Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: System neu aufgesetzt aufgrund Virus. Laptop nun clean???

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.01.2013, 17:22   #1
Legon
 
System neu aufgesetzt aufgrund Virus. Laptop nun clean??? - Standard

System neu aufgesetzt aufgrund Virus. Laptop nun clean???



Entschuldige Cosinus, mir war nicht bewusst das ich dies als Code Tags schreiben soll... Ich habe hier (http://www.trojaner-board.de/69886-a...-beachten.html) gelesen, das ich den Inhalt der Dateien posten soll.

In anderen Threads wurde wohl auch Dateien angehängt! Bitte um Entschuldigung, war mit den etablierten Regeln nicht vertraut!

Anbei dann die aktualisierten Dateien, da mein Laptop beim Neustart meinte, er müsse 130 Windows Aktualisierungen installieren...

defogger
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:34 on 12/01/2013 (Sascha)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
OTL
Code:
ATTFilter
OTL logfile created on: 12.01.2013 16:34:59 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sascha\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 59,31% Memory free
6,22 Gb Paging File | 4,91 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 102,82 Gb Free Space | 71,38% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 140,41 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
 
Computer Name: TOPSECRET | User Name: Sascha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.12 09:39:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sascha\Desktop\OTL.exe
PRC - [2013.01.10 23:10:23 | 003,294,720 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe
PRC - [2013.01.10 23:10:14 | 003,471,360 | ---- | M] () -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe
PRC - [2013.01.10 23:10:05 | 003,607,040 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Programme\Acer\Acer Bio Protection\PdtWzd.exe
PRC - [2013.01.10 22:53:31 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Sascha\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2012.12.04 15:36:48 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.21 19:00:02 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.10 23:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.05.30 12:24:30 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2008.05.27 11:13:42 | 000,850,440 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2008.05.12 22:11:04 | 000,167,936 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2008.05.12 22:10:54 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2008.05.12 17:28:04 | 000,167,936 | ---- | M] (Acer Corp.) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2008.05.09 13:07:08 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008.04.28 08:35:36 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.03.21 12:22:52 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.03.04 22:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.03.04 22:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.16 18:35:02 | 000,081,504 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2007.12.06 15:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.12 16:28:59 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2013.01.10 23:27:45 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3041.37003__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2013.01.10 23:27:45 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3041.37065__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2013.01.10 23:27:45 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3041.37041__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2013.01.10 23:27:44 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3041.37050__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2013.01.10 23:27:44 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3041.37278__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2013.01.10 23:27:44 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3041.37235__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2013.01.10 23:27:44 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3041.37177__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2013.01.10 23:27:44 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3041.37024__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2013.01.10 23:27:41 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3041.37319__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2013.01.10 23:26:35 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3041.37326__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2013.01.10 23:26:35 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3041.37018__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2013.01.10 23:26:34 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3041.37252__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2013.01.10 23:26:30 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3041.37027__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2013.01.10 23:26:30 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3041.37072__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2013.01.10 23:26:29 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3041.37180__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2013.01.10 23:26:29 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3041.37170__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2013.01.10 23:26:29 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3041.37227__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2013.01.10 23:26:29 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3041.37087__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2013.01.10 23:26:29 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3041.37178__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2013.01.10 23:26:29 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3041.37226__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2013.01.10 23:26:28 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3041.37187__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2013.01.10 23:26:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2013.01.10 23:26:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2013.01.10 23:26:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2013.01.10 23:26:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2013.01.10 23:26:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2013.01.10 23:26:27 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2013.01.10 23:26:26 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2013.01.10 23:26:25 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2013.01.10 23:26:25 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2013.01.10 23:26:25 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2013.01.10 23:26:25 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2013.01.10 23:26:25 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll
MOD - [2013.01.10 23:26:25 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2013.01.10 23:26:24 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2013.01.10 23:26:24 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2013.01.10 23:26:24 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2013.01.10 23:26:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2013.01.10 23:26:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2013.01.10 23:26:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2013.01.10 23:26:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2013.01.10 23:26:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2013.01.10 23:26:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2013.01.10 23:26:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2013.01.10 23:26:23 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2013.01.10 23:26:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2013.01.10 23:26:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2013.01.10 23:26:21 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2013.01.10 23:26:21 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2013.01.10 23:26:21 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2013.01.10 23:26:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2013.01.10 23:26:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2013.01.10 23:26:20 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2013.01.10 23:26:20 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2013.01.10 23:26:20 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2013.01.10 23:26:20 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll
MOD - [2013.01.10 23:26:20 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2013.01.10 23:26:19 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2013.01.10 23:26:19 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2013.01.10 23:26:00 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.3041.37295_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll
MOD - [2013.01.10 23:25:57 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3041.37343__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2013.01.10 23:25:57 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3041.37359__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2013.01.10 23:25:57 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3041.36993__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2013.01.10 23:25:56 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3041.37305__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2013.01.10 23:25:56 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3041.37302__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2013.01.10 23:25:56 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2013.01.10 23:25:56 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2013.01.10 23:25:56 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2013.01.10 23:25:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2013.01.10 23:25:55 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3041.37034__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2013.01.10 23:25:55 | 000,413,696 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3041.37295__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2013.01.10 23:25:55 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3041.36994__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2013.01.10 23:25:55 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2013.01.10 23:25:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2013.01.10 23:25:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2013.01.10 23:25:53 | 001,511,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3041.37012__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2013.01.10 23:25:53 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2013.01.10 23:25:53 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3041.37304__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2013.01.10 23:25:53 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2013.01.10 23:25:52 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3041.36994__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2013.01.10 23:25:52 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3041.36990__90ba9c70f846762e\APM.Server.dll
MOD - [2013.01.10 23:25:52 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3041.36992__90ba9c70f846762e\AEM.Server.dll
MOD - [2013.01.10 23:25:52 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2012.10.05 11:59:08 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012.10.05 11:59:03 | 003,194,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012.10.05 11:59:03 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012.08.31 12:01:10 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2011.12.27 03:51:23 | 005,251,072 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2009.03.29 21:42:22 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2009.03.29 21:42:20 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2009.03.29 21:42:20 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2009.03.29 21:42:14 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.29 21:42:14 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.29 21:42:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.03.29 21:42:12 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2008.05.27 11:13:44 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll
MOD - [2008.05.20 22:15:49 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2008.05.20 22:15:48 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll
MOD - [2008.05.20 22:15:48 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
MOD - [2008.05.12 22:11:06 | 000,753,664 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008.05.12 22:11:02 | 000,007,680 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
MOD - [2008.05.09 13:06:24 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll
MOD - [2008.04.29 15:00:00 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008.04.28 08:49:20 | 000,003,072 | ---- | M] () -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
MOD - [2008.03.04 22:38:16 | 000,227,888 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2008.02.04 13:29:02 | 000,688,128 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.01.10 23:10:14 | 003,471,360 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008.03.21 12:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.03.04 22:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 18:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2007.12.06 15:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013.01.10 23:10:08 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2012.11.27 10:01:26 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.11.22 15:51:13 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.11.22 15:50:51 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.05.27 11:13:42 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2008.05.09 12:03:58 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.04.29 17:33:00 | 003,551,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.04.28 18:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008.04.28 02:26:00 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2008.04.25 10:31:26 | 000,146,688 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2008.04.15 06:56:18 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008.03.19 18:28:52 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008.02.27 12:36:02 | 000,141,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008.02.18 15:09:40 | 000,166,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.01.16 18:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2007.10.18 23:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.01.26 07:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=EIE9HP&PC=UP50
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?ocid=EIE9HP&PC=UP50
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
 
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKCU..\Run: [BrowserChoice] C:\Windows\System32\browserchoice.exe (Microsoft Corporation)
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C858BDD-EC36-4BAE-8F0E-0A5256E2D6EE}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.12 16:33:53 | 000,000,000 | ---D | C] -- C:\Users\Sascha\Desktop\Neuer Ordner
[2013.01.12 16:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2013.01.12 16:21:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2013.01.12 09:40:18 | 000,000,000 | ---D | C] -- C:\Users\Sascha\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board-Dateien
[2013.01.12 09:39:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sascha\Desktop\OTL.exe
[2013.01.11 21:04:11 | 000,000,000 | ---D | C] -- C:\Users\Sascha\Option
[2013.01.11 20:59:50 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\Seven Zip
[2013.01.11 20:14:00 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\Adobe
[2013.01.11 19:36:59 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\Avira
[2013.01.11 19:31:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.01.11 19:31:10 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.01.11 19:30:59 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.01.11 19:30:58 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.01.11 19:30:58 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.01.11 19:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.01.11 19:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.01.11 08:14:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2013.01.11 08:14:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2013.01.11 08:14:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2013.01.11 07:49:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2013.01.11 07:29:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2013.01.11 00:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2013.01.11 00:13:02 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\ATI
[2013.01.11 00:13:02 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\ATI
[2013.01.11 00:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.01.10 23:57:44 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\Macromedia
[2013.01.10 23:53:56 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\PlayMovie
[2013.01.10 23:52:36 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\PowerCinema
[2013.01.10 23:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Arcade Deluxe
[2013.01.10 23:52:26 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2013.01.10 23:46:52 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Arcade Deluxe
[2013.01.10 23:45:27 | 000,000,000 | ---D | C] -- C:\CLSetup
[2013.01.10 23:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Inc
[2013.01.10 23:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013.01.10 23:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013.01.10 23:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013.01.10 23:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\Apoint2K
[2013.01.10 23:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager
[2013.01.10 23:11:07 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager
[2013.01.10 23:10:37 | 000,114,688 | ---- | C] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\VCryptAPI.dll
[2013.01.10 23:10:24 | 000,023,040 | ---- | C] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\ShlCmd.exe
[2013.01.10 23:10:08 | 000,331,776 | ---- | C] (Alfa Corporation) -- C:\Windows\System32\DrvCrypt.dll
[2013.01.10 23:10:08 | 000,043,184 | ---- | C] (Alfa Corporation) -- C:\Windows\System32\drivers\AlfaFF.sys
[2013.01.10 23:10:08 | 000,016,384 | ---- | C] (Alfa Corporation) -- C:\Windows\System32\AlfaFF.dll
[2013.01.10 23:10:02 | 000,208,896 | ---- | C] (ABIG) -- C:\Windows\System32\ATSC70PBA.dll
[2013.01.10 23:10:02 | 000,189,952 | ---- | C] (AuthenTec, Inc.) -- C:\Windows\System32\PBAGUI.dll
[2013.01.10 23:09:15 | 000,146,688 | ---- | C] (AuthenTec, Inc.) -- C:\Windows\System32\drivers\atswpdrv.sys
[2013.01.10 23:09:08 | 000,000,000 | ---D | C] -- C:\Program Files\Fingerprint Sensor
[2013.01.10 23:09:05 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2013.01.10 22:53:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.10 22:53:06 | 000,000,000 | R--D | C] -- C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.01.10 22:53:06 | 000,000,000 | R--D | C] -- C:\Users\Sascha\Searches
[2013.01.10 22:53:06 | 000,000,000 | R--D | C] -- C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.01.10 22:52:55 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\Identities
[2013.01.10 22:52:53 | 000,000,000 | R--D | C] -- C:\Users\Sascha\Contacts
[2013.01.10 22:52:38 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\VirtualStore
[2013.01.10 22:51:41 | 000,000,000 | --SD | C] -- C:\Users\Sascha\AppData\Roaming\Microsoft
[2013.01.10 22:51:41 | 000,000,000 | R--D | C] -- C:\Users\Sascha\Videos
[2013.01.10 22:51:41 | 000,000,000 | R--D | C] -- C:\Users\Sascha\Saved Games
[2013.01.10 22:51:41 | 000,000,000 | R--D | C] -- C:\Users\Sascha\Pictures
[2013.01.10 22:51:41 | 000,000,000 | R--D | C] -- C:\Users\Sascha\Music
[2013.01.10 22:51:41 | 000,000,000 | R--D | C] -- C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.01.10 22:51:41 | 000,000,000 | R--D | C] -- C:\Users\Sascha\Links
[2013.01.10 22:51:41 | 000,000,000 | R--D | C] -- C:\Users\Sascha\Favorites
[2013.01.10 22:51:41 | 000,000,000 | R--D | C] -- C:\Users\Sascha\Downloads
[2013.01.10 22:51:41 | 000,000,000 | R--D | C] -- C:\Users\Sascha\Documents
[2013.01.10 22:51:41 | 000,000,000 | R--D | C] -- C:\Users\Sascha\Desktop
[2013.01.10 22:51:41 | 000,000,000 | R--D | C] -- C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.01.10 22:51:41 | 000,000,000 | -HSD | C] -- C:\Users\Sascha\Vorlagen
[2013.01.10 22:51:41 | 000,000,000 | -HSD | C] -- C:\Users\Sascha\AppData\Local\Verlauf
[2013.01.10 22:51:41 | 000,000,000 | -HSD | C] -- C:\Users\Sascha\AppData\Local\Temporary Internet Files
[2013.01.10 22:51:41 | 000,000,000 | -HSD | C] -- C:\Users\Sascha\Startmenü
[2013.01.10 22:51:41 | 000,000,000 | -HSD | C] -- C:\Users\Sascha\SendTo
[2013.01.10 22:51:41 | 000,000,000 | -HSD | C] -- C:\Users\Sascha\Recent
[2013.01.10 22:51:41 | 000,000,000 | -HSD | C] -- C:\Users\Sascha\Netzwerkumgebung
[2013.01.10 22:51:41 | 000,000,000 | -HSD | C] -- C:\Users\Sascha\Lokale Einstellungen
[2013.01.10 22:51:41 | 000,000,000 | -HSD | C] -- C:\Users\Sascha\Documents\Eigene Videos
[2013.01.10 22:51:41 | 000,000,000 | -HSD | C] -- C:\Users\Sascha\Documents\Eigene Musik
[2013.01.10 22:51:41 | 000,000,000 | -HSD | C] -- C:\Users\Sascha\Eigene Dateien
[2013.01.10 22:51:41 | 000,000,000 | -HSD | C] -- C:\Users\Sascha\Documents\Eigene Bilder
[2013.01.10 22:51:41 | 000,000,000 | -HSD | C] -- C:\Users\Sascha\Druckumgebung
[2013.01.10 22:51:41 | 000,000,000 | -HSD | C] -- C:\Users\Sascha\Cookies
[2013.01.10 22:51:41 | 000,000,000 | -HSD | C] -- C:\Users\Sascha\AppData\Local\Anwendungsdaten
[2013.01.10 22:51:41 | 000,000,000 | -HSD | C] -- C:\Users\Sascha\Anwendungsdaten
[2013.01.10 22:51:41 | 000,000,000 | -H-D | C] -- C:\Users\Sascha\AppData
[2013.01.10 22:51:41 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\Temp
[2013.01.10 22:51:41 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\Microsoft
[2013.01.10 22:51:41 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\Media Center Programs
[2013.01.10 22:51:41 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\Acer GameZone Console
[2013.01.10 22:49:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.01.10 22:49:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.01.10 22:49:15 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.01.10 22:49:15 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.01.10 22:49:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.01.10 22:49:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.01.10 22:49:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.01.10 22:49:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.01.10 22:49:15 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.01.10 22:49:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.01.10 22:49:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.01.10 21:36:34 | 000,000,000 | ---D | C] -- C:\Windows\BUVC_AP
[2013.01.10 21:36:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye webcam
[2013.01.10 21:34:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2013.01.10 21:34:37 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2013.01.10 21:32:51 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.12 16:33:54 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.12 16:33:54 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.12 16:33:54 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.12 16:33:54 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.12 16:28:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.12 16:28:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.12 16:27:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2013.01.12 16:26:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.12 16:26:28 | 000,295,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.12 16:25:27 | 3219,570,688 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.12 09:41:07 | 000,000,000 | ---- | M] () -- C:\Users\Sascha\defogger_reenable
[2013.01.12 09:40:18 | 000,064,323 | ---- | M] () -- C:\Users\Sascha\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.htm
[2013.01.12 09:39:42 | 000,365,568 | ---- | M] () -- C:\Users\Sascha\Desktop\gmer-2.0.18444.exe
[2013.01.12 09:39:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sascha\Desktop\OTL.exe
[2013.01.12 09:38:31 | 000,050,477 | ---- | M] () -- C:\Users\Sascha\Desktop\Defogger.exe
[2013.01.11 21:38:18 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2013.01.11 21:38:18 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2013.01.11 21:38:04 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.01.11 21:34:46 | 001,309,973 | ---- | M] () -- C:\Users\Sascha\Desktop\Brooklyn Bridge.jpg
[2013.01.11 19:31:25 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.01.11 07:22:07 | 000,005,632 | ---- | M] () -- C:\Users\Sascha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.11 00:07:51 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2013.01.10 23:53:56 | 000,000,680 | ---- | M] () -- C:\Users\Sascha\AppData\Local\d3d9caps.dat
[2013.01.10 23:52:33 | 000,002,069 | ---- | M] () -- C:\Users\Public\Desktop\Acer Arcade Deluxe.lnk
[2013.01.10 23:45:27 | 000,000,020 | ---- | M] () -- C:\Medion.ini
[2013.01.10 23:15:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2013.01.10 23:11:12 | 000,000,083 | ---- | M] () -- C:\Windows\LManager.UNI
[2013.01.10 23:10:37 | 001,548,099 | ---- | M] () -- C:\Windows\System32\VMC3KAPI.dll
[2013.01.10 23:10:37 | 000,114,688 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\VCryptAPI.dll
[2013.01.10 23:10:24 | 000,023,040 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\ShlCmd.exe
[2013.01.10 23:10:08 | 000,331,776 | ---- | M] (Alfa Corporation) -- C:\Windows\System32\DrvCrypt.dll
[2013.01.10 23:10:08 | 000,043,184 | ---- | M] (Alfa Corporation) -- C:\Windows\System32\drivers\AlfaFF.sys
[2013.01.10 23:10:08 | 000,016,384 | ---- | M] (Alfa Corporation) -- C:\Windows\System32\AlfaFF.dll
[2013.01.10 23:10:02 | 000,208,896 | ---- | M] (ABIG) -- C:\Windows\System32\ATSC70PBA.dll
[2013.01.10 23:10:02 | 000,189,952 | ---- | M] (AuthenTec, Inc.) -- C:\Windows\System32\PBAGUI.dll
[2013.01.10 22:52:12 | 000,000,000 | ---- | M] () -- C:\Windows\AcerStore.TAG
[2013.01.10 21:47:25 | 000,060,826 | ---- | M] () -- C:\Windows\System32\license.rtf
[2013.01.10 21:35:09 | 000,000,125 | ---- | M] () -- C:\Windows\xUninstall.bat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.12 11:29:37 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.01.12 11:29:37 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.01.12 11:23:38 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2013.01.12 11:23:38 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2013.01.12 11:23:37 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2013.01.12 09:41:07 | 000,000,000 | ---- | C] () -- C:\Users\Sascha\defogger_reenable
[2013.01.12 09:40:18 | 000,064,323 | ---- | C] () -- C:\Users\Sascha\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.htm
[2013.01.12 09:39:41 | 000,365,568 | ---- | C] () -- C:\Users\Sascha\Desktop\gmer-2.0.18444.exe
[2013.01.12 09:38:31 | 000,050,477 | ---- | C] () -- C:\Users\Sascha\Desktop\Defogger.exe
[2013.01.11 23:27:15 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2013.01.11 21:38:04 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.01.11 21:35:24 | 001,309,973 | ---- | C] () -- C:\Users\Sascha\Desktop\Brooklyn Bridge.jpg
[2013.01.11 19:31:25 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.01.11 07:33:02 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2013.01.11 07:32:59 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2013.01.11 07:32:59 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2013.01.11 07:32:43 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2013.01.11 07:32:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2013.01.11 07:32:38 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2013.01.11 07:31:59 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2013.01.11 07:31:54 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2013.01.11 07:31:41 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2013.01.11 07:31:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2013.01.11 07:31:37 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2013.01.11 07:31:36 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2013.01.11 07:31:31 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2013.01.11 07:22:00 | 000,005,632 | ---- | C] () -- C:\Users\Sascha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.11 00:07:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.01.10 23:52:33 | 000,002,069 | ---- | C] () -- C:\Users\Public\Desktop\Acer Arcade Deluxe.lnk
[2013.01.10 23:45:27 | 000,000,020 | ---- | C] () -- C:\Medion.ini
[2013.01.10 23:30:54 | 000,000,000 | ---- | C] () -- C:\Windows\System32\LogConfigTemp.xml
[2013.01.10 23:15:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2013.01.10 23:11:12 | 000,000,083 | ---- | C] () -- C:\Windows\LManager.UNI
[2013.01.10 23:10:37 | 001,548,099 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2013.01.10 22:53:08 | 000,000,953 | ---- | C] () -- C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.01.10 22:53:05 | 000,000,948 | ---- | C] () -- C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013.01.10 22:52:51 | 000,000,919 | ---- | C] () -- C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2013.01.10 22:52:12 | 000,000,000 | ---- | C] () -- C:\Windows\AcerStore.TAG
[2013.01.10 22:51:52 | 3219,570,688 | -HS- | C] () -- C:\hiberfil.sys
[2013.01.10 22:51:46 | 000,000,680 | ---- | C] () -- C:\Users\Sascha\AppData\Local\d3d9caps.dat
[2013.01.10 22:51:41 | 000,000,258 | ---- | C] () -- C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shows Desktop.lnk
[2013.01.10 22:51:41 | 000,000,240 | ---- | C] () -- C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Window Switcher.lnk
 
========== ZeroAccess Check ==========
 
[2008.05.20 22:32:47 | 000,003,979 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2341723083-3898974280-1084160862-1000\$R8F020Z\Agatha Christie Death on the Nile\gameres\rooms\simon\images\n.png
[2008.05.20 22:32:47 | 000,002,550 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2341723083-3898974280-1084160862-1000\$R8F020Z\Agatha Christie Death on the Nile\gameres\rooms\simon\images\u.png
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008.05.20 22:42:38 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Acer GameZone Console
 
========== Purity Check ==========
 
 

< End of report >
         
gmer
Code:
ATTFilter
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-12 17:15:19
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000061 WDC_WD32 rev.1.11 298,09GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Sascha\AppData\Local\Temp\kxlyypoc.sys


---- System - GMER 2.0 ----

SSDT   8037DA4E                                                                    ZwCreateSection
SSDT   8037DA58                                                                    ZwRequestWaitReplyPort
SSDT   8037DA53                                                                    ZwSetContextThread
SSDT   8037DA5D                                                                    ZwSetSecurityObject
SSDT   8037DA62                                                                    ZwSystemDebugControl
SSDT   8037D9EF                                                                    ZwTerminateProcess

---- Kernel code sections - GMER 2.0 ----

.text  ntkrnlpa.exe!KeSetEvent + 215                                               822B98D8 4 Bytes  [4E, DA, 37, 80]
.text  ntkrnlpa.exe!KeSetEvent + 539                                               822B9BFC 4 Bytes  [58, DA, 37, 80]
.text  ntkrnlpa.exe!KeSetEvent + 56D                                               822B9C30 4 Bytes  [53, DA, 37, 80]
.text  ntkrnlpa.exe!KeSetEvent + 5D1                                               822B9C94 4 Bytes  [5D, DA, 37, 80]
.text  ntkrnlpa.exe!KeSetEvent + 619                                               822B9CDC 4 Bytes  [62, DA, 37, 80]
.text  ...                                                                         
.text  C:\Windows\system32\DRIVERS\atikmdag.sys                                    section is writeable [0x8F80F000, 0x1FB57A, 0xE8000020]
       C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl                       entry point in "" section [0x9D14341C]
.clc   C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl                       unknown last code section [0x9D144000, 0x1000, 0xE0000020]

---- User code sections - GMER 2.0 ----

.text  C:\Windows\Explorer.EXE[1852] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5  75F9B37C 4 Bytes  [50, 26, 00, 10] {PUSH EAX; ADD [ES:EAX], DL}
.text  C:\Windows\Explorer.EXE[1852] SHELL32.dll!ShellExecuteExW + 18B7            75FCDA14 4 Bytes  [70, 1D, 00, 10] {JO 0x1f; ADD [EAX], DL}

---- EOF - GMER 2.0 ----
         

Ich hoffe das nun alles richtig gepostet wurde!

Danke...

Geändert von Legon (12.01.2013 um 17:26 Uhr) Grund: Link eingefügt

Antwort

Themen zu System neu aufgesetzt aufgrund Virus. Laptop nun clean???
acer, clean, datei, daten, explorer, festplatte, festplatten, forum, frage, internet, internet explorer, jahre, laptop, logfiles, neu, platte, probleme, super, system, system neu, unbekannt, updates, upload, virus, windows, windows updates




Ähnliche Themen: System neu aufgesetzt aufgrund Virus. Laptop nun clean???


  1. Laptop neu aufgesetzt - nichts funktioniert
    Alles rund um Windows - 15.12.2014 (3)
  2. Laptop neu aufgesetzt und nun dauernd Festplatte (C:) voll...
    Alles rund um Windows - 22.11.2014 (6)
  3. Yahoo verschickt erneut Spam - obwohl Laptop neu aufgesetzt
    Log-Analyse und Auswertung - 04.08.2014 (9)
  4. Laptop neu aufgesetzt. Wie vorgehen um Schutz zu gewährleisten?
    Antiviren-, Firewall- und andere Schutzprogramme - 15.12.2013 (3)
  5. System neu aufgesetzt. Was hat das log zu bedeuten?
    Plagegeister aller Art und deren Bekämpfung - 21.11.2013 (19)
  6. Virus Advanced System Protector & Reg Clean Pro
    Plagegeister aller Art und deren Bekämpfung - 19.09.2013 (8)
  7. System neu aufgesetzt, mehrere MBR Laufwerke?
    Plagegeister aller Art und deren Bekämpfung - 20.06.2013 (9)
  8. Laptop gesperrt aufgrund von Trojanern (Geldzahlung verlangt zur Entsperrung)
    Log-Analyse und Auswertung - 25.02.2013 (19)
  9. Microsoft Security Essentials sperrt meinen Laptop aufgrund von Virenfunden.
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (2)
  10. BKA Virus Juli 2012 Österreich System wieder clean?
    Log-Analyse und Auswertung - 24.07.2012 (12)
  11. mediashifting.com: system neu aufgesetzt - unsicher, ob system wieder sauber ist
    Plagegeister aller Art und deren Bekämpfung - 05.01.2012 (7)
  12. flacor.dat -> System neu aufgesetzt
    Plagegeister aller Art und deren Bekämpfung - 29.08.2010 (1)
  13. System neu aufgesetzt nach Trojanerbefall
    Log-Analyse und Auswertung - 07.10.2008 (1)
  14. Log-File aufgrund von rosa Bildschirm und komplett lahmgelegtem Laptop
    Log-Analyse und Auswertung - 08.10.2007 (1)
  15. System neu aufgesetzt und dennoch Probleme
    Plagegeister aller Art und deren Bekämpfung - 18.10.2006 (2)
  16. System neu aufgesetzt - ist es sauber?
    Log-Analyse und Auswertung - 26.04.2006 (9)
  17. system neu aufgesetzt
    Log-Analyse und Auswertung - 01.03.2005 (6)

Zum Thema System neu aufgesetzt aufgrund Virus. Laptop nun clean??? - Entschuldige Cosinus, mir war nicht bewusst das ich dies als Code Tags schreiben soll... Ich habe hier ( http://www.trojaner-board.de/69886-a...-beachten.html ) gelesen, das ich den Inhalt der Dateien posten soll. In - System neu aufgesetzt aufgrund Virus. Laptop nun clean???...
Archiv
Du betrachtest: System neu aufgesetzt aufgrund Virus. Laptop nun clean??? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.