Live Security Premium eingefangen

Xenja · 05.08.2012, 12:36

Hallo,

ich habe mir heute anscheinend auch den Live Security Platinum Trojaner eingefangen. Allerdings nicht, wie anscheinend meistens, durch eine Email sondern beim normalen Surfen (ich habe Daten über Indien für meine Hausarbeit gesucht und mich nicht wissentlich auf "gefährlichen" seiten aufgehalten) im Internet. Firefox hat sich plötzlich beendet und Live Security Platinum hat gemeldet ich hätte Trojaner und solle mir die Software kaufen, um diese zu entfernen. Keine Programme bzw. zumindest Firefox, Internet Explorer, AntiVir lassen sich mehr starten. Ich bin dann gleich an meinen Zweitrechner und habe eure Schritte durchgeführt, mein befallener Rechner läuft zum Ausführen der Analyse-software im abgesicherten Modus.

Zunächst das Malwaerbytes-File - ich hatte zunächst die downgeloadete Version -ohne Aktualisierung - laufen lassen - da ich (sorry kenn mich nicht so gut aus) nicht wusste dass ich den abgesicherten Modus mit Netzwerkzugang laufen lassen kann um an die Aktualisierung zu kommen - und als ich wie in der Anleitung versucht habe die rules.ref zu ersetzen hat das Programm nicht mehr funktioniert. Anschließend dann noch mal das File mit Aktualisierung - hatte das Netzwerkkabel nur während der Aktualisierung eingesteckt:
Achja, ich bin in Australien, deshalb befindet sich meine Systemzeit "in der Zukunft", nicht wundern.

File 1:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.03.05

Windows Vista Service Pack 1 x86 NTFS (Abgesichertenmodus)
Internet Explorer 8.0.6001.19088
Sassi :: SASSI-LAPPI [Administrator]

Schutz: Deaktiviert

05.08.2012 18:59:55
mbam-log-2012-08-05 (18-59-55).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 232907
Laufzeit: 5 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|fsutavaw (IPH.Trojan.Agent.CPN) -> Daten: rundll32 "C:\Users\Sassi\AppData\Local\Temp\logmtugc.dll",CreateProcessNotify -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\Sassi\AppData\Local\{a0fe0212-eacb-51fa-04ed-139340fb4fc8}\n. -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Sassi\AppData\Local\Temp\logmtugc.dll (IPH.Trojan.Agent.CPN) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sassi\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

File 2:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.05.03

Windows Vista Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.6001.19088
Sassi :: SASSI-LAPPI [Administrator]

Schutz: Deaktiviert

05.08.2012 19:49:37
mbam-log-2012-08-05 (19-49-37).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 219393
Laufzeit: 7 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|036DFF610055EE5B2DE11A966C44B0BF (Trojan.Lameshield) -> Daten: C:\ProgramData\036DFF610055EE5B2DE11A966C44B0BF\036DFF610055EE5B2DE11A966C44B0BF.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Sassi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 4
C:\ProgramData\036DFF610055EE5B2DE11A966C44B0BF\036DFF610055EE5B2DE11A966C44B0BF.exe (Trojan.Lameshield) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sassi\AppData\Local\Temp\5D61.tmp (RootKit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sassi\AppData\Local\Temp\msimg32.dll (RootKit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sassi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Den defogger habe ich nicht runtergeladen, weil mich Trend Internet Security vor dem Aufruf der Seite gewarnt hat - soll die Seite trotzdem zulassen?

Hier die OTL.txt:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 05.08.2012 20:10:10 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Sassi\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 82,23% Memory free
6,19 Gb Paging File | 5,85 Gb Available in Paging File | 94,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 78,15 Gb Free Space | 54,25% Space Free | Partition Type: NTFS
Drive E: | 140,50 Gb Total Space | 41,58 Gb Free Space | 29,59% Space Free | Partition Type: NTFS
Drive H: | 3,73 Gb Total Space | 1,11 Gb Free Space | 29,84% Space Free | Partition Type: FAT32
 
Computer Name: SASSI-LAPPI | User Name: Sassi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.05 19:30:58 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Sassi\Desktop\OTL.exe
PRC - [2008.10.29 16:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 12:21:59 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2008.01.10 00:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MSC\mcmscsvc.exe
PRC - [2007.11.02 03:12:38 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\MSC\mcuimgr.exe
PRC - [2007.08.04 06:33:14 | 000,582,992 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee.com\Agent\mcagent.exe
PRC - [2007.07.18 23:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MPF\MpfSrv.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate)
SRV - [2012.08.03 23:44:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.15 12:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.16 13:55:24 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.16 13:55:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.01.31 19:58:06 | 000,068,648 | R--- | M] (iS3, Inc.) [Auto | Stopped] -- C:\Programme\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011.07.20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.07.05 09:25:08 | 002,428,968 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Programme\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2011.06.29 23:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [Disabled | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011.06.11 06:54:55 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010.03.18 19:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.05.21 05:18:32 | 000,075,048 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2009.04.30 20:23:26 | 000,090,112 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009.04.08 13:49:30 | 000,344,064 | R--- | M] (AVerMedia) [Auto | Stopped] -- C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2008.12.09 20:01:50 | 000,405,504 | R--- | M] () [Auto | Stopped] -- C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2008.10.23 17:45:14 | 000,307,200 | ---- | M] (T-Systems Enterprise Services GmbH) [On_Demand | Stopped] -- C:\Programme\DSL-Manager\DslMgrSvc.exe -- (TDslMgrService)
SRV - [2008.03.07 23:05:10 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.03.05 07:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.02.15 17:09:30 | 000,595,248 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2008.01.25 09:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008.01.21 12:23:48 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 12:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.11 01:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008.01.10 00:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007.12.07 00:15:28 | 000,110,592 | ---- | M] () [Auto | Stopped] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007.12.05 18:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007.11.26 18:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Programme\McAfee\MSK\msksrver.exe -- (MSK80Service)
SRV - [2007.11.07 17:35:40 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007.10.31 02:46:32 | 000,131,072 | ---- | M] (AccSys GmbH) [Disabled | Stopped] -- C:\Programme\Common Files\AccSys\accvssvc.exe -- (accvssvc)
SRV - [2007.10.26 22:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007.10.03 22:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.08.15 20:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007.07.24 20:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Programme\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007.07.18 23:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\MPF\MpfSrv.exe -- (MpfService)
SRV - [2006.10.26 22:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.16 13:55:26 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.16 13:55:25 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.01.05 09:01:54 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2012.01.04 13:06:32 | 000,072,080 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SZKGFS.sys -- (szkgfs)
DRV - [2011.12.15 14:00:35 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.26 11:21:00 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SZKG.sys -- (szkg5)
DRV - [2011.09.26 11:21:00 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\is3srv.sys -- (is3srv)
DRV - [2011.06.11 06:42:41 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2010.06.17 13:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.06 04:33:03 | 000,306,816 | ---- | M] (AfaTech                  ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2010.02.25 17:15:21 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2010.02.25 16:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009.12.25 01:19:56 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/12/06 12:36:30] [Kernel | Auto | Stopped] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2009.07.01 11:27:02 | 000,436,480 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerFx2hbtv.sys -- (AVerFx2hbtv)
DRV - [2008.09.04 16:12:00 | 000,047,616 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2008.06.06 06:59:13 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2008.04.21 21:52:03 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2008.03.13 18:23:06 | 000,080,912 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.03.08 03:55:00 | 007,480,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.02.29 17:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.02.15 17:09:46 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x)
DRV - [2008.01.21 12:21:34 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008.01.09 20:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.12.19 01:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007.12.02 20:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007.11.22 14:44:08 | 000,201,320 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007.11.22 14:44:08 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007.11.22 14:44:08 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007.11.22 14:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007.10.26 22:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007.09.26 21:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.09.12 17:24:00 | 000,026,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DslTestSp5.sys -- (dsltestSp5)
DRV - [2007.08.01 14:49:00 | 000,016,448 | ---- | M] (T-Systems Enterprise Services GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\dslmnlwf.sys -- (DslMNLwf)
DRV - [2007.07.13 17:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007.06.21 21:00:53 | 000,320,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UDXTTM6000.sys -- (UDXTTM6000)
DRV - [2007.04.03 21:57:54 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116unic.sys -- (s116unic)
DRV - [2007.04.03 21:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116obex.sys -- (s116obex)
DRV - [2007.04.03 21:57:52 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116nd5.sys -- (s116nd5)
DRV - [2007.04.03 21:57:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mgmt.sys -- (s116mgmt)
DRV - [2007.04.03 21:57:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdm.sys -- (s116mdm)
DRV - [2007.04.03 21:57:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdfl.sys -- (s116mdfl)
DRV - [2007.04.03 21:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116bus.sys -- (s116bus)
DRV - [2007.03.01 21:17:44 | 000,018,560 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2007.01.31 21:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.01.26 16:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2007.01.19 00:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.11 00:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006.11.02 23:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Stopped] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006.09.18 22:58:54 | 000,097,184 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SE27mdm.sys -- (SE27mdm)
DRV - [2006.09.18 22:58:52 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SE27mdfl.sys -- (SE27mdfl)
DRV - [2006.09.18 22:58:48 | 000,061,600 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SE27bus.sys -- (SE27bus)
DRV - [2006.06.29 12:11:48 | 000,017,408 | ---- | M] (DTV-DVB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UDXTTM6000HID.sys -- (UDXTTM6000HID)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://hotmail.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {64094BE8-3896-4249-B613-56DCC8F62C1B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{64094BE8-3896-4249-B613-56DCC8F62C1B}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.16749
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.5
FF - prefs.js..network.proxy.backup.ftp: "81.223.49.107"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "81.223.49.107"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "81.223.49.107"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "85.93.2.63"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "85.93.2.63"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "85.93.2.63"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "85.93.2.63"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Sassi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Sassi\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sassi\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sassi\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.07.24 17:00:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.19 16:45:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.18 15:08:48 | 000,000,000 | ---D | M]
 
[2006.12.28 13:56:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sassi\AppData\Roaming\mozilla\Extensions
[2012.09.12 13:29:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sassi\AppData\Roaming\mozilla\Firefox\Profiles\6kitd8lf.default\extensions
[2010.04.28 03:44:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sassi\AppData\Roaming\mozilla\Firefox\Profiles\6kitd8lf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.04 20:53:04 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sassi\AppData\Roaming\mozilla\Firefox\Profiles\6kitd8lf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.12 13:29:25 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Sassi\AppData\Roaming\mozilla\Firefox\Profiles\6kitd8lf.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.03.01 14:45:54 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Sassi\AppData\Roaming\mozilla\Firefox\Profiles\6kitd8lf.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.02.29 21:14:44 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Sassi\AppData\Roaming\mozilla\Firefox\Profiles\6kitd8lf.default\extensions\foxyproxy@eric.h.jung
[2010.03.06 05:16:26 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Sassi\AppData\Roaming\mozilla\Firefox\Profiles\6kitd8lf.default\extensions\moveplayer@movenetworks.com
[2006.12.27 00:06:03 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Sassi\AppData\Roaming\mozilla\Firefox\Profiles\6kitd8lf.default\extensions\toolbar@ask.com
[2012.04.18 13:47:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.31 20:14:21 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.28 20:56:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2012.04.18 13:47:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.07.24 17:00:04 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2012.04.18 13:47:07 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.02.19 16:45:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.18 13:46:21 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006.12.26 23:03:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2006.12.26 23:03:26 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2006.12.26 23:03:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2006.12.26 23:03:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2006.12.26 23:03:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2006.12.26 23:03:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.19 07:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Programme\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (no name) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Xerox PanelMgr] C:\Windows\Xerox\PanelMgr\ssmmgr.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Users\Sassi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sassi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Sassi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Sassi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sassi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - Reg Error: Key error. File not found
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1226678251 (Image Uploader Control)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A61437B-C150-41CB-A18F-460FB092226E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64689E79-7455-4308-9F40-EEFBBFF93B49}: DhcpNameServer = 10.3.64.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Programme\Stardock\Object Desktop\DeskScapes\deskscapes.dll (Stardock Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Programme\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Programme\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6be49bb5-30e7-11e1-b18c-00a0d1a6290c}\Shell - "" = AutoRun
O33 - MountPoints2\{6be49bb5-30e7-11e1-b18c-00a0d1a6290c}\Shell\AutoRun\command - "" = J:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.08 20:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012.09.12 08:36:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2012.09.12 08:36:13 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2012.09.12 08:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2012.09.12 08:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2012.09.12 07:57:22 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2012.08.05 20:08:38 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Sassi\Desktop\OTL.exe
[2012.08.05 18:30:44 | 000,000,000 | ---D | C] -- C:\Users\Sassi\AppData\Roaming\Malwarebytes
[2012.08.05 18:28:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.05 18:28:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.05 18:28:10 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.05 18:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.05 17:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF610055EE5B2DE11A966C44B0BF
[2012.07.30 17:40:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phoenix Online
[2012.07.30 17:33:36 | 000,000,000 | ---D | C] -- C:\Program Files\Phoenix Online
[2012.07.27 15:21:17 | 000,000,000 | ---D | C] -- C:\Users\Sassi\AppData\Roaming\MagicIndie
[2012.07.27 15:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Intenium
[2012.07.27 15:16:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEUTSCHLAND SPIELT
[2012.07.27 15:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\DEUTSCHLAND SPIELT
[2012.07.27 15:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\OXXOGames
[2012.07.24 16:35:51 | 000,081,920 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\ssdevm.dll
[2012.07.24 16:35:51 | 000,049,152 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\ssusbpn.dll
[2012.07.24 16:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xerox Phaser 3160
[2012.07.24 16:35:29 | 000,000,000 | ---D | C] -- C:\Windows\Xerox
[2012.07.24 16:31:23 | 000,151,552 | ---- | C] (SS) -- C:\Windows\System32\sxp4mci.exe
[2012.07.24 16:31:23 | 000,065,536 | ---- | C] (SS) -- C:\Windows\System32\sxp4mci.dll
[2012.07.24 16:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\Xerox
[2012.07.18 16:10:34 | 000,000,000 | ---D | C] -- C:\7fdb029b1bdae4e1b5dacb11f3b33964
[2012.07.17 07:50:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012.07.17 07:50:46 | 000,000,000 | ---D | C] -- C:\Users\Sassi\AppData\Roaming\Yahoo!
[2012.07.14 20:42:35 | 000,000,000 | ---D | C] -- C:\Users\Sassi\AppData\Roaming\vlc
[2012.07.14 20:21:56 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010.06.10 02:36:09 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeE16D.dll
[1 C:\Users\Sassi\*.tmp files -> C:\Users\Sassi\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.12 07:57:02 | 000,000,036 | ---- | M] () -- C:\Users\Sassi\AppData\Local\housecall.guid.cache
[2012.08.05 20:11:57 | 000,636,104 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.05 20:11:57 | 000,602,432 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.05 20:11:57 | 000,129,416 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.05 20:11:57 | 000,106,248 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.05 20:05:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.05 20:04:03 | 000,039,326 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2012.08.05 19:43:02 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.08.05 19:40:36 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{363E0893-6B77-4BE7-84BF-70F432F394DF}.job
[2012.08.05 19:39:44 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012.08.05 19:39:41 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.05 19:39:32 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.05 19:39:30 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.05 19:30:58 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Sassi\Desktop\OTL.exe
[2012.08.05 18:35:20 | 000,008,268 | ---- | M] () -- C:\Users\Sassi\AppData\Local\d3d9caps.dat
[2012.08.05 17:44:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.05 17:11:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1091895334-1960353516-1711741289-1000UA.job
[2012.08.05 16:59:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.05 11:53:00 | 000,002,299 | ---- | M] () -- C:\Users\Sassi\AppData\Roaming\acervcmtmp.ini
[2012.07.30 20:26:04 | 000,055,117 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.07.30 20:23:02 | 000,055,117 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.07.30 17:40:00 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\The Silver Lining.lnk
[2012.07.28 18:40:32 | 000,028,454 | ---- | M] () -- C:\Users\Sassi\Desktop\hundkatz.jpg
[2012.07.27 15:16:45 | 000,001,834 | ---- | M] () -- C:\Users\Public\Desktop\RTL GAME CENTER.lnk
[2012.07.27 15:16:40 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\Brink of Consciousness Dorian-Gray-Syndrom.lnk
[2012.07.15 01:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[1 C:\Users\Sassi\*.tmp files -> C:\Users\Sassi\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.12 07:57:02 | 000,000,036 | ---- | C] () -- C:\Users\Sassi\AppData\Local\housecall.guid.cache
[2012.08.05 17:19:56 | 000,001,712 | ---- | C] () -- C:\Users\Sassi\AppData\Local\{a0fe0212-eacb-51fa-04ed-139340fb4fc8}\U\00000001.@
[2012.07.30 17:40:00 | 000,001,935 | ---- | C] () -- C:\Users\Public\Desktop\The Silver Lining.lnk
[2012.07.28 18:40:26 | 000,028,454 | ---- | C] () -- C:\Users\Sassi\Desktop\hundkatz.jpg
[2012.07.27 15:16:45 | 000,001,834 | ---- | C] () -- C:\Users\Public\Desktop\RTL GAME CENTER.lnk
[2012.07.27 15:16:40 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\Brink of Consciousness Dorian-Gray-Syndrom.lnk
[2012.07.24 16:35:35 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe
[2012.07.24 16:31:32 | 000,026,624 | ---- | C] () -- C:\Windows\System32\sxp4ml3.dll
[2012.07.24 16:31:32 | 000,000,361 | ---- | C] () -- C:\Windows\System32\sxp4ml3.smt
[2012.07.21 14:38:45 | 000,000,633 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
[2012.07.04 18:46:04 | 000,006,178 | ---- | C] () -- C:\Users\Sassi\.recently-used.xbel
[2012.05.13 16:20:55 | 000,075,209 | ---- | C] () -- C:\Users\Sassi\bavarian_beer_cafe.jpg
[2012.02.02 16:46:48 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.10.05 03:14:52 | 000,026,453 | ---- | C] () -- C:\Users\Sassi\SassiMotorrad.JPG
[2011.02.10 17:03:08 | 000,002,048 | -HS- | C] () -- C:\Users\Sassi\AppData\Local\{a0fe0212-eacb-51fa-04ed-139340fb4fc8}\@
[2010.11.16 05:57:21 | 000,000,047 | RH-- | C] () -- C:\Windows\ghdc.dat
[2009.11.02 22:54:23 | 000,002,299 | ---- | C] () -- C:\Users\Sassi\AppData\Roaming\acervcmtmp.ini
[2008.06.08 23:07:55 | 000,055,117 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.06.08 20:54:28 | 000,055,117 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.06.08 05:33:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.06.07 05:04:42 | 000,075,776 | ---- | C] () -- C:\Users\Sassi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.06.07 04:18:23 | 000,008,268 | ---- | C] () -- C:\Users\Sassi\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2008.04.08 20:50:57 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\Acer GameZone Console
[2008.07.14 22:14:56 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\Canneverbe_Limited
[2008.08.27 06:04:19 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\Canon
[2012.08.05 11:53:07 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\Dropbox
[2011.09.04 21:03:01 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\DVDVideoSoft
[2011.09.04 20:53:03 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\DVDVideoSoftIEHelpers
[2008.08.30 19:13:55 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\eSobi
[2012.07.04 00:31:50 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\gtk-2.0
[2010.04.22 06:26:34 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\ICQ
[2011.04.14 00:38:10 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\Leadertech
[2012.07.27 15:21:17 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\MagicIndie
[2011.12.28 10:54:25 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\MyPhoneExplorer
[2012.02.02 16:46:54 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\pdfforge
[2010.12.20 22:18:17 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\PowerCinema
[2010.11.16 06:01:30 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\Quantitative Micro Software
[2012.03.07 17:41:50 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\QuickScan
[2011.05.18 20:13:56 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\Scilab
[2010.12.09 04:40:24 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\SoftDMA
[2010.09.30 04:11:35 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\Spider Player
[2012.02.24 23:37:50 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\TeamViewer
[2011.10.19 04:51:51 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\UseNeXT
[2008.06.06 01:44:16 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\Validity
[2012.07.15 01:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2012.07.01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2012.08.05 19:43:02 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.08.05 19:40:36 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{363E0893-6B77-4BE7-84BF-70F432F394DF}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 156 bytes -> C:\ProgramData\Temp:CB0AACC9

< End of report >

--- --- ---

Die Extras- und Gmer-log habe ich angehängt.

Vieeeeelen herzlichen Dank schon mal für eure Hilfe!!!

Xenja

Chris4You · 08.08.2012, 10:27

Hi,

Rootkit zAccess:

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden...

Erstelle und poste dann ein neues OTL-Log...

chris
Für mich: cval=0; DisabledMonitoring

Xenja · 08.08.2012, 15:37

Hi Chris,

danke für deine Antwort! Ich habe mich zwischenzeitlich dazu entschieden gleich mein System neu aufzusetzen. Daher sollte es jetzt eigentlich sauber sein, denke ich? Habe mal die Malwarebyte und OTL-log angehängt.

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.08.01

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 7.0.6002.18005
Saskia :: SASKIA-LAPPI [Administrator]

08.08.2012 13:59:20
mbam-log-2012-08-08 (13-59-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 267734
Laufzeit: 16 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.08.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Saskia :: SASKIA-LAPPI [Administrator]

08.08.2012 19:51:30
mbam-log-2012-08-08 (19-51-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 291622
Laufzeit: 2 Stunde(n), 1 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 08.08.2012 23:49:45 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Saskia\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 31,34% Memory free
6,19 Gb Paging File | 3,53 Gb Available in Paging File | 57,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 111,52 Gb Free Space | 77,42% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 42,12 Gb Free Space | 14,13% Space Free | Partition Type: NTFS
Drive E: | 140,50 Gb Total Space | 140,41 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive H: | 3,73 Gb Total Space | 1,14 Gb Free Space | 30,56% Space Free | Partition Type: FAT32
 
Computer Name: SASKIA-LAPPI | User Name: Saskia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.07 18:56:09 | 003,770,600 | ---- | M] () -- C:\Programme\Acer\Acer Bio Protection\PwdBank.exe
PRC - [2012.08.07 18:56:05 | 003,337,728 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe
PRC - [2012.08.07 18:55:55 | 003,642,368 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Programme\Acer\Acer Bio Protection\PdtWzd.exe
PRC - [2012.08.07 18:51:05 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Saskia\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2012.08.05 19:30:58 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Saskia\Desktop\OTL.exe
PRC - [2012.07.18 18:04:42 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.18 18:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.01.04 20:20:50 | 001,391,272 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.02.18 18:38:24 | 000,793,200 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware View\Client\bin\wsnm_usbctrl.exe
PRC - [2011.02.18 18:37:56 | 000,494,192 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware View\Client\bin\wsnm.exe
PRC - [2009.04.10 23:28:16 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.04.10 23:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.10 23:27:46 | 000,636,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2009.04.10 23:27:40 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieuser.exe
PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.03.20 07:03:48 | 002,376,992 | ---- | M] (McAfee, Inc.) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008.03.13 19:24:20 | 000,805,384 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2008.03.12 03:30:28 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008.03.11 19:53:54 | 005,296,128 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.03.07 23:05:10 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.03.07 11:36:12 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2008.03.05 15:55:24 | 000,167,936 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2008.03.05 15:55:16 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2008.03.05 11:56:30 | 001,216,512 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\AcerVCM.exe
PRC - [2008.03.05 07:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.03.05 07:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008.03.04 21:21:06 | 000,167,936 | ---- | M] (Acer Corp.) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2008.02.15 09:09:30 | 000,595,248 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe
PRC - [2008.01.16 18:35:02 | 000,081,504 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2008.01.10 17:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe
PRC - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007.12.07 00:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2007.11.21 10:04:14 | 000,218,496 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil9e.exe
PRC - [2007.10.23 10:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 14:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.08.24 12:00:40 | 000,023,880 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MSK\msksrver.exe
PRC - [2007.08.15 20:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007.08.04 11:08:06 | 000,749,904 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MSC\mcmscsvc.exe
PRC - [2007.08.04 06:33:14 | 000,582,992 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee.com\Agent\mcagent.exe
PRC - [2007.07.18 23:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MPF\MpfSrv.exe
PRC - [2007.07.13 15:14:56 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\MSC\mcuimgr.exe
PRC - [2007.04.24 18:50:32 | 000,723,760 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007.03.27 12:00:32 | 000,196,608 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Acer VCM\acp2HID.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.07 18:56:09 | 003,770,600 | ---- | M] () -- C:\Programme\Acer\Acer Bio Protection\PwdBank.exe
MOD - [2012.04.23 21:01:12 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012.03.22 21:02:38 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012.01.03 20:58:08 | 003,186,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012.01.03 20:57:17 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2009.03.29 21:42:22 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2009.03.29 21:42:20 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2009.03.29 21:42:20 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2009.03.29 21:42:20 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2009.03.29 21:42:18 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.03.29 21:42:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.03.29 21:42:12 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2008.04.08 20:27:00 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3005.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2008.04.08 20:26:59 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3005.0__3036420f80dd6947\Framework.Library.dll
MOD - [2008.04.08 20:26:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3005.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
MOD - [2008.03.11 17:14:34 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll
MOD - [2008.03.05 15:55:28 | 000,753,664 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008.03.05 15:55:22 | 000,007,680 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
MOD - [2008.03.05 07:38:16 | 000,227,888 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2008.02.25 10:00:58 | 000,003,072 | ---- | M] () -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
MOD - [2007.10.23 10:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2007.09.19 14:15:26 | 000,329,032 | ---- | M] () -- c:\Programme\McAfee\MSK\mcapbho.dll
MOD - [2007.09.11 11:12:08 | 000,475,136 | ---- | M] () -- C:\Programme\Acer\Acer VCM\AcerControl.dll
MOD - [2007.04.24 18:44:26 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007.04.24 18:32:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2003.06.07 15:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.14 10:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.02.18 18:38:24 | 000,793,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware View\Client\bin\wsnm_usbctrl.exe -- (wsnm_usbctrl)
SRV - [2011.02.18 18:37:56 | 000,494,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware View\Client\bin\wsnm.exe -- (wsnm)
SRV - [2008.03.20 07:03:48 | 002,376,992 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008.03.07 23:05:10 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.03.05 07:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.02.15 09:09:30 | 000,595,248 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2008.01.21 12:23:48 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 12:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 18:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008.01.10 17:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007.12.07 00:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.08.24 12:00:40 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\MSK\msksrver.exe -- (MSK80Service)
SRV - [2007.08.24 11:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007.08.15 20:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007.08.04 11:08:06 | 000,749,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007.07.18 23:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\MPF\MpfSrv.exe -- (MpfService)
SRV - [2006.10.26 22:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.08.08 17:06:47 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2012.08.08 17:06:47 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2012.08.07 18:55:57 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2012.07.18 18:04:42 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.07.18 18:04:42 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.07.18 18:04:42 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.02.18 18:38:24 | 000,039,984 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmwvusb.sys -- (vmwvusb)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.03.11 21:38:00 | 000,048,128 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2008.03.08 03:55:00 | 007,480,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.03.05 09:25:30 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.02.29 17:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.02.15 09:09:46 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x)
DRV - [2008.01.16 18:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2008.01.09 05:10:32 | 002,554,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.12.19 01:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007.07.13 17:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007.01.26 16:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2006.11.02 23:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10401&src=crm&q={searchTerms}&locale=de_AU&apn_ptnrs=^ABZ&apn_dtid=^YYYYYY^YY^AU&apn_uid=DF6E8D9C-9756-4E31-890B-491F596DDA39&apn_sauid=E0335E71-F8F3-4F6F-B596-D44DD50B5609
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.08 23:20:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.08.08 23:20:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.14 10:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.14 10:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.14 10:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.14 10:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 10:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 10:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 10:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.19 07:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Programme\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A61437B-C150-41CB-A18F-460FB092226E}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4ea332f8-e07f-11e1-91f4-001de0aa32dd}\Shell\AutoRun\command - "" = G:\Toshiba\Launcher\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.08 23:48:46 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Saskia\Desktop\OTL.exe
[2012.08.08 23:20:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.08.08 23:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.08.08 23:20:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.08.08 19:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012.08.08 19:40:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2012.08.08 18:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012.08.08 17:29:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xerox Phaser 3160
[2012.08.08 17:28:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.08 17:28:14 | 000,151,552 | ---- | C] (SS) -- C:\Windows\System32\sxp4mci.exe
[2012.08.08 17:28:13 | 000,065,536 | ---- | C] (SS) -- C:\Windows\System32\sxp4mci.dll
[2012.08.08 17:15:53 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\VMware
[2012.08.08 17:07:22 | 000,038,400 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\Windows\System32\drivers\DGIVECP.SYS
[2012.08.08 17:07:22 | 000,005,120 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\drivers\SSPORT.SYS
[2012.08.08 17:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\Xerox
[2012.08.08 16:45:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012.08.08 16:45:06 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Yahoo!
[2012.08.08 16:19:02 | 000,039,984 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmwvusb.sys
[2012.08.08 16:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2012.08.08 16:18:10 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\VMware
[2012.08.08 16:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2012.08.08 16:18:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2012.08.08 16:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\VMware
[2012.08.08 15:56:02 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\AskToolbar
[2012.08.08 13:55:59 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Malwarebytes
[2012.08.08 13:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.08 13:55:45 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.08 13:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.08 13:55:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.07 22:45:38 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Avira
[2012.08.07 22:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.08.07 22:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.08.07 22:33:03 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.08.07 22:33:02 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.08.07 22:33:02 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.08.07 22:33:02 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.08.07 22:33:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.08.07 22:33:02 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.08.07 21:58:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2012.08.07 21:58:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2012.08.07 21:58:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2012.08.07 21:39:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012.08.07 21:06:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012.08.07 20:20:03 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Adobe
[2012.08.07 19:28:56 | 000,000,000 | ---D | C] -- C:\Users\Saskia\Application Data
[2012.08.07 19:27:40 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Adobe
[2012.08.07 19:20:59 | 020,619,563 | ---- | C] (Macromedia, Inc.) -- C:\Windows\System32\acer.exe
[2012.08.07 19:20:58 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Macromedia
[2012.08.07 19:20:51 | 000,000,000 | ---D | C] -- C:\Windows\ACER
[2012.08.07 19:20:03 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Acer
[2012.08.07 19:16:27 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\PlayMovie
[2012.08.07 19:14:09 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\PowerCinema
[2012.08.07 19:14:07 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Arcade Deluxe
[2012.08.07 19:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012.08.07 19:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Arcade Deluxe
[2012.08.07 19:10:42 | 000,000,000 | ---D | C] -- C:\CLSetup
[2012.08.07 19:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GridVista
[2012.08.07 19:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Inc
[2012.08.07 18:59:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager
[2012.08.07 18:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager
[2012.08.07 18:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2012.08.07 18:59:35 | 000,491,520 | ---- | C] (SuYin) -- C:\Windows\Acer Crystal Eye webcam.EXE
[2012.08.07 18:59:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye
[2012.08.07 18:57:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\es-MX
[2012.08.07 18:57:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\es-AR
[2012.08.07 18:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2012.08.07 18:56:18 | 000,114,688 | ---- | C] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\VCryptAPI.dll
[2012.08.07 18:56:06 | 000,023,040 | ---- | C] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\ShlCmd.exe
[2012.08.07 18:55:57 | 000,331,776 | ---- | C] (Alfa Corporation) -- C:\Windows\System32\DrvCrypt.dll
[2012.08.07 18:55:57 | 000,043,184 | ---- | C] (Alfa Corporation) -- C:\Windows\System32\drivers\AlfaFF.sys
[2012.08.07 18:55:57 | 000,016,384 | ---- | C] (Alfa Corporation) -- C:\Windows\System32\AlfaFF.dll
[2012.08.07 18:55:53 | 000,192,512 | ---- | C] (Arachnoid Biometric Identification Group.) -- C:\Windows\System32\BioOne.dll
[2012.08.07 18:55:52 | 000,189,952 | ---- | C] (AuthenTec, Inc.) -- C:\Windows\System32\PBAGUI.dll
[2012.08.07 18:55:49 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Validity
[2012.08.07 18:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\Validity Sensors, Inc
[2012.08.07 18:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
[2012.08.07 18:52:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\DEU
[2012.08.07 18:51:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2012.08.07 18:51:11 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\InstallShield
[2012.08.07 18:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.08.07 18:50:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.08.07 18:50:46 | 000,000,000 | R--D | C] -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.08.07 18:50:46 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Searches
[2012.08.07 18:50:46 | 000,000,000 | R--D | C] -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.08.07 18:50:37 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Identities
[2012.08.07 18:50:35 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Contacts
[2012.08.07 18:50:03 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\VirtualStore
[2012.08.07 18:49:26 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Vorlagen
[2012.08.07 18:49:26 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\AppData\Local\Verlauf
[2012.08.07 18:49:26 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\AppData\Local\Temporary Internet Files
[2012.08.07 18:49:26 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Startmenü
[2012.08.07 18:49:26 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\SendTo
[2012.08.07 18:49:26 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Recent
[2012.08.07 18:49:26 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Netzwerkumgebung
[2012.08.07 18:49:26 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Lokale Einstellungen
[2012.08.07 18:49:26 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Documents\Eigene Videos
[2012.08.07 18:49:26 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Documents\Eigene Musik
[2012.08.07 18:49:26 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Eigene Dateien
[2012.08.07 18:49:26 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Documents\Eigene Bilder
[2012.08.07 18:49:26 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Druckumgebung
[2012.08.07 18:49:26 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Cookies
[2012.08.07 18:49:26 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\AppData\Local\Anwendungsdaten
[2012.08.07 18:49:26 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Anwendungsdaten
[2012.08.07 18:49:25 | 000,000,000 | --SD | C] -- C:\Users\Saskia\AppData\Roaming\Microsoft
[2012.08.07 18:49:25 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Videos
[2012.08.07 18:49:25 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Saved Games
[2012.08.07 18:49:25 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Pictures
[2012.08.07 18:49:25 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Music
[2012.08.07 18:49:25 | 000,000,000 | R--D | C] -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.08.07 18:49:25 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Links
[2012.08.07 18:49:25 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Favorites
[2012.08.07 18:49:25 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Downloads
[2012.08.07 18:49:25 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Documents
[2012.08.07 18:49:25 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Desktop
[2012.08.07 18:49:25 | 000,000,000 | R--D | C] -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.08.07 18:49:25 | 000,000,000 | -H-D | C] -- C:\Users\Saskia\AppData
[2012.08.07 18:49:25 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Temp
[2012.08.07 18:49:25 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Microsoft
[2012.08.07 18:49:25 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Media Center Programs
[2012.08.07 18:49:25 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector
[2012.08.07 18:49:25 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Acer GameZone Console
[2012.08.07 18:46:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.08.07 18:46:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.08.07 18:46:09 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.08.07 18:46:09 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.08.07 18:46:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.08.07 18:46:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.08.07 18:46:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.08.07 18:46:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.08.07 18:46:09 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.08.07 18:46:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.08.07 18:46:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.08 23:51:21 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.08 23:51:21 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.08 23:51:21 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.08 23:51:21 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.08 23:45:34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.08 23:45:33 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.08 23:20:47 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.08.08 21:57:15 | 000,009,887 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2012.08.08 19:46:09 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012.08.08 19:45:23 | 000,298,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.08 19:45:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.08 19:44:46 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.08 19:40:18 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012.08.08 17:06:54 | 000,026,624 | ---- | M] () -- C:\Windows\System32\sxp4ml3.dll
[2012.08.08 17:06:54 | 000,000,361 | ---- | M] () -- C:\Windows\System32\sxp4ml3.smt
[2012.08.08 17:06:48 | 000,151,552 | ---- | M] (SS) -- C:\Windows\System32\sxp4mci.exe
[2012.08.08 17:06:48 | 000,065,536 | ---- | M] (SS) -- C:\Windows\System32\sxp4mci.dll
[2012.08.08 17:06:47 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Windows\System32\drivers\DGIVECP.SYS
[2012.08.08 17:06:47 | 000,005,120 | ---- | M] (Samsung Electronics) -- C:\Windows\System32\drivers\SSPORT.SYS
[2012.08.08 16:20:10 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_vmwvusb_01009.Wdf
[2012.08.08 16:20:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012.08.08 16:18:06 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\VMware View Client.lnk
[2012.08.07 22:27:32 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012.08.07 22:01:45 | 000,196,608 | ---- | M] () -- C:\Windows\SPInstall.etl
[2012.08.07 19:19:48 | 000,000,627 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
[2012.08.07 19:14:07 | 000,002,069 | ---- | M] () -- C:\Users\Public\Desktop\Acer Arcade Deluxe.lnk
[2012.08.07 19:10:42 | 000,000,020 | ---- | M] () -- C:\Medion.ini
[2012.08.07 19:00:20 | 000,000,092 | ---- | M] () -- C:\Windows\GridV.UNI
[2012.08.07 18:59:53 | 000,000,083 | ---- | M] () -- C:\Windows\LManager.UNI
[2012.08.07 18:57:41 | 000,000,807 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
[2012.08.07 18:56:18 | 001,548,099 | ---- | M] () -- C:\Windows\System32\VMC3KAPI.dll
[2012.08.07 18:56:18 | 000,114,688 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\VCryptAPI.dll
[2012.08.07 18:56:06 | 000,023,040 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\ShlCmd.exe
[2012.08.07 18:55:57 | 000,331,776 | ---- | M] (Alfa Corporation) -- C:\Windows\System32\DrvCrypt.dll
[2012.08.07 18:55:57 | 000,043,184 | ---- | M] (Alfa Corporation) -- C:\Windows\System32\drivers\AlfaFF.sys
[2012.08.07 18:55:57 | 000,016,384 | ---- | M] (Alfa Corporation) -- C:\Windows\System32\AlfaFF.dll
[2012.08.07 18:55:53 | 000,192,512 | ---- | M] (Arachnoid Biometric Identification Group.) -- C:\Windows\System32\BioOne.dll
[2012.08.07 18:55:52 | 000,189,952 | ---- | M] (AuthenTec, Inc.) -- C:\Windows\System32\PBAGUI.dll
[2012.08.05 19:30:58 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Saskia\Desktop\OTL.exe
[2012.07.18 18:04:42 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.07.18 18:04:42 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.07.18 18:04:42 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
 
========== Files Created - No Company Name ==========
 
[2012.08.08 23:20:47 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.08.08 23:20:47 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.08.08 19:40:18 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012.08.08 18:06:28 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2012.08.08 18:06:28 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2012.08.08 18:06:28 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2012.08.08 17:28:15 | 000,026,624 | ---- | C] () -- C:\Windows\System32\sxp4ml3.dll
[2012.08.08 17:28:15 | 000,000,361 | ---- | C] () -- C:\Windows\System32\sxp4ml3.smt
[2012.08.08 16:24:17 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2012.08.08 16:20:10 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_vmwvusb_01009.Wdf
[2012.08.08 16:20:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012.08.08 16:19:43 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2012.08.08 16:18:06 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\VMware View Client.lnk
[2012.08.08 14:40:24 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
[2012.08.07 22:27:32 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012.08.07 21:13:12 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2012.08.07 21:13:09 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2012.08.07 21:13:09 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2012.08.07 21:13:06 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.08.07 21:12:53 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2012.08.07 21:12:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012.08.07 21:12:48 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2012.08.07 21:12:02 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2012.08.07 21:11:57 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2012.08.07 21:11:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.08.07 21:11:44 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012.08.07 21:11:39 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2012.08.07 21:11:38 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2012.08.07 21:11:33 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2012.08.07 21:07:56 | 000,196,608 | ---- | C] () -- C:\Windows\SPInstall.etl
[2012.08.07 19:20:58 | 083,554,304 | ---- | C] () -- C:\Windows\System32\acer.scr
[2012.08.07 19:19:48 | 000,000,627 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
[2012.08.07 19:14:07 | 000,002,069 | ---- | C] () -- C:\Users\Public\Desktop\Acer Arcade Deluxe.lnk
[2012.08.07 19:10:42 | 000,000,020 | ---- | C] () -- C:\Medion.ini
[2012.08.07 19:01:07 | 000,000,000 | ---- | C] () -- C:\Windows\System32\LogConfigTemp.xml
[2012.08.07 19:00:20 | 000,000,092 | ---- | C] () -- C:\Windows\GridV.UNI
[2012.08.07 18:59:53 | 000,000,083 | ---- | C] () -- C:\Windows\LManager.UNI
[2012.08.07 18:59:35 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2012.08.07 18:59:35 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2012.08.07 18:59:35 | 000,004,822 | ---- | C] () -- C:\Windows\Suyin.reg
[2012.08.07 18:59:35 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2012.08.07 18:57:41 | 000,000,807 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
[2012.08.07 18:56:18 | 001,548,099 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2012.08.07 18:50:49 | 000,000,953 | ---- | C] () -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.08.07 18:50:45 | 000,000,948 | ---- | C] () -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.08.07 18:50:35 | 000,000,919 | ---- | C] () -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012.08.07 18:49:25 | 000,001,850 | ---- | C] () -- C:\Users\Saskia\Desktop\Cyberlink PowerDirector.lnk
 
========== LOP Check ==========
 
[2012.08.07 19:20:03 | 000,000,000 | ---D | M] -- C:\Users\Saskia\AppData\Roaming\Acer
[2008.04.08 20:50:57 | 000,000,000 | ---D | M] -- C:\Users\Saskia\AppData\Roaming\Acer GameZone Console
[2012.08.07 18:55:49 | 000,000,000 | ---D | M] -- C:\Users\Saskia\AppData\Roaming\Validity
[2008.04.08 21:05:42 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2008.04.08 21:05:43 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2012.08.08 19:43:01 | 000,009,398 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 08.08.2012 23:49:45 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Saskia\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 31,34% Memory free
6,19 Gb Paging File | 3,53 Gb Available in Paging File | 57,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 111,52 Gb Free Space | 77,42% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 42,12 Gb Free Space | 14,13% Space Free | Partition Type: NTFS
Drive E: | 140,50 Gb Total Space | 140,41 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive H: | 3,73 Gb Total Space | 1,14 Gb Free Space | 30,56% Space Free | Partition Type: FAT32
 
Computer Name: SASKIA-LAPPI | User Name: Saskia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{343421DF-35D1-48DC-8891-74A2EA1AF2D1}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | 
"{38180B0D-5DCF-4D4A-9C2B-DCAB6D0F66A1}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe | 
"{40BBF4BB-DC0E-44A1-996D-413AFCB02684}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{4320F0A8-0650-441D-A7B1-8DF14CA16EE0}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{57F71055-E1A9-4A4C-81A6-F4262348EC48}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 
"{5B2EDAFC-D37D-436B-AF9E-BABB23C0A511}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | 
"{67E654DF-4DA3-4A60-B8C6-B400845B1A8C}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{6BCE8D82-4D75-41CB-A092-EF00305C5B11}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe | 
"{6D1240C6-94F9-4FB7-8292-1F8AD39D2AFE}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe | 
"{7613F140-46ED-4B3E-8C6E-990C7164C562}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | 
"{821E0A44-A12D-4B79-9546-8240CED23C00}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{89032CE5-CBC7-4B7C-816A-FA7B6949BA7E}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 
"{8F3641F2-A7EC-4D0D-9319-262FCC370164}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{A53A40D8-0B02-4054-96AC-EC978B41EB53}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe | 
"{AAEF00A5-D87B-40A2-A7F4-91F438346DD4}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{AB0DB6ED-994F-4861-AFCB-7574188597FE}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"{BA0540C0-ECA6-4D54-8B96-87BC15C9684C}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe | 
"{C050EF1E-9415-4F81-A536-69A8237238A0}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{C56A2D34-539F-43EF-84CC-46F21C804AC1}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | 
"{C621E9CA-8546-4BFE-A1C5-0BC7F8863DCF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{C735EF7C-C357-4450-B333-5BF08C043285}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | 
"{C9A60221-D7BF-417B-B8BF-B7BA1320191C}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{CAE1B24F-21F5-4D73-B6A3-982ECD1036B0}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | 
"{D93C5962-284C-4E93-8BA0-3F81ADEC63EC}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe | 
"{E0F2A67E-7EDE-48DC-AC48-6E538738A5AF}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | 
"{EA841B75-76A8-4BC3-AE41-3BF7DC9DE026}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{FF5C379B-B749-4773-A81B-D1CC28286ED9}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0BF78E88-A7C9-4406-89CF-0BA473BA7821}" = Orion
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.5
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{CA78EE0D-B198-46BF-80E6-89EE4D49101D}" = VMware View Client
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"Acer Acer Bio Protection 6.0.00.08" = Acer Bio Protection

AAV 6.0.00.08
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee SecurityCenter
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Xerox Phaser 3160" = Xerox Phaser 3160
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 27.12.2006 00:18:11 | Computer Name = Saskia-Lappi | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.08.2012 04:59:25 | Computer Name = Saskia-Lappi | Source = VSS | ID = 8194
Description = 
 
Error - 07.08.2012 05:00:36 | Computer Name = Saskia-Lappi | Source = VSS | ID = 8194
Description = 
 
Error - 07.08.2012 05:10:54 | Computer Name = Saskia-Lappi | Source = VSS | ID = 8194
Description = 
 
Error - 07.08.2012 05:19:21 | Computer Name = Saskia-Lappi | Source = VSS | ID = 8194
Description = 
 
Error - 07.08.2012 05:20:39 | Computer Name = Saskia-Lappi | Source = VSS | ID = 8194
Description = 
 
Error - 07.08.2012 05:25:38 | Computer Name = Saskia-Lappi | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.08.2012 05:31:19 | Computer Name = Saskia-Lappi | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.08.2012 06:15:45 | Computer Name = Saskia-Lappi | Source = McLogEvent | ID = 5051
Description = 
 
[ System Events ]
Error - 08.08.2012 01:40:30 | Computer Name = Saskia-Lappi | Source = Microsoft-Windows-Servicing | ID = 4385
Description = 
 
Error - 08.08.2012 01:40:30 | Computer Name = Saskia-Lappi | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 08.08.2012 01:40:30 | Computer Name = Saskia-Lappi | Source = Microsoft-Windows-Servicing | ID = 4385
Description = 
 
Error - 08.08.2012 01:40:30 | Computer Name = Saskia-Lappi | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 08.08.2012 01:40:30 | Computer Name = Saskia-Lappi | Source = Microsoft-Windows-Servicing | ID = 4385
Description = 
 
Error - 08.08.2012 01:40:36 | Computer Name = Saskia-Lappi | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 08.08.2012 01:44:13 | Computer Name = Saskia-Lappi | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 08.08.2012 02:42:34 | Computer Name = Saskia-Lappi | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 08.08.2012 03:07:43 | Computer Name = Saskia-Lappi | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.08.2012 04:33:31 | Computer Name = Saskia-Lappi | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
 
< End of report >

--- --- ---

Vielen Dank!
Viele Gruesse,
Xenja

Chris4You · 09.08.2012, 06:44

Hi,

ist das Ausschalten der Überwachung Absicht:

Code:

ATTFilter

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

Hast Du die Festplatte formatiert, bzw. mindestens den MBR neu geschrieben?
Der kann (bzw. wird) bei zAccess manipuliert...

MBR-Check
Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.

Vista und Win7 User mit Rechtsklick "als Administrator starten"

Das Tool braucht nur eine Sekunde.

Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste bitte den Inhalt des .txt Dokumentes

chris

Xenja · 09.08.2012, 13:50

Hallo Chris,

danke noch mal für deine Antwort.
Avira hat mich darauf hingewiesen, dass ich das ausschalten soll, da es sonst zu Konflikten kommt, soll ich das wieder einschalten?
Ich habe eine OEM-Version und natürlich die Recovery-CDs in Deutschland, bzw. hat mein DVD-Laufwerk ohnehin den Geist aufgegeben... Ich habe jetzt nur die "System auf Werkseinstellungen zurücksetzen" von Acer eRecovery gemacht. Leider habe ich bei Acer keine Infos gefunden, ob das tatsächlich formatiert. Einige Forenposts auf die ich bei meiner Suche gestoßen bin, meinten, es formatiert, allerdings konnte ich keine Größe auswählen und es ging auch recht schnell.
Von MBR habe ich gar keine Ahnung, sorry.
Hier das Logfile:
[CODE]
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Ultimate Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Acer
System Manufacturer: Acer
System Product Name: Aspire 8920
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 164):
0x81E0B000 \SystemRoot\system32\ntkrnlpa.exe
0x821C5000 \SystemRoot\system32\hal.dll
0x80403000 \SystemRoot\system32\kdcom.dll
0x8040A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047A000 \SystemRoot\system32\PSHED.dll
0x8048B000 \SystemRoot\system32\BOOTVID.dll
0x80493000 \SystemRoot\system32\CLFS.SYS
0x804D4000 \SystemRoot\system32\CI.dll
0x80601000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80672000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80680000 \SystemRoot\system32\drivers\acpi.sys
0x806C6000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806CF000 \SystemRoot\system32\drivers\msisadrv.sys
0x806D7000 \SystemRoot\system32\drivers\pci.sys
0x806FE000 \SystemRoot\System32\drivers\partmgr.sys
0x8070E000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80711000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8071B000 \SystemRoot\system32\drivers\volmgr.sys
0x8072A000 \SystemRoot\System32\drivers\volmgrx.sys
0x80774000 \SystemRoot\system32\drivers\intelide.sys
0x8077B000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80789000 \SystemRoot\System32\drivers\mountmgr.sys
0x80799000 \SystemRoot\System32\Drivers\UBHelper.sys
0x89E02000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x89ECA000 \SystemRoot\system32\drivers\atapi.sys
0x89ED2000 \SystemRoot\system32\drivers\ataport.SYS
0x89EF0000 \SystemRoot\system32\drivers\msahci.sys
0x89EFA000 \SystemRoot\system32\drivers\fltmgr.sys
0x89F2C000 \SystemRoot\system32\drivers\fileinfo.sys
0x89F3C000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x89F45000 \SystemRoot\system32\Drivers\AlfaFF.sys
0x89F4E000 \SystemRoot\system32\Drivers\ksecdd.sys
0x8A009000 \SystemRoot\system32\drivers\ndis.sys
0x8A114000 \SystemRoot\system32\drivers\msrpc.sys
0x8A13F000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A209000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A319000 \SystemRoot\system32\drivers\volsnap.sys
0x8A352000 \SystemRoot\System32\Drivers\spldr.sys
0x8A35A000 \SystemRoot\System32\Drivers\mup.sys
0x8A369000 \SystemRoot\System32\drivers\ecache.sys
0x8A390000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8A3B4000 \SystemRoot\system32\drivers\disk.sys
0x8A3C5000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A3E6000 \SystemRoot\system32\drivers\crcdisk.sys
0x8E0E5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8E0F0000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8E0F9000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8E108000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8F006000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8F729000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F7C9000 \SystemRoot\System32\drivers\watchdog.sys
0x8F7D5000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8E111000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F7E0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E14F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F7EF000 \SystemRoot\system32\DRIVERS\L1E60x86.sys
0x8F80C000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8FA84000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8FA88000 \SystemRoot\system32\DRIVERS\itecir.sys
0x8FAE0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8FAF3000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8FAFD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8FB08000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8FB37000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8FB39000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8FB44000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FB5C000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8FB64000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8FB93000 \SystemRoot\system32\DRIVERS\storport.sys
0x8FBD4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8FBDF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F800000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8E1DC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8A17A000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8A189000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8A19D000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8FC00000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x8FC89000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8FC99000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8FC9B000 \SystemRoot\system32\DRIVERS\ks.sys
0x8FCC5000 \SystemRoot\system32\DRIVERS\circlass.sys
0x8FCD3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8FCDD000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8FCEA000 \SystemRoot\System32\Drivers\vmwvusb.sys
0x8FCF7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8FD2C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90800000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8FD3D000 \SystemRoot\system32\drivers\portcls.sys
0x8FD6A000 \SystemRoot\system32\drivers\drmk.sys
0x90A0E000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x90B34000 \SystemRoot\system32\drivers\modem.sys
0x90B41000 \SystemRoot\system32\DRIVERS\hidir.sys
0x90B4C000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x90B5C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x90B63000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x90B6C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x90B74000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x90B7D000 \SystemRoot\System32\Drivers\Null.SYS
0x90B84000 \SystemRoot\System32\Drivers\Beep.SYS
0x90B8B000 \SystemRoot\System32\drivers\vga.sys
0x90B97000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x90BB8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90BC0000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90BC8000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90BD3000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90BE1000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x90E04000 \SystemRoot\System32\drivers\tcpip.sys
0x90EEE000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x90F09000 \SystemRoot\system32\drivers\vfs101x.sys
0x90F16000 \SystemRoot\System32\Drivers\Mpfp.sys
0x90F3D000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90F53000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x90F65000 \SystemRoot\system32\DRIVERS\smb.sys
0x90F79000 \SystemRoot\system32\drivers\afd.sys
0x90FC1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8FD8F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90FD8000 \SystemRoot\System32\Drivers\usbvideo.sys
0x90BEA000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90A00000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8FDC1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90FF9000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8A1B2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90E00000 \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys
0x8FDD4000 \SystemRoot\system32\drivers\nsiproxy.sys
0x807A1000 \SystemRoot\system32\drivers\csc.sys
0x8FDDE000 \SystemRoot\System32\Drivers\dfsc.sys
0x8E000000 \SystemRoot\system32\DRIVERS\avkmgr.sys
0x89FC0000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8E00C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8E019000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x8A3EF000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x95A40000 \SystemRoot\System32\win32k.sys
0x8FDF5000 \SystemRoot\System32\drivers\Dxapi.sys
0x8A1EE000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95C60000 \SystemRoot\System32\TSDDD.dll
0x95C80000 \SystemRoot\System32\cdd.dll
0x89FE5000 \SystemRoot\system32\drivers\luafv.sys
0x805B4000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x9F202000 \SystemRoot\system32\drivers\spsys.sys
0x9F2B2000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9F2C2000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9F2EC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9F2F6000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9F309000 \SystemRoot\system32\drivers\HTTP.sys
0x9F376000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9F393000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9F3AC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9F3C1000 \SystemRoot\system32\drivers\mrxdav.sys
0x805CF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA0207000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA0240000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA0258000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA0280000 \SystemRoot\System32\DRIVERS\srv.sys
0xA02DD000 \??\C:\Windows\system32\drivers\int15.sys
0xA02EE000 \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
0xA030C000 \SystemRoot\system32\drivers\peauth.sys
0xA03EA000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0x9F3E2000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0xA03F3000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA0200000 \??\C:\Windows\system32\Drivers\SSPORT.sys
0xA02CF000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA2C01000 \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
0xA2C1E000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x775B0000 \Windows\System32\ntdll.dll

Processes (total 97):
0 System Idle Process
4 System
504 C:\Windows\System32\smss.exe
640 csrss.exe
692 C:\Windows\System32\wininit.exe
700 csrss.exe
736 C:\Windows\System32\services.exe
748 C:\Windows\System32\lsass.exe
756 C:\Windows\System32\lsm.exe
868 C:\Windows\System32\winlogon.exe
940 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\nvvsvc.exe
1020 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\svchost.exe
1160 C:\Windows\System32\svchost.exe
1280 C:\Windows\System32\audiodg.exe
1308 C:\Windows\System32\svchost.exe
1336 C:\Windows\System32\SLsvc.exe
1400 C:\Windows\System32\svchost.exe
1524 C:\Windows\System32\rundll32.exe
1632 C:\Windows\System32\vfsFPService.exe
1684 C:\Windows\System32\svchost.exe
1920 C:\Windows\System32\spoolsv.exe
1944 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1956 C:\Windows\System32\svchost.exe
556 C:\Windows\System32\agrsmsvc.exe
792 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
704 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
752 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
1000 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
1184 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
1768 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2004 C:\Windows\System32\taskeng.exe
1372 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1588 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2064 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
2076 C:\ACER\Mobility Center\MobilityService.exe
2176 C:\Program Files\McAfee\MPF\MpfSrv.exe
2240 C:\Program Files\McAfee\MSK\msksrver.exe
2260 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
2324 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2396 C:\Windows\System32\svchost.exe
2420 C:\Program Files\Cyberlink\Shared files\RichVideo.exe
2440 C:\Program Files\Acer\Acer VCM\RS_Service.exe
2484 C:\Windows\System32\svchost.exe
2552 C:\Windows\System32\svchost.exe
2588 C:\Windows\System32\SearchIndexer.exe
2636 C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
2724 C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe
3148 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
3200 WmiPrvSE.exe
3208 unsecapp.exe
3272 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
3736 C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
2544 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
732 C:\Windows\System32\svchost.exe
616 C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
560 WmiPrvSE.exe
3984 C:\Program Files\McAfee.com\Agent\mcagent.exe
4044 C:\Windows\System32\taskeng.exe
3732 C:\Windows\System32\dwm.exe
3852 C:\Windows\explorer.exe
3792 C:\Windows\RtHDVCpl.exe
2904 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3536 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
4068 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
3868 C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
3012 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
2628 C:\Windows\System32\rundll32.exe
1296 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2820 C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
2984 C:\Windows\PLFSetI.exe
4052 C:\Users\Saskia\AppData\Local\Temp\RtkBtMnt.exe
4300 C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
4448 C:\Program Files\Launch Manager\LManager.exe
4456 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
4464 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
4472 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
4496 C:\Program Files\Ask.com\Updater\Updater.exe
4504 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
4520 C:\Program Files\Windows Sidebar\sidebar.exe
4528 C:\Program Files\Acer\Acer VCM\AcerVCM.exe
4580 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
4816 C:\Windows\System32\wbem\unsecapp.exe
5084 C:\Program Files\Acer\Acer VCM\acp2HID.exe
5396 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5804 C:\Program Files\McAfee\MSC\mcuimgr.exe
5988 C:\Windows\System32\taskeng.exe
4192 C:\Program Files\Mozilla Firefox\firefox.exe
3624 taskeng.exe
3380 C:\Windows\System32\SearchProtocolHost.exe
5256 C:\Windows\System32\SearchFilterHost.exe
5936 dllhost.exe
1520 dllhost.exe
5752 C:\Users\Saskia\Desktop\MBRCheck.exe
3528 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000026`82e00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11
PhysicalDrive1 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1BD01CAC429595C1D0CBBF8C10C0B8BA957B5116
298 GB \\.\PhysicalDrive1 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
[\CODE]

Befürchte nichts Gutes????

Vielen Dank für deine Hilfe!
Xenja

Chris4You · 13.08.2012, 06:32

Hi,

nein, die Prüfsumme sollte zu einem spezielle von ACER angepassten Bootcode gehören, damit wäre alles OK.

Wenn Du McAfee vollständig deinstalliert hast, sollte es eigentlich zu keinem Problem kommen... Lass mal den Remover laufen: Remover...

chris

Xenja · 14.08.2012, 13:16

Hi Chris,

oh super, danke!
Hab ich gemacht.
Sind wir dann durch? Oder muss ich noch was machen?

Viele Grüße,
Xenja

Chris4You · 14.08.2012, 15:41

Hi,

wenn sich der Rechner normal verhält, dann wären wir durch...

Aufräumen:
Backups von OTL, Avenger&Co (falls vorhanden) löschen:
Falls der Rechner einwandfrei läuft, können die Backups der
Bereinigungstools gelöscht werden (soweit vorhanden):

OLT und das Verzeichnis C:\_OTL löschen...

C:\Qoobox - loeschen und Papierkorb leeren (ComboFix Backups)

C:\avenger\backup.zip - loeschen und Papierkorb leeren (Avenger)

C:\VundoFix Backups - loeschen und Papierkorb leeren

C:\RVAXO-results.log -->Papierkorb leeren

Backupfiles von HJ liegen im HJ-Ordner
(Das Log der Killbox findest Du unter C:\!KillBox\Logs\kb.log).
Den Killer und mbrcheck kannst Du ebenfalls löschen...

MAM würde ich ich behalten und ab- und an updaten und dann einen Fullscan machen...

chris

Xenja · 17.08.2012, 13:45

Hi Chris,

ja Rechner läuft seitdem unauffällig.
Dann vielen, vielen Dank noch mal!

Viele Grüße,
Xenja

Live Security Premium eingefangen

Log-Analyse und Auswertung: Live Security Premium eingefangen