Hallo,
Ich habe bei dieser seite http://v.sometrics.com/landing.php?z...tyle=wall&tag=
etwas downgeloadet(Die datei finde ich nirgends) danach kam mir eine meldung trojan.win32.agent
entdeckt.Wollte es desinfizieren es ging nicht,danach habe ich das antivir laufen lassen es hat das trojan.win32.agent entdeckt,und ich habe es desinfiziert.Doch bei meiner firewall gibt es eine ein und ausgehende Verbindung mit dem Namen Agent nämlich:agentsvc.exe Listening Port Udp 10001 remote adress 0.0.0/0 Und es gibt noch eins doch statt Udp Steht Tcp.
wenn ich auf eigenschaften gehe kommt mir dieser speicherplatz:
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
Ich habe auch malwarebytes Anti-Malware downgelaodet findet aber auch nichts.Und die obengenannte datei bei virustotal geschickt da kam mir diese meldung:

Datei Agentsvc.exe empfangen 2009.10.20 18:24:51 (UTC)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt


Ergebnis: 0/41 (0%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: 1.
Geschätzte Startzeit ist zwischen 43 und 62 Sekunden.
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Drucken der Ergebnisse Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.
SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist. Email:


Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.41 2009.10.20 -
AhnLab-V3 5.0.0.2 2009.10.20 -
AntiVir 7.9.1.35 2009.10.20 -
Antiy-AVL 2.0.3.7 2009.10.20 -
Authentium 5.1.2.4 2009.10.20 -
Avast 4.8.1351.0 2009.10.20 -
AVG 8.5.0.420 2009.10.20 -
BitDefender 7.2 2009.10.20 -
CAT-QuickHeal 10.00 2009.10.20 -
ClamAV 0.94.1 2009.10.20 -
Comodo 2668 2009.10.20 -
DrWeb 5.0.0.12182 2009.10.20 -
eSafe 7.0.17.0 2009.10.19 -
eTrust-Vet 35.1.7075 2009.10.19 -
F-Prot 4.5.1.85 2009.10.20 -
F-Secure 9.0.15300.0 2009.10.20 -
Fortinet 3.120.0.0 2009.10.20 -
GData 19 2009.10.20 -
Ikarus T3.1.1.72.0 2009.10.20 -
Jiangmin 11.0.800 2009.10.20 -
K7AntiVirus 7.10.875 2009.10.20 -
Kaspersky 7.0.0.125 2009.10.20 -
McAfee 5777 2009.10.20 -
McAfee+Artemis 5777 2009.10.20 -
McAfee-GW-Edition 6.8.5 2009.10.20 -
Microsoft 1.5101 2009.10.20 -
NOD32 4527 2009.10.20 -
Norman 6.03.02 2009.10.20 -
nProtect 2009.1.8.0 2009.10.20 -
Panda 10.0.2.2 2009.10.20 -
PCTools 4.4.2.0 2009.10.19 -
Prevx 3.0 2009.10.20 -
Rising 21.52.14.00 2009.10.20 -
Sophos 4.46.0 2009.10.20 -
Sunbelt 3.2.1858.2 2009.10.20 -
Symantec 1.4.4.12 2009.10.20 -
TheHacker 6.5.0.2.049 2009.10.20 -
TrendMicro 8.950.0.1094 2009.10.20 -
VBA32 3.12.10.11 2009.10.20 -
ViRobot 2009.10.20.1996 2009.10.20 -
VirusBuster 4.6.5.0 2009.10.20 -
weitere Informationen
File size: 16384 bytes
MD5...: 09e6affae6c0e9158bf05c7d08d0107a
SHA1..: 9e43fd821f9244b5f6524b47530af62308e6a75f
SHA256: 05524526ebd5f42f58404a698f397cd7cbc2cbb5f7211ab6b5 c2691a87983a24
ssdeep: 192:WHs/wFiZUPLikY8zJFuEHygOIwGIJyguJGX/Mc9xSJ6uSuMi8cIxn1CfHNHM
G1UO:GsOPeDaJERIwGt/Gr9AdIjCfpMG3LF

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x21e4
timedatestamp.....: 0x47cc4d51 (Mon Mar 03 19:11:13 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x16da 0x1800 5.75 8018545e7efae525c3189b0e09cb29fa
.rdata 0x3000 0x1dca 0x1e00 5.41 40de070048af717a0b1287642d574741
.data 0x5000 0x1f0 0x200 4.08 a0328d0e008fbd9c515384f4f9ec9058
.rsrc 0x6000 0x3e0 0x400 3.27 0c925334adf9eb3dd158d1203c2ec7b2

( 5 imports )
> ADVAPI32.dll: StartServiceCtrlDispatcherA, RegisterServiceCtrlHandlerA, OpenSCManagerA, OpenServiceA, ChangeServiceConfig2A, CloseServiceHandle, RegOpenKeyExA, RegQueryValueExA, RegCloseKey
> ACE.dll: __0ACE_Argv_Type_Converter@@QAE@AAHPAPAD@Z, _name@ACE_NT_Service@@QAEXPBD0@Z, _insert@ACE_NT_Service@@QAEHKKPBD0PAK000@Z, _remove@ACE_NT_Service@@QAEHXZ, _start_svc@ACE_NT_Service@@QAEHPAVACE_Time_Value@@ PAKKPAPBD@Z, _stop_svc@ACE_NT_Service@@QAEHPAVACE_Time_Value@@P AK@Z, _startup@ACE_NT_Service@@QAEHK@Z, _capture_log_msg_attributes@ACE_NT_Service@@QAEXXZ , _starting_up@ACE_Object_Manager@@SAHXZ, _shutting_down@ACE_Object_Manager@@SAHXZ, _info@ACE_Shared_Object@@UBEHPAPADI@Z, _fini@ACE_NT_Service@@UAEHXZ, _interrogate_requested@ACE_NT_Service@@MAEXK@Z, _continue_requested@ACE_NT_Service@@MAEXK@Z, _pause_requested@ACE_NT_Service@@MAEXK@Z, _stop_requested@ACE_NT_Service@@MAEXK@Z, _wait@ACE_Task_Base@@UAEHXZ, _activate@ACE_Task_Base@@UAEHJHHJHPAV1@QAPAX1QAIQA K@Z, _put@ACE_Task_Base@@UAEHPAVACE_Message_Block@@PAVA CE_Time_Value@@@Z, _module_closed@ACE_Task_Base@@UAEHXZ, _close@ACE_Task_Base@@UAEHK@Z, _open@ACE_NT_Service@@UAEHPAX@Z, _resume@ACE_Task_Base@@UAEHXZ, _suspend@ACE_Task_Base@@UAEHXZ, _remove_reference@ACE_Event_Handler@@UAEJXZ, _add_reference@ACE_Event_Handler@@UAEJXZ, _reactor_timer_interface@ACE_Event_Handler@@UBEPAV ACE_Reactor_Timer_Interface@@XZ, _reactor@ACE_Event_Handler@@UAEXPAVACE_Reactor@@@Z , _reactor@ACE_Event_Handler@@UBEPAVACE_Reactor@@XZ, _handle_group_qos@ACE_Event_Handler@@UAEHPAX@Z, _handle_qos@ACE_Event_Handler@@UAEHPAX@Z, _resume_handler@ACE_Event_Handler@@UAEHXZ, _handle_signal@ACE_Event_Handler@@UAEHHPAUsiginfo_ t@@PAH@Z, _handle_close@ACE_Event_Handler@@UAEHPAXK@Z, _handle_exit@ACE_Event_Handler@@UAEHPAVACE_Process @@@Z, _handle_timeout@ACE_Event_Handler@@UAEHABVACE_Time _Value@@PBX@Z, _handle_output@ACE_Event_Handler@@UAEHPAX@Z, _handle_input@ACE_Event_Handler@@UAEHPAX@Z, _priority@ACE_Event_Handler@@UBEHXZ, _priority@ACE_Event_Handler@@UAEXH@Z, _set_handle@ACE_Event_Handler@@UAEXPAX@Z, _get_handle@ACE_Event_Handler@@UBEPAXXZ, __0ACE_NT_Service@@QAE@KKK@Z, __1ACE_NT_Service@@UAE@XZ, _free@ACE_OS@@YAXPAX@Z, _end_event_loop@ACE_Reactor@@SAHXZ, _report_status@ACE_NT_Service@@IAEHKK@Z, _handle_control@ACE_NT_Service@@UAEXK@Z, __1ACE_ARGV@@QAE@XZ, _argv@ACE_ARGV@@QAEPAPADXZ, _malloc@ACE_OS@@YAPAXI@Z, __0ACE_ARGV@@QAE@QBDH@Z, _run_event_loop@ACE_Reactor@@SAHXZ, __1ACE_Argv_Type_Converter@@QAE@XZ, _log@ACE_Log_Msg@@QAAHW4ACE_Log_Priority@@PBDZZ, _process_file@ACE_Service_Config@@SAHQBD@Z, _strsncpy@ACE_OS@@YAPADPADPBDI@Z, _conditional_set@ACE_Log_Msg@@QAEXPBDHHH@Z, _instance@ACE_Log_Msg@@SAPAV1@XZ, _last_error_adapter@ACE_Log_Msg@@SAHXZ, _open_i@ACE_Service_Config@@SAHQBDPBDHH@Z, _parse_args@ACE_Service_Config@@SAHHQAPAD@Z, _no_static_svcs_@ACE_Service_Config@@0HA, _get_singleton_lock@ACE_Object_Manager@@SAHAAPAVAC E_Recursive_Thread_Mutex@@@Z, _inherit_log_msg_attributes@ACE_NT_Service@@QAEXXZ , _fprintf@ACE_OS@@YAHPAU_iobuf@@PBDZZ, __1ACE_Get_Opt@@QAE@XZ, __RACE_Get_Opt@@QAEHXZ, __0ACE_Get_Opt@@QAE@HPAPADPBDHHHH@Z, _acquire@ACE_Recursive_Thread_Mutex@@QAEHXZ, _release@ACE_Recursive_Thread_Mutex@@QAEHXZ, __1ACE_Cleanup@@UAE@XZ, _ace_os_main_i@@YAHAAVACE_Main_Base@@HQAPAD@Z, _at_exit_i@ACE_Object_Manager@@AAEHPAXP6AX00@Z0@Z, _instance@ACE_Object_Manager@@SAPAV1@XZ, ace_cleanup_destroyer
> MSVCP71.dll: __Nomemory@std@@YAXXZ
> MSVCR71.dll: __1type_info@@UAE@XZ, _c_exit, _exit, _XcptFilter, _cexit, exit, __p___initenv, _amsg_exit, __getmainargs, _callnewh, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _terminate@@YAXXZ, __dllonexit, _onexit, _controlfp, malloc, _iob, atoi, __3@YAXPAX@Z, __CxxFrameHandler, strrchr, _errno, _initterm, _strdup
> KERNEL32.dll: GetModuleFileNameA, GetModuleHandleA, SetConsoleCtrlHandler, LocalFree, FormatMessageA, SetLastError, GetLastError

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: NewTech Infosystems, Inc.
copyright....: Copyright (c) 2005-2007, NewTech Infosystems, Inc. All rights reserved.
product......: NTI Backup Now 5
description..: NTI Backup Now 5 Agent service.
original name: agentsvc
internal name: NtStarter
file version.: 5.1.2.1
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned



ACHTUNG: VirusTotal ist ein kostenloser Dienst bereitgestellt von Hispasec Sistemas. Es gibt keine Garantie zur Verfügbarkeit sowie Fortbestehen der Dienstleistung. Obwohl die Erkennungsrate mehrerer Antivirus-Engines besser ist als nur durch ein Produkt, garantieren die Ergebnisse des Scans nicht die Harmlosigkeit einer Datei. Gegenwärtig gibt es keine Lösung, welche eine Erkennungsrate aller Viren und Malware zu 100% bietet.

Ich denke ich habe noch ein virus bzw. ich finde es nicht weil oben steht am 20.10 ist die datei und an dem tag habe ich den virus installiert.
Bitte helft mir

Danke schon im Voraus.

Hallo,

Zitat:

etwas downgeloadet(Die datei finde ich nirgends) danach kam mir eine meldung trojan.win32.agent
entdeckt.Wollte es desinfizieren es ging nicht,danach habe ich das antivir laufen lassen es hat das trojan.win32.agent entdeckt,

Bitte bei Meldungen zu Viren immer die genauen Schädlingsnamen und Pfadangaben notieren und hier posten!
Danach mal diese Liste beachten und abarbeiten. Beim Scan mit MalwareBytes auch alle externen Speicher (ext. Platten, USB-Sticks, ... mit anklemmen!!, es sollten aktuelle Signaturen geladen und der vollständige Suchlauf aktiviert sein.

Die Logfiles kannst Du zB alle in eine Datei zippen und auf File-Upload.net hochladen und hier verlinken, denn 1. sind manche Logfiles fürs Board nämlich zu groß und 2. kann ich mit einem Klick mir gleich alle auf einmal runterladen.

Zitat:

Zitat von cosinus

Hallo,


Bitte bei Meldungen zu Viren immer die genauen Schädlingsnamen und Pfadangaben notieren und hier posten!
Danach mal diese Liste beachten und abarbeiten. Beim Scan mit MalwareBytes auch alle externen Speicher (ext. Platten, USB-Sticks, ... mit anklemmen!!, es sollten aktuelle Signaturen geladen und der vollständige Suchlauf aktiviert sein.

Die Logfiles kannst Du zB alle in eine Datei zippen und auf File-Upload.net hochladen und hier verlinken, denn 1. sind manche Logfiles fürs Board nämlich zu groß und 2. kann ich mit einem Klick mir gleich alle auf einmal runterladen.

ich verstehe nicht was du meinst

und malwarebyte findet immer noch keine schädlichen sachen

Zitat:

Zitat von Lachern

und malwarebyte findet immer noch keine schädlichen sachen

bei CCleaner konnte alles erfolgreich durchgeführt werden.

Lies einfach bitte die Anleitung genau durch. Nimm Dir dafür etwas Zeit. Wenn Dir das zu viel/zulästig/whatever ist, können wir Dir hier leider nicht helfen

Mit Malwarebytes hab ich nur erwähnt, weil aus Deinem ersten Posting nichts herausgegangen ist und Du auch keine Log gepostet hast.

Zitat:

Zitat von cosinus

Lies einfach bitte die Anleitung genau durch. Nimm Dir dafür etwas Zeit. Wenn Dir das zu viel/zulästig/whatever ist, können wir Dir hier leider nicht helfen

Mit Malwarebytes hab ich nur erwähnt, weil aus Deinem ersten Posting nichts herausgegangen ist und Du auch keine Log gepostet hast.

ich habe es mit maleware gescannt aber es hat nichts gefunden

Ich meinte die komplette Anleitung - hast Du RSIT ignoriert?

Zitat:

Zitat von cosinus

Ich meinte die komplette Anleitung - hast Du RSIT ignoriert?

also das steht da

Logfile of random's system information tool 1.06 (written by random/random)
Run by David at 2009-10-28 11:10:39
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 44 GB (30%) free of 148 GB
Total RAM: 3066 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:35, on 28.10.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\David\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Windows\PLFSetI.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Bluewin Security\Common\FSM32.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ANYCOM\Bluetooth-USB\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Bluewin Security\FSGUI\fsguidll.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Bluewin Security\FSGUI\scanwizard.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZWXZ8VT\RSIT[1].exe
C:\Program Files\trend micro\David.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/ig?hl=de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Bluewin Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Bluewin Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; eSobiSubscriber 2.0.4.16; .NET CLR 3.5.30729; OfficeLiveConnector.1.4; OfficeLivePatch.1.3; .NET CLR 3.0.30729)" -"http://www.miniclip.com/games/leo-steel/en/"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm
O9 - Extra button: Erwachsene... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Bluewin Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Bluewin Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Erwachsene... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Bluewin Security\FSPC\fspcmsie.dll
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2EF98DE5-183F-11D4-83EC-EC6A1DB6E213} (DynaGeoX Element) - http://www.dynageo.de/download/dynageoviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-CH/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A250EB2-C942-40C9-8010-CEC49AE5F15E}: NameServer = 195.186.1.111,195.186.4.111
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Bluewin Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Bluewin Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Bluewin Security\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Bluewin Security\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Bluewin Security\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate1c9f1cd98326900) (gupdate1c9f1cd98326900) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 15576 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{1EEC57AA-E99D-4765-B342-E8E40EEBA92E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-06-02 1082880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-08-05 113512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-03-04 312880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID-Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-10 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-27 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-10 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-04 142896]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-10 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-04-28 6111232]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-01-18 1033512]
"ePower_DMC"=C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-04-23 397312]
"eDataSecurity Loader"=C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-03-04 526896]
"eAudio"=C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [2008-03-07 544768]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-03-08 40048]
"BkupTray"=C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-06 34040]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-04-15 178712]
"WarReg_PopUp"=C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [2008-01-29 303104]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2008-07-02 821768]
"PLFSetI"=C:\Windows\PLFSetI.exe [2007-10-23 200704]
"eRecoveryService"= []

"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 1037736]
"F-Secure Manager"=C:\Program Files\Bluewin Security\Common\FSM32.EXE [2008-09-23 182936]
"F-Secure TNB"=C:\Program Files\Bluewin Security\FSGUI\TNBUtil.exe [2008-09-23 957024]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-12-08 13601312]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-12-08 92704]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"fssui"=C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-08-05 647520]
"Corel Photo Downloader"=C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [2008-08-18 532808]
"Corel File Shell Monitor"=C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [2008-08-18 16712]
"Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2008-11-23 2356088]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-06 39408]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE [2008-08-06 447928]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
BTTray.lnk - C:\Program Files\ANYCOM\Bluetooth-USB\BTTray.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ca93ab0-900b-11dd-8e2c-806e6f6e6963}]
shell\AutoRun\command - 0


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-10-28 11:10:39 ----D---- C:\rsit
2009-10-28 11:10:39 ----D---- C:\Program Files\trend micro
2009-10-27 19:12:05 ----A---- C:\Windows\system32\wmp.dll
2009-10-27 19:11:57 ----A---- C:\Windows\system32\unregmp2.exe
2009-10-27 19:11:49 ----A---- C:\Windows\system32\wmploc.DLL
2009-10-27 19:01:15 ----A---- C:\Windows\system32\wups2.dll
2009-10-27 19:01:15 ----A---- C:\Windows\system32\wuauclt.exe
2009-10-27 19:01:14 ----A---- C:\Windows\system32\wucltux.dll
2009-10-27 19:01:13 ----A---- C:\Windows\system32\wuaueng.dll
2009-10-27 19:00:17 ----A---- C:\Windows\system32\wups.dll
2009-10-27 19:00:17 ----A---- C:\Windows\system32\wudriver.dll
2009-10-27 19:00:16 ----A---- C:\Windows\system32\wuapi.dll
2009-10-27 18:59:48 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-27 18:59:48 ----A---- C:\Windows\system32\wuapp.exe
2009-10-21 18:55:15 ----D---- C:\Program Files\CCleaner
2009-10-21 16:03:28 ----D---- C:\Users\David\AppData\Roaming\DynaGeo
2009-10-20 19:33:04 ----D---- C:\Users\David\AppData\Roaming\Malwarebytes
2009-10-20 19:32:56 ----D---- C:\ProgramData\Malwarebytes
2009-10-20 19:32:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-16 19:33:39 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-16 19:33:11 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-10-16 19:33:10 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-10-16 19:31:49 ----A---- C:\Windows\system32\mshtml.dll
2009-10-16 19:31:44 ----A---- C:\Windows\system32\ieframe.dll
2009-10-16 19:31:42 ----A---- C:\Windows\system32\urlmon.dll
2009-10-16 19:31:42 ----A---- C:\Windows\system32\iertutil.dll
2009-10-16 19:31:41 ----A---- C:\Windows\system32\wininet.dll
2009-10-16 19:31:40 ----A---- C:\Windows\system32\occache.dll
2009-10-16 19:31:40 ----A---- C:\Windows\system32\msfeeds.dll
2009-10-16 19:31:40 ----A---- C:\Windows\system32\iedkcs32.dll
2009-10-16 19:31:38 ----A---- C:\Windows\system32\ieui.dll
2009-10-16 19:31:38 ----A---- C:\Windows\system32\iepeers.dll
2009-10-16 19:31:37 ----A---- C:\Windows\system32\msfeedssync.exe
2009-10-16 19:31:37 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-10-16 19:31:37 ----A---- C:\Windows\system32\jsproxy.dll
2009-10-16 19:31:37 ----A---- C:\Windows\system32\ieUnatt.exe
2009-10-16 19:31:37 ----A---- C:\Windows\system32\iesysprep.dll
2009-10-16 19:31:37 ----A---- C:\Windows\system32\iesetup.dll
2009-10-16 19:31:37 ----A---- C:\Windows\system32\ie4uinit.exe
2009-10-16 19:31:36 ----A---- C:\Windows\system32\iernonce.dll
2009-10-16 19:30:59 ----A---- C:\Windows\system32\msasn1.dll
2009-10-16 19:30:32 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2009-10-15 19:53:34 ----D---- C:\ProgramData\Motive
2009-10-12 22:24:27 ----D---- C:\Users\David\AppData\Roaming\BitTorrent
2009-10-11 21:12:35 ----D---- C:\Users\David\AppData\Roaming\temp
2009-10-11 21:12:24 ----A---- C:\crashAddress.txt
2009-10-11 21:11:34 ----D---- C:\Program Files\EA Sports
2009-10-11 20:50:46 ----D---- C:\Program Files\BitTorrent
2009-10-10 18:36:21 ----RHD---- C:\Users\David\AppData\Roaming\SecuROM
2009-10-10 18:14:50 ----A---- C:\Windows\system32\XAudio2_1.dll
2009-10-10 18:14:50 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2009-10-10 18:14:49 ----A---- C:\Windows\system32\xactengine3_1.dll
2009-10-10 18:14:49 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2009-10-10 18:14:48 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2009-10-10 18:14:47 ----A---- C:\Windows\system32\d3dx10_38.dll
2009-10-10 18:14:46 ----A---- C:\Windows\system32\D3DX9_38.dll
2009-10-10 13:03:22 ----D---- C:\World of Warcraft
2009-10-10 10:08:43 ----D---- C:\Windows\system32\eu-ES
2009-10-10 10:08:43 ----D---- C:\Windows\system32\ca-ES
2009-10-10 10:08:36 ----D---- C:\Windows\system32\vi-VN
2009-10-10 09:40:33 ----D---- C:\Windows\system32\EventProviders
2009-10-10 09:35:49 ----D---- C:\ProgramData\Office Genuine Advantage
2009-10-10 09:25:07 ----D---- C:\Users\David\AppData\Roaming\Intel
2009-10-10 09:25:06 ----D---- C:\ProgramData\Roaming
2009-10-10 09:23:25 ----D---- C:\Program Files\Cisco
2009-10-10 09:23:19 ----D---- C:\Program Files\Common Files\Intel
2009-10-10 09:23:18 ----D---- C:\ProgramData\Intel
2009-10-10 09:19:26 ----A---- C:\Windows\system32\schannel.dll
2009-10-10 09:19:23 ----A---- C:\Windows\system32\kerberos.dll
2009-10-10 09:19:22 ----A---- C:\Windows\system32\wdigest.dll
2009-10-10 09:19:21 ----A---- C:\Windows\system32\secur32.dll
2009-10-10 09:19:21 ----A---- C:\Windows\system32\lsass.exe
2009-10-10 09:19:21 ----A---- C:\Windows\system32\lsasrv.dll
2009-10-09 22:56:33 ----A---- C:\Windows\system32\PnkBstrB.exe
2009-10-09 22:56:26 ----A---- C:\Windows\system32\PnkBstrA.exe
2009-10-09 22:56:24 ----A---- C:\Windows\system32\pbsvc.exe
2009-10-09 09:09:55 ----D---- C:\Windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
2009-10-09 09:09:37 ----D---- C:\ProgramData\THQ
2009-10-08 17:09:06 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2009-10-08 17:08:13 ----D---- C:\ProgramData\Blizzard
2009-10-05 16:40:48 ----D---- C:\Program Files\DNA
2009-10-05 16:40:46 ----D---- C:\Program Files\GamersFirst
2009-10-02 17:13:59 ----N---- C:\Windows\system32\MpSigStub.exe

======List of files/folders modified in the last 1 months======

2009-10-28 11:11:02 ----D---- C:\Windows\Temp
2009-10-28 11:10:39 ----RD---- C:\Program Files
2009-10-28 10:40:05 ----D---- C:\Windows\rescache
2009-10-28 10:26:15 ----D---- C:\Windows\winsxs
2009-10-28 10:26:15 ----D---- C:\Program Files\Internet Explorer
2009-10-28 10:26:06 ----D---- C:\Windows\System32
2009-10-28 10:26:06 ----D---- C:\Windows\inf
2009-10-28 10:26:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-10-28 10:26:02 ----D---- C:\Windows\system32\de-DE
2009-10-28 10:26:00 ----D---- C:\Program Files\Windows Media Player
2009-10-28 10:23:43 ----SHD---- C:\System Volume Information
2009-10-28 10:22:34 ----D---- C:\Program Files\Bluewin Security
2009-10-28 10:22:07 ----D---- C:\Windows\Tasks
2009-10-27 21:07:26 ----D---- C:\Users\David\AppData\Roaming\Skype
2009-10-27 19:22:16 ----D---- C:\ProgramData\Google Updater
2009-10-27 19:10:52 ----D---- C:\Windows\system32\catroot
2009-10-27 19:09:14 ----D---- C:\Windows\system32\catroot2
2009-10-27 19:02:21 ----D---- C:\Windows\Prefetch
2009-10-27 19:01:41 ----D---- C:\Users\David\AppData\Roaming\skypePM
2009-10-25 19:32:05 ----D---- C:\Windows\system32\drivers
2009-10-24 20:07:55 ----SHD---- C:\Windows\Installer
2009-10-24 20:07:54 ----D---- C:\ProgramData\Microsoft Help
2009-10-24 13:42:17 ----D---- C:\Users\David\AppData\Roaming\teamspeak2
2009-10-22 16:44:13 ----D---- C:\Windows
2009-10-21 18:57:18 ----D---- C:\Windows\Minidump
2009-10-21 18:57:18 ----D---- C:\Windows\Debug
2009-10-21 16:03:28 ----SD---- C:\Windows\Downloaded Program Files
2009-10-21 13:59:13 ----D---- C:\Users\David\AppData\Roaming\F-Secure
2009-10-20 19:32:56 ----HD---- C:\ProgramData
2009-10-17 21:46:16 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-17 16:51:17 ----D---- C:\Windows\Microsoft.NET
2009-10-17 16:50:29 ----RSD---- C:\Windows\assembly
2009-10-17 16:37:22 ----D---- C:\Windows\ehome
2009-10-17 16:37:22 ----D---- C:\Program Files\Windows Mail
2009-10-17 16:37:20 ----D---- C:\Windows\system32\migration
2009-10-17 16:22:59 ----D---- C:\Program Files\Microsoft Works
2009-10-15 20:13:46 ----D---- C:\Windows\system32\wbem
2009-10-15 20:12:58 ----D---- C:\Windows\system32\config
2009-10-15 20:12:40 ----D---- C:\Program Files\Intel
2009-10-15 20:12:40 ----D---- C:\Program Files\Common Files
2009-10-15 20:12:36 ----D---- C:\Windows\registration
2009-10-15 20:06:53 ----D---- C:\Windows\Logs
2009-10-12 20:55:23 ----A---- C:\Windows\wininit.ini
2009-10-11 20:50:39 ----D---- C:\Windows\system32\Tasks
2009-10-10 13:02:51 ----D---- C:\Games
2009-10-10 13:02:50 ----AD---- C:\Book
2009-10-10 10:22:27 ----D---- C:\ProgramData\NVIDIA
2009-10-10 10:20:08 ----SHD---- C:\Boot
2009-10-10 10:11:27 ----D---- C:\Program Files\Windows Calendar
2009-10-10 10:11:27 ----D---- C:\Program Files\Movie Maker
2009-10-10 10:11:24 ----D---- C:\Program Files\Windows Sidebar
2009-10-10 10:11:24 ----D---- C:\Program Files\Windows Journal
2009-10-10 10:11:24 ----D---- C:\Program Files\Windows Collaboration
2009-10-10 10:11:22 ----D---- C:\Program Files\Windows Photo Gallery
2009-10-10 10:11:22 ----D---- C:\Program Files\Common Files\System
2009-10-10 10:11:16 ----D---- C:\Windows\servicing
2009-10-10 10:11:16 ----D---- C:\Program Files\Windows Defender
2009-10-10 10:10:55 ----D---- C:\Windows\system32\XPSViewer
2009-10-10 10:10:55 ----D---- C:\Windows\system32\lv-LV
2009-10-10 10:10:55 ----D---- C:\Windows\IME
2009-10-10 10:10:54 ----D---- C:\Windows\system32\sk-SK
2009-10-10 10:10:54 ----D---- C:\Windows\system32\ko-KR
2009-10-10 10:10:54 ----D---- C:\Windows\system32\hr-HR
2009-10-10 10:10:54 ----D---- C:\Windows\system32\et-EE
2009-10-10 10:10:54 ----D---- C:\Windows\system32\en-US
2009-10-10 10:10:54 ----D---- C:\Windows\system32\da-DK
2009-10-10 10:10:43 ----D---- C:\Windows\system32\oobe
2009-10-10 10:10:43 ----D---- C:\Windows\system32\it-IT
2009-10-10 10:10:43 ----D---- C:\Windows\system32\el-GR
2009-10-10 10:10:39 ----D---- C:\Windows\system32\AdvancedInstallers
2009-10-10 10:10:38 ----D---- C:\Windows\system32\sv-SE
2009-10-10 10:10:38 ----D---- C:\Windows\system32\setup
2009-10-10 10:10:38 ----D---- C:\Windows\system32\ru-RU
2009-10-10 10:10:38 ----D---- C:\Windows\system32\he-IL
2009-10-10 10:10:38 ----D---- C:\Windows\system32\fr-FR
2009-10-10 10:10:38 ----D---- C:\Windows\system32\fi-FI
2009-10-10 10:10:37 ----D---- C:\Windows\system32\SLUI
2009-10-10 10:10:37 ----D---- C:\Windows\system32\pt-PT
2009-10-10 10:10:37 ----D---- C:\Windows\system32\hu-HU
2009-10-10 10:10:37 ----D---- C:\Windows\system32\cs-CZ
2009-10-10 10:10:35 ----D---- C:\Windows\system32\zh-TW
2009-10-10 10:10:35 ----D---- C:\Windows\system32\zh-CN
2009-10-10 10:10:35 ----D---- C:\Windows\system32\sr-Latn-CS
2009-10-10 10:10:35 ----D---- C:\Windows\system32\sl-SI
2009-10-10 10:10:35 ----D---- C:\Windows\system32\manifeststore
2009-10-10 10:10:35 ----D---- C:\Windows\system32\es-ES
2009-10-10 10:10:34 ----D---- C:\Windows\system32\uk-UA
2009-10-10 10:10:34 ----D---- C:\Windows\system32\ro-RO
2009-10-10 10:10:34 ----D---- C:\Windows\system32\pl-PL
2009-10-10 10:10:34 ----D---- C:\Windows\system32\ja-JP
2009-10-10 10:10:34 ----D---- C:\Windows\system32\bg-BG
2009-10-10 10:10:33 ----D---- C:\Windows\system32\th-TH
2009-10-10 10:10:31 ----D---- C:\Windows\system32\tr-TR
2009-10-10 10:10:28 ----D---- C:\Windows\system32\nl-NL
2009-10-10 10:10:28 ----D---- C:\Windows\system32\nb-NO
2009-10-10 10:10:28 ----D---- C:\Windows\system32\lt-LT
2009-10-10 10:10:28 ----D---- C:\Windows\system32\ar-SA
2009-10-10 10:10:27 ----D---- C:\Windows\system32\pt-BR
2009-10-10 10:10:27 ----D---- C:\Windows\system32\migwiz
2009-10-10 10:09:02 ----RSD---- C:\Windows\Fonts
2009-10-10 10:09:01 ----D---- C:\Windows\AppPatch
2009-10-10 10:08:36 ----D---- C:\Windows\system32\Boot
2009-10-10 10:07:18 ----D---- C:\Windows\system32\RTCOM
2009-10-10 09:22:43 ----D---- C:\Windows\system
2009-10-10 09:21:53 ----D---- C:\Windows\system32\zh-HK
2009-10-10 09:21:32 ----D---- C:\Program Files\Common Files\microsoft shared
2009-10-09 22:56:21 ----D---- C:\Windows\system32\LogFiles
2009-10-09 09:09:50 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-10-09 08:41:48 ----D---- C:\Program Files\THQ
2009-10-06 09:07:34 ----D---- C:\Program Files\Firefly Studios
2009-10-02 19:01:57 ----A---- C:\Windows\system32\mrt.exe
2009-10-02 18:53:29 ----DC---- C:\Windows\system32\DRVSTORE
2009-10-02 18:53:11 ----D---- C:\Program Files\Windows Live

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 F-Secure HIPS;F-Secure HIPS; \??\C:\Program Files\Bluewin Security\HIPS\drivers\fshs.sys [2008-09-23 66720]
R1 FSES;F-Secure Email Scanning Driver; C:\Windows\System32\drivers\fses.sys [2008-09-23 35552]
R1 FSFW;F-Secure Firewall Driver; C:\Windows\System32\drivers\fsdfw.sys [2008-09-23 70944]
R1 fsvista;F-Secure Vista Support Driver; \??\C:\Program Files\Bluewin Security\Anti-Virus\minifilter\fsvista.sys [2008-09-23 12384]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-03-21 15392]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-03-04 16944]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-03-04 60464]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2008-07-02 21264]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\Bluewin Security\Anti-Virus\minifilter\fsgk.sys [2009-09-14 99960]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-28 2127512]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-04-21 81296]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-09-24 45600]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-12-08 7451712]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2007-08-21 24064]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-01-18 196784]
R3 USBPNPA;USB PnP Sound Device Interface; C:\Windows\system32\drivers\CM108.sys [2007-06-28 1310720]
R3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 winbondcir;Winbond IR Transceiver; C:\Windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 A310;AVerMedia A310 DVB-T; C:\Windows\system32\DRIVERS\AVerA310USB.sys [2008-04-15 25856]
S3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device; C:\Windows\system32\drivers\AVerA310Cap.sys [2008-04-15 42880]
S3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth-Audiogerät; C:\Windows\system32\drivers\btwaudio.sys [2008-05-13 81960]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2008-05-13 100392]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-05-13 17320]

S3 Dot4;MS IEEE-1284.4-Treiber; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-02-27 25280]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ss_bus.sys [2005-01-24 52384]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\Windows\system32\DRIVERS\ss_mdfl.sys [2005-01-24 6064]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\Windows\system32\DRIVERS\ss_mdm.sys [2005-01-24 84512]
S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\Bluewin Security\Anti-Virus\Win2K\FSfilter.sys [2008-09-23 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\Bluewin Security\Anti-Virus\Win2K\FSrec.sys [2008-09-23 25184]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe [2008-06-09 522792]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 eDataSecurity Service;eDataSecurity Service; C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-03-04 500784]
R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-10-16 860160]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\Bluewin Security\Anti-Virus\fsgk32st.exe [2008-09-23 215648]
R2 FSMA;FSMA; C:\Program Files\Bluewin Security\Common\FSMA32.EXE [2008-09-23 117400]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-15 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-06 110592]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-12-08 203296]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-10-09 66872]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-10-16 466944]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\Bluewin Security\FSAUA\program\fsaua.exe [2008-09-23 490080]
R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\Bluewin Security\FWES\Program\fsdfwd.exe [2008-09-23 510560]
R3 FSORSPClient;F-Secure ORSP Client; C:\Program Files\Bluewin Security\ORSP Client\fsorsp.exe [2008-09-23 55904]
S2 gupdate1c9f1cd98326900;Google Update Service (gupdate1c9f1cd98326900); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-20 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 183280]
S3 fsssvc;Windows Live Family Safety-Dienst; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-12-11 104944]

-----------------EOF-----------------

Und bei Info steht das:


info.txt logfile of random's system information tool 1.06 2009-10-28 11:11:38

======Uninstall list======

-->"C:\Program Files\Bluewin Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
-->"C:\Program Files\Bluewin Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
-->"C:\Program Files\Bluewin Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
-->"C:\Program Files\Bluewin Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
-->"C:\Program Files\Bluewin Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
-->"C:\Program Files\Bluewin Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
-->"C:\Program Files\Bluewin Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS2"
-->"C:\Program Files\Bluewin Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
-->"C:\Program Files\Bluewin Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
-->"C:\Program Files\Bluewin Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
-->"C:\Program Files\Bluewin Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
-->"C:\Program Files\Bluewin Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
-->"C:\Program Files\Bluewin Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
-->"C:\Program Files\Bluewin Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
-->"C:\Program Files\Bluewin Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
-->"C:\Program Files\Bluewin Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
-->"C:\Program Files\Bluewin Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ISP News"
-->"C:\Program Files\Bluewin Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
-->"C:\Program Files\Bluewin Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
-->"C:\Program Files\Bluewin Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ORSP Client"
-->"C:\Program Files\Bluewin Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
-->"C:\Program Files\Bluewin Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
-->"C:\Program Files\Bluewin Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
-->"C:\Program Files\Bluewin Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
-->"C:\Program Files\Bluewin Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Web Filter"
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->MsiExec /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}
Acer Crystal Eye Webcam 2.0.8-->C:\Program Files\InstallShield Installation Information\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}\setup.exe -runfromtemp -l0x0007 -removeonly
Acer eAudio Management-->"C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.exe" -uninstall
Acer eDataSecurity Management-->C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe -Operation UNINSTALL
Acer Empowering Technology-->"C:\Program Files\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer ePower Management-->"C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer eRecovery Management-->"C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer eSettings Management-->"C:\Program Files\InstallShield Installation Information\{13D85C14-2B85-419F-AC41-C7F21E68B25D}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer GameZone Console 2.0.1.1-->"C:\Program Files\Acer GameZone\GameConsole\unins000.exe"
Acer GridVista-->C:\Windows\GVUni.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x7 -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Agatha Christie Death on the Nile-->"C:\Program Files\Acer GameZone\Agatha Christie Death on the Nile\Uninstall.exe" "C:\Program Files\Acer GameZone\Agatha Christie Death on the Nile\install.log"
Agere Systems HDA Modem-->agrsmdel
Alice Greenfingers-->"C:\Program Files\Acer GameZone\Alice Greenfingers\Uninstall.exe" "C:\Program Files\Acer GameZone\Alice Greenfingers\install.log"
ANYCOM Bluetooth Software 6.1.0.4700-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Augentraining-->C:\Program Files\Augentraining\Uninstal.exe
AVerMedia A310 (MiniCard, DVB-T) 1.1.0.27-->C:\Program Files\AVerMedia\AVerMedia A310 (MiniCard, DVB-T)\uninst.exe
Azada-->"C:\Program Files\Acer GameZone\Azada\Uninstall.exe" "C:\Program Files\Acer GameZone\Azada\install.log"
Backspin Billiards-->"C:\Program Files\Acer GameZone\Backspin Billiards\Uninstall.exe" "C:\Program Files\Acer GameZone\Backspin Billiards\install.log"
Big Kahuna Reef-->"C:\Program Files\Acer GameZone\Big Kahuna Reef\Uninstall.exe" "C:\Program Files\Acer GameZone\Big Kahuna Reef\install.log"
Bricks of Egypt-->"C:\Program Files\Acer GameZone\Bricks of Egypt\Uninstall.exe" "C:\Program Files\Acer GameZone\Bricks of Egypt\install.log"
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{A64A5576-D862-44F8-89DC-2B17FCC9B86E}
Cake Mania-->"C:\Program Files\Acer GameZone\Cake Mania\Uninstall.exe" "C:\Program Files\Acer GameZone\Cake Mania\install.log"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Chicken Invaders 3-->"C:\Program Files\Acer GameZone\Chicken Invaders 3\Uninstall.exe" "C:\Program Files\Acer GameZone\Chicken Invaders 3\install.log"
Chuzzle-->"C:\Program Files\Acer GameZone\Chuzzle\Uninstall.exe" "C:\Program Files\Acer GameZone\Chuzzle\install.log"
Corel Paint Shop Pro Photo X2-->MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}
Dawn of War - Dark Crusade-->C:\Program Files\InstallShield Installation Information\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}\setup.exe -runfromtemp -l0x0007 -removeonly
Die Sims™ 3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -runfromtemp -l0x0007 -removeonly
Diner Dash Flo on the Go-->"C:\Program Files\Acer GameZone\Diner Dash Flo on the Go\Uninstall.exe" "C:\Program Files\Acer GameZone\Diner Dash Flo on the Go\install.log"
EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe
eSobi v2-->C:\Program Files\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe -runfromtemp -l0x0407
Frontlines: Fuel of War-->"C:\Program Files\InstallShield Installation Information\{C711E88C-9DC2-4254-A989-D6E017844DDF}\setup.exe" -runfromtemp -l0x0007 -removeonly
Gehirn Sport-->C:\Program Files\Gehirn Sport\Uninstal.exe
Google Chrome-->"C:\Program Files\Google\Chrome\Application\3.0.195.27\Installer\setup.exe" --uninstall --system-level
Google Earth Plug-in-->MsiExec.exe /X{FE24D361-A3E8-11DE-88F3-005056806466}
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GUILD WARS-->"C:\Program Files\GUILD WARS\Gw.exe" -uninstall
GW Team Builder 1.2.1-->"C:\Program Files\GW Team Builder neu\setup\unins000.exe"
GW-Value-->"C:\Program Files\GWV\unins000.exe"
Hervorhebe-Funktion (Windows Live Toolbar)-->MsiExec.exe /X{00D0200F-3B4D-4A2F-869E-533ED835A943}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotel Gigant 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83DD8CC8-522E-4B75-836F-8775FDA4B5AB}\setup.exe" -l0x7 -uninst -removeonly
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
Intel PROSet Wireless-->Intel PROSet Wireless
Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
Internet Security-->"C:\Program Files\Bluewin Security\FSGUI\PostInstall.exe" /tUnInstall
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Jewel Quest Solitaire-->"C:\Program Files\Acer GameZone\Jewel Quest Solitaire\Uninstall.exe" "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\install.log"
JMicron JMB38X Flash Media Controller-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe" -l0x7 -removeonly
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Kick N Rush-->"C:\Program Files\Acer GameZone\Kick N Rush\Uninstall.exe" "C:\Program Files\Acer GameZone\Kick N Rush\install.log"
Launch Manager-->C:\Windows\UnInst32.exe QtZgAcer.UNI
LOST PLANET COLONIES-->MsiExec.exe /X{6FCFA783-CE7B-4018-AC48-0E6EEAAEA322}
Mahjong Escape Ancient China-->"C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\Uninstall.exe" "C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\install.log"
Mahjongg Artifacts-->"C:\Program Files\Acer GameZone\Mahjongg Artifacts\Uninstall.exe" "C:\Program Files\Acer GameZone\Mahjongg Artifacts\install.log"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Age of Empires Gold-->"C:\Program Files\Microsoft Games\Age of Empires\DESINST.EXE" /runtemp
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{F112F66E-25CA-42DD-983C-6118EB38F606}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Rise Of Nations-->"C:\Program Files\Microsoft Games\Rise of Nations\UNINSTAL.EXE" /runtemp /addremove
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{4EA2F95F-A537-4D17-9E7F-6B3FF8D9BBE3}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Mumble and Murmur-->C:\Program Files\Mumble\Uninstall.exe
Mystery Case Files - Huntsville-->"C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville\install.log"
Mystery Solitaire - Secret Island-->"C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island\install.log"
NTI Backup Now 5-->C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x0407
NTI Media Maker 8-->C:\Program Files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x0407
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.09.04-->MsiExec.exe /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Orion-->MsiExec.exe /X{5B63A470-9334-44D1-AF61-6CE2DB565AE9}
paw·ned² v1.2-->C:\Program Files\paw·ned²\uninst.exe
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Rise and Fall-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D078226E-83F2-45FD-9CDE-5DA66E5ADB51}\Setup.exe" -l0x7 -removeonly
Rise Of Legends-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{CADDE354-C78C-46CB-A006-E2B178EFC271}
Rise of Nations Thrones and Patriots-->"C:\Program Files\Microsoft Games\Rise of Nations\UNINSTLX.EXE" /runtemp /uninstall
RollerCoaster Tycoon 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x7
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung\SS_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x7 -removeonly
SecondLife (remove only)-->"C:\Program Files\SecondLife\uninst.exe"
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
SimCity 4 Deluxe-->C:\Program Files\Maxis\SimCity 4 Deluxe\EAUninstall.exe
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}
Stronghold 2 Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16D2C649-CBA8-44EE-B730-12584667D487}\setup.exe" -l0x7 -removeonly
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Turbo Pizza-->"C:\Program Files\Acer GameZone\Turbo Pizza\Uninstall.exe" "C:\Program Files\Acer GameZone\Turbo Pizza\install.log"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}
Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}
Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
War Rock-->C:\Program Files\InstallShield Installation Information\{E397F6F0-AEE4-4236-BB05-1351350F8365}\setup.exe -runfromtemp -l0x0009 -removeonly
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}
Windows Live Family Safety-->MsiExec.exe /X{994223F3-A99B-4DDD-9E1D-0190A17C6860}
Windows Live Favorites für Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live Fotogalerie-->MsiExec.exe /X{2BA722D1-48D1-406E-9123-8AE5431D63EF}
Windows Live ID-Anmelde-Assistent-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Windows Live Mail-->MsiExec.exe /I{C4D738F7-996A-4C81-B8FA-C4E26D767E41}
Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB}
Windows Live Movie Maker-->MsiExec.exe /X{3EFEF049-23D4-4B46-8903-4592FEA51018}
Windows Live Sync-->MsiExec.exe /X{76618402-179D-4699-A66B-D351C59436BC}
Windows Live Toolbar-->MsiExec.exe /X{70B7A167-0B88-445D-A3EA-97C73AA88CAC}
Windows Live Toolbar-Erweiterung (Windows Live Toolbar)-->MsiExec.exe /X{218761F6-CBF6-4973-B910-A33E6563A1EA}
Windows Live Writer-->MsiExec.exe /X{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
WinZip 12.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}
Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Yahoo! Widgets-->C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe
Zattoo 3.3.4 Beta-->C:\Program Files\Zattoo\uninst.exe
Zuma Deluxe-->"C:\Program Files\Acer GameZone\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Zuma Deluxe\install.log"

======Security center information======

FW: Bluewin Security 7.02
AS: Windows Defender

======System event log======

Computer Name: David-PC
Event Code: 7036
Message: Dienst "Windows Update" befindet sich jetzt im Status "Ausgeführt".
Record Number: 100308
Source Name: Service Control Manager
Time Written: 20090714151250.000000-000
Event Type: Informationen
User:

Computer Name: David-PC
Event Code: 537
Message: Auf diesem Computer konnte kein kompatibles TPM-Sicherheitsgerät (Trusted Platform Module) gefunden werden. TBS konnte nicht gestartet werden.
Record Number: 100307
Source Name: Microsoft-Windows-TBS
Time Written: 20090714151248.659166-000
Event Type: Informationen
User: NT-AUTORITÄT\LOKALER DIENST

Computer Name: David-PC
Event Code: 7036
Message: Dienst "Startprogramm für Windows Media Center" befindet sich jetzt im Status "Beendet".
Record Number: 100306
Source Name: Service Control Manager
Time Written: 20090714151250.000000-000
Event Type: Informationen
User:

Computer Name: David-PC
Event Code: 7036
Message: Dienst "Sicherheitscenter" befindet sich jetzt im Status "Ausgeführt".
Record Number: 100305
Source Name: Service Control Manager
Time Written: 20090714151248.000000-000
Event Type: Informationen
User:

Computer Name: David-PC
Event Code: 7036
Message: Dienst "TPM-Basisdienste" befindet sich jetzt im Status "Beendet".
Record Number: 100304
Source Name: Service Control Manager
Time Written: 20090714151248.000000-000
Event Type: Informationen
User:

=====Application event log=====

Computer Name: David-PC
Event Code: 1003
Message: Der Windows-Suchdienst wurde gestartet.

Record Number: 1817
Source Name: Microsoft-Windows-Search
Time Written: 20081013160101.000000-000
Event Type: Informationen
User:

Computer Name: David-PC
Event Code: 1
Message: Der Zertifikatdiensteclient wurde erfolgreich gestartet.
Record Number: 1816
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20081013160056.646530-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: David-PC
Event Code: 10
Message: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Record Number: 1815
Source Name: Microsoft-Windows-WMI
Time Written: 20081013160053.000000-000
Event Type: Fehler
User:

Computer Name: David-PC
Event Code: 7500
Message: Intel RAID-Controller: Unbekannter Controller
Anzahl der Serial ATA-Anschlüsse: 4

RAID Option ROM - Version: Unbekannt
Treiberversion: 8.0.0.1039
RAID-Plug-In - Version: 8.0.0.1039
Sprachressourcenversion des RAID-Plug-In: Datei nicht gefunden
Assistent zum Erstellen eines Volumes - Version: 8.0.0.1039
Sprachressourcenversion für Assistenten zum Erstellen eines Volumes: Datei nicht gefunden
Assistent zum Erstellen eines Volumes von einer vorhandenen Festplatte - Version: 8.0.0.1039
Sprachressourcenversion des Assistenten zum Erstellen eines Volumes von einer vorhandener Festplatte: Datei nicht gefunden
Assistent zum Bearbeiten des Volumes - Version: 8.0.0.1039
Sprachressourcenversion des Assistenten zum Bearbeiten des Volumes: Datei nicht gefunden
Assistent zum Löschen eines Volumes - Version: 8.0.0.1039
Sprachressourcenversion des Assistenten zum Löschen eines Volumes: Datei nicht gefunden
ISDI Bibliothek Version: 8.0.0.1039
Version 8.0.0.1039 des Benutzerbenachrichtigungstools des Event Monitor
Sprachressourcenversion des Benutzerbenachrichtigungstools des Event Monitor: Datei nicht gefunden
Event Monitor - Version: 8.0.0.1039

Festplatte 0
Verwendung: Unbekannte Festplattenverwendung
Status: Normal
Geräteanschluss: 0
Geräteanschlussposition: Intern
Aktueller Serial ATA-Übertragungsmodus: Generation 2
Modell: Hitachi HTS543232L9A300
Seriennummer: 080721FB0400LEC2261B
Firmware: FB4OC40C
Native Command Queuing-Unterstützung: Ja
Systemfestplatte: Ja
Gesamtgröße: 298 GB
Physische Sektorgröße: 512 Byte
Logische Sektorgröße: 512 Byte

Unbelegter Anschluss 0
Geräteanschluss: 4
Geräteanschlussposition: Intern

Unbelegter Anschluss 1
Geräteanschluss: 5
Geräteanschlussposition: Intern

CD/DVD-Laufwerk 0
Geräteanschluss: 1
Geräteanschlussposition: Intern
Aktueller Serial ATA-Übertragungsmodus: Generation 1
Modell: PIONEER DVD-RW DVRTD08RS
Seriennummer: Daten nicht ausgegeben
Firmware: 1.05

Record Number: 1814
Source Name: IAANTmon
Time Written: 20081013160053.000000-000
Event Type: Informationen
User:

Computer Name: David-PC
Event Code: 5617
Message: Die Subsysteme des Windows-Verwaltungsinstrumentationsdienstes wurden erfolgreich initialisiert.
Record Number: 1813
Source Name: Microsoft-Windows-WMI
Time Written: 20081013160052.000000-000
Event Type: Informationen
User:

=====Security event log=====

Computer Name: David-PC
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: DAVID-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Zielserver:
Zielservername: localhost
Weitere Informationen: localhost

Prozessinformationen:
Prozess-ID: 0x2e0
Prozessname: C:\Windows\System32\services.exe

Netzwerkinformationen:
Netzwerkadresse: -
Port: -

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 3655
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081020133836.188210-000
Event Type: Überwachung erfolgreich
User:

Computer Name: David-PC
Event Code: 5032
Message: Der Windows-Firewalldienst konnte den Benutzer nicht darüber benachrichtigen, dass eine Anwendung blockiert wurde und keine eingehenden Verbindungen im Netzwerk annehmen kann.

Fehlercode: 2
Record Number: 3654
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081020133620.485010-000
Event Type: Überwachung gescheitert
User:

Computer Name: David-PC
Event Code: 5032
Message: Der Windows-Firewalldienst konnte den Benutzer nicht darüber benachrichtigen, dass eine Anwendung blockiert wurde und keine eingehenden Verbindungen im Netzwerk annehmen kann.

Fehlercode: 2
Record Number: 3653
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081020133620.485010-000
Event Type: Überwachung gescheitert
User:

Computer Name: David-PC
Event Code: 5032
Message: Der Windows-Firewalldienst konnte den Benutzer nicht darüber benachrichtigen, dass eine Anwendung blockiert wurde und keine eingehenden Verbindungen im Netzwerk annehmen kann.

Fehlercode: 2
Record Number: 3652
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081020133620.485010-000
Event Type: Überwachung gescheitert
User:

Computer Name: David-PC
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
Sicherheits-ID: S-1-5-21-2224810489-1605764362-1537619351-1000
Kontoname: David
Kontodomäne: David-PC
Anmelde-ID: 0x31e89

Berechtigungen: SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 3651
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081020133512.349810-000
Event Type: Überwachung erfolgreich
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Intel\WiFi\bin\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"Pathtem"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64
"NTIPath"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\;
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

Bzgl. des Ursprungspostings hast Du immer noch nicht geschrieben, in welcher Datei genau AntiVir was gefunden hast. Wenn Du diese Info nicht postest kann und ich werd ich nicht weiterhelfen.

Was die "Firewall" bzgl agentsvc.exe gemeldet hat, da bist Du auf dem Holzweg, das ist mit ziemlicher Sicherheit keine Malwaredatei, wenn man den Pfad mal genauer ansieht, merkt man dass es zum Programm NTI Backup Now 5 gehört.

Zitat:

Zitat von cosinus

Bzgl. des Ursprungspostings hast Du immer noch nicht geschrieben, in welcher Datei genau AntiVir was gefunden hast. Wenn Du diese Info nicht postest kann und ich werd ich nicht weiterhelfen.

Was die "Firewall" bzgl agentsvc.exe gemeldet hat, da bist Du auf dem Holzweg, das ist mit ziemlicher Sicherheit keine Malwaredatei, wenn man den Pfad mal genauer ansieht, merkt man dass es zum Programm NTI Backup Now 5 gehört.

wo antivir des virus gefunden hat weis ich netmehr weil ich es desinfiziert habe .