Trojan Horse? Sicherheitscenterdeaktiviert, google funktioniert nicht mehr!

flo2227 · 19.01.2010, 15:54

Moin,

habe heute diverse Dateien runtergeladen und seitdem kamen einzelne Fehlermeldungen das diverse Dienste deaktiviert worden wären und nicht mehr ausgeführt werden konnten. Alle Fehlermeldungen kamen kurz hintereinander und wurden nur einmal angezeigt.
Dann poppte Norton (Norton 360) auf und sagte es gäbe eine Bedrohung "Trojan Horse". Angeklickt Systemcheck durchgeführt und nichts gefunden. Seit dem is das Sicherheitscenter deaktiviert und lässt sich auch nciht mehr aktivieren, außerdem geht google nicht mehr, wobei alle anderen Internetseiten funktionieren. Internetgeschwindigkeit ist allerdings sehr viel langsamer als sonst. Werde vom IE öfters auf Bing.de geführt.

HijackThis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:15:09, on 19.01.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\My Lockbox\mylbx.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TheBest Minimize to Tray\TheBestMinimizeToTray.exe
C:\Program Files\TheBest Minimize to Tray\TheBestMinimizeToTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Florian\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_6930g
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/webhp?rls=ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_6930g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_6930g
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: 78.159.110.36 www.google.no
O1 - Hosts: 78.159.110.36 www.google.com.mx
O1 - Hosts: 78.159.110.36 www.google.co.za
O1 - Hosts: 78.159.110.36 www.google.fi
O1 - Hosts: 78.159.110.36 www.google.dk
O1 - Hosts: 78.159.110.36 www.google.es
O1 - Hosts: 78.159.110.36 www.google.se
O1 - Hosts: 78.159.110.36 www.google.be
O1 - Hosts: 78.159.110.36 www.google.com
O1 - Hosts: 78.159.110.36 www.google.at
O1 - Hosts: 78.159.110.36 www.google.it
O1 - Hosts: 78.159.110.36 www.google.com.au
O1 - Hosts: 78.159.110.36 search.yahoo.com
O1 - Hosts: 78.159.110.36 www.google.com.br
O1 - Hosts: 78.159.110.36 www.google.ca
O1 - Hosts: 78.159.110.36 uk.search.yahoo.com
O1 - Hosts: 78.159.110.36 www.google.ch
O1 - Hosts: 78.159.110.36 www.google.pt
O1 - Hosts: 78.159.110.36 www.google.gr
O1 - Hosts: 78.159.110.36 www.google.de
O1 - Hosts: 78.159.110.36 www.google.ie
O1 - Hosts: 78.159.110.36 www.google.co.jp
O1 - Hosts: 78.159.110.36 www.google.nl
O1 - Hosts: 78.159.110.36 www.google.fr
O1 - Hosts: 78.159.110.36 us.search.yahoo.com
O1 - Hosts: 78.159.110.36 www.google.co.uk
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [Cm106Sound] RunDll32 cm106.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TQ566808] "F:\Setup.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe /a
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RTHDBPL] C:\Users\Florian\AppData\Roaming\SystemProc\lsass.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: TheBest Minimize to Tray.lnk = C:\Program Files\TheBest Minimize to Tray\TheBestMinimizeToTray.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix: 
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\Windows\system32\fsproflt.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13174 bytes

Was kann ich tun? Danke
MfG Flo

Chris4You · 19.01.2010, 16:58

Hi,

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:

Als erstes versteckte Dateien anzeigen lassen!
(nur Punkt 1 durchführen!)

Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“
und suche folgende Datei/Dateien:

Code:

ATTFilter

C:\Program Files\Common Files\SPBA\homefus2.dll
C:\Program Files\TheBest Minimize to Tray\TheBestMinimizeToTray.exe
C:\Users\Florian\AppData\Roaming\SystemProc\lsass.exe

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Also, wenn die lsass.exe erkannt wird ....
-> http://comprolive.com/remove/harmful...proc-lsass-exe

Anleitung Avenger (by swandog46)

1.) Lade dir das Tool Avenger und speichere es auf dem Desktop:

2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist.

Kopiere nun folgenden Text in das weiße Feld:
(bei -> "input script here")

Code:

ATTFilter

Files to delete:
C:\Users\Florian\AppData\Roaming\SystemProc\lsass.exe

3.) Schliesse nun alle Programme (vorher notfalls abspeichern!) und Browser-Fenster, nach dem Ausführen des Avengers wird das System neu gestartet.

4.) Um den Avenger zu starten klicke auf -> Execute
Dann bestätigen mit "Yes" das der Rechner neu startet!

5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt
Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.

Hijackthis, fixen:
öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
Beim fixen müssen alle Programme geschlossen sein!

Code:

ATTFilter

O4 - HKCU\..\Run: [RTHDBPL] C:\Users\Florian\AppData\Roaming\SystemProc\lsass.exe
O1 - Hosts: 78.159.110.36 www.google.no
01 - Hosts: 78.159.110.36 www.google.com.mx
01 - Hosts: 78.159.110.36 www.google.co.za
O1 - Hosts: 78.159.110.36 www.google.fi
O1 - Hosts: 78.159.110.36 www.google.dk
O1 - Hosts: 78.159.110.36 www.google.es
O1 - Hosts: 78.159.110.36 www.google.se
O1 - Hosts: 78.159.110.36 www.google.be
O1 - Hosts: 78.159.110.36 www.google.com	
O1 - Hosts: 78.159.110.36 www.google.at
O1 - Hosts: 78.159.110.36 www.google.it
O1 - Hosts: 78.159.110.36 www.google.com.au
O1 - Hosts: 78.159.110.36 search.yahoo.com
O1 - Hosts: 78.159.110.36 www.google.com.br
O1 - Hosts: 78.159.110.36 www.google.ca
O1 - Hosts: 78.159.110.36 uk.search.yahoo.com
O1 - Hosts: 78.159.110.36 www.google.ch
O1 - Hosts: 78.159.110.36 www.google.pt
O1 - Hosts: 78.159.110.36 www.google.gr
O1 - Hosts: 78.159.110.36 www.google.de
O1 - Hosts: 78.159.110.36 www.google.ie
O1 - Hosts: 78.159.110.36 www.google.co.jp
O1 - Hosts: 78.159.110.36 www.google.nl
O1 - Hosts: 78.159.110.36 www.google.fr
O1 - Hosts: 78.159.110.36 us.search.yahoo.com
O1 - Hosts: 78.159.110.36 www.google.co.uk

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Fullscan und alles bereinigen lassen! Log posten.

RSIT
Random's System Information Tool (RSIT) von random/random liest Systemdetails aus und erstellt ein aussagekräftiges Logfile.
* Lade Random's System Information Tool (RSIT) herunter (http://filepony.de/download-rsit/)
* speichere es auf Deinem Desktop.
* Starte mit Doppelklick die RSIT.exe.
* Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
* Wenn Du HijackThis nicht installiert hast, wird RSIT das für Dich herunterladen und installieren.
* In dem Fall bitte auch die Nutzungsbedingungen von Trend Micro (http://de.trendmicro.com/de/home) für HJT akzeptieren "I accept".
* Wenn Deine Firewall fragt, bitte RSIT erlauben, ins Netz zu gehen.
* Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
* Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
* Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= minimiert) hier in den Thread.

Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Den Downloadlink findest Du links oben (http://www.gmer.net/#files), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein.

chris

Chris

flo2227 · 19.01.2010, 19:32

C:\Program Files\Common Files\SPBA\homefus2.dll

Code:

ATTFilter

Antivirus Version letzte aktualisierung Ergebnis 
a-squared 4.5.0.50 2010.01.19 - 
AhnLab-V3 5.0.0.2 2010.01.19 - 
AntiVir 7.9.1.142 2010.01.19 - 
Antiy-AVL 2.0.3.7 2010.01.19 - 
Authentium 5.2.0.5 2010.01.19 - 
Avast 4.8.1351.0 2010.01.19 - 
AVG 9.0.0.730 2010.01.19 - 
BitDefender 7.2 2010.01.19 - 
CAT-QuickHeal 10.00 2010.01.19 - 
ClamAV 0.94.1 2010.01.19 - 
Comodo 3637 2010.01.19 - 
DrWeb 5.0.1.12222 2010.01.19 - 
eSafe 7.0.17.0 2010.01.19 - 
eTrust-Vet 35.2.7245 2010.01.19 - 
F-Prot 4.5.1.85 2010.01.18 - 
F-Secure 9.0.15370.0 2010.01.19 - 
Fortinet 4.0.14.0 2010.01.19 - 
GData 19 2010.01.19 - 
Ikarus T3.1.1.80.0 2010.01.19 - 
Jiangmin 13.0.900 2010.01.19 - 
K7AntiVirus 7.10.950 2010.01.18 - 
Kaspersky 7.0.0.125 2010.01.19 - 
McAfee 5865 2010.01.18 - 
McAfee+Artemis 5865 2010.01.18 - 
McAfee-GW-Edition 6.8.5 2010.01.19 - 
Microsoft 1.5302 2010.01.19 - 
NOD32 4786 2010.01.19 - 
Norman 6.04.03 2010.01.19 - 
nProtect 2009.1.8.0 2010.01.19 - 
Panda 10.0.2.2 2010.01.19 - 
PCTools 7.0.3.5 2010.01.19 - 
Prevx 3.0 2010.01.19 - 
Rising 22.31.01.04 2010.01.19 - 
Sophos 4.49.0 2010.01.19 - 
Sunbelt 3.2.1858.2 2010.01.19 - 
TheHacker 6.5.0.6.156 2010.01.19 - 
TrendMicro 9.120.0.1004 2010.01.19 - 
ViRobot 2010.1.19.2144 2010.01.19 - 
VirusBuster 5.0.21.0 2010.01.19 - 
weitere Informationen 
File size: 567560 bytes 
MD5...: 2b997108ddea8d324be558a72a5cc8ab 
SHA1..: 55a9d8b7c2b35bb248109a8514d9535ca9554c37 
SHA256: d41962b91fe55ef89514e83ce11ab18cc30eed2d6cd5fbfeddac22d0b613756e 
ssdeep: 12288:kzm8WlKxvrwDKX+YmncyVi66CHESU4HvA:kS8Z55Gcoi6NkSU7
 
PEiD..: - 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x21cb8
timedatestamp.....: 0x47e90b0c (Tue Mar 25 14:24:12 2008)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x25228 0x25400 6.55 68552808f50f530c66d67da51cf1694b
.rdata 0x27000 0x1de0d 0x1e000 4.38 e6d0686f2a2c91e8b757a5796719a1d3
.data 0x45000 0x3ba0 0x3600 4.52 e88421d5926f7a003640171157bcadef
.HKT 0x49000 0xc 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
.rsrc 0x4a000 0x3cd90 0x3ce00 7.94 56cebb92cdcaf9b11176f5a326cb5676
.reloc 0x87000 0x5562 0x5600 5.75 0507d19b79abd669d574b94216f6f0b0

( 13 imports ) 
> KERNEL32.dll: CreateFileW, GetSystemDirectoryW, MulDiv, GetComputerNameW, LoadLibraryA, AddAtomW, CreateMutexW, CreateEventW, OpenEventW, FindAtomW, ResetEvent, QueryPerformanceCounter, IsDebuggerPresent, SetUnhandledExceptionFilter, GetFileSize, TerminateProcess, VirtualAlloc, VirtualFree, IsProcessorFeaturePresent, InterlockedCompareExchange, GetVersionExA, GetThreadLocale, GetLocaleInfoA, GetACP, InterlockedExchange, GetProcessHeap, HeapAlloc, HeapFree, ReadFile, UnhandledExceptionFilter, WaitForSingleObject, GetCurrentProcessId, DeleteAtom, CallNamedPipeW, GetLocaleInfoW, SetEvent, LocalFree, CloseHandle, GetCurrentProcess, FlushInstructionCache, GetVersionExW, FindResourceExW, LockResource, Sleep, FindResourceW, LoadResource, SizeofResource, FreeLibrary, lstrcmpiW, InterlockedDecrement, InterlockedIncrement, lstrlenW, GetModuleHandleA, LoadLibraryExW, GetCurrentThreadId, OutputDebugStringA, LoadLibraryW, DeleteCriticalSection, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, RaiseException, MultiByteToWideChar, GetModuleFileNameW, GetLastError, GetUserDefaultLangID, SetLastError, GetTickCount, GetVersion, GetFileAttributesW, GetProcAddress, GetModuleHandleW, GetSystemTimeAsFileTime, LocalAlloc
> USER32.dll: GetWindowRect, BringWindowToTop, SetWindowPos, GetDlgItem, OpenDesktopW, UnregisterClassA, ExitWindowsEx, SetWindowLongW, DestroyWindow, GetParent, BeginPaint, EndPaint, CharNextW, EnableWindow, DrawIconEx, CreateIconIndirect, DrawTextW, GetDC, SystemParametersInfoW, GetKeyboardLayout, GetKeyboardLayoutNameW, GetKeyboardLayoutList, MessageBoxW, RegisterWindowMessageW, EnumDesktopWindows, IsWindowVisible, SetThreadDesktop, EndDialog, SetWindowTextW, CreateWindowExW, SetTimer, GetDlgItemTextW, ScreenToClient, SetFocus, LoadImageW, DispatchMessageW, TranslateMessage, GetActiveWindow, AttachThreadInput, GetWindowThreadProcessId, GetForegroundWindow, SendInput, GetThreadDesktop, SetCursorPos, GetCursorPos, ReleaseDC, keybd_event, EnumChildWindows, EnumWindows, CloseDesktop, MapWindowPoints, GetWindow, MoveWindow, FillRect, GetClientRect, GetWindowLongW, KillTimer, SendMessageW, DestroyIcon, GetSysColor, PostMessageW, DefWindowProcW, GetSystemMetrics, SetForegroundWindow, DialogBoxIndirectParamW, CreateDialogIndirectParamW, IsWindow, SetDlgItemTextW, SetActiveWindow, RedrawWindow, ShowWindow, InvalidateRect, FindWindowW, CallWindowProcW
> GDI32.dll: GetDeviceCaps, SetBkMode, CreateFontIndirectW, CreateCompatibleDC, CreateCompatibleBitmap, CreateBitmap, DeleteObject, SelectObject, SetBkColor, SetTextColor, ExtTextOutW, GetStockObject, PatBlt, DeleteDC, CreateSolidBrush
> ADVAPI32.dll: RegQueryValueExW, InitiateSystemShutdownExW, ConvertStringSidToSidW, EqualSid, ConvertSidToStringSidW, GetTokenInformation, AllocateAndInitializeSid, FreeSid, RegNotifyChangeKeyValue, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, LookupAccountSidW, GetSidSubAuthorityCount, GetSidLengthRequired, GetSidIdentifierAuthority, InitializeSid, RegCloseKey, RegOpenKeyExW, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryInfoKeyW, RegEnumKeyExW, LogonUserW, ImpersonateLoggedOnUser, RevertToSelf, GetSidSubAuthority, LookupAccountNameW
> SHELL32.dll: ExtractIconExW
> IMM32.dll: ImmGetIMEFileNameW, ImmIsIME
> RPCRT4.dll: UuidCreate
> gdiplus.dll: GdiplusStartup, GdiplusShutdown
> NETAPI32.dll: NetUserChangePassword, NetApiBufferFree, NetUserModalsGet
> Secur32.dll: LsaCallAuthenticationPackage, LsaRegisterLogonProcess, LsaLookupAuthenticationPackage
> ole32.dll: CoTaskMemAlloc, CoTaskMemFree, CoCreateInstance, CoTaskMemRealloc
> OLEAUT32.dll: -
> MSVCR80.dll: __clean_type_info_names_internal, _crt_debugger_hook, __type_info_dtor_internal_method@type_info@@QAEXXZ, __CppXcptFilter, _adjust_fdiv, _amsg_exit, _initterm_e, _initterm, _encoded_null, _malloc_crt, _decode_pointer, _onexit, _lock, _encode_pointer, __dllonexit, _unlock, _except_handler4_common, _terminate@@YAXXZ, fwrite, _wfopen, fseek, fgetpos, fread, fclose, _wtoi, swscanf, wcsstr, strcpy, _wcsicmp, wcstoul, memcpy, _wcsupr, _vsnwprintf, wcscspn, wcsspn, wcscat, __0exception@std@@QAE@XZ, __0exception@std@@QAE@ABV01@@Z, memmove_s, strlen, __1exception@std@@UAE@XZ, _what@exception@std@@UBEPBDXZ, __0exception@std@@QAE@ABQBD@Z, _invalid_parameter_noinfo, _purecall, wcscmp, _mbslen, _recalloc, wcsncpy_s, memcpy_s, malloc, __CxxFrameHandler3, __2@YAPAXI@Z, _CxxThrowException, memset, free, wcsncpy, wcscpy, wcslen, wcsrchr, ___V@YAXPAX@Z, __3@YAXPAX@Z

( 12 exports ) 
InitializeChangeNotifyS, LockEventS, LogoffEventS, LogonEventS, Module_GetStaticList_2_ql2, Module_IsUnlocked_2_ql2, PasswordChangeNotifyS, PasswordFilterS, ShellStartEventS, ShutdownEventS, StartupEventS, UnlockEventS
 
RDS...: NSRL Reference Data Set
- 
pdfid.: - 
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%) 
sigcheck:
publisher....: UPEK Inc.
copyright....: Copyright (C) 2001-2008 UPEK Inc.
product......: SPBA
description..: PS QL Logon Kernel
original name: homefus2.dll
internal name: HOMEFUS2
file version.: 5.8.2.4217
comments.....: n/a
signers......: UPEK Inc.
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 3:24 PM 3/25/2008
verified.....: -

C:\Program Files\TheBest Minimize to Tray\TheBestMinimizeToTray.exe

Code:

ATTFilter

Antivirus Version letzte aktualisierung Ergebnis 
a-squared 4.5.0.50 2010.01.19 - 
AhnLab-V3 5.0.0.2 2010.01.19 - 
AntiVir 7.9.1.142 2010.01.19 - 
Antiy-AVL 2.0.3.7 2010.01.19 - 
Authentium 5.2.0.5 2010.01.19 - 
Avast 4.8.1351.0 2010.01.19 - 
BitDefender 7.2 2010.01.19 - 
CAT-QuickHeal 10.00 2010.01.19 - 
ClamAV 0.94.1 2010.01.19 - 
Comodo 3637 2010.01.19 - 
eSafe 7.0.17.0 2010.01.19 - 
eTrust-Vet 35.2.7245 2010.01.19 - 
F-Prot 4.5.1.85 2010.01.18 - 
Fortinet 4.0.14.0 2010.01.19 - 
GData 19 2010.01.19 - 
Ikarus T3.1.1.80.0 2010.01.19 - 
Jiangmin 13.0.900 2010.01.19 - 
K7AntiVirus 7.10.950 2010.01.18 - 
Kaspersky 7.0.0.125 2010.01.19 - 
McAfee 5865 2010.01.18 - 
McAfee+Artemis 5865 2010.01.18 - 
McAfee-GW-Edition 6.8.5 2010.01.19 - 
Microsoft 1.5302 2010.01.19 - 
NOD32 4786 2010.01.19 - 
Norman 6.04.03 2010.01.19 - 
nProtect 2009.1.8.0 2010.01.19 - 
Panda 10.0.2.2 2010.01.19 - 
PCTools 7.0.3.5 2010.01.19 - 
Prevx 3.0 2010.01.19 - 
Rising 22.31.01.04 2010.01.19 - 
Sophos 4.49.0 2010.01.19 - 
Sunbelt 3.2.1858.2 2010.01.19 - 
Symantec 20091.2.0.41 2010.01.19 - 
TheHacker 6.5.0.6.156 2010.01.19 - 
TrendMicro 9.120.0.1004 2010.01.19 - 
VBA32 3.12.12.1 2010.01.19 - 
ViRobot 2010.1.19.2144 2010.01.19 - 
VirusBuster 5.0.21.0 2010.01.19 - 
weitere Informationen 
File size: 1708840 bytes 
MD5...: 13052595a32393aa1fc435aae1ffe6ce 
SHA1..: 8ac9205b0027730f698bfa33549e6df3144a0b72 
SHA256: cf664dbd63d350497eafc1ee06f168a1e306dce7f113c974dfae642ecfb25244 
ssdeep: 49152:uyxfE1M8lT9Wqb/T7eoIdP/s0l4RXuqr3OZhg:lfElWIHWl00yReA3OHg
 
PEiD..: - 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xc6000
timedatestamp.....: 0x4b37920e (Sun Dec 27 16:57:50 2009)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3c042 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x3e000 0xe022 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.data 0x4d000 0x8b7c 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.text1 0x56000 0x70000 0x62000 7.98 8557d29507eec0ce969f909a1aab7a28
.adata 0xc6000 0x10000 0xd000 7.01 09da9f7c4851f6421f4aa495c1738069
.data1 0xd6000 0x30000 0x15000 4.61 32016d18f3ae4b9e871ccca492c9a8d5
.pdata 0x106000 0x120000 0x118000 8.00 34a934ad6ae5e86606e5a23e29fedc58
.rsrc 0x226000 0x56e000 0x3000 3.31 f1a8a12530582ff5f7c8b67d9b476ff9

( 3 imports ) 
> KERNEL32.dll: CreateThread, GlobalUnlock, GlobalLock, GlobalAlloc, GetTickCount, WideCharToMultiByte, IsBadReadPtr, GlobalAddAtomA, GlobalAddAtomW, GetModuleHandleA, GlobalFree, GlobalGetAtomNameA, GlobalDeleteAtom, GlobalGetAtomNameW, FreeConsole, GetEnvironmentVariableA, VirtualProtect, VirtualAlloc, GetProcAddress, GetLastError, LoadLibraryA, SetLastError, SetThreadPriority, GetCurrentThread, SetEnvironmentVariableA, ReleaseMutex, WaitForSingleObject, CreateMutexA, OpenMutexA, SetErrorMode, GetCurrentThreadId, FindClose, FindFirstFileW, VirtualQueryEx, GetExitCodeProcess, ReadProcessMemory, VirtualProtectEx, ContinueDebugEvent, ResumeThread, OutputDebugStringA, OutputDebugStringW, SetThreadContext, GetThreadContext, WaitForDebugEvent, WriteProcessMemory, UnmapViewOfFile, SuspendThread, DebugActiveProcess, MapViewOfFile, DuplicateHandle, GetCurrentProcess, CreateFileMappingA, SetEvent, CreateEventA, MultiByteToWideChar, CloseHandle, CreateProcessA, GetStartupInfoA, GetCommandLineA, GetSystemTimeAsFileTime, ExitProcess, LocalFree, FlushFileBuffers, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, FormatMessageA, GetConsoleMode, GetConsoleCP, SetFilePointer, GetLocaleInfoW, GetStringTypeW, GetStringTypeA, IsValidLocale, EnumSystemLocalesA, GetLocaleInfoA, GetUserDefaultLCID, QueryPerformanceCounter, GetFileType, SetHandleCount, GetEnvironmentStringsW, Sleep, EnterCriticalSection, LeaveCriticalSection, GetVersionExA, InitializeCriticalSection, GetCurrentProcessId, GetModuleFileNameW, GetShortPathNameW, GetModuleFileNameA, CreateFileA, GetShortPathNameA, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, InterlockedIncrement, InterlockedDecrement, InterlockedExchange, DeleteCriticalSection, RtlUnwind, RaiseException, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapFree, HeapAlloc, GetProcessHeap, GetCPInfo, LCMapStringA, LCMapStringW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, WriteFile, GetStdHandle, HeapSize, GetACP, GetOEMCP, IsValidCodePage, HeapDestroy, HeapCreate, VirtualFree, HeapReAlloc
> USER32.dll: LoadStringW, IsWindow, PostMessageA, GetDesktopWindow, MoveWindow, SetPropA, EnumThreadWindows, GetPropA, GetMessageA, BeginPaint, KillTimer, GetAsyncKeyState, GetSystemMetrics, SetTimer, SetWindowTextA, GetDlgItem, CreateDialogIndirectParamA, ShowWindow, UpdateWindow, LoadStringA, EndPaint, FindWindowA, WaitForInputIdle, DestroyWindow, MessageBoxA, InSendMessage, UnpackDDElParam, FreeDDElParam, DefWindowProcW, DefWindowProcA, LoadCursorA, RegisterClassW, CreateWindowExW, RegisterClassA, CreateWindowExA, GetWindowThreadProcessId, SendMessageW, SendMessageA, PeekMessageA, TranslateMessage, DispatchMessageA, EnumWindows, IsWindowUnicode, PackDDElParam, PostMessageW
> GDI32.dll: SelectObject, BitBlt, DeleteObject, CreatePalette, CreateDCA, SelectPalette, RealizePalette, CreateDIBitmap, DeleteDC, CreateCompatibleDC

( 0 exports ) 
 
RDS...: NSRL Reference Data Set
- 
packers (F-Prot): Armadillo 
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) 
pdfid.: - 
sigcheck:
publisher....: 
copyright....: Copyright (C) 2010 IT-Services Thomas Holz
product......: TheBest Minimize to Tray
description..: TheBest Minimize to Tray
original name: TheBest Minimize to Tray.EXE
internal name: TheBest Minimize to Tray
file version.: 1, 0, 0, 1
comments.....: 
signers......: Holz Thomas
UTN-USERFirst-Object
signing date.: 5:57 PM 12/27/2009
verified.....: -

C:\Users\Florian\AppData\Roaming\SystemProc\lsass.exe

Code:

ATTFilter

Antivirus Version letzte aktualisierung Ergebnis 
a-squared 4.5.0.50 2010.01.19 Virus.Win32.Poison.HJ!IK 
AhnLab-V3 5.0.0.2 2010.01.19 - 
AntiVir 7.9.1.142 2010.01.19 - 
Antiy-AVL 2.0.3.7 2010.01.19 - 
Authentium 5.2.0.5 2010.01.19 - 
Avast 4.8.1351.0 2010.01.19 - 
AVG 9.0.0.730 2010.01.19 - 
BitDefender 7.2 2010.01.19 - 
CAT-QuickHeal 10.00 2010.01.19 - 
ClamAV 0.94.1 2010.01.19 - 
Comodo 3637 2010.01.19 - 
DrWeb 5.0.1.12222 2010.01.19 - 
eSafe 7.0.17.0 2010.01.19 - 
eTrust-Vet 35.2.7245 2010.01.19 - 
F-Prot 4.5.1.85 2010.01.18 - 
F-Secure 9.0.15370.0 2010.01.19 - 
Fortinet 4.0.14.0 2010.01.19 - 
GData 19 2010.01.19 - 
Ikarus T3.1.1.80.0 2010.01.19 Virus.Win32.Poison.HJ 
Jiangmin 13.0.900 2010.01.19 - 
K7AntiVirus 7.10.950 2010.01.18 - 
Kaspersky 7.0.0.125 2010.01.19 P2P-Worm.Win32.Agent.xm 
McAfee 5865 2010.01.18 - 
McAfee+Artemis 5865 2010.01.18 Artemis!A2620C63A9DE 
McAfee-GW-Edition 6.8.5 2010.01.19 Heuristic.BehavesLike.Win32.CodeInjection.H 
Microsoft 1.5302 2010.01.19 - 
NOD32 4786 2010.01.19 - 
Norman 6.04.03 2010.01.19 - 
nProtect 2009.1.8.0 2010.01.19 - 
Panda 10.0.2.2 2010.01.19 - 
PCTools 7.0.3.5 2010.01.19 - 
Prevx 3.0 2010.01.19 High Risk Cloaked Malware 
Rising 22.31.01.04 2010.01.19 - 
Sophos 4.49.0 2010.01.19 - 
Sunbelt 3.2.1858.2 2010.01.19 - 
Symantec 20091.2.0.41 2010.01.19 - 
TheHacker 6.5.0.6.156 2010.01.19 - 
TrendMicro 9.120.0.1004 2010.01.19 - 
VBA32 3.12.12.1 2010.01.19 SScope.Injector.MY 
ViRobot 2010.1.19.2144 2010.01.19 - 
VirusBuster 5.0.21.0 2010.01.19 - 
weitere Informationen 
File size: 110592 bytes 
MD5...: a2620c63a9de0986c99232cfbb0162b8 
SHA1..: f608947c0a05b357bfd7a1edb23065ddbb39edce 
SHA256: 9de25124270198f696ea5305127eb9502705b926273148e12a9b9f3c2d2b60fc 
ssdeep: 1536:KKEnmSHjG0U3UoB5Mm1OIVWloZT7v2FmiaX1Nny1998p4TdS5:K3DFPoB5M
2M1Nw1E1LK45S5
 
PEiD..: - 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2caf
timedatestamp.....: 0x4b4f1edc (Thu Jan 14 13:40:44 2010)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8833 0x9000 6.44 177fd3abc081d2d4d257a9ec85569962
.rdata 0xa000 0x2618 0x3000 4.64 fe7f9494e937828bdab79424e5d956e3
.data 0xd000 0x1984 0x1000 2.35 e4da601f3a41bea7124b831595a75c9a
.rsrc 0xf000 0xc318 0xd000 7.91 740b73a9375e1bdb1944ab2eaade7974

( 1 imports ) 
> KERNEL32.dll: GetProcAddress, LoadLibraryA, VirtualProtect, RtlUnwind, GetCommandLineA, HeapFree, GetVersionExA, HeapAlloc, GetProcessHeap, GetStartupInfoA, RaiseException, GetLastError, GetModuleHandleA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, DeleteCriticalSection, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, Sleep, HeapSize, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, GetCPInfo, GetACP, GetOEMCP, InitializeCriticalSection, GetLocaleInfoA, GetStringTypeA, MultiByteToWideChar, GetStringTypeW, LCMapStringA, LCMapStringW

( 0 exports ) 
 
RDS...: NSRL Reference Data Set
- 
pdfid.: - 
trid..: Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%) 
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=F1122E81004F8BE2B07C0166E603C500DAC26629' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=F1122E81004F8BE2B07C0166E603C500DAC26629</a> 
sigcheck:
publisher....: Microsoft Inc.
copyright....: Microsoft (C) 2009
product......: Windows Critical Update
description..: Microsoft Windows critical update
original name: upd03927.exe
internal name: Critical update
file version.: 1, 0, 0, 6
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

avenger.txt

Code:

ATTFilter

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Users\Florian\AppData\Roaming\SystemProc\lsass.exe" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

flo2227 · 19.01.2010, 19:34

RSIT log.txt

Code:

ATTFilter

Logfile of random's system information tool 1.06 (written by random/random)
Run by Florian at 2010-01-19 18:48:22
Microsoft® Windows Vista™ Home Premium  Service Pack 1
System drive C: has 46 GB (31%) free of 148 GB
Total RAM: 3066 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:48:44, on 19.01.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\My Lockbox\mylbx.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TheBest Minimize to Tray\TheBestMinimizeToTray.exe
C:\Program Files\TheBest Minimize to Tray\TheBestMinimizeToTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Florian\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Florian\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Florian.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_6930g
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/webhp?rls=ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_6930g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_6930g
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [Cm106Sound] RunDll32 cm106.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TQ566808] "F:\Setup.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe /a
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: TheBest Minimize to Tray.lnk = C:\Program Files\TheBest Minimize to Tray\TheBestMinimizeToTray.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix: 
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\Windows\system32\fsproflt.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12302 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{AA0E4FD6-140F-4A84-BDBB-C552488AD947}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll [2009-08-22 378736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL [2009-08-22 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-20 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-05-14 312880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-09 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2010-01-09 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-20 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-05-14 142896]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-09 263280]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll [2009-08-22 378736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-07-20 182808]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-05-07 6139904]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-25 1049896]
"eDataSecurity Loader"=C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-05-14 526896]
"eAudio"=C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [2008-05-30 544768]
"BkupTray"=C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-25 28672]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-07-18 13543968]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-07-18 92704]
"PLFSetI"=C:\Windows\PLFSetI.exe [2007-10-23 200704]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2008-06-04 817672]
"CLMLServer"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [2008-07-24 167936]
"WarReg_PopUp"=C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [2008-01-29 303104]
"ZPdtWzdVitaKey MC3000"=C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe [2008-09-24 3676160]
"Cm106Sound"=RunDll32 cm106.cpl,CMICtrlWnd []
"TQ566808"=F:\Setup.exe []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"mylbx"=C:\Program Files\My Lockbox\mylbx.exe [2009-06-03 1074864]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-04 68856]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
TheBest Minimize to Tray.lnk - C:\Program Files\TheBest Minimize to Tray\TheBestMinimizeToTray.exe

C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AWinNotifyVitaKey MC3000]
C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll [2008-09-24 3197952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\spba]
C:\Program Files\Common Files\SPBA\homefus2.dll [2008-03-25 567560]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\Acer\Acer Bio Protection\PwdFilter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableCAD"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-01-19 18:48:22 ----D---- C:\rsit
2010-01-19 18:48:22 ----D---- \rsit
2010-01-19 18:00:02 ----D---- C:\Users\Florian\AppData\Roaming\Malwarebytes
2010-01-19 17:59:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-19 17:44:28 ----D---- C:\Avenger
2010-01-19 17:44:28 ----D---- \Avenger
2010-01-19 17:44:26 ----A---- C:\avenger.txt
2010-01-19 17:44:26 ----A---- \avenger.txt
2010-01-19 15:08:54 ----D---- C:\Program Files\Trend Micro
2010-01-19 12:22:16 ----SHD---- C:\Users\Florian\AppData\Roaming\SystemProc
2010-01-18 14:30:43 ----D---- C:\Windows\Sun
2010-01-17 16:51:23 ----D---- C:\Users\Florian\AppData\Roaming\Move Networks
2010-01-16 21:43:05 ----D---- C:\Users\Florian\AppData\Roaming\Publish Providers
2010-01-16 21:25:43 ----D---- C:\Program Files\No23Recorder
2010-01-16 20:04:37 ----D---- C:\Users\Florian\AppData\Roaming\Itsth
2010-01-16 20:04:30 ----D---- C:\Program Files\TheBest Minimize to Tray
2010-01-15 09:15:31 ----D---- C:\Users\Florian\AppData\Roaming\FOG Downloader
2010-01-13 20:16:28 ----A---- C:\Windows\NeroDigital.ini
2010-01-13 19:44:42 ----D---- C:\Users\Florian\AppData\Roaming\Nero
2010-01-13 19:01:58 ----D---- C:\Program Files\Nero
2010-01-13 19:01:24 ----D---- C:\Program Files\Common Files\Nero
2010-01-13 18:21:22 ----D---- C:\Users\Florian\AppData\Roaming\Sony
2010-01-13 09:08:29 ----A---- C:\Windows\system32\t2embed.dll
2010-01-13 09:08:29 ----A---- C:\Windows\system32\fontsub.dll
2010-01-12 20:35:22 ----D---- C:\Program Files\Adobe Media Player
2010-01-12 20:31:26 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-01-12 20:26:42 ----D---- C:\Program Files\Common Files\Macrovision Shared
2010-01-12 19:29:21 ----D---- C:\Program Files\Common Files\Akamai
2010-01-12 19:27:54 ----A---- C:\Windows\system32\TURegOpt.exe
2010-01-12 19:27:53 ----A---- C:\Windows\system32\uxtuneup.dll
2010-01-12 19:27:53 ----A---- C:\Windows\system32\authuitu.dll
2010-01-12 19:26:52 ----D---- C:\Users\Florian\AppData\Roaming\TuneUp Software
2010-01-12 19:26:30 ----D---- C:\Program Files\TuneUp Utilities 2010
2010-01-12 19:20:07 ----D---- C:\Program Files\Common Files\Ahead
2010-01-12 19:20:07 ----D---- C:\Program Files\Ahead
2010-01-12 19:09:13 ----D---- C:\Program Files\Common Files\DESIGNER
2010-01-12 19:08:46 ----D---- C:\Program Files\Microsoft.NET
2010-01-12 19:05:28 ----RHD---- C:\MSOCache
2010-01-12 19:05:28 ----RHD---- \MSOCache
2010-01-12 18:59:04 ----D---- C:\Program Files\Sony
2010-01-12 11:04:36 ----A---- C:\Windows\system32\GEARAspi.dll
2010-01-12 11:04:23 ----D---- C:\Program Files\Symantec
2010-01-12 11:04:23 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-01-12 11:03:52 ----D---- C:\Program Files\Norton 360
2010-01-12 11:03:20 ----D---- C:\Program Files\NortonInstaller
2010-01-12 10:20:48 ----D---- C:\Downloads
2010-01-12 10:20:48 ----D---- \Downloads
2010-01-11 11:43:21 ----A---- C:\Windows\system32\fsproflt.exe
2010-01-11 11:43:20 ----D---- C:\Program Files\My Lockbox
2010-01-11 11:33:01 ----D---- C:\Program Files\Folder Guard
2010-01-10 13:44:46 ----D---- C:\Program Files\Microsoft
2010-01-10 13:44:31 ----D---- C:\Program Files\Windows Live SkyDrive
2010-01-10 13:44:16 ----D---- C:\Program Files\Windows Live
2010-01-10 13:43:57 ----D---- C:\Windows\PCHEALTH
2010-01-10 13:41:53 ----D---- C:\Program Files\Common Files\Windows Live
2010-01-10 13:25:04 ----A---- C:\Windows\system32\tzres.dll
2010-01-10 13:23:01 ----A---- C:\Windows\system32\jscript.dll
2010-01-10 13:21:32 ----A---- C:\Windows\system32\nshhttp.dll
2010-01-10 13:21:30 ----A---- C:\Windows\system32\httpapi.dll
2010-01-09 20:08:11 ----D---- C:\Users\Florian\AppData\Roaming\Apple Computer
2010-01-09 19:55:24 ----DC---- C:\Windows\system32\DRVSTORE
2010-01-09 19:54:27 ----D---- C:\Program Files\iPod
2010-01-09 19:54:25 ----D---- C:\Program Files\iTunes
2010-01-09 19:54:02 ----D---- C:\Program Files\Bonjour
2010-01-09 19:53:28 ----D---- C:\Program Files\QuickTime
2010-01-09 19:53:15 ----D---- C:\Program Files\Apple Software Update
2010-01-09 19:51:35 ----D---- C:\Program Files\Common Files\Apple
2010-01-09 19:36:11 ----A---- C:\Windows\system32\occache.dll
2010-01-09 19:36:11 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-09 19:36:11 ----A---- C:\Windows\system32\iepeers.dll
2010-01-09 19:36:10 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-01-09 19:36:10 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-09 19:36:10 ----A---- C:\Windows\system32\ieui.dll
2010-01-09 19:36:10 ----A---- C:\Windows\system32\iesetup.dll
2010-01-09 19:36:09 ----A---- C:\Windows\system32\wininet.dll
2010-01-09 19:36:09 ----A---- C:\Windows\system32\msfeedssync.exe
2010-01-09 19:36:09 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-09 19:36:09 ----A---- C:\Windows\system32\iesysprep.dll
2010-01-09 19:36:09 ----A---- C:\Windows\system32\iertutil.dll
2010-01-09 19:36:09 ----A---- C:\Windows\system32\iernonce.dll
2010-01-09 19:36:09 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-09 19:36:09 ----A---- C:\Windows\system32\ie4uinit.exe
2010-01-09 19:36:08 ----A---- C:\Windows\system32\urlmon.dll
2010-01-09 19:36:06 ----A---- C:\Windows\system32\mshtml.dll
2010-01-09 19:36:06 ----A---- C:\Windows\system32\ieframe.dll
2010-01-09 19:33:26 ----A---- C:\Windows\system32\msls31.dll
2010-01-09 19:33:26 ----A---- C:\Windows\system32\mshtmler.dll
2010-01-09 19:33:26 ----A---- C:\Windows\system32\mshtmled.dll
2010-01-09 19:33:26 ----A---- C:\Windows\system32\icardie.dll
2010-01-09 19:33:26 ----A---- C:\Windows\system32\corpol.dll
2010-01-09 19:33:26 ----A---- C:\Windows\system32\admparse.dll
2010-01-09 19:33:25 ----A---- C:\Windows\system32\licmgr10.dll
2010-01-09 19:33:25 ----A---- C:\Windows\system32\imgutil.dll
2010-01-09 19:33:25 ----A---- C:\Windows\system32\ieakeng.dll
2010-01-09 19:33:25 ----A---- C:\Windows\system32\dxtrans.dll
2010-01-09 19:33:25 ----A---- C:\Windows\system32\dxtmsft.dll
2010-01-09 19:33:24 ----A---- C:\Windows\system32\WinFXDocObj.exe
2010-01-09 19:33:24 ----A---- C:\Windows\system32\wextract.exe
2010-01-09 19:33:24 ----A---- C:\Windows\system32\webcheck.dll
2010-01-09 19:33:24 ----A---- C:\Windows\system32\pngfilt.dll
2010-01-09 19:33:24 ----A---- C:\Windows\system32\mstime.dll
2010-01-09 19:33:24 ----A---- C:\Windows\system32\msrating.dll
2010-01-09 19:33:24 ----A---- C:\Windows\system32\inseng.dll
2010-01-09 19:33:24 ----A---- C:\Windows\system32\ieakui.dll
2010-01-09 19:33:24 ----A---- C:\Windows\system32\ieaksie.dll
2010-01-09 19:33:24 ----A---- C:\Windows\system32\advpack.dll
2010-01-09 19:33:23 ----A---- C:\Windows\system32\vbscript.dll
2010-01-09 19:33:23 ----A---- C:\Windows\system32\url.dll
2010-01-09 19:33:23 ----A---- C:\Windows\system32\ieapfltr.dll
2010-01-09 19:33:22 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2010-01-09 19:33:22 ----A---- C:\Windows\system32\SetDepNx.exe
2010-01-09 19:33:22 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2010-01-09 19:33:22 ----A---- C:\Windows\system32\PDMSetup.exe
2010-01-09 19:33:22 ----A---- C:\Windows\system32\mshta.exe
2010-01-09 19:33:22 ----A---- C:\Windows\system32\iexpress.exe
2010-01-09 14:14:16 ----A---- C:\Windows\system32\netiohlp.dll
2010-01-09 14:14:15 ----A---- C:\Windows\system32\TCPSVCS.EXE
2010-01-09 14:14:15 ----A---- C:\Windows\system32\ROUTE.EXE
2010-01-09 14:14:15 ----A---- C:\Windows\system32\NETSTAT.EXE
2010-01-09 14:14:15 ----A---- C:\Windows\system32\MRINFO.EXE
2010-01-09 14:14:15 ----A---- C:\Windows\system32\HOSTNAME.EXE
2010-01-09 14:14:15 ----A---- C:\Windows\system32\finger.exe
2010-01-09 14:14:15 ----A---- C:\Windows\system32\ARP.EXE
2010-01-09 14:14:14 ----A---- C:\Windows\system32\netevent.dll
2010-01-09 14:13:59 ----A---- C:\Windows\system32\dciman32.dll
2010-01-09 14:13:59 ----A---- C:\Windows\system32\atmfd.dll
2010-01-09 14:13:56 ----A---- C:\Windows\system32\msxml6.dll
2010-01-09 14:13:55 ----A---- C:\Windows\system32\msxml3.dll
2010-01-09 14:13:49 ----A---- C:\Windows\system32\wlansec.dll
2010-01-09 14:13:49 ----A---- C:\Windows\system32\wlanmsm.dll
2010-01-09 14:13:49 ----A---- C:\Windows\system32\L2SecHC.dll
2010-01-09 14:13:48 ----A---- C:\Windows\system32\wlansvc.dll
2010-01-09 14:13:46 ----A---- C:\Windows\system32\winhttp.dll
2010-01-09 14:13:44 ----A---- C:\Windows\system32\WMVCORE.DLL
2010-01-09 14:13:44 ----A---- C:\Windows\system32\mf.dll
2010-01-09 14:13:41 ----A---- C:\Windows\system32\wdigest.dll
2010-01-09 14:13:41 ----A---- C:\Windows\system32\msv1_0.dll
2010-01-09 14:13:41 ----A---- C:\Windows\system32\lsasrv.dll
2010-01-09 14:13:40 ----A---- C:\Windows\system32\secur32.dll
2010-01-09 14:13:40 ----A---- C:\Windows\system32\lsass.exe
2010-01-09 14:13:37 ----A---- C:\Windows\system32\atl.dll
2010-01-09 14:13:35 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-01-09 14:13:35 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-01-09 14:13:19 ----A---- C:\Windows\system32\xolehlp.dll
2010-01-09 14:13:19 ----A---- C:\Windows\system32\msdtcprx.dll
2010-01-09 14:13:18 ----A---- C:\Windows\system32\wkssvc.dll
2010-01-09 14:13:17 ----A---- C:\Windows\system32\mstscax.dll
2010-01-09 14:13:08 ----A---- C:\Windows\system32\EncDec.dll
2010-01-09 14:13:07 ----A---- C:\Windows\system32\psisdecd.dll
2010-01-09 14:12:57 ----A---- C:\Windows\system32\localspl.dll
2010-01-09 14:12:56 ----A---- C:\Windows\system32\avifil32.dll
2010-01-09 14:12:52 ----A---- C:\Windows\system32\rpcss.dll
2010-01-09 14:12:51 ----A---- C:\Windows\system32\sdohlp.dll
2010-01-09 14:12:51 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2010-01-09 14:12:51 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2010-01-09 14:12:51 ----A---- C:\Windows\system32\iasrecst.dll
2010-01-09 14:12:51 ----A---- C:\Windows\system32\iashost.exe
2010-01-09 14:12:51 ----A---- C:\Windows\system32\iasdatastore.dll
2010-01-09 14:12:51 ----A---- C:\Windows\system32\iasads.dll
2010-01-09 14:12:45 ----A---- C:\Windows\system32\kernel32.dll
2010-01-09 14:12:45 ----A---- C:\Windows\system32\apilogen.dll
2010-01-09 14:12:45 ----A---- C:\Windows\system32\amxread.dll
2010-01-09 14:12:33 ----A---- C:\Windows\system32\wmpdxm.dll
2010-01-09 14:12:26 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-01-09 14:12:25 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-01-09 14:12:20 ----A---- C:\Windows\system32\msasn1.dll
2010-01-09 14:12:17 ----A---- C:\Windows\system32\rpcrt4.dll
2010-01-09 14:12:09 ----A---- C:\Windows\system32\rastls.dll
2010-01-09 14:12:09 ----A---- C:\Windows\system32\raschap.dll
2010-01-09 14:12:07 ----A---- C:\Windows\system32\WSDApi.dll
2010-01-09 14:12:04 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2010-01-09 14:11:35 ----A---- C:\Windows\system32\wmp.dll
2010-01-09 14:11:33 ----A---- C:\Windows\system32\unregmp2.exe
2010-01-09 14:11:31 ----A---- C:\Windows\system32\spwmp.dll
2010-01-09 14:11:30 ----A---- C:\Windows\system32\dxmasf.dll
2010-01-09 14:11:29 ----A---- C:\Windows\system32\wmploc.DLL
2010-01-09 14:11:21 ----N---- C:\Windows\system32\MpSigStub.exe
2010-01-09 13:59:20 ----A---- C:\Windows\system32\wups2.dll
2010-01-09 13:59:19 ----A---- C:\Windows\system32\wucltux.dll
2010-01-09 13:59:19 ----A---- C:\Windows\system32\wuaueng.dll
2010-01-09 13:59:19 ----A---- C:\Windows\system32\wuauclt.exe
2010-01-09 13:59:10 ----A---- C:\Windows\system32\wups.dll
2010-01-09 13:59:10 ----A---- C:\Windows\system32\wudriver.dll
2010-01-09 13:59:10 ----A---- C:\Windows\system32\wuapi.dll
2010-01-09 13:59:05 ----A---- C:\Windows\system32\wuwebv.dll
2010-01-09 13:59:05 ----A---- C:\Windows\system32\wuapp.exe
2010-01-09 11:23:21 ----D---- C:\Users\Florian\AppData\Roaming\dvdcss
2010-01-09 11:20:05 ----RA---- C:\Windows\Vmix106.dll
2010-01-09 11:20:01 ----RA---- C:\Windows\system32\c106prop.dll
2010-01-09 11:20:01 ----A---- C:\Windows\Cm106.ini.cfl
2010-01-09 11:19:54 ----RA---- C:\Windows\system32\Cmeau106.exe
2010-01-09 11:19:14 ----RA---- C:\Windows\system32\CmiInstallResAll.dll
2010-01-09 11:19:14 ----RA---- C:\Windows\Cm106.ini.cfg
2010-01-09 11:19:14 ----A---- C:\Windows\Cm106.ini.imi

======List of files/folders modified in the last 1 months======

2010-01-19 18:48:30 ----D---- C:\Windows\Temp
2010-01-19 18:03:17 ----D---- C:\Windows\System32
2010-01-19 18:03:17 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-19 18:03:16 ----D---- C:\Windows\inf
2010-01-19 17:59:56 ----D---- C:\Windows\system32\drivers
2010-01-19 17:59:52 ----HD---- C:\ProgramData
2010-01-19 17:59:52 ----HD---- \ProgramData
2010-01-19 17:59:50 ----RD---- C:\Program Files
2010-01-19 17:59:50 ----RD---- \Program Files
2010-01-19 14:52:29 ----D---- C:\Program Files\Mozilla Firefox
2010-01-19 14:43:16 ----SHD---- C:\System Volume Information
2010-01-19 14:43:16 ----SHD---- \System Volume Information
2010-01-19 14:37:38 ----D---- C:\Windows\system32\wbem
2010-01-19 14:37:38 ----D---- C:\Windows
2010-01-19 14:37:38 ----D---- \Windows
2010-01-19 14:36:42 ----D---- C:\Program Files\Microsoft Works
2010-01-19 14:36:42 ----D---- C:\Program Files\CuperUtilities StartUp Manager
2010-01-19 14:36:38 ----D---- C:\Windows\Tasks
2010-01-19 14:36:38 ----D---- C:\Windows\system32\Tasks
2010-01-19 14:36:38 ----D---- C:\Windows\system32\spool
2010-01-19 14:36:38 ----D---- C:\Windows\system32\restore
2010-01-19 14:36:38 ----D---- C:\Windows\system
2010-01-19 14:36:37 ----RSD---- C:\Windows\Media
2010-01-19 14:36:37 ----D---- C:\Windows\system32\CodeIntegrity
2010-01-19 14:36:37 ----D---- C:\Windows\system32\catroot2
2010-01-19 14:36:33 ----SHD---- C:\Windows\Installer
2010-01-19 14:36:22 ----RSD---- C:\Windows\Fonts
2010-01-19 14:36:21 ----RSD---- C:\Windows\assembly
2010-01-19 14:36:21 ----D---- C:\Users\Florian\AppData\Roaming\vlc
2010-01-19 14:36:19 ----RD---- C:\Users
2010-01-19 14:36:19 ----RD---- \Users
2010-01-19 14:36:08 ----D---- C:\Windows\registration
2010-01-19 12:07:27 ----D---- C:\Windows\Prefetch
2010-01-19 12:06:33 ----D---- C:\Windows\system32\WDI
2010-01-17 14:10:04 ----D---- C:\Windows\Debug
2010-01-16 21:25:52 ----SHD---- C:\Config.Msi
2010-01-16 21:25:52 ----SHD---- \Config.Msi
2010-01-16 21:25:49 ----SD---- C:\Users\Florian\AppData\Roaming\Microsoft
2010-01-15 18:34:04 ----D---- C:\Program Files\Launch Manager
2010-01-15 15:47:51 ----D---- C:\Program Files\Common Files\microsoft shared
2010-01-15 11:37:23 ----D---- C:\Windows\winsxs
2010-01-13 19:01:24 ----D---- C:\Program Files\Common Files
2010-01-13 10:48:56 ----D---- C:\Windows\system32\catroot
2010-01-13 10:48:29 ----D---- C:\Windows\Minidump
2010-01-13 10:12:07 ----D---- C:\Program Files\Windows Mail
2010-01-13 08:54:08 ----D---- C:\Users\Florian\AppData\Roaming\Adobe
2010-01-13 08:51:42 ----D---- C:\Program Files\Google
2010-01-12 20:52:42 ----D---- C:\Program Files\Adobe
2010-01-12 20:36:53 ----D---- C:\Program Files\Common Files\Adobe
2010-01-12 19:09:22 ----D---- C:\Program Files\Microsoft Office
2010-01-12 19:06:46 ----D---- C:\Windows\ShellNew
2010-01-12 18:04:59 ----D---- C:\Program Files\Fraps
2010-01-12 11:07:20 ----HD---- C:\Windows\system32\GroupPolicy
2010-01-12 11:00:11 ----SD---- C:\Windows\Downloaded Program Files
2010-01-11 19:28:19 ----D---- C:\Users\Florian\AppData\Roaming\teamspeak2
2010-01-11 19:28:19 ----D---- C:\Program Files\Teamspeak2_RC2
2010-01-11 14:43:34 ----D---- C:\Program Files\ICQ6.5
2010-01-11 10:54:31 ----D---- C:\Windows\Microsoft.NET
2010-01-10 17:01:27 ----D---- C:\Windows\rescache
2010-01-10 14:39:02 ----D---- C:\Windows\system32\de-DE
2010-01-10 14:38:59 ----D---- C:\Windows\system32\manifeststore
2010-01-10 14:38:59 ----D---- C:\Windows\ehome
2010-01-10 14:38:59 ----D---- C:\Windows\AppPatch
2010-01-10 14:38:58 ----D---- C:\Program Files\Windows Media Player
2010-01-09 19:56:10 ----D---- C:\Windows\system32\migration
2010-01-09 19:56:10 ----D---- C:\Program Files\Internet Explorer
2010-01-09 19:56:08 ----D---- C:\Windows\system32\en-US
2010-01-09 19:56:08 ----D---- C:\Windows\PolicyDefinitions
2010-01-09 19:32:56 ----D---- C:\Windows\SoftwareDistribution
2010-01-09 14:08:10 ----D---- C:\Program Files\Big Kahuna Reef
2010-01-04 16:17:48 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; C:\Windows\System32\Drivers\N360\0305020.00B\BHDrvx86.sys [2009-08-22 259632]
R1 ccHP;Symantec Hash Provider; C:\Windows\System32\Drivers\N360\0305020.00B\ccHPx86.sys [2009-08-22 482432]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2010-01-11 371248]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100116.002\IDSvix86.sys [2009-12-30 343088]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\N360\0305020.00B\SRTSPX.SYS [2009-08-22 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2009-08-22 25648]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\Windows\System32\Drivers\N360\0305020.00B\SYMTDI.SYS [2009-08-22 217136]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-07-18 61424]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2007-01-26 69632]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 NTIPPKernel;NTIPPKernel; \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-05-14 16944]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-05-14 60464]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-01-11 102448]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-03-25 980992]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-03-25 207872]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-05-07 2134424]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E60x86.sys [2008-05-19 47104]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2010-01-07 38224]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100118.039\NAVENG.SYS [2010-01-11 84912]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100118.039\NAVEX15.SYS [2010-01-11 1323568]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-05-05 3658752]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-06-25 44064]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-07-18 7545824]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-03-26 61440]
R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\N360\0305020.00B\SRTSP.SYS [2009-08-22 308272]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2010-01-13 124976]
R3 SYMFW;Symantec Network Filter Driver; C:\Windows\System32\Drivers\N360\0305020.00B\SYMFW.SYS [2009-08-22 89904]
R3 SYMNDISV;Symantec Network Filter Driver; C:\Windows\System32\Drivers\N360\0305020.00B\SYMNDISV.SYS [2009-08-22 48688]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-25 199472]
R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2008-04-28 50576]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
R3 USBMULCD;USB Multi-Channel Audio Device Interface; C:\Windows\system32\drivers\CM106.sys [2007-11-08 1315840]
R3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-03-25 661504]
R3 winbondcir;Winbond IR Transceiver; C:\Windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
R2 eDataSecurity Service;eDataSecurity Service; C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-05-14 500784]
R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
R2 fsproflt;FSPro Filter Service; C:\Windows\system32\fsproflt.exe [2009-05-03 73392]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-07-20 354840]
R2 IGBASVC;iGroupTec Service; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [2008-09-24 3602432]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-06 110592]
R2 N360;Norton 360; C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [2009-08-22 117640]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-07-18 196608]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2007-01-09 272024]
R2 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-12-09 1044808]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-12 655624]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-09 182768]
S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-01-12 435016]

-----------------EOF-----------------

flo2227 · 19.01.2010, 19:34

RSIT info.txt

Code:

ATTFilter

info.txt logfile of random's system information tool 1.06 2010-01-19 18:48:48

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\Setup.exe"  -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\Setup.exe"  -uninstall
Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
Acer Bio Protection
AAU 6.0.00.17-->"C:\Program Files\Acer\Acer Bio Protection\uninstall.exe"
Acer Crystal Eye Webcam 2.0.8-->C:\Program Files\InstallShield Installation Information\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}\setup.exe -runfromtemp -l0x0007 -removeonly
Acer eAudio Management-->"C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.exe" -uninstall
Acer eDataSecurity Management-->C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe -Operation UNINSTALL
Acer Empowering Technology-->"C:\Program Files\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer ePower Management-->"C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer eRecovery Management-->"C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer eSettings Management-->"C:\Program Files\InstallShield Installation Information\{13D85C14-2B85-419F-AC41-C7F21E68B25D}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer GameZone Console 2.0.1.1-->"C:\Program Files\Acer GameZone\GameConsole\unins000.exe"
Acer GridVista-->C:\Windows\GVUni.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x7  -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9  -removeonly
Acer VCM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}\setup.exe" -l0x7  -removeonly
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Recommended Settings CS4-->MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Extra Settings CS4-->MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Advertising Center-->MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D}
Agatha Christie Death on the Nile-->"C:\Program Files\Acer GameZone\Agatha Christie Death on the Nile\Uninstall.exe" "C:\Program Files\Acer GameZone\Agatha Christie Death on the Nile\install.log"
Akamai NetSession Interface-->C:\Program Files\Common Files\Akamai\uninstall.exe
Alice Greenfingers-->"C:\Program Files\Acer GameZone\Alice Greenfingers\Uninstall.exe" "C:\Program Files\Acer GameZone\Alice Greenfingers\install.log"
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x0007 -removeonly
Azada-->"C:\Program Files\Acer GameZone\Azada\Uninstall.exe" "C:\Program Files\Acer GameZone\Azada\install.log"
Backspin Billiards-->"C:\Program Files\Acer GameZone\Backspin Billiards\Uninstall.exe" "C:\Program Files\Acer GameZone\Backspin Billiards\install.log"
Big Kahuna Reef-->"C:\Program Files\Acer GameZone\Big Kahuna Reef\Uninstall.exe" "C:\Program Files\Acer GameZone\Big Kahuna Reef\install.log"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Bricks of Egypt-->"C:\Program Files\Acer GameZone\Bricks of Egypt\Uninstall.exe" "C:\Program Files\Acer GameZone\Bricks of Egypt\install.log"
Cake Mania-->"C:\Program Files\Acer GameZone\Cake Mania\Uninstall.exe" "C:\Program Files\Acer GameZone\Cake Mania\install.log"
Chicken Invaders 3-->"C:\Program Files\Acer GameZone\Chicken Invaders 3\Uninstall.exe" "C:\Program Files\Acer GameZone\Chicken Invaders 3\install.log"
Chuzzle-->"C:\Program Files\Acer GameZone\Chuzzle\Uninstall.exe" "C:\Program Files\Acer GameZone\Chuzzle\install.log"
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
CuperUtilities StartUp Manager 1.1-->"C:\Program Files\CuperUtilities StartUp Manager\unins000.exe"
CyberLink PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
CyberLink PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
Diner Dash Flo on the Go-->"C:\Program Files\Acer GameZone\Diner Dash Flo on the Go\Uninstall.exe" "C:\Program Files\Acer GameZone\Diner Dash Flo on the Go\install.log"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DolbyFiles-->MsiExec.exe /X{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}
eSobi v2-->C:\Program Files\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe -runfromtemp -l0x0407
Fraps (remove only)-->"C:\Program Files\Fraps\uninstall.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0007 -removeonly
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -IAcrZUn32z.INF
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Jewel Quest Solitaire-->"C:\Program Files\Acer GameZone\Jewel Quest Solitaire\Uninstall.exe" "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\install.log"
Kick N Rush-->"C:\Program Files\Acer GameZone\Kick N Rush\Uninstall.exe" "C:\Program Files\Acer GameZone\Kick N Rush\install.log"
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Launch Manager-->C:\Windows\UnInst32.exe QtZgAcer.UNI
Mahjong Escape Ancient China-->"C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\Uninstall.exe" "C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\install.log"
Mahjongg Artifacts-->"C:\Program Files\Acer GameZone\Mahjongg Artifacts\Uninstall.exe" "C:\Program Files\Acer GameZone\Mahjongg Artifacts\install.log"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Menu Templates - Starter Kit-->MsiExec.exe /X{B78120A0-CF84-4366-A393-4D0A59BC546C}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{59E4543A-D49D-4489-B445-473D763C79AF}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{4EA2F95F-A537-4D17-9E7F-6B3FF8D9BBE3}
Move Networks Media Player for Internet Explorer-->C:\Users\Florian\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
Movie Templates - Starter Kit-->MsiExec.exe /X{E498385E-1C51-459A-B45F-1721E37AA1A0}
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
My Lockbox 1.4 for Windows 2000/XP-->"C:\Program Files\My Lockbox\unins000.exe"
Mystery Case Files - Huntsville-->"C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville\install.log"
Mystery Solitaire - Secret Island-->"C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island\install.log"
Nero 9 Trial-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="8M01-2085-KK25-2LEE-0UHL-8MPA-6H4U-EHAL"
Nero BurnRights-->MsiExec.exe /X{7829DB6F-A066-4E40-8912-CB07887C20BB}
Nero ControlCenter-->MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}
Nero CoverDesigner-->MsiExec.exe /X{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}
Nero Disc Copy Gadget-->MsiExec.exe /X{F1861F30-3419-44DB-B2A1-C274825698B3}
Nero DiscSpeed-->MsiExec.exe /X{869200DB-287A-4DC0-B02B-2B6787FBCD4C}
Nero DriveSpeed-->MsiExec.exe /X{33CF58F5-48D8-4575-83D6-96F574E4D83A}
Nero InfoTool-->MsiExec.exe /X{FBCDFD61-7DCF-4E71-9226-873BA0053139}
Nero Installer-->MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF}
Nero PhotoSnap-->MsiExec.exe /X{9E82B934-9A25-445B-B8DF-8012808074AC}
Nero Recode-->MsiExec.exe /X{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}
Nero Rescue Agent-->MsiExec.exe /X{368BA326-73AD-4351-84ED-3C0A7A52CC53}
Nero ShowTime-->MsiExec.exe /X{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}
Nero StartSmart-->MsiExec.exe /X{7748AC8C-18E3-43BB-959B-088FAEA16FB2}
Nero Vision-->MsiExec.exe /X{43E39830-1826-415D-8BAE-86845787B54B}
Nero WaveEditor-->MsiExec.exe /X{A209525B-3377-43F4-B886-32F6B6E7356F}
NeroBurningROM-->MsiExec.exe /X{D025A639-B9C9-417D-8531-208859000AF8}
NeroExpress-->MsiExec.exe /X{595A3116-40BB-4E0F-A2E8-D7951DA56270}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
No23 Recorder-->MsiExec.exe /X{22B0E143-2B0B-435B-9F56-136A3D16065F}
Norton 360-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\7190B588\3.5.2.11\InstStub.exe /X
NTI Backup Now 5-->C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x0407
NTI Media Maker 8-->C:\Program Files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x0407
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
PhotoNow!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe"  -uninstall
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe"  -removeonly
Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9  -removeonly
Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0007 -removeonly
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
SoundTrax-->MsiExec.exe /X{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}
SPBA 5.8-->MsiExec.exe /I{ECCD28B2-8798-4D16-8126-625D728294A1}
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TheBest Minimize to Tray 1.xx-->"C:\Program Files\TheBest Minimize to Tray\unins000.exe"
Trust USB Audio-->C:\Windows\System32\Cmeau106.exe /rm /pusb106
TuneUp Utilities-->C:\Program Files\TuneUp Utilities 2010\TUInstallHelper.exe --Trigger-Uninstall
Turbo Pizza-->"C:\Program Files\Acer GameZone\Turbo Pizza\Uninstall.exe" "C:\Program Files\Acer GameZone\Turbo Pizza\install.log"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}
Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}
Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}
Vegas Pro 9.0-->MsiExec.exe /X{56415658-366E-4E28-A6BD-68EC63E560E0}
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VoiceOver Kit-->MsiExec.exe /I{6DE13770-01B7-4366-8DA6-48237793F445}
Winbond CIR Device Drivers-->MsiExec.exe /I{10F498FF-5392-4DF3-8F73-FE172A9F3800}
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}
Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Zuma Deluxe-->"C:\Program Files\Acer GameZone\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Zuma Deluxe\install.log"

=====HijackThis Backups=====

O1 - Hosts: 78.159.110.36 www.google.ch [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.com.au [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.at [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.de [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.co.za [2010-01-19]
O1 - Hosts: 78.159.110.36 us.search.yahoo.com [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.com [2010-01-19]
O1 - Hosts: 78.159.110.36 uk.search.yahoo.com [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.com.br [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.gr [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.no [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.co.uk [2010-01-19]
O1 - Hosts: 78.159.110.36 search.yahoo.com [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.it [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.be [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.ca [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.co.jp [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.dk [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.es [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.com.mx [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.ie [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.fr [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.pt [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.fi [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.se [2010-01-19]
O1 - Hosts: 78.159.110.36 www.google.nl [2010-01-19]
O4 - HKCU\..\Run: [RTHDBPL] C:\Users\Florian\AppData\Roaming\SystemProc\lsass.exe [2010-01-19]

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Florian-PC
Event Code: 7036
Message: Dienst "Windows Update" befindet sich jetzt im Status "Ausgeführt".
Record Number: 44444
Source Name: Service Control Manager
Time Written: 20100119165912.000000-000
Event Type: Informationen
User: 

Computer Name: Florian-PC
Event Code: 10029
Message: DCOM hat den Dienst TrustedInstaller mit den Argumenten "" gestartet, um den Server auszuführen:
{752073A1-23F2-4396-85F0-8FDB879ED0ED}
Record Number: 44445
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100119170026.000000-000
Event Type: Informationen
User: 

Computer Name: Florian-PC
Event Code: 7036
Message: Dienst "Windows Modules Installer" befindet sich jetzt im Status "Ausgeführt".
Record Number: 44446
Source Name: Service Control Manager
Time Written: 20100119170026.000000-000
Event Type: Informationen
User: 

Computer Name: Florian-PC
Event Code: 7036
Message: Dienst "Windows Modules Installer" befindet sich jetzt im Status "Beendet".
Record Number: 44447
Source Name: Service Control Manager
Time Written: 20100119171027.000000-000
Event Type: Informationen
User: 

Computer Name: Florian-PC
Event Code: 7036
Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Beendet".
Record Number: 44448
Source Name: Service Control Manager
Time Written: 20100119171642.000000-000
Event Type: Informationen
User: 

=====Application event log=====

Computer Name: Florian-PC
Event Code: 1
Message: Der Zertifikatdiensteclient wurde erfolgreich gestartet.
Record Number: 5814
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20100119165804.389883-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: Florian-PC
Event Code: 10
Message: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Record Number: 5815
Source Name: Microsoft-Windows-WMI
Time Written: 20100119165817.000000-000
Event Type: Fehler
User: 

Computer Name: Florian-PC
Event Code: 1001
Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden entfernt. Die Daten enthalten die neuen Werte der Registrierungseinträge "Last Counter" und "Last Help".
Record Number: 5816
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100119170316.000000-000
Event Type: Informationen
User: 

Computer Name: Florian-PC
Event Code: 1000
Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden erfolgreich geladen. Die Eintragsdaten im Datenbereich enthalten die neuen Indexwerte, die diesem Dienst zugeordnet sind.
Record Number: 5817
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100119170317.000000-000
Event Type: Informationen
User: 

Computer Name: Florian-PC
Event Code: 5
Message: Unsupported service control request (see data below)
Record Number: 5818
Source Name: LightScribeService
Time Written: 20100119174847.000000-000
Event Type: Informationen
User: 

=====Security event log=====

Computer Name: Florian-PC
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
	Sicherheits-ID:		S-1-5-21-3603621761-1272723961-2709685194-1000
	Kontoname:		Florian
	Kontodomäne:		Florian-PC
	Anmelde-ID:		0x46b79

Berechtigungen:		SeSecurityPrivilege
			SeTakeOwnershipPrivilege
			SeLoadDriverPrivilege
			SeBackupPrivilege
			SeRestorePrivilege
			SeDebugPrivilege
			SeSystemEnvironmentPrivilege
			SeImpersonatePrivilege
Record Number: 7302
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100119165705.421883-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: Florian-PC
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		FLORIAN-PC$
	Kontodomäne:		WORKGROUP
	Anmelde-ID:		0x3e7
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Zielserver:
	Zielservername:	localhost
	Weitere Informationen:	localhost

Prozessinformationen:
	Prozess-ID:		0x2c8
	Prozessname:		C:\Windows\System32\services.exe

Netzwerkinformationen:
	Netzwerkadresse:	-
	Port:			-

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden.  Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 7303
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100119170026.418883-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: Florian-PC
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		FLORIAN-PC$
	Kontodomäne:		WORKGROUP
	Anmelde-ID:		0x3e7

Anmeldetyp:			5

Neue Anmeldung:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e7
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Prozessinformationen:
	Prozess-ID:		0x2c8
	Prozessname:		C:\Windows\System32\services.exe

Netzwerkinformationen:
	Arbeitsstationsname:	
	Quellnetzwerkadresse:	-
	Quellport:		-

Detaillierte Authentifizierungsinformationen:
	Anmeldeprozess:		Advapi  
	Authentifizierungspaket:	Negotiate
	Übertragene Dienste:	-
	Paketname (nur NTLM):	-
	Schlüssellänge:		0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
	 - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
	- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
	- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
	- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 7304
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100119170026.418883-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: Florian-PC
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e7

Berechtigungen:		SeAssignPrimaryTokenPrivilege
			SeTcbPrivilege
			SeSecurityPrivilege
			SeTakeOwnershipPrivilege
			SeLoadDriverPrivilege
			SeBackupPrivilege
			SeRestorePrivilege
			SeDebugPrivilege
			SeAuditPrivilege
			SeSystemEnvironmentPrivilege
			SeImpersonatePrivilege
Record Number: 7305
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100119170026.418883-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: Florian-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:	\Device\HarddiskVolume2\Windows\System32\drivers\mbamswissarmy.sys	
Record Number: 7306
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100119170137.612883-000
Event Type: Überwachung gescheitert
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"Pathtem"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64
"NTIPath"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\;
"RGSCLauncher"=C:\Program Files\Rockstar Games\Rockstar Games Social Club
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_0_0_0
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

MAM ist bei rund 140000 Dateien (dürfte etwa 600000 Dateien haben würde rund 4 Std. dauern:O) abgestürzt und GMER verursacht Bluescreen!

Chris4You · 19.01.2010, 20:01

Hi,

shit... Dann probieren wir Dr. Web und Rootrepealer...
Schaue gleich noch das RSIT-Log durch (solange der Akku vom Notebook noch hält.. ;o)...

Fixe noch mit HJ und poste (wenn noch nicht geschehen..)

Dr. Web/Cureit:
http://www.trojaner-board.de/59299-a...eb-cureit.html

RootRepeal

Lade bitte RootkitRevealer (http://technet.microsoft.com/de-de/s.../bb897445.aspx) runter und entpacke das Archiv in einen eigenen Ordner, z.B. C:\programme\rootkitrevealer.

Starte in diesem Ordner RootkitReavealer.exe. Alle anderen Programme schließen.

Starte durch Klick auf "Scan".

Wenn der Scan fertig ist das Logfile mit File -> Save abspeichern, und hier im forum posten.

chris
Ps.: Auf die Schnelle nichts gefunden, das versteckte Verzeichnis des netten Teils ist noch da...
2010-01-19 12:22:16 ----SHD---- C:\Users\Florian\AppData\Roaming\SystemProc
Ist versteckt (hidden), System...

flo2227 · 19.01.2010, 20:11

HijackThis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:08:12, on 19.01.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\My Lockbox\mylbx.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TheBest Minimize to Tray\TheBestMinimizeToTray.exe
C:\Program Files\TheBest Minimize to Tray\TheBestMinimizeToTray.exe
C:\Users\Florian\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_6930g
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/webhp?rls=ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_6930g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_6930g
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [Cm106Sound] RunDll32 cm106.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TQ566808] "F:\Setup.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe /a
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: TheBest Minimize to Tray.lnk = C:\Program Files\TheBest Minimize to Tray\TheBestMinimizeToTray.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix: 
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\Windows\system32\fsproflt.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11988 bytes

Chris4You · 19.01.2010, 20:24

Hi,

HJ sieht gut aus, kennst Du das hier:
C:\Program Files\My Lockbox\mylbx.exe

chris

flo2227 · 19.01.2010, 20:33

Ja kenn ich das ist ein Tool zum schützen von Ordnern mit Passwort.
Google geht wieder nur das Sicherheitscenter kann ich immer noch nicht aktivieren.
Sagt mir immer "Der Sicherheitsdienst konnte nicht gestartet werden"!
Den kompletten Systemscan werde ich wohl gleich starten dürfte allerdings knapp 4 Std. dauern.

MfG Flo

flo2227 · 20.01.2010, 09:12

Code:

ATTFilter

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "C:\Users\Florian\AppData\Roaming\SystemProc" deleted successfully.
Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Cm106Sound" deleted successfully.
Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|TQ566808" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

flo2227 · 20.01.2010, 09:22

Eigentlich keine probleme, hatte gestern nur kurz versucht den Lüfter im Bios auf Silent Mode zu stellen, ging aber nicht weil ich den punkt nicht gefunden habe. Ist irgendwie ein anderes Bios als auf meinem hauptrechner. Is mein laptop hier. Wei sollten sich den Probleme mit der Festplatte äußern?

Danke
Flo

Chris4You · 20.01.2010, 10:16

Hi,

verzögerte Laden und Schreibzeiten in Verbindung mit der HD...
Kommt die Meldung "nicht aktiviert" von Norton selbst oder vom SecurityCenter?

Ev. Support bei Norton anfragen....

Lade SystemLook von einem der folgenden Links und speichere das Tool auf dem Desktop.
http://jpshortstuff.247fixes.com/SystemLook.exe - http://images.malwareremoval.com/jps...SystemLook.exe

Doppelklick auf die SystemLook.exe, um das Tool zu starten.

Vista-User mit Rechtsklick und als Administrator starten.

Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

ATTFilter

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

Klicke nun auf den Button Look, um den Scan zu starten.

Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

chris

flo2227 · 20.01.2010, 10:23

Das Norton Problem hat sich nach einem Neustart erledigt.
Mit der Festplatte ist mit bis jetzt noch nichts aufgefallen.

SystemLook.txt

Code:

ATTFilter

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 10:19 on 20/01/2010 by Florian (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]


-=End Of File=-

Chris4You · 20.01.2010, 10:27

Hi,

seltsam, da sollte nicht McAfee sondern Norton stehen...

chris

Trojan Horse? Sicherheitscenterdeaktiviert, google funktioniert nicht mehr!

Log-Analyse und Auswertung: Trojan Horse? Sicherheitscenterdeaktiviert, google funktioniert nicht mehr!