06.29 18:28:42 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.06.29 18:28:42 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.06.29 18:28:42 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.06.29 18:28:41 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.06.29 18:28:41 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.06.29 18:28:41 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.06.29 18:28:41 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012.06.29 18:28:41 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012.06.29 18:28:41 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012.06.29 18:28:41 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.06.29 18:28:39 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.06.29 18:28:39 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012.06.29 18:28:39 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012.06.29 18:28:39 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.06.29 18:28:39 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012.06.29 18:28:39 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012.06.29 18:28:38 | 001,800,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.06.29 18:28:38 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012.06.29 18:28:38 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.06.29 18:28:38 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012.06.29 18:28:38 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.06.29 18:28:38 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012.06.29 18:28:38 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.06.25 17:25:30 | 000,018,432 | ---- | M] () -- C:\Users\Acer\Documents\Mitglieder Zucht Adressen.wdb
[2012.06.25 17:22:51 | 000,018,944 | ---- | M] () -- C:\Users\Acer\Documents\Mitglieder Zucht.wdb
[2012.06.25 17:16:29 | 000,035,328 | ---- | M] () -- C:\Users\Acer\Documents\Mitglieder 1 - 0.wdb
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.07.25 00:34:45 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{ed605567-b1ef-6499-6cf3-47edf15c4d33}\U\00000001.@
[2012.07.21 02:32:02 | 000,001,196 | ---- | C] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
[2012.07.12 17:30:41 | 000,000,616 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter (2).lnk
[2012.07.12 17:06:19 | 000,000,613 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Music Tools.lnk
[2012.07.12 02:39:55 | 000,000,905 | ---- | C] () -- C:\Users\Public\Desktop\Spiel Fishdom - Seasons Under the Sea.lnk
[2012.07.02 12:41:00 | 000,015,360 | ---- | C] () -- C:\Users\Acer\Documents\WK41XXXX
[2012.06.29 18:37:12 | 000,000,953 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.06.29 18:28:42 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.03.29 18:46:48 | 002,897,408 | ---- | C] () -- C:\Users\Acer\EPortoInstaller2010_v2.1.msi
[2012.03.29 18:46:48 | 000,436,736 | ---- | C] () -- C:\Users\Acer\setup.exe
[2012.03.27 00:18:33 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012.03.25 16:10:37 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{ed605567-b1ef-6499-6cf3-47edf15c4d33}\@
[2012.03.25 16:10:37 | 000,002,048 | -HS- | C] () -- C:\Users\Acer\AppData\Local\{ed605567-b1ef-6499-6cf3-47edf15c4d33}\@
[2012.03.07 14:24:19 | 000,020,848 | ---- | C] () -- C:\Users\Acer\1331123059-(null) - Kopie (3)
[2012.03.07 14:24:19 | 000,016,348 | ---- | C] () -- C:\Users\Acer\1331123058-(null) - Kopie (9)
[2012.03.07 14:24:19 | 000,015,884 | ---- | C] () -- C:\Users\Acer\1331123059-(null) - Kopie
[2012.03.07 14:24:19 | 000,009,232 | ---- | C] () -- C:\Users\Acer\1331123059-(null) - Kopie (2)
[2012.03.07 14:24:19 | 000,005,813 | ---- | C] () -- C:\Users\Acer\1331123059-(null)
[2012.03.07 14:24:18 | 000,018,104 | ---- | C] () -- C:\Users\Acer\1331123058-(null) - Kopie
[2012.03.07 14:24:18 | 000,016,524 | ---- | C] () -- C:\Users\Acer\1331123058-(null) - Kopie (3)
[2012.03.07 14:24:18 | 000,008,888 | ---- | C] () -- C:\Users\Acer\1331123058-(null) - Kopie (5)
[2012.03.07 14:24:18 | 000,008,400 | ---- | C] () -- C:\Users\Acer\1331123058-(null) - Kopie (7)
[2012.03.07 14:24:18 | 000,006,989 | ---- | C] () -- C:\Users\Acer\1331123058-(null) - Kopie (4)
[2012.03.07 14:24:18 | 000,006,947 | ---- | C] () -- C:\Users\Acer\1331123058-(null)
[2012.03.07 14:24:18 | 000,006,009 | ---- | C] () -- C:\Users\Acer\1331123058-(null) - Kopie (8)
[2012.03.07 14:24:18 | 000,005,877 | ---- | C] () -- C:\Users\Acer\1331123058-(null) - Kopie (2)
[2012.03.07 14:24:18 | 000,004,477 | ---- | C] () -- C:\Users\Acer\1331123058-(null) - Kopie (6)
[2012.03.07 14:17:12 | 000,005,880 | ---- | C] () -- C:\Users\Acer\USB_CMCS_2000.INF
[2012.03.07 14:17:11 | 000,099,168 | ---- | C] () -- C:\Users\Acer\1331122631-oem99.PNF
[2012.03.07 14:17:11 | 000,053,247 | ---- | C] () -- C:\Users\Acer\1331122631-oem99.inf
[2012.03.07 14:17:11 | 000,020,708 | ---- | C] () -- C:\Users\Acer\1331122631-oem113.PNF
[2012.03.07 14:17:11 | 000,009,913 | ---- | C] () -- C:\Users\Acer\1331122631-oem113.inf
[2012.01.31 15:04:13 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2012.01.31 15:04:12 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.10.05 17:29:12 | 000,000,661 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.05.27 15:02:59 | 000,000,000 | ---- | C] () -- C:\Windows\hpqemlsz.INI
[2011.05.08 01:02:04 | 000,162,264 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.08.07 16:26:22 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2009.12.22 10:58:24 | 000,007,592 | ---- | C] () -- C:\Users\Acer\AppData\Local\d3d9caps.dat
[2009.05.11 10:58:06 | 000,483,888 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\mdbu.bin
[2008.11.14 11:56:44 | 000,009,913 | ---- | C] () -- C:\Users\Acer\MCCI_MDM.INF
[2008.11.14 11:56:44 | 000,006,989 | ---- | C] () -- C:\Users\Acer\MCCI_BUS.INF
[2008.11.14 11:56:44 | 000,004,477 | ---- | C] () -- C:\Users\Acer\MCCI_SDM.INF
[2008.11.14 11:56:43 | 000,018,104 | ---- | C] () -- C:\Users\Acer\1226656603-(null) - Kopie
[2008.11.14 11:56:43 | 000,006,947 | ---- | C] () -- C:\Users\Acer\1226656603-(null)
[2008.08.24 15:36:22 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLec.DAT
[2008.08.24 15:32:30 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Devices
[2008.08.24 15:32:30 | 000,000,268 | RH-- | C] () -- C:\Users\Acer\AppData\Roaming\Database
[2008.08.24 15:32:30 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLds.DAT
[2008.08.24 15:32:30 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Digital Light
[2008.08.12 12:51:39 | 000,009,232 | ---- | C] () -- C:\Users\Acer\USB_MOT_BRIT.INF
[2008.08.12 12:51:39 | 000,007,201 | ---- | C] () -- C:\Users\Acer\USBMOT2000.INF
[2008.08.12 12:51:39 | 000,006,141 | ---- | C] () -- C:\Users\Acer\USBMOT2000XP.INF
[2008.08.12 12:51:39 | 000,005,960 | ---- | C] () -- C:\Users\Acer\USB_MOT_A1000.INF
[2008.08.12 12:51:38 | 000,099,168 | ---- | C] () -- C:\Users\Acer\1218538298-oem99.PNF
[2008.08.12 12:51:38 | 000,053,247 | ---- | C] () -- C:\Users\Acer\1218538298-oem99.inf
[2008.05.15 13:01:17 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.03.31 08:29:27 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.03.30 01:48:20 | 000,174,080 | ---- | C] () -- C:\Users\Acer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.24 03:32:35 | 000,002,990 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\wklnhst.dat
[2008.03.17 11:45:18 | 000,174,676 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\nvModes.001
[2008.03.17 11:14:31 | 000,174,676 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\nvModes.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:880F0FEF
@Alternate Data Stream - 304 bytes -> C:\Users\Acer\Documents\Urkunde.jpg:SummaryInformation
@Alternate Data Stream - 251 bytes -> C:\ProgramData\TEMP:8836A712
@Alternate Data Stream - 251 bytes -> C:\ProgramData\TEMP:2CB9631F
@Alternate Data Stream - 249 bytes -> C:\ProgramData\TEMP:474022C7
@Alternate Data Stream - 249 bytes -> C:\ProgramData\TEMP:2B40A7DB
@Alternate Data Stream - 245 bytes -> C:\ProgramData\TEMP:9195103F
@Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:EDDBC69E
@Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:70BDB805
@Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:4CD3F344
@Alternate Data Stream - 238 bytes -> C:\ProgramData\TEMP:BE0654D6
@Alternate Data Stream - 238 bytes -> C:\ProgramData\TEMP:A0921B2C
@Alternate Data Stream - 238 bytes -> C:\ProgramData\TEMP:9F3CEEE6
@Alternate Data Stream - 237 bytes -> C:\ProgramData\TEMP:0EC7A545
@Alternate Data Stream - 236 bytes -> C:\ProgramData\TEMP:834DD57E
@Alternate Data Stream - 236 bytes -> C:\ProgramData\TEMP:6B709AD7
@Alternate Data Stream - 236 bytes -> C:\ProgramData\TEMP:0BACBDD9
@Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:884C7316
@Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:6294B369
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:12258D63
@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:1416AAA6
@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:FAB64002
@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:AABECEFB
@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:53DF4438
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:B54E4B5A
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:762408BA
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:754E278B
@Alternate Data Stream - 224 bytes -> C:\ProgramData\TEMP:F19A4790
@Alternate Data Stream - 224 bytes -> C:\ProgramData\TEMP:8BE7A048
@Alternate Data Stream - 224 bytes -> C:\ProgramData\TEMP:2F70C0B4
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:5E73E1C2
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:1DB77A89
@Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:B4258C5D
@Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:6017A808
@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:A88BE334
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:BEE39E9B
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:E87AB4E3
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:895A78C5
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:7E63EC98
@Alternate Data Stream - 214 bytes -> C:\ProgramData\TEMP:CAC06C34
@Alternate Data Stream - 214 bytes -> C:\ProgramData\TEMP:C0A9B815
@Alternate Data Stream - 214 bytes -> C:\ProgramData\TEMP:9BB8C675
@Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:AECF4772
@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:F1175E1D
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:322D2CD3
@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:EF0C5444
@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:BF6C81B2
@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP8DB81DC
@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMPBEF355E
@Alternate Data Stream - 192 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 187 bytes -> C:\ProgramData\TEMP:FACB65E7
@Alternate Data Stream - 187 bytes -> C:\ProgramData\TEMPFC3B090
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:737160C1
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:517EFA90
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:AE289451
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:5A9F1AE5
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:46283136
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:BD0A043E
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:F56BE392
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:6E65510A
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:02CC0035
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:5164A01F
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:FCBEDCFD
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:51A20D23
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:8AE92FD3
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:56EE2CAF
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:2979C892
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CBAF0C30
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:C900B47A
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:183A9046
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:BCFEA004
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:ED51D3ED
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:B139DDF3
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:9BAC4211
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:65C4D44A
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:ED2D63E4
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:491270B8
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:F610C203
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:BECA50FF
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:14B2E0BD
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:041C0562
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:BD34FFC5
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:A819A132
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:A6D6E537
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:14A1BBE3
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:04FDFCF6
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:9338F136
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:BBC9C1EB
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:661DC753
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:488F7244
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:2AD33723
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:E3615992
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP6D084A5
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:B6E6C4EA
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:2C86E2AD
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:A9223B61
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:6ED8B881
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:48977386
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:F89F2593
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:7ADB695A
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMPC7EDF41
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:A9562832
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:96372A73
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP31BE97C
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C946EBB2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:4F852702
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:F135A76C
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:A4E7D25F
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:922DA2DB
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:569CEE83
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:3B4DA230
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:1234ADAE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F84B8DB5
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C8AC644A
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:96C9689F
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:206470A5
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:89A5891E
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:6F0C95A1
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:4DCAC4BC
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:16F4BC64
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:F2B81C2E
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A9056F42
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:72A1B66A
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3086B95F
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:2211E7A0
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:5D351BC6
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:4673E9EA
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMPE9F4320
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:774A0E14
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1880E7FA
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C3C72D5F
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C2F24DB5
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:927EC486
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:2F1D743F
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:1F7A10DD
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:96AFAB10
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:409A775B
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:5E9B629B
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:78E0DF72

< End of report >



Log von Malwarebytes:
siehe Anhang


Avast meldet alle 2 Minuten:
Trojanisches Pferd blockiert
bzw.
Rootkit blockiert
Objekt: C:\Windows\Installer\...\800000cb.@
Infektion: Win32.Sirefef-AO [Rtk/Trj]
Aktion: In Contaner verschoben
Prozess: C:\Windows\sytem32\services.exe

Alt 26.07.2012, 17:04   #2
havevasum
 
Nach Befall von Live Security Platinum unter Vista - Standard

Nach Befall von Live Security Platinum unter Vista


Thread kann gelöscht werden, Problem hat sich erledigt Danke
__________________
Antwort

Themen zu Nach Befall von Live Security Platinum unter Vista
antivir, antivirus, avira, bho, bonjour, desktop, document, error, excel, fast start, festplatte, firefox, google earth, home, kaspersky, launch, live security platinum trojaner windows, logfile, mp3, plug-in, problem, programm, realtek, safer networking, searchscopes, security, senden, software, starten, symantec, trojaner, virus, virus entfernen, vista


« Bundespolizei Ukash | Firefox leitet oft auf fresh-weather.com um »


Ähnliche Themen: Nach Befall von Live Security Platinum unter Vista


  1. troj zero acces in: Live Security Platinum und Microsoft\Security Center|
    Log-Analyse und Auswertung - 10.12.2012 (7)
  2. Was tun nach "Live Security Platinum" Virus
    Plagegeister aller Art und deren Bekämpfung - 27.10.2012 (28)
  3. TR/Crypt.EPACK.Gen2 nach Platinum live security warnung
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (3)
  4. Mehrere Trojaner (Zbot) nach Live Security Platimun-Befall gefunden
    Plagegeister aller Art und deren Bekämpfung - 18.09.2012 (9)
  5. Nach löschen von Live Security Platinum System sauber?
    Log-Analyse und Auswertung - 06.09.2012 (33)
  6. Check nach "Live Security Platinum"-Befall
    Log-Analyse und Auswertung - 14.08.2012 (1)
  7. Live Security Platinum Befall
    Plagegeister aller Art und deren Bekämpfung - 11.08.2012 (22)
  8. Nach Live Security Platinum nun pup.downloadnsave
    Log-Analyse und Auswertung - 10.08.2012 (34)
  9. Live Security Platinum - Befall
    Log-Analyse und Auswertung - 08.08.2012 (29)
  10. Live Security Platinum nach System-Neuinstallation wirklich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (1)
  11. Log Files nach Entfernen von Live Security Platinum - Was muss ich nun noch tun?
    Log-Analyse und Auswertung - 27.07.2012 (9)
  12. Vorgehen nach Live Security Platinum Entfernung?
    Plagegeister aller Art und deren Bekämpfung - 24.07.2012 (1)
  13. Live Security Platinum auf dem Laptop mit Logfiles - ist nun nach Malwarebytes alles gut?
    Mülltonne - 20.07.2012 (0)
  14. Live Security Platinum - Befall
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (3)
  15. Neuinstallation von Windows nach Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (1)
  16. Live Security Platinum Befall?
    Log-Analyse und Auswertung - 18.07.2012 (3)
  17. Logfiles von Live Security Platinum Trojaner mit Rootkit.0Access Befall
    Log-Analyse und Auswertung - 17.07.2012 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Nach Befall von Live Security Platinum unter Vista - Ich habe bereits in einem anderen Forum das Problem beschrieben, wurdeaber hierher verwiesen daher kopiere ich es mal hier rein: Hallo liebe Leute, meine Mutter hat sich einen Trojaner eingefangen: - Nach Befall von Live Security Platinum unter Vista...
Archiv
Du betrachtest: Nach Befall von Live Security Platinum unter Vista auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131