Trojan Horse? Sicherheitscenterdeaktiviert, google funktioniert nicht mehr!

flo2227 · 19.01.2010, 15:54

Moin,

habe heute diverse Dateien runtergeladen und seitdem kamen einzelne Fehlermeldungen das diverse Dienste deaktiviert worden wären und nicht mehr ausgeführt werden konnten. Alle Fehlermeldungen kamen kurz hintereinander und wurden nur einmal angezeigt.
Dann poppte Norton (Norton 360) auf und sagte es gäbe eine Bedrohung "Trojan Horse". Angeklickt Systemcheck durchgeführt und nichts gefunden. Seit dem is das Sicherheitscenter deaktiviert und lässt sich auch nciht mehr aktivieren, außerdem geht google nicht mehr, wobei alle anderen Internetseiten funktionieren. Internetgeschwindigkeit ist allerdings sehr viel langsamer als sonst. Werde vom IE öfters auf Bing.de geführt.

HijackThis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:15:09, on 19.01.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\My Lockbox\mylbx.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TheBest Minimize to Tray\TheBestMinimizeToTray.exe
C:\Program Files\TheBest Minimize to Tray\TheBestMinimizeToTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Florian\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_6930g
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/webhp?rls=ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_6930g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_6930g
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: 78.159.110.36 www.google.no
O1 - Hosts: 78.159.110.36 www.google.com.mx
O1 - Hosts: 78.159.110.36 www.google.co.za
O1 - Hosts: 78.159.110.36 www.google.fi
O1 - Hosts: 78.159.110.36 www.google.dk
O1 - Hosts: 78.159.110.36 www.google.es
O1 - Hosts: 78.159.110.36 www.google.se
O1 - Hosts: 78.159.110.36 www.google.be
O1 - Hosts: 78.159.110.36 www.google.com
O1 - Hosts: 78.159.110.36 www.google.at
O1 - Hosts: 78.159.110.36 www.google.it
O1 - Hosts: 78.159.110.36 www.google.com.au
O1 - Hosts: 78.159.110.36 search.yahoo.com
O1 - Hosts: 78.159.110.36 www.google.com.br
O1 - Hosts: 78.159.110.36 www.google.ca
O1 - Hosts: 78.159.110.36 uk.search.yahoo.com
O1 - Hosts: 78.159.110.36 www.google.ch
O1 - Hosts: 78.159.110.36 www.google.pt
O1 - Hosts: 78.159.110.36 www.google.gr
O1 - Hosts: 78.159.110.36 www.google.de
O1 - Hosts: 78.159.110.36 www.google.ie
O1 - Hosts: 78.159.110.36 www.google.co.jp
O1 - Hosts: 78.159.110.36 www.google.nl
O1 - Hosts: 78.159.110.36 www.google.fr
O1 - Hosts: 78.159.110.36 us.search.yahoo.com
O1 - Hosts: 78.159.110.36 www.google.co.uk
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [Cm106Sound] RunDll32 cm106.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TQ566808] "F:\Setup.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe /a
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RTHDBPL] C:\Users\Florian\AppData\Roaming\SystemProc\lsass.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: TheBest Minimize to Tray.lnk = C:\Program Files\TheBest Minimize to Tray\TheBestMinimizeToTray.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix: 
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\Windows\system32\fsproflt.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13174 bytes

Was kann ich tun? Danke
MfG Flo

Chris4You · 19.01.2010, 16:58

Hi,

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:

Als erstes versteckte Dateien anzeigen lassen!
(nur Punkt 1 durchführen!)

Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“
und suche folgende Datei/Dateien:

Code:

ATTFilter

C:\Program Files\Common Files\SPBA\homefus2.dll
C:\Program Files\TheBest Minimize to Tray\TheBestMinimizeToTray.exe
C:\Users\Florian\AppData\Roaming\SystemProc\lsass.exe

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Also, wenn die lsass.exe erkannt wird ....
-> http://comprolive.com/remove/harmful...proc-lsass-exe

Anleitung Avenger (by swandog46)

1.) Lade dir das Tool Avenger und speichere es auf dem Desktop:

2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist.

Kopiere nun folgenden Text in das weiße Feld:
(bei -> "input script here")

Code:

ATTFilter

Files to delete:
C:\Users\Florian\AppData\Roaming\SystemProc\lsass.exe

3.) Schliesse nun alle Programme (vorher notfalls abspeichern!) und Browser-Fenster, nach dem Ausführen des Avengers wird das System neu gestartet.

4.) Um den Avenger zu starten klicke auf -> Execute
Dann bestätigen mit "Yes" das der Rechner neu startet!

5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt
Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.

Hijackthis, fixen:
öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
Beim fixen müssen alle Programme geschlossen sein!

Code:

ATTFilter

O4 - HKCU\..\Run: [RTHDBPL] C:\Users\Florian\AppData\Roaming\SystemProc\lsass.exe
O1 - Hosts: 78.159.110.36 www.google.no
01 - Hosts: 78.159.110.36 www.google.com.mx
01 - Hosts: 78.159.110.36 www.google.co.za
O1 - Hosts: 78.159.110.36 www.google.fi
O1 - Hosts: 78.159.110.36 www.google.dk
O1 - Hosts: 78.159.110.36 www.google.es
O1 - Hosts: 78.159.110.36 www.google.se
O1 - Hosts: 78.159.110.36 www.google.be
O1 - Hosts: 78.159.110.36 www.google.com	
O1 - Hosts: 78.159.110.36 www.google.at
O1 - Hosts: 78.159.110.36 www.google.it
O1 - Hosts: 78.159.110.36 www.google.com.au
O1 - Hosts: 78.159.110.36 search.yahoo.com
O1 - Hosts: 78.159.110.36 www.google.com.br
O1 - Hosts: 78.159.110.36 www.google.ca
O1 - Hosts: 78.159.110.36 uk.search.yahoo.com
O1 - Hosts: 78.159.110.36 www.google.ch
O1 - Hosts: 78.159.110.36 www.google.pt
O1 - Hosts: 78.159.110.36 www.google.gr
O1 - Hosts: 78.159.110.36 www.google.de
O1 - Hosts: 78.159.110.36 www.google.ie
O1 - Hosts: 78.159.110.36 www.google.co.jp
O1 - Hosts: 78.159.110.36 www.google.nl
O1 - Hosts: 78.159.110.36 www.google.fr
O1 - Hosts: 78.159.110.36 us.search.yahoo.com
O1 - Hosts: 78.159.110.36 www.google.co.uk

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Fullscan und alles bereinigen lassen! Log posten.

RSIT
Random's System Information Tool (RSIT) von random/random liest Systemdetails aus und erstellt ein aussagekräftiges Logfile.
* Lade Random's System Information Tool (RSIT) herunter (http://filepony.de/download-rsit/)
* speichere es auf Deinem Desktop.
* Starte mit Doppelklick die RSIT.exe.
* Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
* Wenn Du HijackThis nicht installiert hast, wird RSIT das für Dich herunterladen und installieren.
* In dem Fall bitte auch die Nutzungsbedingungen von Trend Micro (http://de.trendmicro.com/de/home) für HJT akzeptieren "I accept".
* Wenn Deine Firewall fragt, bitte RSIT erlauben, ins Netz zu gehen.
* Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
* Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
* Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= minimiert) hier in den Thread.

Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Den Downloadlink findest Du links oben (http://www.gmer.net/#files), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein.

chris

Chris

flo2227 · 19.01.2010, 19:32

C:\Program Files\Common Files\SPBA\homefus2.dll

Code:

ATTFilter

Antivirus Version letzte aktualisierung Ergebnis 
a-squared 4.5.0.50 2010.01.19 - 
AhnLab-V3 5.0.0.2 2010.01.19 - 
AntiVir 7.9.1.142 2010.01.19 - 
Antiy-AVL 2.0.3.7 2010.01.19 - 
Authentium 5.2.0.5 2010.01.19 - 
Avast 4.8.1351.0 2010.01.19 - 
AVG 9.0.0.730 2010.01.19 - 
BitDefender 7.2 2010.01.19 - 
CAT-QuickHeal 10.00 2010.01.19 - 
ClamAV 0.94.1 2010.01.19 - 
Comodo 3637 2010.01.19 - 
DrWeb 5.0.1.12222 2010.01.19 - 
eSafe 7.0.17.0 2010.01.19 - 
eTrust-Vet 35.2.7245 2010.01.19 - 
F-Prot 4.5.1.85 2010.01.18 - 
F-Secure 9.0.15370.0 2010.01.19 - 
Fortinet 4.0.14.0 2010.01.19 - 
GData 19 2010.01.19 - 
Ikarus T3.1.1.80.0 2010.01.19 - 
Jiangmin 13.0.900 2010.01.19 - 
K7AntiVirus 7.10.950 2010.01.18 - 
Kaspersky 7.0.0.125 2010.01.19 - 
McAfee 5865 2010.01.18 - 
McAfee+Artemis 5865 2010.01.18 - 
McAfee-GW-Edition 6.8.5 2010.01.19 - 
Microsoft 1.5302 2010.01.19 - 
NOD32 4786 2010.01.19 - 
Norman 6.04.03 2010.01.19 - 
nProtect 2009.1.8.0 2010.01.19 - 
Panda 10.0.2.2 2010.01.19 - 
PCTools 7.0.3.5 2010.01.19 - 
Prevx 3.0 2010.01.19 - 
Rising 22.31.01.04 2010.01.19 - 
Sophos 4.49.0 2010.01.19 - 
Sunbelt 3.2.1858.2 2010.01.19 - 
TheHacker 6.5.0.6.156 2010.01.19 - 
TrendMicro 9.120.0.1004 2010.01.19 - 
ViRobot 2010.1.19.2144 2010.01.19 - 
VirusBuster 5.0.21.0 2010.01.19 - 
weitere Informationen 
File size: 567560 bytes 
MD5...: 2b997108ddea8d324be558a72a5cc8ab 
SHA1..: 55a9d8b7c2b35bb248109a8514d9535ca9554c37 
SHA256: d41962b91fe55ef89514e83ce11ab18cc30eed2d6cd5fbfeddac22d0b613756e 
ssdeep: 12288:kzm8WlKxvrwDKX+YmncyVi66CHESU4HvA:kS8Z55Gcoi6NkSU7
 
PEiD..: - 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x21cb8
timedatestamp.....: 0x47e90b0c (Tue Mar 25 14:24:12 2008)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x25228 0x25400 6.55 68552808f50f530c66d67da51cf1694b
.rdata 0x27000 0x1de0d 0x1e000 4.38 e6d0686f2a2c91e8b757a5796719a1d3
.data 0x45000 0x3ba0 0x3600 4.52 e88421d5926f7a003640171157bcadef
.HKT 0x49000 0xc 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
.rsrc 0x4a000 0x3cd90 0x3ce00 7.94 56cebb92cdcaf9b11176f5a326cb5676
.reloc 0x87000 0x5562 0x5600 5.75 0507d19b79abd669d574b94216f6f0b0

( 13 imports ) 
> KERNEL32.dll: CreateFileW, GetSystemDirectoryW, MulDiv, GetComputerNameW, LoadLibraryA, AddAtomW, CreateMutexW, CreateEventW, OpenEventW, FindAtomW, ResetEvent, QueryPerformanceCounter, IsDebuggerPresent, SetUnhandledExceptionFilter, GetFileSize, TerminateProcess, VirtualAlloc, VirtualFree, IsProcessorFeaturePresent, InterlockedCompareExchange, GetVersionExA, GetThreadLocale, GetLocaleInfoA, GetACP, InterlockedExchange, GetProcessHeap, HeapAlloc, HeapFree, ReadFile, UnhandledExceptionFilter, WaitForSingleObject, GetCurrentProcessId, DeleteAtom, CallNamedPipeW, GetLocaleInfoW, SetEvent, LocalFree, CloseHandle, GetCurrentProcess, FlushInstructionCache, GetVersionExW, FindResourceExW, LockResource, Sleep, FindResourceW, LoadResource, SizeofResource, FreeLibrary, lstrcmpiW, InterlockedDecrement, InterlockedIncrement, lstrlenW, GetModuleHandleA, LoadLibraryExW, GetCurrentThreadId, OutputDebugStringA, LoadLibraryW, DeleteCriticalSection, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, RaiseException, MultiByteToWideChar, GetModuleFileNameW, GetLastError, GetUserDefaultLangID, SetLastError, GetTickCount, GetVersion, GetFileAttributesW, GetProcAddress, GetModuleHandleW, GetSystemTimeAsFileTime, LocalAlloc
> USER32.dll: GetWindowRect, BringWindowToTop, SetWindowPos, GetDlgItem, OpenDesktopW, UnregisterClassA, ExitWindowsEx, SetWindowLongW, DestroyWindow, GetParent, BeginPaint, EndPaint, CharNextW, EnableWindow, DrawIconEx, CreateIconIndirect, DrawTextW, GetDC, SystemParametersInfoW, GetKeyboardLayout, GetKeyboardLayoutNameW, GetKeyboardLayoutList, MessageBoxW, RegisterWindowMessageW, EnumDesktopWindows, IsWindowVisible, SetThreadDesktop, EndDialog, SetWindowTextW, CreateWindowExW, SetTimer, GetDlgItemTextW, ScreenToClient, SetFocus, LoadImageW, DispatchMessageW, TranslateMessage, GetActiveWindow, AttachThreadInput, GetWindowThreadProcessId, GetForegroundWindow, SendInput, GetThreadDesktop, SetCursorPos, GetCursorPos, ReleaseDC, keybd_event, EnumChildWindows, EnumWindows, CloseDesktop, MapWindowPoints, GetWindow, MoveWindow, FillRect, GetClientRect, GetWindowLongW, KillTimer, SendMessageW, DestroyIcon, GetSysColor, PostMessageW, DefWindowProcW, GetSystemMetrics, SetForegroundWindow, DialogBoxIndirectParamW, CreateDialogIndirectParamW, IsWindow, SetDlgItemTextW, SetActiveWindow, RedrawWindow, ShowWindow, InvalidateRect, FindWindowW, CallWindowProcW
> GDI32.dll: GetDeviceCaps, SetBkMode, CreateFontIndirectW, CreateCompatibleDC, CreateCompatibleBitmap, CreateBitmap, DeleteObject, SelectObject, SetBkColor, SetTextColor, ExtTextOutW, GetStockObject, PatBlt, DeleteDC, CreateSolidBrush
> ADVAPI32.dll: RegQueryValueExW, InitiateSystemShutdownExW, ConvertStringSidToSidW, EqualSid, ConvertSidToStringSidW, GetTokenInformation, AllocateAndInitializeSid, FreeSid, RegNotifyChangeKeyValue, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, LookupAccountSidW, GetSidSubAuthorityCount, GetSidLengthRequired, GetSidIdentifierAuthority, InitializeSid, RegCloseKey, RegOpenKeyExW, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryInfoKeyW, RegEnumKeyExW, LogonUserW, ImpersonateLoggedOnUser, RevertToSelf, GetSidSubAuthority, LookupAccountNameW
> SHELL32.dll: ExtractIconExW
> IMM32.dll: ImmGetIMEFileNameW, ImmIsIME
> RPCRT4.dll: UuidCreate
> gdiplus.dll: GdiplusStartup, GdiplusShutdown
> NETAPI32.dll: NetUserChangePassword, NetApiBufferFree, NetUserModalsGet
> Secur32.dll: LsaCallAuthenticationPackage, LsaRegisterLogonProcess, LsaLookupAuthenticationPackage
> ole32.dll: CoTaskMemAlloc, CoTaskMemFree, CoCreateInstance, CoTaskMemRealloc
> OLEAUT32.dll: -
> MSVCR80.dll: __clean_type_info_names_internal, _crt_debugger_hook, __type_info_dtor_internal_method@type_info@@QAEXXZ, __CppXcptFilter, _adjust_fdiv, _amsg_exit, _initterm_e, _initterm, _encoded_null, _malloc_crt, _decode_pointer, _onexit, _lock, _encode_pointer, __dllonexit, _unlock, _except_handler4_common, _terminate@@YAXXZ, fwrite, _wfopen, fseek, fgetpos, fread, fclose, _wtoi, swscanf, wcsstr, strcpy, _wcsicmp, wcstoul, memcpy, _wcsupr, _vsnwprintf, wcscspn, wcsspn, wcscat, __0exception@std@@QAE@XZ, __0exception@std@@QAE@ABV01@@Z, memmove_s, strlen, __1exception@std@@UAE@XZ, _what@exception@std@@UBEPBDXZ, __0exception@std@@QAE@ABQBD@Z, _invalid_parameter_noinfo, _purecall, wcscmp, _mbslen, _recalloc, wcsncpy_s, memcpy_s, malloc, __CxxFrameHandler3, __2@YAPAXI@Z, _CxxThrowException, memset, free, wcsncpy, wcscpy, wcslen, wcsrchr, ___V@YAXPAX@Z, __3@YAXPAX@Z

( 12 exports ) 
InitializeChangeNotifyS, LockEventS, LogoffEventS, LogonEventS, Module_GetStaticList_2_ql2, Module_IsUnlocked_2_ql2, PasswordChangeNotifyS, PasswordFilterS, ShellStartEventS, ShutdownEventS, StartupEventS, UnlockEventS
 
RDS...: NSRL Reference Data Set
- 
pdfid.: - 
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%) 
sigcheck:
publisher....: UPEK Inc.
copyright....: Copyright (C) 2001-2008 UPEK Inc.
product......: SPBA
description..: PS QL Logon Kernel
original name: homefus2.dll
internal name: HOMEFUS2
file version.: 5.8.2.4217
comments.....: n/a
signers......: UPEK Inc.
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 3:24 PM 3/25/2008
verified.....: -

C:\Program Files\TheBest Minimize to Tray\TheBestMinimizeToTray.exe

Code:

ATTFilter

Antivirus Version letzte aktualisierung Ergebnis 
a-squared 4.5.0.50 2010.01.19 - 
AhnLab-V3 5.0.0.2 2010.01.19 - 
AntiVir 7.9.1.142 2010.01.19 - 
Antiy-AVL 2.0.3.7 2010.01.19 - 
Authentium 5.2.0.5 2010.01.19 - 
Avast 4.8.1351.0 2010.01.19 - 
BitDefender 7.2 2010.01.19 - 
CAT-QuickHeal 10.00 2010.01.19 - 
ClamAV 0.94.1 2010.01.19 - 
Comodo 3637 2010.01.19 - 
eSafe 7.0.17.0 2010.01.19 - 
eTrust-Vet 35.2.7245 2010.01.19 - 
F-Prot 4.5.1.85 2010.01.18 - 
Fortinet 4.0.14.0 2010.01.19 - 
GData 19 2010.01.19 - 
Ikarus T3.1.1.80.0 2010.01.19 - 
Jiangmin 13.0.900 2010.01.19 - 
K7AntiVirus 7.10.950 2010.01.18 - 
Kaspersky 7.0.0.125 2010.01.19 - 
McAfee 5865 2010.01.18 - 
McAfee+Artemis 5865 2010.01.18 - 
McAfee-GW-Edition 6.8.5 2010.01.19 - 
Microsoft 1.5302 2010.01.19 - 
NOD32 4786 2010.01.19 - 
Norman 6.04.03 2010.01.19 - 
nProtect 2009.1.8.0 2010.01.19 - 
Panda 10.0.2.2 2010.01.19 - 
PCTools 7.0.3.5 2010.01.19 - 
Prevx 3.0 2010.01.19 - 
Rising 22.31.01.04 2010.01.19 - 
Sophos 4.49.0 2010.01.19 - 
Sunbelt 3.2.1858.2 2010.01.19 - 
Symantec 20091.2.0.41 2010.01.19 - 
TheHacker 6.5.0.6.156 2010.01.19 - 
TrendMicro 9.120.0.1004 2010.01.19 - 
VBA32 3.12.12.1 2010.01.19 - 
ViRobot 2010.1.19.2144 2010.01.19 - 
VirusBuster 5.0.21.0 2010.01.19 - 
weitere Informationen 
File size: 1708840 bytes 
MD5...: 13052595a32393aa1fc435aae1ffe6ce 
SHA1..: 8ac9205b0027730f698bfa33549e6df3144a0b72 
SHA256: cf664dbd63d350497eafc1ee06f168a1e306dce7f113c974dfae642ecfb25244 
ssdeep: 49152:uyxfE1M8lT9Wqb/T7eoIdP/s0l4RXuqr3OZhg:lfElWIHWl00yReA3OHg
 
PEiD..: - 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xc6000
timedatestamp.....: 0x4b37920e (Sun Dec 27 16:57:50 2009)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3c042 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x3e000 0xe022 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.data 0x4d000 0x8b7c 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.text1 0x56000 0x70000 0x62000 7.98 8557d29507eec0ce969f909a1aab7a28
.adata 0xc6000 0x10000 0xd000 7.01 09da9f7c4851f6421f4aa495c1738069
.data1 0xd6000 0x30000 0x15000 4.61 32016d18f3ae4b9e871ccca492c9a8d5
.pdata 0x106000 0x120000 0x118000 8.00 34a934ad6ae5e86606e5a23e29fedc58
.rsrc 0x226000 0x56e000 0x3000 3.31 f1a8a12530582ff5f7c8b67d9b476ff9

( 3 imports ) 
> KERNEL32.dll: CreateThread, GlobalUnlock, GlobalLock, GlobalAlloc, GetTickCount, WideCharToMultiByte, IsBadReadPtr, GlobalAddAtomA, GlobalAddAtomW, GetModuleHandleA, GlobalFree, GlobalGetAtomNameA, GlobalDeleteAtom, GlobalGetAtomNameW, FreeConsole, GetEnvironmentVariableA, VirtualProtect, VirtualAlloc, GetProcAddress, GetLastError, LoadLibraryA, SetLastError, SetThreadPriority, GetCurrentThread, SetEnvironmentVariableA, ReleaseMutex, WaitForSingleObject, CreateMutexA, OpenMutexA, SetErrorMode, GetCurrentThreadId, FindClose, FindFirstFileW, VirtualQueryEx, GetExitCodeProcess, ReadProcessMemory, VirtualProtectEx, ContinueDebugEvent, ResumeThread, OutputDebugStringA, OutputDebugStringW, SetThreadContext, GetThreadContext, WaitForDebugEvent, WriteProcessMemory, UnmapViewOfFile, SuspendThread, DebugActiveProcess, MapViewOfFile, DuplicateHandle, GetCurrentProcess, CreateFileMappingA, SetEvent, CreateEventA, MultiByteToWideChar, CloseHandle, CreateProcessA, GetStartupInfoA, GetCommandLineA, GetSystemTimeAsFileTime, ExitProcess, LocalFree, FlushFileBuffers, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, FormatMessageA, GetConsoleMode, GetConsoleCP, SetFilePointer, GetLocaleInfoW, GetStringTypeW, GetStringTypeA, IsValidLocale, EnumSystemLocalesA, GetLocaleInfoA, GetUserDefaultLCID, QueryPerformanceCounter, GetFileType, SetHandleCount, GetEnvironmentStringsW, Sleep, EnterCriticalSection, LeaveCriticalSection, GetVersionExA, InitializeCriticalSection, GetCurrentProcessId, GetModuleFileNameW, GetShortPathNameW, GetModuleFileNameA, CreateFileA, GetShortPathNameA, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, InterlockedIncrement, InterlockedDecrement, InterlockedExchange, DeleteCriticalSection, RtlUnwind, RaiseException, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapFree, HeapAlloc, GetProcessHeap, GetCPInfo, LCMapStringA, LCMapStringW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, WriteFile, GetStdHandle, HeapSize, GetACP, GetOEMCP, IsValidCodePage, HeapDestroy, HeapCreate, VirtualFree, HeapReAlloc
> USER32.dll: LoadStringW, IsWindow, PostMessageA, GetDesktopWindow, MoveWindow, SetPropA, EnumThreadWindows, GetPropA, GetMessageA, BeginPaint, KillTimer, GetAsyncKeyState, GetSystemMetrics, SetTimer, SetWindowTextA, GetDlgItem, CreateDialogIndirectParamA, ShowWindow, UpdateWindow, LoadStringA, EndPaint, FindWindowA, WaitForInputIdle, DestroyWindow, MessageBoxA, InSendMessage, UnpackDDElParam, FreeDDElParam, DefWindowProcW, DefWindowProcA, LoadCursorA, RegisterClassW, CreateWindowExW, RegisterClassA, CreateWindowExA, GetWindowThreadProcessId, SendMessageW, SendMessageA, PeekMessageA, TranslateMessage, DispatchMessageA, EnumWindows, IsWindowUnicode, PackDDElParam, PostMessageW
> GDI32.dll: SelectObject, BitBlt, DeleteObject, CreatePalette, CreateDCA, SelectPalette, RealizePalette, CreateDIBitmap, DeleteDC, CreateCompatibleDC

( 0 exports ) 
 
RDS...: NSRL Reference Data Set
- 
packers (F-Prot): Armadillo 
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) 
pdfid.: - 
sigcheck:
publisher....: 
copyright....: Copyright (C) 2010 IT-Services Thomas Holz
product......: TheBest Minimize to Tray
description..: TheBest Minimize to Tray
original name: TheBest Minimize to Tray.EXE
internal name: TheBest Minimize to Tray
file version.: 1, 0, 0, 1
comments.....: 
signers......: Holz Thomas
UTN-USERFirst-Object
signing date.: 5:57 PM 12/27/2009
verified.....: -

C:\Users\Florian\AppData\Roaming\SystemProc\lsass.exe

Code:

ATTFilter

Antivirus Version letzte aktualisierung Ergebnis 
a-squared 4.5.0.50 2010.01.19 Virus.Win32.Poison.HJ!IK 
AhnLab-V3 5.0.0.2 2010.01.19 - 
AntiVir 7.9.1.142 2010.01.19 - 
Antiy-AVL 2.0.3.7 2010.01.19 - 
Authentium 5.2.0.5 2010.01.19 - 
Avast 4.8.1351.0 2010.01.19 - 
AVG 9.0.0.730 2010.01.19 - 
BitDefender 7.2 2010.01.19 - 
CAT-QuickHeal 10.00 2010.01.19 - 
ClamAV 0.94.1 2010.01.19 - 
Comodo 3637 2010.01.19 - 
DrWeb 5.0.1.12222 2010.01.19 - 
eSafe 7.0.17.0 2010.01.19 - 
eTrust-Vet 35.2.7245 2010.01.19 - 
F-Prot 4.5.1.85 2010.01.18 - 
F-Secure 9.0.15370.0 2010.01.19 - 
Fortinet 4.0.14.0 2010.01.19 - 
GData 19 2010.01.19 - 
Ikarus T3.1.1.80.0 2010.01.19 Virus.Win32.Poison.HJ 
Jiangmin 13.0.900 2010.01.19 - 
K7AntiVirus 7.10.950 2010.01.18 - 
Kaspersky 7.0.0.125 2010.01.19 P2P-Worm.Win32.Agent.xm 
McAfee 5865 2010.01.18 - 
McAfee+Artemis 5865 2010.01.18 Artemis!A2620C63A9DE 
McAfee-GW-Edition 6.8.5 2010.01.19 Heuristic.BehavesLike.Win32.CodeInjection.H 
Microsoft 1.5302 2010.01.19 - 
NOD32 4786 2010.01.19 - 
Norman 6.04.03 2010.01.19 - 
nProtect 2009.1.8.0 2010.01.19 - 
Panda 10.0.2.2 2010.01.19 - 
PCTools 7.0.3.5 2010.01.19 - 
Prevx 3.0 2010.01.19 High Risk Cloaked Malware 
Rising 22.31.01.04 2010.01.19 - 
Sophos 4.49.0 2010.01.19 - 
Sunbelt 3.2.1858.2 2010.01.19 - 
Symantec 20091.2.0.41 2010.01.19 - 
TheHacker 6.5.0.6.156 2010.01.19 - 
TrendMicro 9.120.0.1004 2010.01.19 - 
VBA32 3.12.12.1 2010.01.19 SScope.Injector.MY 
ViRobot 2010.1.19.2144 2010.01.19 - 
VirusBuster 5.0.21.0 2010.01.19 - 
weitere Informationen 
File size: 110592 bytes 
MD5...: a2620c63a9de0986c99232cfbb0162b8 
SHA1..: f608947c0a05b357bfd7a1edb23065ddbb39edce 
SHA256: 9de25124270198f696ea5305127eb9502705b926273148e12a9b9f3c2d2b60fc 
ssdeep: 1536:KKEnmSHjG0U3UoB5Mm1OIVWloZT7v2FmiaX1Nny1998p4TdS5:K3DFPoB5M
2M1Nw1E1LK45S5
 
PEiD..: - 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2caf
timedatestamp.....: 0x4b4f1edc (Thu Jan 14 13:40:44 2010)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8833 0x9000 6.44 177fd3abc081d2d4d257a9ec85569962
.rdata 0xa000 0x2618 0x3000 4.64 fe7f9494e937828bdab79424e5d956e3
.data 0xd000 0x1984 0x1000 2.35 e4da601f3a41bea7124b831595a75c9a
.rsrc 0xf000 0xc318 0xd000 7.91 740b73a9375e1bdb1944ab2eaade7974

( 1 imports ) 
> KERNEL32.dll: GetProcAddress, LoadLibraryA, VirtualProtect, RtlUnwind, GetCommandLineA, HeapFree, GetVersionExA, HeapAlloc, GetProcessHeap, GetStartupInfoA, RaiseException, GetLastError, GetModuleHandleA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, DeleteCriticalSection, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, Sleep, HeapSize, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, GetCPInfo, GetACP, GetOEMCP, InitializeCriticalSection, GetLocaleInfoA, GetStringTypeA, MultiByteToWideChar, GetStringTypeW, LCMapStringA, LCMapStringW

( 0 exports ) 
 
RDS...: NSRL Reference Data Set
- 
pdfid.: - 
trid..: Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%) 
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=F1122E81004F8BE2B07C0166E603C500DAC26629' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=F1122E81004F8BE2B07C0166E603C500DAC26629</a> 
sigcheck:
publisher....: Microsoft Inc.
copyright....: Microsoft (C) 2009
product......: Windows Critical Update
description..: Microsoft Windows critical update
original name: upd03927.exe
internal name: Critical update
file version.: 1, 0, 0, 6
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

avenger.txt

Code:

ATTFilter

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Users\Florian\AppData\Roaming\SystemProc\lsass.exe" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

flo2227 · 19.01.2010, 19:34

RSIT log.txt

Code:

ATTFilter

Logfile of random's system information tool 1.06 (written by random/random)
Run by Florian at 2010-01-19 18:48:22
Microsoft® Windows Vista™ Home Premium  Service Pack 1
System drive C: has 46 GB (31%) free of 148 GB
Total RAM: 3066 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:48:44, on 19.01.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\My Lockbox\mylbx.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TheBest Minimize to Tray\TheBestMinimizeToTray.exe
C:\Program Files\TheBest Minimize to Tray\TheBestMinimizeToTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Florian\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Florian\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Florian.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_6930g
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/webhp?rls=ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_6930g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_6930g
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [Cm106Sound] RunDll32 cm106.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TQ566808] "F:\Setup.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe /a
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: TheBest Minimize to Tray.lnk = C:\Program Files\TheBest Minimize to Tray\TheBestMinimizeToTray.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix: 
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\Windows\system32\fsproflt.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12302 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{AA0E4FD6-140F-4A84-BDBB-C552488AD947}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll [2009-08-22 378736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL [2009-08-22 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-20 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-05-14 312880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-09 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2010-01-09 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-20 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-05-14 142896]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-09 263280]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll [2009-08-22 378736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-07-20 182808]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-05-07 6139904]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-25 1049896]
"eDataSecurity Loader"=C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-05-14 526896]
"eAudio"=C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [2008-05-30 544768]
"BkupTray"=C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-25 28672]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-07-18 13543968]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-07-18 92704]
"PLFSetI"=C:\Windows\PLFSetI.exe [2007-10-23 200704]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2008-06-04 817672]
"CLMLServer"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [2008-07-24 167936]
"WarReg_PopUp"=C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [2008-01-29 303104]
"ZPdtWzdVitaKey MC3000"=C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe [2008-09-24 3676160]
"Cm106Sound"=RunDll32 cm106.cpl,CMICtrlWnd []
"TQ566808"=F:\Setup.exe []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"mylbx"=C:\Program Files\My Lockbox\mylbx.exe [2009-06-03 1074864]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-04 68856]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
TheBest Minimize to Tray.lnk - C:\Program Files\TheBest Minimize to Tray\TheBestMinimizeToTray.exe

C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AWinNotifyVitaKey MC3000]
C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll [2008-09-24 3197952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\spba]
C:\Program Files\Common Files\SPBA\homefus2.dll [2008-03-25 567560]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\Acer\Acer Bio Protection\PwdFilter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableCAD"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-01-19 18:48:22 ----D---- C:\rsit
2010-01-19 18:48:22 ----D---- \rsit
2010-01-19 18:00:02 ----D---- C:\Users\Florian\AppData\Roaming\Malwarebytes
2010-01-19 17:59:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-19 17:44:28 ----D---- C:\Avenger
2010-01-19 17:44:28 ----D---- \Avenger
2010-01-19 17:44:26 ----A---- C:\avenger.txt
2010-01-19 17:44:26 ----A---- \avenger.txt
2010-01-19 15:08:54 ----D---- C:\Program Files\Trend Micro
2010-01-19 12:22:16 ----SHD---- C:\Users\Florian\AppData\Roaming\SystemProc
2010-01-18 14:30:43 ----D---- C:\Windows\Sun
2010-01-17 16:51:23 ----D---- C:\Users\Florian\AppData\Roaming\Move Networks
2010-01-16 21:43:05 ----D---- C:\Users\Florian\AppData\Roaming\Publish Providers
2010-01-16 21:25:43 ----D---- C:\Program Files\No23Recorder
2010-01-16 20:04:37 ----D---- C:\Users\Florian\AppData\Roaming\Itsth
2010-01-16 20:04:30 ----D---- C:\Program Files\TheBest Minimize to Tray
2010-01-15 09:15:31 ----D---- C:\Users\Florian\AppData\Roaming\FOG Downloader
2010-01-13 20:16:28 ----A---- C:\Windows\NeroDigital.ini
2010-01-13 19:44:42 ----D---- C:\Users\Florian\AppData\Roaming\Nero
2010-01-13 19:01:58 ----D---- C:\Program Files\Nero
2010-01-13 19:01:24 ----D---- C:\Program Files\Common Files\Nero
2010-01-13 18:21:22 ----D---- C:\Users\Florian\AppData\Roaming\Sony
2010-01-13 09:08:29 ----A---- C:\Windows\system32\t2embed.dll
2010-01-13 09:08:29 ----A---- C:\Windows\system32\fontsub.dll
2010-01-12 20:35:22 ----D---- C:\Program Files\Adobe Media Player
2010-01-12 20:31:26 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-01-12 20:26:42 ----D---- C:\Program Files\Common Files\Macrovision Shared
2010-01-12 19:29:21 ----D---- C:\Program Files\Common Files\Akamai
2010-01-12 19:27:54 ----A---- C:\Windows\system32\TURegOpt.exe
2010-01-12 19:27:53 ----A---- C:\Windows\system32\uxtuneup.dll
2010-01-12 19:27:53 ----A---- C:\Windows\system32\authuitu.dll
2010-01-12 19:26:52 ----D---- C:\Users\Florian\AppData\Roaming\TuneUp Software
2010-01-12 19:26:30 ----D---- C:\Program Files\TuneUp Utilities 2010
2010-01-12 19:20:07 ----D---- C:\Program Files\Common Files\Ahead
2010-01-12 19:20:07 ----D---- C:\Program Files\Ahead
2010-01-12 19:09:13 ----D---- C:\Program Files\Common Files\DESIGNER
2010-01-12 19:08:46 ----D---- C:\Program Files\Microsoft.NET
2010-01-12 19:05:28 ----RHD---- C:\MSOCache
2010-01-12 19:05:28 ----RHD---- \MSOCache
2010-01-12 18:59:04 ----D---- C:\Program Files\Sony
2010-01-12 11:04:36 ----A---- C:\Windows\system32\GEARAspi.dll
2010-01-12 11:04:23 ----D---- C:\Program Files\Symantec
2010-01-12 11:04:23 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-01-12 11:03:52 ----D---- C:\Program Files\Norton 360
2010-01-12 11:03:20 ----D---- C:\Program Files\NortonInstaller
2010-01-12 10:20:48 ----D---- C:\Downloads
2010-01-12 10:20:48 ----D---- \Downloads
2010-01-11 11:43:21 ----A---- C:\Windows\system32\fsproflt.exe
2010-01-11 11:43:20 ----D---- C:\Program Files\My Lockbox
2010-01-11 11:33:01 ----D---- C:\Program Files\Folder Guard
2010-01-10 13:44:46 ----D---- C:\Program Files\Microsoft
2010-01-10 13:44:31 ----D---- C:\Program Files\Windows Live SkyDrive
2010-01-10 13:44:16 ----D---- C:\Program Files\Windows Live
2010-01-10 13:43:57 ----D---- C:\Windows\PCHEALTH
2010-01-10 13:41:53 ----D---- C:\Program Files\Common Files\Windows Live
2010-01-10 13:25:04 ----A---- C:\Windows\system32\tzres.dll
2010-01-10 13:23:01 ----A---- C:\Windows\system32\jscript.dll
2010-01-10 13:21:32 ----A---- C:\Windows\system32\nshhttp.dll
2010-01-10 13:21:30 ----A---- C:\Windows\system32\httpapi.dll
2010-01-09 20:08:11 ----D---- C:\Users\Florian\AppData\Roaming\Apple Computer
2010-01-09 19:55:24 ----DC---- C:\Windows\system32\DRVSTORE
2010-01-09 19:54:27 ----D---- C:\Program Files\iPod
2010-01-09 19:54:25 ----D---- C:\Program Files\iTunes
2010-01-09 19:54:02 ----D---- C:\Program Files\Bonjour
2010-01-09 19:53:28 ----D---- C:\Program Files\QuickTime
2010-01-09 19:53:15 ----D---- C:\Program Files\Apple Software Update
2010-01-09 19:51:35 ----D---- C:\Program Files\Common Files\Apple
2010-01-09 19:36:11 ----A---- C:\Windows\system32\occache.dll
2010-01-09 19:36:11 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-09 19:36:11 ----A---- C:\Windows\system32\iepeers.dll
2010-01-09 19:36:10 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-01-09 19:36:10 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-09 19:36:10 ----A---- C:\Windows\system32\ieui.dll
2010-01-09 19:36:10 ----A---- C:\Windows\system32\iesetup.dll
2010-01-09 19:36:09 ----A---- C:\Windows\system32\wininet.dll
2010-01-09 19:36:09 ----A---- C:\Windows\system32\msfeedssync.exe
2010-01-09 19:36:09 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-09 19:36:09 ----A---- C:\Windows\system32\iesysprep.dll
2010-01-09 19:36:09 ----A---- C:\Windows\system32\iertutil.dll
2010-01-09 19:36:09 ----A---- C:\Windows\system32\iernonce.dll
2010-01-09 19:36:09 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-09 19:36:09 ----A---- C:\Windows\system32\ie4uinit.exe
2010-01-09 19:36:08 ----A---- C:\Windows\system32\urlmon.dll
2010-01-09 19:36:06 ----A---- C:\Windows\system32\mshtml.dll
2010-01-09 19:36:06 ----A---- C:\Windows\system32\ieframe.dll
2010-01-09 19:33:26 ----A---- C:\Windows\system32\msls31.dll
2010-01-09 19:33:26 ----A---- C:\Windows\system32\mshtmler.dll
2010-01-09 19:33:26 ----A---- C:\Windows\system32\mshtmled.dll
2010-01-09 19:33:26 ----A---- C:\Windows\system32\icardie.dll
2010-01-09 19:33:26 ----A---- C:\Windows\system32\corpol.dll
2010-01-09 19:33:26 ----A---- C:\Windows\system32\admparse.dll
2010-01-09 19:33:25 ----A---- C:\Windows\system32\licmgr10.dll
2010-01-09 19:33:25 ----A---- C:\Windows\system32\imgutil.dll
2010-01-09 19:33:25 ----A---- C:\Windows\system32\ieakeng.dll
2010-01-09 19:33:25 ----A---- C:\Windows\system32\dxtrans.dll
2010-01-09 19:33:25 ----A---- C:\Windows\system32\dxtmsft.dll
2010-01-09 19:33:24 ----A---- C:\Windows\system32\WinFXDocObj.exe
2010-01-09 19:33:24 ----A---- C:\Windows\system32\wextract.exe
2010-01-09 19:33:24 ----A---- C:\Windows\system32\webcheck.dll
2010-01-09 19:33:24 ----A---- C:\Windows\system32\pngfilt.dll
2010-01-09 19:33:24 ----A---- C:\Windows\system32\mstime.dll
2010-01-09 19:33:24 ----A---- C:\Windows\system32\msrating.dll
2010-01-09 19:33:24 ----A---- C:\Windows\system32\inseng.dll
2010-01-09 19:33:24 ----A---- C:\Windows\system32\ieakui.dll
2010-01-09 19:33:24 ----A---- C:\Windows\system32\ieaksie.dll
2010-01-09 19:33:24 ----A---- C:\Windows\system32\advpack.dll
2010-01-09 19:33:23 ----A---- C:\Windows\system32\vbscript.dll
2010-01-09 19:33:23 ----A---- C:\Windows\system32\url.dll
2010-01-09 19:33:23 ----A---- C:\Windows\system32\ieapfltr.dll
2010-01-09 19:33:22 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2010-01-09 19:33:22 ----A---- C:\Windows\system32\SetDepNx.exe
2010-01-09 19:33:22 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2010-01-09 19:33:22 ----A---- C:\Windows\system32\PDMSetup.exe
2010-01-09 19:33:22 ----A---- C:\Windows\system32\mshta.exe
2010-01-09 19:33:22 ----A---- C:\Windows\system32\iexpress.exe
2010-01-09 14:14:16 ----A---- C:\Windows\system32\netiohlp.dll
2010-01-09 14:14:15 ----A---- C:\Windows\system32\TCPSVCS.EXE
2010-01-09 14:14:15 ----A---- C:\Windows\system32\ROUTE.EXE
2010-01-09 14:14:15 ----A---- C:\Windows\system32\NETSTAT.EXE
2010-01-09 14:14:15 ----A---- C:\Windows\system32\MRINFO.EXE
2010-01-09 14:14:15 ----A---- C:\Windows\system32\HOSTNAME.EXE
2010-01-09 14:14:15 ----A---- C:\Windows\system32\finger.exe
2010-01-09 14:14:15 ----A---- C:\Windows\system32\ARP.EXE
2010-01-09 14:14:14 ----A---- C:\Windows\system32\netevent.dll
2010-01-09 14:13:59 ----A---- C:\Windows\system32\dciman32.dll
2010-01-09 14:13:59 ----A---- C:\Windows\system32\atmfd.dll
2010-01-09 14:13:56 ----A---- C:\Windows\system32\msxml6.dll
2010-01-09 14:13:55 ----A---- C:\Windows\system32\msxml3.dll
2010-01-09 14:13:49 ----A---- C:\Windows\system32\wlansec.dll
2010-01-09 14:13:49 ----A---- C:\Windows\system32\wlanmsm.dll
2010-01-09 14:13:49 ----A---- C:\Windows\system32\L2SecHC.dll
2010-01-09 14:13:48 ----A---- C:\Windows\system32\wlansvc.dll
2010-01-09 14:13:46 ----A---- C:\Windows\system32\winhttp.dll
2010-01-09 14:13:44 ----A---- C:\Windows\system32\WMVCORE.DLL
2010-01-09 14:13:44 ----A---- C:\Windows\system32\mf.dll
2010-01-09 14:13:41 ----A---- C:\Windows\system32\wdigest.dll
2010-01-09 14:13:41 ----A---- C:\Windows\system32\msv1_0.dll
2010-01-09 14:13:41 ----A---- C:\Windows\system32\lsasrv.dll
2010-01-09 14:13:40 ----A---- C:\Windows\system32\secur32.dll
2010-01-09 14:13:40 ----A---- C:\Windows\system32\lsass.exe
2010-01-09 14:13:37 ----A---- C:\Windows\system32\atl.dll
2010-01-09 14:13:35 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-01-09 14:13:35 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-01-09 14:13:19 ----A---- C:\Windows\system32\xolehlp.dll
2010-01-09 14:13:19 ----A---- C:\Windows\system32\msdtcprx.dll
2010-01-09 14:13:18 ----A---- C:\Windows\system32\wkssvc.dll
2010-01-09 14:13:17 ----A---- C:\Windows\system32\mstscax.dll
2010-01-09 14:13:08 ----A---- C:\Windows\system32\EncDec.dll
2010-01-09 14:13:07 ----A---- C:\Windows\system32\psisdecd.dll
2010-01-09 14:12:57 ----A---- C:\Windows\system32\localspl.dll
2010-01-09 14:12:56 ----A---- C:\Windows\system32\avifil32.dll
2010-01-09 14:12:52 ----A---- C:\Windows\system32\rpcss.dll
2010-01-09 14:12:51 ----A---- C:\Windows\system32\sdohlp.dll
2010-01-09 14:12:51 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2010-01-09 14:12:51 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2010-01-09 14:12:51 ----A---- C:\Windows\system32\iasrecst.dll
2010-01-09 14:12:51 ----A---- C:\Windows\system32\iashost.exe
2010-01-09 14:12:51 ----A---- C:\Windows\system32\iasdatastore.dll
2010-01-09 14:12:51 ----A---- C:\Windows\system32\iasads.dll
2010-01-09 14:12:45 ----A---- C:\Windows\system32\kernel32.dll
2010-01-09 14:12:45 ----A---- C:\Windows\system32\apilogen.dll
2010-01-09 14:12:45 ----A---- C:\Windows\system32\amxread.dll
2010-01-09 14:12:33 ----A---- C:\Windows\system32\wmpdxm.dll
2010-01-09 14:12:26 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-01-09 14:12:25 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-01-09 14:12:20 ----A---- C:\Windows\system32\msasn1.dll
2010-01-09 14:12:17 ----A---- C:\Windows\system32\rpcrt4.dll
2010-01-09 14:12:09 ----A---- C:\Windows\system32\rastls.dll
2010-01-09 14:12:09 ----A---- C:\Windows\system32\raschap.dll
2010-01-09 14:12:07 ----A---- C:\Windows\system32\WSDApi.dll
2010-01-09 14:12:04 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2010-01-09 14:11:35 ----A---- C:\Windows\system32\wmp.dll
2010-01-09 14:11:33 ----A---- C:\Windows\system32\unregmp2.exe
2010-01-09 14:11:31 ----A---- C:\Windows\system32\spwmp.dll
2010-01-09 14:11:30 ----A---- C:\Windows\system32\dxmasf.dll
2010-01-09 14:11:29 ----A---- C:\Windows\system32\wmploc.DLL
2010-01-09 14:11:21 ----N---- C:\Windows\system32\MpSigStub.exe
2010-01-09 13:59:20 ----A---- C:\Windows\system32\wups2.dll
2010-01-09 13:59:19 ----A---- C:\Windows\system32\wucltux.dll
2010-01-09 13:59:19 ----A---- C:\Windows\system32\wuaueng.dll
2010-01-09 13:59:19 ----A---- C:\Windows\system32\wuauclt.exe
2010-01-09 13:59:10 ----A---- C:\Windows\system32\wups.dll
2010-01-09 13:59:10 ----A---- C:\Windows\system32\wudriver.dll
2010-01-09 13:59:10 ----A---- C:\Windows\system32\wuapi.dll
2010-01-09 13:59:05 ----A---- C:\Windows\system32\wuwebv.dll
2010-01-09 13:59:05 ----A---- C:\Windows\system32\wuapp.exe
2010-01-09 11:23:21 ----D---- C:\Users\Florian\AppData\Roaming\dvdcss
2010-01-09 11:20:05 ----RA---- C:\Windows\Vmix106.dll
2010-01-09 11:20:01 ----RA---- C:\Windows\system32\c106prop.dll
2010-01-09 11:20:01 ----A---- C:\Windows\Cm106.ini.cfl
2010-01-09 11:19:54 ----RA---- C:\Windows\system32\Cmeau106.exe
2010-01-09 11:19:14 ----RA---- C:\Windows\system32\CmiInstallResAll.dll
2010-01-09 11:19:14 ----RA---- C:\Windows\Cm106.ini.cfg
2010-01-09 11:19:14 ----A---- C:\Windows\Cm106.ini.imi

======List of files/folders modified in the last 1 months======

2010-01-19 18:48:30 ----D---- C:\Windows\Temp
2010-01-19 18:03:17 ----D---- C:\Windows\System32
2010-01-19 18:03:17 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-19 18:03:16 ----D---- C:\Windows\inf
2010-01-19 17:59:56 ----D---- C:\Windows\system32\drivers
2010-01-19 17:59:52 ----HD---- C:\ProgramData
2010-01-19 17:59:52 ----HD---- \ProgramData
2010-01-19 17:59:50 ----RD---- C:\Program Files
2010-01-19 17:59:50 ----RD---- \Program Files
2010-01-19 14:52:29 ----D---- C:\Program Files\Mozilla Firefox
2010-01-19 14:43:16 ----SHD---- C:\System Volume Information
2010-01-19 14:43:16 ----SHD---- \System Volume Information
2010-01-19 14:37:38 ----D---- C:\Windows\system32\wbem
2010-01-19 14:37:38 ----D---- C:\Windows
2010-01-19 14:37:38 ----D---- \Windows
2010-01-19 14:36:42 ----D---- C:\Program Files\Microsoft Works
2010-01-19 14:36:42 ----D---- C:\Program Files\CuperUtilities StartUp Manager
2010-01-19 14:36:38 ----D---- C:\Windows\Tasks
2010-01-19 14:36:38 ----D---- C:\Windows\system32\Tasks
2010-01-19 14:36:38 ----D---- C:\Windows\system32\spool
2010-01-19 14:36:38 ----D---- C:\Windows\system32\restore
2010-01-19 14:36:38 ----D---- C:\Windows\system
2010-01-19 14:36:37 ----RSD---- C:\Windows\Media
2010-01-19 14:36:37 ----D---- C:\Windows\system32\CodeIntegrity
2010-01-19 14:36:37 ----D---- C:\Windows\system32\catroot2
2010-01-19 14:36:33 ----SHD---- C:\Windows\Installer
2010-01-19 14:36:22 ----RSD---- C:\Windows\Fonts
2010-01-19 14:36:21 ----RSD---- C:\Windows\assembly
2010-01-19 14:36:21 ----D---- C:\Users\Florian\AppData\Roaming\vlc
2010-01-19 14:36:19 ----RD---- C:\Users
2010-01-19 14:36:19 ----RD---- \Users
2010-01-19 14:36:08 ----D---- C:\Windows\registration
2010-01-19 12:07:27 ----D---- C:\Windows\Prefetch
2010-01-19 12:06:33 ----D---- C:\Windows\system32\WDI
2010-01-17 14:10:04 ----D---- C:\Windows\Debug
2010-01-16 21:25:52 ----SHD---- C:\Config.Msi
2010-01-16 21:25:52 ----SHD---- \Config.Msi
2010-01-16 21:25:49 ----SD---- C:\Users\Florian\AppData\Roaming\Microsoft
2010-01-15 18:34:04 ----D---- C:\Program Files\Launch Manager
2010-01-15 15:47:51 ----D---- C:\Program Files\Common Files\microsoft shared
2010-01-15 11:37:23 ----D---- C:\Windows\winsxs
2010-01-13 19:01:24 ----D---- C:\Program Files\Common Files
2010-01-13 10:48:56 ----D---- C:\Windows\system32\catroot
2010-01-13 10:48:29 ----D---- C:\Windows\Minidump
2010-01-13 10:12:07 ----D---- C:\Program Files\Windows Mail
2010-01-13 08:54:08 ----D---- C:\Users\Florian\AppData\Roaming\Adobe
2010-01-13 08:51:42 ----D---- C:\Program Files\Google
2010-01-12 20:52:42 ----D---- C:\Program Files\Adobe
2010-01-12 20:36:53 ----D---- C:\Program Files\Common Files\Adobe
2010-01-12 19:09:22 ----D---- C:\Program Files\Microsoft Office
2010-01-12 19:06:46 ----D---- C:\Windows\ShellNew
2010-01-12 18:04:59 ----D---- C:\Program Files\Fraps
2010-01-12 11:07:20 ----HD---- C:\Windows\system32\GroupPolicy
2010-01-12 11:00:11 ----SD---- C:\Windows\Downloaded Program Files
2010-01-11 19:28:19 ----D---- C:\Users\Florian\AppData\Roaming\teamspeak2
2010-01-11 19:28:19 ----D---- C:\Program Files\Teamspeak2_RC2
2010-01-11 14:43:34 ----D---- C:\Program Files\ICQ6.5
2010-01-11 10:54:31 ----D---- C:\Windows\Microsoft.NET
2010-01-10 17:01:27 ----D---- C:\Windows\rescache
2010-01-10 14:39:02 ----D---- C:\Windows\system32\de-DE
2010-01-10 14:38:59 ----D---- C:\Windows\system32\manifeststore
2010-01-10 14:38:59 ----D---- C:\Windows\ehome
2010-01-10 14:38:59 ----D---- C:\Windows\AppPatch
2010-01-10 14:38:58 ----D---- C:\Program Files\Windows Media Player
2010-01-09 19:56:10 ----D---- C:\Windows\system32\migration
2010-01-09 19:56:10 ----D---- C:\Program Files\Internet Explorer
2010-01-09 19:56:08 ----D---- C:\Windows\system32\en-US
2010-01-09 19:56:08 ----D---- C:\Windows\PolicyDefinitions
2010-01-09 19:32:56 ----D---- C:\Windows\SoftwareDistribution
2010-01-09 14:08:10 ----D---- C:\Program Files\Big Kahuna Reef
2010-01-04 16:17:48 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; C:\Windows\System32\Drivers\N360\0305020.00B\BHDrvx86.sys [2009-08-22 259632]
R1 ccHP;Symantec Hash Provider; C:\Windows\System32\Drivers\N360\0305020.00B\ccHPx86.sys [2009-08-22 482432]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2010-01-11 371248]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100116.002\IDSvix86.sys [2009-12-30 343088]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\N360\0305020.00B\SRTSPX.SYS [2009-08-22 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2009-08-22 25648]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\Windows\System32\Drivers\N360\0305020.00B\SYMTDI.SYS [2009-08-22 217136]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-07-18 61424]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2007-01-26 69632]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 NTIPPKernel;NTIPPKernel; \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-05-14 16944]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-05-14 60464]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-01-11 102448]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-03-25 980992]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-03-25 207872]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-05-07 2134424]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E60x86.sys [2008-05-19 47104]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2010-01-07 38224]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100118.039\NAVENG.SYS [2010-01-11 84912]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100118.039\NAVEX15.SYS [2010-01-11 1323568]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-05-05 3658752]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-06-25 44064]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-07-18 7545824]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-03-26 61440]
R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\N360\0305020.00B\SRTSP.SYS [2009-08-22 308272]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2010-01-13 124976]
R3 SYMFW;Symantec Network Filter Driver; C:\Windows\System32\Drivers\N360\0305020.00B\SYMFW.SYS [2009-08-22 89904]
R3 SYMNDISV;Symantec Network Filter Driver; C:\Windows\System32\Drivers\N360\0305020.00B\SYMNDISV.SYS [2009-08-22 48688]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-25 199472]
R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2008-04-28 50576]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
R3 USBMULCD;USB Multi-Channel Audio Device Interface; C:\Windows\system32\drivers\CM106.sys [2007-11-08 1315840]
R3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-03-25 661504]
R3 winbondcir;Winbond IR Transceiver; C:\Windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
R2 eDataSecurity Service;eDataSecurity Service; C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-05-14 500784]
R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
R2 fsproflt;FSPro Filter Service; C:\Windows\system32\fsproflt.exe [2009-05-03 73392]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-07-20 354840]
R2 IGBASVC;iGroupTec Service; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [2008-09-24 3602432]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-06 110592]
R2 N360;Norton 360; C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [2009-08-22 117640]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-07-18 196608]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2007-01-09 272024]
R2 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-12-09 1044808]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-12 655624]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-09 182768]
S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-01-12 435016]

-----------------EOF-----------------

flo2227 · 19.01.2010, 19:34

RSIT info.txt

Code:

ATTFilter

info.txt logfile of random's system information tool 1.06 2010-01-19 18:48:48

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\Setup.exe"  -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\Setup.exe"  -uninstall
Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
Acer Bio Protection
AAU 6.0.00.17-->"C:\Program Files\Acer\Acer Bio Protection\uninstall.exe"
Acer Crystal Eye Webcam 2.0.8-->C:\Program Files\InstallShield Installation Information\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}\setup.exe -runfromtemp -l0x0007 -removeonly
Acer eAudio Management-->"C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.exe" -uninstall
Acer eDataSecurity Management-->C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe -Operation UNINSTALL
Acer Empowering Technology-->"C:\Program Files\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer ePower Management-->"C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer eRecovery Management-->"C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer eSettings Management-->"C:\Program Files\InstallShield Installation Information\{13D85C14-2B85-419F-AC41-C7F21E68B25D}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer GameZone Console 2.0.1.1-->"C:\Program Files\Acer GameZone\GameConsole\unins000.exe"
Acer GridVista-->C:\Windows\GVUni.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x7  -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9  -removeonly
Acer VCM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}\setup.exe" -l0x7  -removeonly
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Recommended Settings CS4-->MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Extra Settings CS4-->MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Advertising Center-->MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D}
Agatha Christie Death on the Nile-->"C:\Program Files\Acer GameZone\Agatha Christie Death on the Nile\Uninstall.exe" "C:\Program Files\Acer GameZone\Agatha Christie Death on the Nile\install.log"
Akamai NetSession Interface-->C:\Program Files\Common Files\Akamai\uninstall.exe
Alice Greenfingers-->"C:\Program Files\Acer GameZone\Alice Greenfingers\Uninstall.exe" "C:\Program Files\Acer GameZone\Alice Greenfingers\install.log"
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x0007 -removeonly
Azada-->"C:\Program Files\Acer GameZone\Azada\Uninstall.exe" "C:\Program Files\Acer GameZone\Azada\install.log"
Backspin Billiards-->"C:\Program Files\Acer GameZone\Backspin Billiards\Uninstall.exe" "C:\Program Files\Acer GameZone\Backspin Billiards\install.log"
Big Kahuna Reef-->"C:\Program Files\Acer GameZone\Big Kahuna Reef\Uninstall.exe" "C:\Program Files\Acer GameZone\Big Kahuna Reef\install.log"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Bricks of Egypt-->"C:\Program Files\Acer GameZone\Bricks of Egypt\Uninstall.exe" "C:\Program Files\Acer GameZone\Bricks of Egypt\install.log"
Cake Mania-->"C:\Program Files\Acer GameZone\Cake Mania\Uninstall.exe" "C:\Program Files\Acer GameZone\Cake Mania\install.log"
Chicken Invaders 3-->"C:\Program Files\Acer GameZone\Chicken Invaders 3\Uninstall.exe" "C:\Program Files\Acer GameZone\Chicken Invaders 3\install.log"
Chuzzle-->"C:\Program Files\Acer GameZone\Chuzzle\Uninstall.exe" "C:\Program Files\Acer GameZone\Chuzzle\install.log"
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
CuperUtilities StartUp Manager 1.1-->"C:\Program Files\CuperUtilities StartUp Manager\unins000.exe"
CyberLink PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
CyberLink PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
Diner Dash Flo on the Go-->"C:\Program Files\Acer GameZone\Diner Dash Flo on the Go\Uninstall.exe" "C:\Program Files\Acer GameZone\Diner Dash Flo on the Go\install.log"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DolbyFiles-->MsiExec.exe /X{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}
eSobi v2-->C:\Program Files\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe -runfromtemp -l0x0407
Fraps (remove only)-->"C:\Program Files\Fraps\uninstall.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0007 -removeonly
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -IAcrZUn32z.INF
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Jewel Quest Solitaire-->"C:\Program Files\Acer GameZone\Jewel Quest Solitaire\Uninstall.exe" "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\install.log"
Kick N Rush-->"C:\Program Files\Acer GameZone\Kick N Rush\Uninstall.exe" "C:\Program Files\Acer GameZone\Kick N Rush\install.log"
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Launch Manager-->C:\Windows\UnInst32.exe QtZgAcer.UNI
Mahjong Escape Ancient China-->"C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\Uninstall.exe" "C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\install.log"
Mahjongg Artifacts-->"C:\Program Files\Acer GameZone\Mahjongg Artifacts\Uninstall.exe" "C:\Program Files\Acer GameZone\Mahjongg Artifacts\install.log"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Menu Templates - Starter Kit-->MsiExec.exe /X{B78120A0-CF84-4366-A393-4D0A59BC546C}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{59E4543A-D49D-4489-B445-473D763C79AF}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{4EA2F95F-A537-4D17-9E7F-6B3FF8D9BBE3}
Move Networks Media Player for Internet Explorer-->C:\Users\Florian\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
Movie Templates - Starter Kit-->MsiExec.exe /X{E498385E-1C51-459A-B45F-1721E37AA1A0}
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
My Lockbox 1.4 for Windows 2000/XP-->"C:\Program Files\My Lockbox\unins000.exe"
Mystery Case Files - Huntsville-->"C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville\install.log"
Mystery Solitaire - Secret Island-->"C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island\install.log"
Nero 9 Trial-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="8M01-2085-KK25-2LEE-0UHL-8MPA-6H4U-EHAL"
Nero BurnRights-->MsiExec.exe /X{7829DB6F-A066-4E40-8912-CB07887C20BB}
Nero ControlCenter-->MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}
Nero CoverDesigner-->MsiExec.exe /X{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}
Nero Disc Copy Gadget-->MsiExec.exe /X{F1861F30-3419-44DB-B2A1-C274825698B3}
Nero DiscSpeed-->MsiExec.exe /X{869200DB-287A-4DC0-B02B-2B6787FBCD4C}
Nero DriveSpeed-->MsiExec.exe /X{33CF58F5-48D8-4575-83D6-96F574E4D83A}
Nero InfoTool-->MsiExec.exe /X{FBCDFD61-7DCF-4E71-9226-873BA0053139}
Nero Installer-->MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF}
Nero PhotoSnap-->MsiExec.exe /X{9E82B934-9A25-445B-B8DF-8012808074AC}
Nero Recode-->MsiExec.exe /X{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}
Nero Rescue Agent-->MsiExec.exe /X{368BA326-73AD-4351-84ED-3C0A7A52CC53}
Nero ShowTime-->MsiExec.exe /X{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}
Nero StartSmart-->MsiExec.exe /X{7748AC8C-18E3-43BB-959B-088FAEA16FB2}
Nero Vision-->MsiExec.exe /X{43E39830-1826-415D-8BAE-86845787B54B}
Nero WaveEditor-->MsiExec.exe /X{A209525B-3377-43F4-B886-32F6B6E7356F}
NeroBurningROM-->MsiExec.exe /X{D025A639-B9C9-417D-8531-208859000AF8}
NeroExpress-->MsiExec.exe /X{595A3116-40BB-4E0F-A2E8-D7951DA56270}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
No23 Recorder-->MsiExec.exe /X{22B0E143-2B0B-435B-9F56-136A3D16065F}
Norton 360-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\7190B588\3.5.2.11\InstStub.exe /X
NTI Backup Now 5-->C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x0407
NTI Media Maker 8-->C:\Program Files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x0407
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
PhotoNow!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe"  -uninstall
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe"  -removeonly
Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9  -removeonly
Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0007 -removeonly
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
SoundTrax-->MsiExec.exe /X{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}
SPBA 5.8-->MsiExec.exe /I{ECCD28B2-8798-4D16-8126-625D728294A1}
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TheBest Minimize to Tray 1.xx-->"C:\Program Files\TheBest Minimize to Tray\unins000.exe"
Trust USB Audio-->C:\Windows\System32\Cmeau106.exe /rm /pusb106
TuneUp Utilities-->C:\Program Files\TuneUp Utilities 2010\TUInstallHelper.exe --Trigger-Uninstall
Turbo Pizza-->"C:\Program Files\Acer GameZone\Turbo Pizza\Uninstall.exe" "C:\Program Files\Acer GameZone\Turbo Pizza\install.log"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}
Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}
Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}
Vegas Pro 9.0-->MsiExec.exe /X{56415658-366E-4E28-A6BD-68EC63E560E0}
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VoiceOver Kit-->MsiExec.exe /I{6DE13770-01B7-4366-8DA6-48237793F445}
Winbond CIR Device Drivers-->MsiExec.exe /I{10F498FF-5392-4DF3-8F73-FE172A9F3800}
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}
Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Zuma Deluxe-->"C:\Program Files\Acer GameZone\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Zuma Deluxe\install.log"

=====HijackThis Backups=====

O1 - Hosts: 78.159.110.36 www.google.ch [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.com.au [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.at [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.de [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.co.za [2010-01-19]
O1 - Hosts: 78.159.110.36 us.search.yahoo.com [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.com [2010-01-19]
O1 - Hosts: 78.159.110.36 uk.search.yahoo.com [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.com.br [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.gr [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.no [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.co.uk [2010-01-19]
O1 - Hosts: 78.159.110.36 search.yahoo.com [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.it [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.be [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.ca [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.co.jp [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.dk [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.es [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.com.mx [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.ie [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.fr [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.pt [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.fi [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.se [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.nl [2010-01-19]
O4 - HKCU\..\Run: [RTHDBPL] C:\Users\Florian\AppData\Roaming\SystemProc\lsass.exe [2010-01-19]

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Florian-PC
Event Code: 7036
Message: Dienst "Windows Update" befindet sich jetzt im Status "Ausgeführt".
Record Number: 44444
Source Name: Service Control Manager
Time Written: 20100119165912.000000-000
Event Type: Informationen
User: 

Computer Name: Florian-PC
Event Code: 10029
Message: DCOM hat den Dienst TrustedInstaller mit den Argumenten "" gestartet, um den Server auszuführen:
{752073A1-23F2-4396-85F0-8FDB879ED0ED}
Record Number: 44445
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100119170026.000000-000
Event Type: Informationen
User: 

Computer Name: Florian-PC
Event Code: 7036
Message: Dienst "Windows Modules Installer" befindet sich jetzt im Status "Ausgeführt".
Record Number: 44446
Source Name: Service Control Manager
Time Written: 20100119170026.000000-000
Event Type: Informationen
User: 

Computer Name: Florian-PC
Event Code: 7036
Message: Dienst "Windows Modules Installer" befindet sich jetzt im Status "Beendet".
Record Number: 44447
Source Name: Service Control Manager
Time Written: 20100119171027.000000-000
Event Type: Informationen
User: 

Computer Name: Florian-PC
Event Code: 7036
Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Beendet".
Record Number: 44448
Source Name: Service Control Manager
Time Written: 20100119171642.000000-000
Event Type: Informationen
User: 

=====Application event log=====

Computer Name: Florian-PC
Event Code: 1
Message: Der Zertifikatdiensteclient wurde erfolgreich gestartet.
Record Number: 5814
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20100119165804.389883-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: Florian-PC
Event Code: 10
Message: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Record Number: 5815
Source Name: Microsoft-Windows-WMI
Time Written: 20100119165817.000000-000
Event Type: Fehler
User: 

Computer Name: Florian-PC
Event Code: 1001
Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden entfernt. Die Daten enthalten die neuen Werte der Registrierungseinträge "Last Counter" und "Last Help".
Record Number: 5816
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100119170316.000000-000
Event Type: Informationen
User: 

Computer Name: Florian-PC
Event Code: 1000
Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden erfolgreich geladen. Die Eintragsdaten im Datenbereich enthalten die neuen Indexwerte, die diesem Dienst zugeordnet sind.
Record Number: 5817
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100119170317.000000-000
Event Type: Informationen
User: 

Computer Name: Florian-PC
Event Code: 5
Message: Unsupported service control request (see data below)
Record Number: 5818
Source Name: LightScribeService
Time Written: 20100119174847.000000-000
Event Type: Informationen
User: 

=====Security event log=====

Computer Name: Florian-PC
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
	Sicherheits-ID:		S-1-5-21-3603621761-1272723961-2709685194-1000
	Kontoname:		Florian
	Kontodomäne:		Florian-PC
	Anmelde-ID:		0x46b79

Berechtigungen:		SeSecurityPrivilege
			SeTakeOwnershipPrivilege
			SeLoadDriverPrivilege
			SeBackupPrivilege
			SeRestorePrivilege
			SeDebugPrivilege
			SeSystemEnvironmentPrivilege
			SeImpersonatePrivilege
Record Number: 7302
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100119165705.421883-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: Florian-PC
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		FLORIAN-PC$
	Kontodomäne:		WORKGROUP
	Anmelde-ID:		0x3e7
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Zielserver:
	Zielservername:	localhost
	Weitere Informationen:	localhost

Prozessinformationen:
	Prozess-ID:		0x2c8
	Prozessname:		C:\Windows\System32\services.exe

Netzwerkinformationen:
	Netzwerkadresse:	-
	Port:			-

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden.  Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 7303
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100119170026.418883-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: Florian-PC
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		FLORIAN-PC$
	Kontodomäne:		WORKGROUP
	Anmelde-ID:		0x3e7

Anmeldetyp:			5

Neue Anmeldung:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e7
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Prozessinformationen:
	Prozess-ID:		0x2c8
	Prozessname:		C:\Windows\System32\services.exe

Netzwerkinformationen:
	Arbeitsstationsname:	
	Quellnetzwerkadresse:	-
	Quellport:		-

Detaillierte Authentifizierungsinformationen:
	Anmeldeprozess:		Advapi  
	Authentifizierungspaket:	Negotiate
	Übertragene Dienste:	-
	Paketname (nur NTLM):	-
	Schlüssellänge:		0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
	 - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
	- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
	- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
	- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 7304
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100119170026.418883-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: Florian-PC
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e7

Berechtigungen:		SeAssignPrimaryTokenPrivilege
			SeTcbPrivilege
			SeSecurityPrivilege
			SeTakeOwnershipPrivilege
			SeLoadDriverPrivilege
			SeBackupPrivilege
			SeRestorePrivilege
			SeDebugPrivilege
			SeAuditPrivilege
			SeSystemEnvironmentPrivilege
			SeImpersonatePrivilege
Record Number: 7305
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100119170026.418883-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: Florian-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:	\Device\HarddiskVolume2\Windows\System32\drivers\mbamswissarmy.sys	
Record Number: 7306
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100119170137.612883-000
Event Type: Überwachung gescheitert
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"Pathtem"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64
"NTIPath"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\;
"RGSCLauncher"=C:\Program Files\Rockstar Games\Rockstar Games Social Club
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_0_0_0
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

MAM ist bei rund 140000 Dateien (dürfte etwa 600000 Dateien haben würde rund 4 Std. dauern:O) abgestürzt und GMER verursacht Bluescreen!

Chris4You · 19.01.2010, 20:01

Hi,

shit... Dann probieren wir Dr. Web und Rootrepealer...
Schaue gleich noch das RSIT-Log durch (solange der Akku vom Notebook noch hält.. ;o)...

Fixe noch mit HJ und poste (wenn noch nicht geschehen..)

Dr. Web/Cureit:
http://www.trojaner-board.de/59299-a...eb-cureit.html

RootRepeal

Lade bitte RootkitRevealer (http://technet.microsoft.com/de-de/s.../bb897445.aspx) runter und entpacke das Archiv in einen eigenen Ordner, z.B. C:\programme\rootkitrevealer.

Starte in diesem Ordner RootkitReavealer.exe. Alle anderen Programme schließen.

Starte durch Klick auf "Scan".

Wenn der Scan fertig ist das Logfile mit File -> Save abspeichern, und hier im forum posten.

chris
Ps.: Auf die Schnelle nichts gefunden, das versteckte Verzeichnis des netten Teils ist noch da...
2010-01-19 12:22:16 ----SHD---- C:\Users\Florian\AppData\Roaming\SystemProc
Ist versteckt (hidden), System...

flo2227 · 19.01.2010, 20:11

HijackThis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:08:12, on 19.01.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\My Lockbox\mylbx.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TheBest Minimize to Tray\TheBestMinimizeToTray.exe
C:\Program Files\TheBest Minimize to Tray\TheBestMinimizeToTray.exe
C:\Users\Florian\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_6930g
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/webhp?rls=ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_6930g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_6930g
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [Cm106Sound] RunDll32 cm106.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TQ566808] "F:\Setup.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe /a
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: TheBest Minimize to Tray.lnk = C:\Program Files\TheBest Minimize to Tray\TheBestMinimizeToTray.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix: 
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\Windows\system32\fsproflt.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11988 bytes

Chris4You · 19.01.2010, 20:24

Hi,

HJ sieht gut aus, kennst Du das hier:
C:\Program Files\My Lockbox\mylbx.exe

chris

flo2227 · 19.01.2010, 20:33

Ja kenn ich das ist ein Tool zum schützen von Ordnern mit Passwort.
Google geht wieder nur das Sicherheitscenter kann ich immer noch nicht aktivieren.
Sagt mir immer "Der Sicherheitsdienst konnte nicht gestartet werden"!
Den kompletten Systemscan werde ich wohl gleich starten dürfte allerdings knapp 4 Std. dauern.

MfG Flo

Chris4You · 19.01.2010, 21:36

Hi,

Sicherheitscenter wiederbeleben:

Wenn sich das Sicherheitscenter nicht starten lässt, steht wahrscheinlich der Dienst auf "disabled"
Öffne eine Commandline-Shell mit Adminrechten. Am einfachsten Du erstellst eine entsprechende Verknüpfung auf dem Desktop. Ziel der Verknüpfung ist "C:\Windows\System32\cmd.exe". Ausführen als Administrator ankreuzen nicht vergessen... Starte über die Verknüpfung die CMD und gib ein:

Code:

ATTFilter

sc config wscsvc start=auto
net start wscsvc

(Nach jeder Zeile return drücken!)

chris

flo2227 · 20.01.2010, 08:04

Also habe über nacht nen Dr. Web scan gemacht hat knapp 10 Stunden gedauert und wollte grad den bericht speichern dann gabs nen bluescreen("bad_pool_header")!
Hatte einige sachen entdeckt habe alles löschen lassen!
Das mit Sicherheitscenter aktivieren hat geklappt nur er sagt mir immer das mein Norton nicht aktiviert sei obwohl es als aktiv angezeigt wird!
Der Rootkitrevealer hat auch nciht funktioniert bzw hat immer eigenes fenster geöffnet und sich dann aufgehängt.
Is mein Pc nun wieder save oder sollte ich noch einige Tests machen?
Muss eig gang sicher sein da ich von hier Bankgeschäfte etc. machen.

Schonmal Danke

Flo

Chris4You · 20.01.2010, 08:27

Hi,

bei Norton kenne ich mich nicht aus, wir lassen OTL mal in der Registry schauen.

Was hat CureIT alles gefunden. Davon ist abhängig ob Du Bankgeschäfte machen kannst... Wurde z. B. ein Backdoor gefunden, so ist Neuaufsetzen angesagt, da jemand vollen Zugriff auf Deinen Rechner hatte (und damit irgendwelche Manipulationen durchgeführt hat, die wir nicht kennen)...

Das mit den Bluescreens und den nicht laufenden Rootkitdetektoren ist schon,, hmm, auffällig...

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

* Doppelklick auf die OTL.exe
* Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
* Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
* Unter Extra Registry, wähle bitte Use SafeList
* Klicke nun auf Run Scan links oben
* Wenn der Scan beendet wurde werden 2 Logfiles erstellt
* Poste die Logfiles hier in den Thread.

Avira, Antirootkit
Downloade Avira Antirootkit und Scanne dein system, poste das logfile.
http://dl.antivir.de/down/windows/antivir_rootkit.zip

Dann solltest Du auf jeden Fall noch auf SP2 updaten:
http://www.chip.de/downloads/Windows..._33360511.html

chris

flo2227 · 20.01.2010, 08:36

OTL.txt

Code:

ATTFilter

OTL logfile created on: 20.01.2010 08:29:32 - Run 1
OTL by OldTimer - Version 3.1.25.2     Folder = C:\Users\Florian\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 44,32 Gb Free Space | 30,77% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 132,85 Gb Free Space | 94,56% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: FLORIAN-PC
Current User Name: Florian
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Florian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Florian\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\TheBest Minimize to Tray\TheBestMinimizeToTray.exe ()
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Norton 360\Engine\3.5.2.11\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\System32\fsproflt.exe (FSPro Labs)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
PRC - C:\Programme\Synaptics\SynTP\SynTPHelper.exe (Synaptics, Inc.)
PRC - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Programme\Common Files\SPBA\upeksvr.exe (UPEK Inc.)
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\ACER\Mobility Center\MobilityService.exe ()
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)
PRC - C:\Programme\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Programme\Cyberlink\Shared files\RichVideo.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Florian\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\TheBest Minimize to Tray\TheBestMinimizeToTray_Helper.dll ()
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SGAXJ) -- C:\Users\Florian\AppData\Local\Temp\SGAXJ.exe (Sysinternals - www.sysinternals.com)
SRV - (BOMHVZHN) -- C:\Users\Florian\AppData\Local\Temp\BOMHVZHN.exe (Sysinternals - www.sysinternals.com)
SRV - (CJZUSFUC) -- C:\Users\Florian\AppData\Local\Temp\CJZUSFUC.exe (Sysinternals - www.sysinternals.com)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Akamai) -- C:/Program Files/Common Files/Akamai/rswin_3629.dll ()
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe (Symantec Corporation)
SRV - (fsproflt) -- C:\Windows\System32\fsproflt.exe (FSPro Labs)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (IGBASVC) -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (nvsvc) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (XAudioService) -- C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)
SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- C:\Program Files\Cyberlink\Shared files\RichVideo.exe ()
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100119.008\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100119.008\NAVENG.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\IDSvix86.sys (Symantec Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (USBAAPL) -- C:\Windows\System32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (ccHP) -- C:\Windows\System32\Drivers\N360\0305020.00B\ccHPx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0305020.00B\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\N360\0305020.00B\SRTSP.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Windows\System32\Drivers\N360\0305020.00B\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\N360\0305020.00B\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\N360\0305020.00B\SYMFW.SYS (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\N360\0305020.00B\SYMNDISV.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0305020.00B\SRTSPX.SYS (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (AlfaFF) -- C:\Windows\system32\Drivers\AlfaFF.sys (Alfa Corporation)
DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (FSProFilter) -- C:\Windows\System32\Drivers\FSPFltd.sys (FSPro Labs)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.)
DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NTIPPKernel) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.)
DRV - (USBMULCD) -- C:\Windows\System32\drivers\CM106.sys (C-Media Inc)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (mdmxsdk) -- C:\Windows\System32\drivers\mdmxsdk.sys (Conexant)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_6930g
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_6930g
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_6930g
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/webhp?rls=ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {8CE11043-9A15-4207-A565-0C94C42D590D}:1.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.12 18:15:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.01.12 19:09:53 | 00,000,000 | ---D | M]
 
[2009.03.20 11:09:34 | 00,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions
[2009.03.20 11:09:34 | 00,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010.01.19 14:42:35 | 00,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\6q3m3tw8.default\extensions
[2010.01.20 07:33:43 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.19 12:22:14 | 00,000,000 | ---D | M] (Internal security) -- C:\Programme\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
[2008.03.15 14:56:14 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2008.10.13 19:34:40 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2008.02.19 15:40:48 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2006.12.03 16:59:22 | 00,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2006.11.17 12:19:24 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.01.19 17:54:34 | 00,000,002 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\3.5.2.11\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Cm106Sound]  File not found
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TQ566808] F:\Setup.exe File not found
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab (Symantec Configuration Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Programme\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O20 - Winlogon\Notify\spba: DllName - C:\Program Files\Common Files\SPBA\homefus2.dll - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Florian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Florian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.01.20 08:28:28 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe
[2010.01.19 20:56:19 | 00,000,000 | ---D | C] -- C:\Users\Florian\DoctorWeb
[2010.01.19 20:13:17 | 00,000,000 | ---D | C] -- C:\Programme\Rootkit
[2010.01.19 18:48:22 | 00,000,000 | ---D | C] -- C:\rsit
[2010.01.19 18:48:22 | 00,000,000 | ---D | C] -- \rsit
[2010.01.19 18:00:02 | 00,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Malwarebytes
[2010.01.19 17:59:56 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.01.19 17:59:52 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.01.19 17:59:50 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.01.19 17:59:50 | 00,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.01.19 17:44:28 | 00,000,000 | ---D | C] -- C:\Avenger
[2010.01.19 17:44:28 | 00,000,000 | ---D | C] -- \Avenger
[2010.01.19 15:08:54 | 00,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.01.19 12:22:16 | 00,000,000 | -HSD | C] -- C:\Users\Florian\AppData\Roaming\SystemProc
[2010.01.19 12:12:56 | 00,000,000 | ---D | C] -- C:\Users\Florian\Option
[2010.01.18 14:30:43 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2010.01.17 17:02:47 | 00,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\Nero
[2010.01.17 16:51:23 | 00,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Move Networks
[2010.01.16 21:43:05 | 00,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Publish Providers
[2010.01.16 21:25:43 | 00,000,000 | ---D | C] -- C:\Programme\No23Recorder
[2010.01.16 20:04:37 | 00,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Itsth
[2010.01.16 20:04:30 | 00,000,000 | ---D | C] -- C:\Programme\TheBest Minimize to Tray
[2010.01.15 09:15:31 | 00,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\FOG Downloader
[2010.01.13 19:44:42 | 00,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Nero
[2010.01.13 19:01:58 | 00,000,000 | ---D | C] -- C:\Programme\Nero
[2010.01.13 19:01:24 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\Nero
[2010.01.13 19:01:24 | 00,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010.01.13 18:28:10 | 00,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\Ahead
[2010.01.13 18:21:22 | 00,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Sony
[2010.01.13 18:21:22 | 00,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\Sony
[2010.01.13 09:08:29 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.01.13 09:08:29 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.01.13 09:05:07 | 00,310,320 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\SymEFA.sys
[2010.01.13 09:05:07 | 00,217,136 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\symtdi.sys
[2010.01.13 09:05:07 | 00,089,904 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\symfw.sys
[2010.01.13 09:05:07 | 00,048,688 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\symndisv.sys
[2010.01.13 09:05:07 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\srtspx.sys
[2010.01.13 09:05:07 | 00,036,400 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\symndis.sys
[2010.01.13 09:05:07 | 00,033,072 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\symids.sys
[2010.01.13 09:05:06 | 00,308,272 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\srtsp.sys
[2010.01.13 09:05:05 | 00,482,432 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\cchpx86.sys
[2010.01.13 09:05:05 | 00,259,632 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\BHDrvx86.sys
[2010.01.13 09:04:15 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0305020.00B
[2010.01.12 20:57:34 | 00,000,000 | ---D | C] -- C:\Users\Florian\Documents\OneNote-Notizbücher
[2010.01.12 20:50:04 | 00,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010.01.12 20:35:22 | 00,000,000 | ---D | C] -- C:\Programme\Adobe Media Player
[2010.01.12 20:31:26 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe AIR
[2010.01.12 20:26:42 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\Macrovision Shared
[2010.01.12 19:29:21 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\Akamai
[2010.01.12 19:27:54 | 00,030,536 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2010.01.12 19:27:53 | 00,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.01.12 19:27:53 | 00,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.01.12 19:26:52 | 00,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\TuneUp Software
[2010.01.12 19:26:30 | 00,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2010
[2010.01.12 19:26:01 | 00,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2010.01.12 19:25:23 | 00,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.01.12 19:22:36 | 00,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2010.01.12 19:20:07 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\Ahead
[2010.01.12 19:20:07 | 00,000,000 | ---D | C] -- C:\Programme\Ahead
[2010.01.12 19:09:13 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER
[2010.01.12 19:08:46 | 00,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2010.01.12 19:06:00 | 00,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\Microsoft Help
[2010.01.12 19:05:28 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2010.01.12 19:05:28 | 00,000,000 | RH-D | C] -- \MSOCache
[2010.01.12 18:59:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Sony
[2010.01.12 18:59:04 | 00,000,000 | ---D | C] -- C:\Programme\Sony
[2010.01.12 11:04:36 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010.01.12 11:04:36 | 00,023,848 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2010.01.12 11:04:35 | 00,000,000 | ---D | C] -- C:\ProgramData\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2010.01.12 11:04:28 | 00,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\Downloaded Installations
[2010.01.12 11:04:27 | 00,025,648 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2010.01.12 11:04:23 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010.01.12 11:04:23 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\Symantec Shared
[2010.01.12 11:04:23 | 00,000,000 | ---D | C] -- C:\Programme\Symantec
[2010.01.12 11:03:54 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2010.01.12 11:03:52 | 00,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010.01.12 11:03:52 | 00,000,000 | ---D | C] -- C:\Programme\Norton 360
[2010.01.12 11:03:51 | 00,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010.01.12 11:03:20 | 00,000,000 | ---D | C] -- C:\Programme\NortonInstaller
[2010.01.12 11:03:20 | 00,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010.01.12 10:20:48 | 00,000,000 | ---D | C] -- C:\Downloads
[2010.01.12 10:20:48 | 00,000,000 | ---D | C] -- \Downloads
[2010.01.11 11:43:21 | 00,073,392 | ---- | C] (FSPro Labs) -- C:\Windows\System32\fsproflt.exe
[2010.01.11 11:43:20 | 00,043,792 | ---- | C] (FSPro Labs) -- C:\Windows\System32\drivers\FSPFltd.sys
[2010.01.11 11:43:20 | 00,000,000 | ---D | C] -- C:\Programme\My Lockbox
[2010.01.11 11:33:01 | 00,000,000 | ---D | C] -- C:\Programme\Folder Guard
[2010.01.10 13:45:13 | 00,000,000 | ---D | C] -- C:\Users\Florian\Tracing
[2010.01.10 13:44:46 | 00,000,000 | ---D | C] -- C:\Programme\Microsoft
[2010.01.10 13:44:31 | 00,000,000 | ---D | C] -- C:\Programme\Windows Live SkyDrive
[2010.01.10 13:44:16 | 00,000,000 | ---D | C] -- C:\Programme\Windows Live
[2010.01.10 13:43:57 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.01.10 13:41:53 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\Windows Live
[2010.01.10 13:25:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.01.10 13:23:01 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.01.10 13:21:32 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010.01.10 13:21:30 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010.01.09 20:08:11 | 00,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Apple Computer
[2010.01.09 20:08:11 | 00,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\Apple Computer
[2010.01.09 19:55:24 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010.01.09 19:54:27 | 00,000,000 | ---D | C] -- C:\Programme\iPod
[2010.01.09 19:54:25 | 00,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.01.09 19:54:25 | 00,000,000 | ---D | C] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010.01.09 19:54:02 | 00,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.01.09 19:53:28 | 00,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.01.09 19:53:27 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.01.09 19:53:16 | 00,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\Apple
[2010.01.09 19:53:15 | 00,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2010.01.09 19:51:35 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\Apple
[2010.01.09 19:51:35 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.01.09 19:36:11 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.01.09 19:36:11 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.01.09 19:36:11 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.01.09 19:36:10 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.01.09 19:36:10 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.01.09 19:36:10 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.01.09 19:36:10 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.01.09 19:36:09 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.01.09 19:36:09 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.01.09 19:36:09 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.01.09 19:36:09 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.01.09 19:36:09 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.01.09 19:36:09 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.01.09 19:36:08 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.01.09 19:33:26 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010.01.09 19:33:26 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010.01.09 19:33:26 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010.01.09 19:33:26 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2010.01.09 19:33:25 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010.01.09 19:33:25 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010.01.09 19:33:25 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010.01.09 19:33:25 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.01.09 19:33:25 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010.01.09 19:33:24 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.01.09 19:33:24 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010.01.09 19:33:24 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2010.01.09 19:33:24 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010.01.09 19:33:24 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010.01.09 19:33:24 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2010.01.09 19:33:24 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010.01.09 19:33:24 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010.01.09 19:33:24 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010.01.09 19:33:23 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.01.09 19:33:23 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.01.09 19:33:23 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010.01.09 19:33:22 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010.01.09 19:33:22 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.01.09 19:33:22 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010.01.09 19:33:22 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2010.01.09 19:33:22 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010.01.09 19:33:22 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010.01.09 19:33:22 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2010.01.09 14:14:16 | 00,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2010.01.09 14:14:15 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2010.01.09 14:14:15 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2010.01.09 14:14:15 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2010.01.09 14:14:15 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2010.01.09 14:14:15 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2010.01.09 14:14:15 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2010.01.09 14:14:15 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2010.01.09 14:14:14 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010.01.09 14:13:59 | 00,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.01.09 14:13:59 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2010.01.09 14:13:49 | 00,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2010.01.09 14:13:49 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2010.01.09 14:13:49 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2010.01.09 14:13:44 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010.01.09 14:13:44 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2010.01.09 14:13:41 | 01,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.01.09 14:13:35 | 03,597,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.01.09 14:13:35 | 03,546,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.01.09 14:13:19 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2010.01.09 14:13:19 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2010.01.09 14:13:15 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2010.01.09 14:13:08 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2010.01.09 14:13:08 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2010.01.09 14:13:07 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010.01.09 14:13:06 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.01.09 14:13:06 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.01.09 14:12:57 | 00,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2010.01.09 14:12:56 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.01.09 14:12:51 | 00,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010.01.09 14:12:51 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2010.01.09 14:12:51 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2010.01.09 14:12:51 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2010.01.09 14:12:51 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2010.01.09 14:12:51 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010.01.09 14:12:51 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2010.01.09 14:12:45 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2010.01.09 14:12:45 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2010.01.09 14:12:42 | 02,035,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.01.09 14:12:31 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2010.01.09 14:12:31 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2010.01.09 14:12:26 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010.01.09 14:12:25 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010.01.09 14:12:09 | 00,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2010.01.09 14:12:09 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010.01.09 14:12:07 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2010.01.09 14:12:04 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2010.01.09 14:11:33 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2010.01.09 14:11:31 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2010.01.09 14:11:30 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2010.01.09 14:11:30 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2010.01.09 14:11:29 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.01.09 14:11:21 | 00,181,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.01.09 13:59:20 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010.01.09 13:59:19 | 02,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010.01.09 13:59:10 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010.01.09 13:59:10 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010.01.09 13:59:10 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010.01.09 13:59:05 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010.01.09 13:59:05 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010.01.09 11:23:21 | 00,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\dvdcss
[2010.01.09 11:20:05 | 00,712,704 | R--- | C] (Sensaura Ltd) -- C:\Windows\System\a3d106pu.dll
[2010.01.09 11:20:04 | 00,712,704 | R--- | C] (Sensaura Ltd) -- C:\Windows\System\a3d.dll
[2010.01.09 11:20:01 | 06,475,776 | R--- | C] (C-Media Corporation) -- C:\Windows\System\CM106.cpl
[2010.01.09 11:20:01 | 00,032,768 | R--- | C] (C-Media Electronics Inc.) -- C:\Windows\System32\c106prop.dll
[2010.01.09 11:19:17 | 01,315,840 | ---- | C] (C-Media Inc) -- C:\Windows\System32\drivers\CM106.sys
[2010.01.09 11:19:17 | 00,315,392 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\System\fltr106.dll
[2008.07.22 09:01:25 | 00,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2007.08.13 17:46:00 | 00,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Florian\AppData\Local\CDRip.dll
[2007.01.18 21:09:54 | 00,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Florian\AppData\Local\No23 Recorder.exe
[2006.12.11 19:13:14 | 00,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Florian\AppData\Local\basscd.dll
[2006.12.11 19:13:12 | 00,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Florian\AppData\Local\bass.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.01.20 08:29:49 | 02,097,152 | -HS- | M] () -- C:\Users\Florian\NTUSER.DAT
[2010.01.20 08:28:35 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe
[2010.01.20 08:15:42 | 01,755,776 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\Cat.DB
[2010.01.20 07:45:45 | 00,001,659 | ---- | M] () -- C:\Users\Florian\Desktop\Command Prompt.lnk
[2010.01.20 07:39:42 | 00,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.01.20 07:39:41 | 01,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.01.20 07:39:41 | 00,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.01.20 07:39:41 | 00,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.01.20 07:39:41 | 00,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.01.20 07:34:26 | 00,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010.01.20 07:34:07 | 00,028,029 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.01.20 07:33:33 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.01.20 07:33:33 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.01.20 07:33:30 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.01.20 07:33:27 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.01.20 07:33:11 | 32,158,47424 | -HS- | M] () -- C:\hiberfil.sys
[2010.01.20 07:33:10 | 29,263,8448 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.01.19 22:54:48 | 00,000,680 | ---- | M] () -- C:\Users\Florian\AppData\Local\d3d9caps.dat
[2010.01.19 22:54:43 | 00,000,552 | ---- | M] () -- C:\Users\Florian\AppData\Local\d3d8caps.dat
[2010.01.19 20:51:00 | 13,310,5330 | ---- | M] () -- C:\Windows\System32\LO
[2010.01.19 20:50:58 | 00,524,288 | -HS- | M] () -- C:\Users\Florian\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.01.19 20:50:58 | 00,065,536 | -HS- | M] () -- C:\Users\Florian\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.01.19 20:49:30 | 02,418,686 | -H-- | M] () -- C:\Users\Florian\AppData\Local\IconCache.db
[2010.01.19 20:43:06 | 00,028,029 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.01.19 18:55:55 | 00,293,376 | ---- | M] () -- C:\Users\Florian\Desktop\vrr0quof.exe
[2010.01.19 18:47:59 | 00,781,909 | ---- | M] () -- C:\Users\Florian\Desktop\RSIT.exe
[2010.01.19 18:00:00 | 00,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.01.19 17:54:34 | 00,000,002 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.01.19 17:39:33 | 00,731,136 | ---- | M] () -- C:\Users\Florian\Desktop\avenger.exe
[2010.01.19 15:14:04 | 00,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AA0E4FD6-140F-4A84-BDBB-C552488AD947}.job
[2010.01.19 15:08:55 | 00,001,878 | ---- | M] () -- C:\Users\Florian\Desktop\HijackThis.lnk
[2010.01.18 20:25:04 | 00,001,473 | ---- | M] () -- C:\Users\Florian\AppData\Local\RecConfig.xml
[2010.01.17 18:27:12 | 00,057,344 | ---- | M] () -- C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.17 17:03:01 | 00,000,187 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\default.rss
[2010.01.17 17:02:47 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.01.16 21:25:47 | 00,000,785 | ---- | M] () -- C:\Users\Florian\Desktop\No23 Recorder.lnk
[2010.01.16 20:04:32 | 00,001,957 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TheBest Minimize to Tray.lnk
[2010.01.16 20:04:32 | 00,000,901 | ---- | M] () -- C:\Users\Public\Desktop\TheBest Minimize to Tray.lnk
[2010.01.15 16:58:36 | 00,071,352 | ---- | M] () -- C:\Users\Florian\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.01.15 16:58:13 | 00,008,224 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2010.01.15 16:56:28 | 02,229,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.01.15 15:15:52 | 00,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.01.14 11:12:06 | 00,181,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.01.13 19:03:20 | 00,002,519 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2010.01.13 10:48:48 | 00,002,144 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2010.01.13 09:05:08 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010.01.13 09:05:08 | 00,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010.01.13 09:05:08 | 00,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010.01.13 09:04:15 | 00,009,412 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\symnetv.cat
[2010.01.13 09:04:15 | 00,001,562 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\SymNetV.inf
[2010.01.13 09:04:15 | 00,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\isolate.ini
[2010.01.12 20:57:34 | 00,001,161 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2010.01.12 20:57:27 | 00,002,617 | ---- | M] () -- C:\Users\Florian\Desktop\Microsoft Office OneNote.lnk
[2010.01.12 20:57:22 | 00,002,707 | ---- | M] () -- C:\Users\Florian\Desktop\Microsoft Office PowerPoint.lnk
[2010.01.12 20:51:01 | 00,000,992 | ---- | M] () -- C:\Users\Florian\Desktop\Photoshop.lnk
[2010.01.12 19:27:49 | 00,001,857 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.01.12 19:13:24 | 00,002,687 | ---- | M] () -- C:\Users\Florian\Desktop\Microsoft Office Excel.lnk
[2010.01.12 19:11:02 | 00,002,681 | ---- | M] () -- C:\Users\Florian\Desktop\Microsoft Office Word.lnk
[2010.01.12 18:59:37 | 00,001,789 | ---- | M] () -- C:\Users\Public\Desktop\Vegas Pro 9.0.lnk
[2010.01.12 17:57:49 | 00,000,764 | ---- | M] () -- C:\Users\Florian\Desktop\Fraps.lnk
[2010.01.12 11:07:20 | 00,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.01.11 11:43:21 | 00,000,809 | ---- | M] () -- C:\Users\Florian\Desktop\My Lockbox.lnk
[2010.01.09 19:53:44 | 00,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.01.09 13:10:11 | 00,000,104 | ---- | M] () -- C:\Users\Florian\Desktop\Papierkorb.lnk
[2010.01.09 12:20:55 | 00,001,554 | ---- | M] () -- C:\Windows\Cm106.ini.imi
[2010.01.09 11:20:05 | 00,000,278 | ---- | M] () -- C:\Windows\Cm106.ini.cfl
[2010.01.09 11:20:01 | 00,000,111 | ---- | M] () -- C:\Windows\System\Dlap.pfx
[2010.01.09 11:19:14 | 00,000,696 | ---- | M] () -- C:\Windows\System\Cm106.ini
[2010.01.07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.01.07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2010.01.20 07:45:45 | 00,001,659 | ---- | C] () -- C:\Users\Florian\Desktop\Command Prompt.lnk
[2010.01.20 07:33:11 | 32,158,47424 | -HS- | C] () -- C:\hiberfil.sys
[2010.01.20 07:33:11 | 32,158,47424 | -HS- | C] () -- 
[2010.01.19 22:54:48 | 00,000,680 | ---- | C] () -- C:\Users\Florian\AppData\Local\d3d9caps.dat
[2010.01.19 22:54:43 | 00,000,552 | ---- | C] () -- C:\Users\Florian\AppData\Local\d3d8caps.dat
[2010.01.19 20:26:05 | 13,310,5330 | ---- | C] () -- C:\Windows\System32\LO
[2010.01.19 18:55:51 | 00,293,376 | ---- | C] () -- C:\Users\Florian\Desktop\vrr0quof.exe
[2010.01.19 18:47:53 | 00,781,909 | ---- | C] () -- C:\Users\Florian\Desktop\RSIT.exe
[2010.01.19 18:00:00 | 00,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.01.19 17:44:26 | 00,001,060 | ---- | C] () -- \avenger.txt
[2010.01.19 17:39:26 | 00,731,136 | ---- | C] () -- C:\Users\Florian\Desktop\avenger.exe
[2010.01.19 15:08:55 | 00,001,878 | ---- | C] () -- C:\Users\Florian\Desktop\HijackThis.lnk
[2010.01.16 21:34:10 | 00,001,473 | ---- | C] () -- C:\Users\Florian\AppData\Local\RecConfig.xml
[2010.01.16 21:25:47 | 00,000,785 | ---- | C] () -- C:\Users\Florian\Desktop\No23 Recorder.lnk
[2010.01.16 20:04:32 | 00,001,957 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TheBest Minimize to Tray.lnk
[2010.01.16 20:04:32 | 00,000,901 | ---- | C] () -- C:\Users\Public\Desktop\TheBest Minimize to Tray.lnk
[2010.01.13 20:16:43 | 00,000,187 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\default.rss
[2010.01.13 20:16:28 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.01.13 19:03:20 | 00,002,519 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2010.01.13 10:48:59 | 01,755,776 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\Cat.DB
[2010.01.13 09:05:07 | 00,009,402 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\SymNet.cat
[2010.01.13 09:05:07 | 00,007,431 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\SymEFA.cat
[2010.01.13 09:05:07 | 00,003,373 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\SymEFA.inf
[2010.01.13 09:05:07 | 00,001,561 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\SymNet.inf
[2010.01.13 09:05:06 | 00,007,429 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\srtspx.cat
[2010.01.13 09:05:06 | 00,007,425 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\srtsp.cat
[2010.01.13 09:05:06 | 00,001,388 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\srtspx.inf
[2010.01.13 09:05:06 | 00,001,382 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\srtsp.inf
[2010.01.13 09:05:05 | 00,007,400 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\bhdrvx86.cat
[2010.01.13 09:05:05 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\ccHPx86.cat
[2010.01.13 09:05:05 | 00,001,752 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\ccHPx86.inf
[2010.01.13 09:05:05 | 00,000,640 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\BHDrvx86.inf
[2010.01.13 09:04:15 | 00,009,412 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\symnetv.cat
[2010.01.13 09:04:15 | 00,001,562 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\SymNetV.inf
[2010.01.13 09:04:15 | 00,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\isolate.ini
[2010.01.12 20:57:34 | 00,001,161 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2010.01.12 20:57:22 | 00,002,707 | ---- | C] () -- C:\Users\Florian\Desktop\Microsoft Office PowerPoint.lnk
[2010.01.12 20:57:04 | 00,002,617 | ---- | C] () -- C:\Users\Florian\Desktop\Microsoft Office OneNote.lnk
[2010.01.12 20:51:01 | 00,000,992 | ---- | C] () -- C:\Users\Florian\Desktop\Photoshop.lnk
[2010.01.12 19:27:49 | 00,001,857 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.01.12 19:13:24 | 00,002,687 | ---- | C] () -- C:\Users\Florian\Desktop\Microsoft Office Excel.lnk
[2010.01.12 19:12:36 | 00,002,681 | ---- | C] () -- C:\Users\Florian\Desktop\Microsoft Office Word.lnk
[2010.01.12 18:59:36 | 00,001,789 | ---- | C] () -- C:\Users\Public\Desktop\Vegas Pro 9.0.lnk
[2010.01.12 18:18:53 | 00,000,426 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{AA0E4FD6-140F-4A84-BDBB-C552488AD947}.job
[2010.01.12 11:07:20 | 00,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.01.12 11:04:20 | 00,002,144 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2010.01.11 21:56:42 | 00,001,363 | ---- | C] () -- C:\Users\Florian\Desktop\Acer Crystal Eye Webcam.lnk
[2010.01.11 11:43:21 | 00,000,809 | ---- | C] () -- C:\Users\Florian\Desktop\My Lockbox.lnk
[2010.01.09 19:55:34 | 00,002,231 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.01.09 19:53:44 | 00,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.01.09 19:36:09 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010.01.09 14:13:49 | 02,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010.01.09 13:10:11 | 00,000,104 | ---- | C] () -- C:\Users\Florian\Desktop\Papierkorb.lnk
[2010.01.09 11:20:05 | 00,491,520 | R--- | C] () -- C:\Windows\System\cmau106.dll
[2010.01.09 11:20:05 | 00,217,088 | R--- | C] () -- C:\Windows\System\cm106eye.exe
[2010.01.09 11:20:05 | 00,139,264 | R--- | C] () -- C:\Windows\Vmix106.dll
[2010.01.09 11:20:01 | 00,003,262 | R--- | C] () -- C:\Windows\Trustlogo.ico
[2010.01.09 11:20:01 | 00,003,262 | R--- | C] () -- C:\Windows\Taskbaricon.ICO
[2010.01.09 11:20:01 | 00,003,262 | R--- | C] () -- C:\Windows\Mic.ico
[2010.01.09 11:20:01 | 00,000,278 | ---- | C] () -- C:\Windows\Cm106.ini.cfl
[2010.01.09 11:19:54 | 00,483,328 | R--- | C] () -- C:\Windows\System32\Cmeau106.exe
[2010.01.09 11:19:54 | 00,000,111 | ---- | C] () -- C:\Windows\System\Dlap.pfx
[2010.01.09 11:19:14 | 00,241,664 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2010.01.09 11:19:14 | 00,004,601 | R--- | C] () -- C:\Windows\Cm106.ini.cfg
[2010.01.09 11:19:14 | 00,001,554 | ---- | C] () -- C:\Windows\Cm106.ini.imi
[2009.03.31 07:22:46 | 76,629,272 | ---- | C] () -- C:\Programme\Install_Norton360_DE.EXE
[2009.02.06 13:42:06 | 00,000,034 | ---- | C] () -- C:\Windows\System32\_111881690A7D.sys
[2009.02.05 00:31:23 | 00,057,344 | ---- | C] () -- C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.06 17:37:32 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.11.06 17:34:00 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008.11.06 17:34:00 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008.11.06 17:33:02 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.10.22 05:29:06 | 00,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008.09.24 16:44:13 | 00,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2008.09.24 16:42:30 | 00,000,020 | ---- | C] () -- \Medion.ini
[2008.09.24 16:36:48 | 00,000,060 | ---- | C] () -- \Partition.txt
[2008.09.24 16:27:22 | 00,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008.09.24 16:27:22 | 00,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008.09.24 16:12:56 | 35,294,41280 | -HS- | C] () -- 
[2008.07.30 11:23:13 | 00,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2008.07.30 11:23:10 | 00,333,203 | RHS- | C] () -- \bootmgr
[2008.07.30 11:19:21 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.07.30 03:13:17 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.07.30 03:13:17 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.07.30 02:47:56 | 00,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008.07.30 02:42:04 | 00,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.07.30 02:25:14 | 00,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.07.30 02:25:12 | 00,000,426 | ---- | C] () -- \RHDSetup.log
[2007.11.29 10:45:10 | 00,000,806 | R--- | C] () -- C:\Windows\cm106.ini
[2007.08.13 17:46:00 | 00,155,136 | ---- | C] () -- C:\Users\Florian\AppData\Local\lame_enc.dll
[2007.01.26 07:32:18 | 00,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2006.11.02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:23:09 | 00,000,024 | ---- | C] () -- \autoexec.bat
[2006.11.02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 07:25:08 | 00,000,010 | ---- | C] () -- \config.sys
[2006.10.26 01:06:48 | 00,064,000 | ---- | C] () -- C:\Users\Florian\AppData\Local\vorbisenc.dll
[2006.10.26 01:06:48 | 00,019,456 | ---- | C] () -- C:\Users\Florian\AppData\Local\vorbisfile.dll
[2006.10.26 01:06:46 | 00,143,872 | ---- | C] () -- C:\Users\Florian\AppData\Local\vorbis.dll
[2006.10.26 01:06:36 | 00,015,872 | ---- | C] () -- C:\Users\Florian\AppData\Local\ogg.dll
[2005.08.23 22:34:06 | 00,029,184 | ---- | C] () -- C:\Users\Florian\AppData\Local\no23xwrapper.dll
[2001.12.26 15:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 22:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:05EE1EEF
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:1FA4E6BA
< End of report >

flo2227 · 20.01.2010, 08:38

Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 20.01.2010 08:29:32 - Run 1
OTL by OldTimer - Version 3.1.25.2     Folder = C:\Users\Florian\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 44,32 Gb Free Space | 30,77% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 132,85 Gb Free Space | 94,56% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: FLORIAN-PC
Current User Name: Florian
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4213C415-46F1-422A-A6FD-11A7CF342009}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{65C3A43E-AF52-4E2C-B78E-9D6A6D5473B6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CBC240EE-837A-482E-AEEF-F0B685248D23}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04389314-8386-4A3A-BF18-0E85581A05E4}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{0CA27123-F03D-4651-AF1C-3482CDEE9F22}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{0E954302-F8A5-4063-8B8C-FAC8911ABB2B}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 
"{2BBC3EB7-EE27-4F0E-8566-4A5F16A65A66}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{3AAC8E44-CE45-4E4F-AE35-D9FDA36C16A6}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{476F20F2-A3D5-4B08-82C2-9364A6173130}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{53041F9B-D63E-4197-A723-D87694DE5930}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{626D8C59-74E2-4F15-99CD-7C6397755612}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 
"{6A3B31DF-5F5C-411B-9B87-A492C272ACB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{7BD65B90-A3F1-4D8C-9E90-4999B8EBA804}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{7C0D064F-F347-486F-B8EB-E725C832E690}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7FAA6EC2-8D32-4E26-A9D2-4F19489B827D}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{970E2153-184F-482B-9B86-B46EAE130CBB}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{998E2695-8353-4A65-AA54-96672A11676D}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{9C76AD11-23D9-46DC-B973-5474C540D2B6}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{B02604A1-C8FC-42C5-9B69-5D43F5A7B7EF}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{B3D45A7D-8AD2-4E2C-8D15-B27610520A8F}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{BBED7030-8383-4387-9824-C979BD553741}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BD8054BA-A76A-4B4F-84E2-A91669CDB24E}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{BEEEEE1F-50B1-48DF-B05F-7ACE0E6D17B3}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{C1CCBAB6-4208-4246-B7C8-DCAD397D14AE}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{CB7D003D-F723-430A-986B-83DB56DDE259}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | 
"{DC939D6A-142B-4B28-8988-D51F712EF9A3}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{DF6FAD3D-3C40-4113-B4F6-E6EC08AFEB0D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{E191C3B7-B120-491B-A7BB-B8B6AADC2DE4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{F379E883-67C7-49F2-8958-99E77B830FD4}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"TCP Query User{DC030EB4-44FE-4185-A5F9-DA507C6D4AA6}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{88F0E84C-2E8A-42F3-9349-AB11555AE51E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{32FF7022-A623-4B6A-B41D-400558207223}_is1" = TheBest Minimize to Tray 1.xx
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7fcb9da9-4614-4e91-a4cd-dd170ea21a1e}" = Nero 9 Trial
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ECCD28B2-8798-4D16-8126-625D728294A1}" = SPBA 5.8
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Acer Acer Bio Protection 6.0.00.17" = Acer Bio Protection

AAU 6.0.00.17
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Akamai" = Akamai NetSession Interface
"C-Media CM106 Like Sound Driver" = Trust USB Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CuperUtilities StartUp Manager_is1" = CuperUtilities StartUp Manager 1.1
"Fraps" = Fraps (remove only)
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)
"My Lockbox_is1" = My Lockbox 1.4 for Windows 2000/XP
"N360" = Norton 360
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TuneUp Utilities" = TuneUp Utilities
"VLC media player" = VLC media player 0.9.8a
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.01.2010 10:12:38 | Computer Name = Florian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.01.2010 11:57:20 | Computer Name = Florian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.01.2010 12:53:54 | Computer Name = Florian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.01.2010 13:04:02 | Computer Name = Florian-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 15.01.2010 13:04:54 | Computer Name = Florian-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 15.01.2010 13:11:54 | Computer Name = Florian-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 16.01.2010 02:54:56 | Computer Name = Florian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.01.2010 06:10:37 | Computer Name = Florian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.01.2010 13:36:11 | Computer Name = Florian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.01.2010 14:27:36 | Computer Name = Florian-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 09.01.2010 08:59:52 | Computer Name = Florian-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description = 
 
Error - 09.01.2010 12:16:03 | Computer Name = Florian-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 09.01.2010 14:28:23 | Computer Name = Florian-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 09.01.2010 14:58:50 | Computer Name = Florian-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 10.01.2010 08:13:13 | Computer Name = Florian-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 10.01.2010 08:13:56 | Computer Name = Florian-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 10.01.2010 09:41:35 | Computer Name = Florian-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 10.01.2010 11:45:48 | Computer Name = Florian-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 11.01.2010 02:59:29 | Computer Name = Florian-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 11.01.2010 09:39:29 | Computer Name = Florian-PC | Source = HTTP | ID = 15016
Description = 
 
 
< End of report >

flo2227 · 20.01.2010, 08:43

Was Dr. Web genau gefunden hat weiß ich nicht mehr ich kann mich nur noch an irgendeinen Trojan Fakeallert erinnern & 1 adware. Allerdings ist der Pc ja beim speichern von Bericht abgestürzt.

MfG Flo

Trojan Horse? Sicherheitscenterdeaktiviert, google funktioniert nicht mehr!

Log-Analyse und Auswertung: Trojan Horse? Sicherheitscenterdeaktiviert, google funktioniert nicht mehr!