Mein Internet Explorer öffnet von alleine und zeigt mir ständig werbungen

DJASK87 · 27.10.2010, 18:57

Die Werbungen kommen nicht mehr ! Aber seid dem der Virus da war, kann ich manche programme nicht öffnen (nur als admin kann die öffnen), es wird gesagt, dass mir die berechtigung fehlt, zudem kann ich auch keine einstellungen ändern wie Z.B. die Bildschirmauflösung, da wird auch gesagt dass ich keine berechtigung habe, obwohl ich der einzige nutzer admin bin ....

DJASK87 · 27.10.2010, 19:34

Gmer unterbricht während des scanvorgangs

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/10/27 20:29
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: 000.fcl
Image Path: D:\Program Files\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl
Address: 0xA1D99000 Size: 180224 File Visible: - Signed: -
Status: -

Name: 000.fcl
Image Path: C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
Address: 0xA1DC5000 Size: 135168 File Visible: - Signed: -
Status: -

Name: abmm9jlt.SYS
Image Path: C:\Windows\System32\Drivers\abmm9jlt.SYS
Address: 0x8A3C4000 Size: 221184 File Visible: - Signed: -
Status: -

Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x807AF000 Size: 286720 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x82242000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x9195B000 Size: 294912 File Visible: - Signed: -
Status: -

Name: AlfaFF.sys
Image Path: C:\Windows\system32\Drivers\AlfaFF.sys
Address: 0x8A3BB000 Size: 35968 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x8A34A000 Size: 32768 File Visible: - Signed: -
Status: -

Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x8A352000 Size: 122880 File Visible: - Signed: -
Status: -

Name: aufuys0f.SYS
Image Path: C:\Windows\System32\Drivers\aufuys0f.SYS
Address: 0x8F60A000 Size: 233472 File Visible: - Signed: -
Status: -

Name: avgntflt.sys
Image Path: C:\Windows\system32\DRIVERS\avgntflt.sys
Address: 0x91D70000 Size: 86016 File Visible: - Signed: -
Status: -

Name: avipbb.sys
Image Path: C:\Windows\system32\DRIVERS\avipbb.sys
Address: 0x91D0D000 Size: 139264 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\Windows\system32\DRIVERS\BATTC.SYS
Address: 0x805ED000 Size: 40960 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x8FD30000 Size: 28672 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x8048E000 Size: 32768 File Visible: - Signed: -
Status: -

Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0xA05A7000 Size: 102400 File Visible: - Signed: -
Status: -

Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x9B480000 Size: 57344 File Visible: - Signed: -
Status: -

Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0xA1DE6000 Size: 90112 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x8EFE4000 Size: 98304 File Visible: - Signed: -
Status: -

Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x804D7000 Size: 917504 File Visible: - Signed: -
Status: -

Name: circlass.sys
Image Path: C:\Windows\system32\DRIVERS\circlass.sys
Address: 0x8F786000 Size: 57344 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x8A7A3000 Size: 135168 File Visible: - Signed: -
Status: -

Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x80496000 Size: 266240 File Visible: - Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:\Windows\system32\DRIVERS\CmBatt.sys
Address: 0x8DEEF000 Size: 14208 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: C:\Windows\system32\DRIVERS\compbatt.sys
Address: 0x807FD000 Size: 10496 File Visible: - Signed: -
Status: -

Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x91D2F000 Size: 53248 File Visible: - Signed: -
Status: -

Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x8A7C4000 Size: 36864 File Visible: - Signed: -
Status: -

Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x91CF6000 Size: 94208 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x8A792000 Size: 69632 File Visible: - Signed: -
Status: -

Name: DKbFltr.sys
Image Path: C:\Windows\system32\DRIVERS\DKbFltr.sys
Address: 0x8EFC2000 Size: 40960 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x8FA3A000 Size: 151552 File Visible: - Signed: -
Status: -

Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x8DE00000 Size: 888832 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x91D3C000 Size: 40960 File Visible: - Signed: -
Status: -

Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x8E737000 Size: 659456 File Visible: - Signed: -
Status: -

Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x8A76B000 Size: 159744 File Visible: - Signed: -
Status: -

Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x8A3A2000 Size: 65536 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x8A370000 Size: 204800 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x8FD20000 Size: 36864 File Visible: - Signed: -
Status: -

Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x918F4000 Size: 110592 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
Address: 0x8A7DA000 Size: 21120 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x8220F000 Size: 208896 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x8DF3A000 Size: 577536 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Address: 0x8FCE5000 Size: 65536 File Visible: - Signed: -
Status: -

Name: hidir.sys
Image Path: C:\Windows\system32\DRIVERS\hidir.sys
Address: 0x8FCDA000 Size: 45056 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0x8FCF5000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\Windows\system32\DRIVERS\hidusb.sys
Address: 0x8FD64000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HSX_CNXT.sys
Image Path: C:\Windows\system32\DRIVERS\HSX_CNXT.sys
Address: 0x8FC0A000 Size: 741376 File Visible: - Signed: -
Status: -

Name: HSX_DPV.sys
Image Path: C:\Windows\system32\DRIVERS\HSX_DPV.sys
Address: 0x8FA9C000 Size: 1056768 File Visible: - Signed: -
Status: -

Name: HSXHWAZL.sys
Image Path: C:\Windows\system32\DRIVERS\HSXHWAZL.sys
Address: 0x8FA5F000 Size: 249856 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0xA051D000 Size: 446464 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\Windows\system32\DRIVERS\i8042prt.sys
Address: 0x8EFAF000 Size: 77824 File Visible: - Signed: -
Status: -

Name: iaStor.sys
Image Path: C:\Windows\system32\DRIVERS\iaStor.sys
Address: 0x8A271000 Size: 888832 File Visible: - Signed: -
Status: -

Name: iaStor.sys
Image Path: C:\Windows\system32\DRIVERS\iaStor.sys
Address: 0x00000000 Size: 0 File Visible: - Signed: -
Status: -

Name: int15.sys
Image Path: C:\Windows\system32\drivers\int15.sys
Address: 0xA1C4F000 Size: 69632 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\Windows\system32\DRIVERS\intelppm.sys
Address: 0x8F643000 Size: 61440 File Visible: - Signed: -
Status: -

Name: ipfltdrv.sys
Image Path: C:\Windows\system32\DRIVERS\ipfltdrv.sys
Address: 0xA04B4000 Size: 73728 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x8EFCC000 Size: 45056 File Visible: - Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\Windows\system32\DRIVERS\kbdhid.sys
Address: 0x8FCFC000 Size: 36864 File Visible: - Signed: -
Status: -

Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x80406000 Size: 28672 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\Windows\system32\DRIVERS\ks.sys
Address: 0x8F75C000 Size: 172032 File Visible: - Signed: -
Status: -

Name: ksecdd.sys
Image Path: C:\Windows\system32\Drivers\ksecdd.sys
Address: 0x8A405000 Size: 462848 File Visible: - Signed: -
Status: -

Name: L1E60x86.sys
Image Path: C:\Windows\system32\DRIVERS\L1E60x86.sys
Address: 0x8EF8A000 Size: 65536 File Visible: - Signed: -
Status: -

Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0xA04C6000 Size: 65536 File Visible: - Signed: -
Status: -

Name: luafv.sys
Image Path: C:\Windows\system32\drivers\luafv.sys
Address: 0x91D55000 Size: 110592 File Visible: - Signed: -
Status: -

Name: mcupdate_GenuineIntel.dll
Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll
Address: 0x8040D000 Size: 458752 File Visible: - Signed: -
Status: -

Name: mdmxsdk.sys
Image Path: C:\Windows\system32\DRIVERS\mdmxsdk.sys
Address: 0xA1C60000 Size: 12672 File Visible: - Signed: -
Status: -

Name: modem.sys
Image Path: C:\Windows\system32\drivers\modem.sys
Address: 0x8FCBF000 Size: 53248 File Visible: - Signed: -
Status: -

Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x91D46000 Size: 61440 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8EFD9000 Size: 45056 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\Windows\system32\DRIVERS\mouhid.sys
Address: 0x8FD05000 Size: 32768 File Visible: - Signed: -
Status: -

Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x8A259000 Size: 65536 File Visible: - Signed: -
Status: -

Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0xA05C0000 Size: 86016 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\Windows\system32\drivers\mrxdav.sys
Address: 0xA05D5000 Size: 135168 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0x91D85000 Size: 126976 File Visible: - Signed: -
Status: -

Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0x91DA4000 Size: 233472 File Visible: - Signed: -
Status: -

Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0x91DDD000 Size: 98304 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x8FD7F000 Size: 45056 File Visible: - Signed: -
Status: -

Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x807F5000 Size: 32768 File Visible: - Signed: -
Status: -

Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x8F652000 Size: 192512 File Visible: - Signed: -
Status: -

Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x8A581000 Size: 176128 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8F794000 Size: 40960 File Visible: - Signed: -
Status: -

Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x8A75C000 Size: 61440 File Visible: - Signed: -
Status: -

Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x8A476000 Size: 1093632 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x8F6E4000 Size: 45056 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys
Address: 0xA0500000 Size: 40960 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x8F6EF000 Size: 143360 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x8F7E0000 Size: 69632 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x8FDB7000 Size: 57344 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x919A3000 Size: 204800 File Visible: - Signed: -
Status: -

Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x8A5AC000 Size: 241664 File Visible: - Signed: -
Status: -

Name: NETw5v32.sys
Image Path: C:\Windows\system32\DRIVERS\NETw5v32.sys
Address: 0x8EC03000 Size: 3698688 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x8FD8A000 Size: 57344 File Visible: - Signed: -
Status: -

Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x91CEC000 Size: 40960 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x8A60B000 Size: 1114112 File Visible: - Signed: -
Status: -

Name: NTIDrvr.sys
Image Path: C:\Windows\system32\DRIVERS\NTIDrvr.sys
Address: 0x8DFF7000 Size: 32768 File Visible: - Signed: -
Status: -

Name: NTIPPKernel.sys
Image Path: C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
Address: 0xA1C64000 Size: 122368 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\Windows\system32\ntkrnlpa.exe
Address: 0x82242000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x8FD29000 Size: 28672 File Visible: - Signed: -
Status: -

Name: nvhda32v.sys
Image Path: C:\Windows\system32\drivers\nvhda32v.sys
Address: 0x8FCCC000 Size: 57344 File Visible: - Signed: -
Status: -

Name: nvlddmkm.sys
Image Path: C:\Windows\system32\DRIVERS\nvlddmkm.sys
Address: 0x8E004000 Size: 7545824 File Visible: - Signed: -
Status: -

Name: nwifi.sys
Image Path: C:\Windows\system32\DRIVERS\nwifi.sys
Address: 0xA04D6000 Size: 172032 File Visible: - Signed: -
Status: -

Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x8FDA1000 Size: 90112 File Visible: - Signed: -
Status: -

Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x805DE000 Size: 61440 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x805B7000 Size: 159744 File Visible: - Signed: -
Status: -

Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0xA1C82000 Size: 909312 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x82242000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x8FA0D000 Size: 184320 File Visible: - Signed: -
Status: -

Name: psdfilter.sys
Image Path: C:\Windows\system32\DRIVERS\psdfilter.sys
Address: 0x8A3B2000 Size: 36864 File Visible: - Signed: -
Status: -

Name: PSDNServ.sys
Image Path: C:\Windows\system32\DRIVERS\PSDNServ.sys
Address: 0xA1D60000 Size: 36864 File Visible: - Signed: -
Status: -

Name: PSDVdisk.sys
Image Path: C:\Windows\system32\DRIVERS\PSDVdisk.sys
Address: 0xA1D69000 Size: 73728 File Visible: - Signed: -
Status: -

Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x8047D000 Size: 69632 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x8FD98000 Size: 36864 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x8F6CD000 Size: 94208 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8F712000 Size: 61440 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x8F721000 Size: 81920 File Visible: - Signed: -
Status: -

Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x8F735000 Size: 86016 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x82242000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x91CB0000 Size: 245760 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x8FD6F000 Size: 32768 File Visible: - Signed: -
Status: -

Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x8FD77000 Size: 32768 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x91C00000 Size: 49152 File Visible: No Signed: -
Status: -

Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0xA050A000 Size: 77824 File Visible: - Signed: -
Status: -

Name: RTKVHDA.sys
Image Path: C:\Windows\system32\drivers\RTKVHDA.sys
Address: 0x8F805000 Size: 2129024 File Visible: - Signed: -
Status: -

Name: RTL8192su.sys
Image Path: C:\Windows\system32\DRIVERS\RTL8192su.sys
Address: 0x91C0F000 Size: 634880 File Visible: - Signed: -
Status: -

Name: RTSTOR.SYS
Image Path: C:\Windows\system32\drivers\RTSTOR.SYS
Address: 0x8FD0D000 Size: 77824 File Visible: - Signed: -
Status: -

Name: SASDIFSV.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0x91CAA000 Size: 24576 File Visible: - Signed: -
Status: -

Name: SASKUTIL.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
Address: 0x8FDD8000 Size: 139264 File Visible: - Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\Windows\System32\Drivers\SCSIPORT.SYS
Address: 0x80789000 Size: 155648 File Visible: - Signed: -
Status: -

Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0xA1D7B000 Size: 40960 File Visible: - Signed: -
Status: -

Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x91947000 Size: 81920 File Visible: - Signed: -
Status: -

Name: spjf.sys
Image Path: C:\Windows\System32\Drivers\spjf.sys
Address: 0x8068D000 Size: 995328 File Visible: No Signed: -
Status: -

Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x8A754000 Size: 32768 File Visible: - Signed: -
Status: -

Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0xA0404000 Size: 720896 File Visible: - Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0xA1C01000 Size: 319488 File Visible: - Signed: -
Status: -

Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0x8FB9E000 Size: 163840 File Visible: - Signed: -
Status: -

Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0xA058A000 Size: 118784 File Visible: - Signed: -
Status: -

Name: ssmdrv.sys
Image Path: C:\Windows\system32\DRIVERS\ssmdrv.sys
Address: 0x919F6000 Size: 23040 File Visible: - Signed: -
Status: -

Name: storport.sys
Image Path: C:\Windows\system32\DRIVERS\storport.sys
Address: 0x8F681000 Size: 266240 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8F75A000 Size: 4992 File Visible: - Signed: -
Status: -

Name: SynTP.sys
Image Path: C:\Windows\system32\DRIVERS\SynTP.sys
Address: 0x8DFC7000 Size: 192768 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x9180A000 Size: 958464 File Visible: - Signed: -
Status: -

Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0xA1D85000 Size: 49152 File Visible: - Signed: -
Status: -

Name: tcusb.sys
Image Path: C:\Windows\System32\Drivers\tcusb.sys
Address: 0x9190F000 Size: 43904 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x8F6C2000 Size: 45056 File Visible: - Signed: -
Status: -

Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x9191A000 Size: 90112 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x8F74A000 Size: 65536 File Visible: - Signed: -
Status: -

Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x9B460000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x8DEE6000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tunnel.sys
Image Path: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x8DEDB000 Size: 45056 File Visible: - Signed: -
Status: -

Name: UBHelper.sys
Image Path: C:\Windows\System32\Drivers\UBHelper.sys
Address: 0x8A269000 Size: 32768 File Visible: - Signed: -
Status: -

Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x8F79E000 Size: 53248 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys
Address: 0x91930000 Size: 94208 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x8EFD7000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x8E7EF000 Size: 61440 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x8F7AB000 Size: 217088 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x8DEFC000 Size: 253952 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\Windows\system32\DRIVERS\usbuhci.sys
Address: 0x8E7E4000 Size: 45056 File Visible: - Signed: -
Status: -

Name: usbvideo.sys
Image Path: C:\Windows\System32\Drivers\usbvideo.sys
Address: 0x919D5000 Size: 134016 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x8FD37000 Size: 49152 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x8FD43000 Size: 135168 File Visible: - Signed: -
Status: -

Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x8A200000 Size: 61440 File Visible: - Signed: -
Status: -

Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x8A20F000 Size: 303104 File Visible: - Signed: -
Status: -

Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x8A71B000 Size: 233472 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x8FDC5000 Size: 77824 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8E7D8000 Size: 49152 File Visible: - Signed: -
Status: -

Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x80604000 Size: 507904 File Visible: - Signed: -
Status: -

Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x80680000 Size: 53248 File Visible: - Signed: -
Status: -

Name: whfltr2k.sys
Image Path: C:\Windows\system32\DRIVERS\whfltr2k.sys
Address: 0x8FD6D000 Size: 6784 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0x9B240000 Size: 2109440 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x9B240000 Size: 2109440 File Visible: - Signed: -
Status: -

Name: winbondcir.sys
Image Path: C:\Windows\system32\DRIVERS\winbondcir.sys
Address: 0x8EF9A000 Size: 86016 File Visible: - Signed: -
Status: -

Name: wmiacpi.sys
Image Path: C:\Windows\system32\DRIVERS\wmiacpi.sys
Address: 0x8DEF3000 Size: 36864 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\Windows\System32\Drivers\WMILIB.SYS
Address: 0x80780000 Size: 36864 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x82242000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: xaudio.sys
Image Path: C:\Windows\system32\DRIVERS\xaudio.sys
Address: 0xA1D91000 Size: 32768 File Visible: - Signed: -
Status: -

---------------------------------------------------------------------
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/10/27 20:30
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: aufuys0fІ癅, IRP_MJ_CREATE]
Process: System Address: 0x873ee1f8 Size: 121

Object: Hidden Code [Driver: aufuys0fІ癅, IRP_MJ_CLOSE]
Process: System Address: 0x873ee1f8 Size: 121

Object: Hidden Code [Driver: aufuys0fІ癅, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873ee1f8 Size: 121

Object: Hidden Code [Driver: aufuys0fІ癅, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x873ee1f8 Size: 121

Object: Hidden Code [Driver: aufuys0fІ癅, IRP_MJ_POWER]
Process: System Address: 0x873ee1f8 Size: 121

Object: Hidden Code [Driver: aufuys0fІ癅, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x873ee1f8 Size: 121

Object: Hidden Code [Driver: aufuys0fІ癅, IRP_MJ_PNP]
Process: System Address: 0x873ee1f8 Size: 121

Object: Hidden Code [Driver: abmm9jltІ癅, IRP_MJ_CREATE]
Process: System Address: 0x873da1f8 Size: 121

Object: Hidden Code [Driver: abmm9jltІ癅, IRP_MJ_CLOSE]
Process: System Address: 0x873da1f8 Size: 121

Object: Hidden Code [Driver: abmm9jltІ癅, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873da1f8 Size: 121

Object: Hidden Code [Driver: abmm9jltІ癅, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x873da1f8 Size: 121

Object: Hidden Code [Driver: abmm9jltІ癅, IRP_MJ_POWER]
Process: System Address: 0x873da1f8 Size: 121

Object: Hidden Code [Driver: abmm9jltІ癅, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x873da1f8 Size: 121

Object: Hidden Code [Driver: abmm9jltІ癅, IRP_MJ_PNP]
Process: System Address: 0x873da1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x855221f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x855221f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x855221f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x855221f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x855221f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x855221f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x855221f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x872c91f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x872c91f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x872c91f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x872c91f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x872c91f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x872c91f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x872c91f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_CREATE]
Process: System Address: 0x874651f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x874651f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_READ]
Process: System Address: 0x874651f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_WRITE]
Process: System Address: 0x874651f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x874651f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x874651f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x874651f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x874651f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_POWER]
Process: System Address: 0x874651f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x874651f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_PNP]
Process: System Address: 0x874651f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CREATE]
Process: System Address: 0x913de500 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CLOSE]
Process: System Address: 0x913de500 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x913de500 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x913de500 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CLEANUP]
Process: System Address: 0x913de500 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_PNP]
Process: System Address: 0x913de500 Size: 121

Object: Hidden Code [Driver: netbtdeoЇ华牉偸ꔹ襠ꊠ᪠鄏, IRP_MJ_CREATE]
Process: System Address: 0x91452500 Size: 121

Object: Hidden Code [Driver: netbtdeoЇ华牉偸ꔹ襠ꊠ᪠鄏, IRP_MJ_CLOSE]
Process: System Address: 0x91452500 Size: 121

Object: Hidden Code [Driver: netbtdeoЇ华牉偸ꔹ襠ꊠ᪠鄏, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x91452500 Size: 121

Object: Hidden Code [Driver: netbtdeoЇ华牉偸ꔹ襠ꊠ᪠鄏, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x91452500 Size: 121

Object: Hidden Code [Driver: netbtdeoЇ华牉偸ꔹ襠ꊠ᪠鄏, IRP_MJ_CLEANUP]
Process: System Address: 0x91452500 Size: 121

Object: Hidden Code [Driver: netbtdeoЇ华牉偸ꔹ襠ꊠ᪠鄏, IRP_MJ_PNP]
Process: System Address: 0x91452500 Size: 121

Object: Hidden Code [Driver: iScsiPrtЂ穁摗, IRP_MJ_CREATE]
Process: System Address: 0x8741d1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЂ穁摗, IRP_MJ_CLOSE]
Process: System Address: 0x8741d1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЂ穁摗, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8741d1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЂ穁摗, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8741d1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЂ穁摗, IRP_MJ_POWER]
Process: System Address: 0x8741d1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЂ穁摗, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8741d1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЂ穁摗, IRP_MJ_PNP]
Process: System Address: 0x8741d1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System Address: 0x84b8f1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System Address: 0x84b8f1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System Address: 0x84b8f1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x84b8f1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84b8f1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x84b8f1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System Address: 0x84b8f1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System Address: 0x84b8f1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System Address: 0x84b8f1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84b8f1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System Address: 0x84b8f1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x872661f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x872661f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x872661f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x872661f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x872661f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x872661f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x872661f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLOSE]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_READ]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_WRITE]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_EA]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLEANUP]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_POWER]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_PNP]
Process: System Address: 0x872af500 Size: 121

Object: Hidden Code [Driver: cdfsЈ敓摔ઐꧥ쟠蜋, IRP_MJ_CREATE]
Process: System Address: 0x89e1a500 Size: 121

Object: Hidden Code [Driver: cdfsЈ敓摔ઐꧥ쟠蜋, IRP_MJ_CLOSE]
Process: System Address: 0x89e1a500 Size: 121

Object: Hidden Code [Driver: cdfsЈ敓摔ઐꧥ쟠蜋, IRP_MJ_READ]
Process: System Address: 0x89e1a500 Size: 121

Object: Hidden Code [Driver: cdfsЈ敓摔ઐꧥ쟠蜋, IRP_MJ_WRITE]
Process: System Address: 0x89e1a500 Size: 121

Object: Hidden Code [Driver: cdfsЈ敓摔ઐꧥ쟠蜋, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89e1a500 Size: 121

Object: Hidden Code [Driver: cdfsЈ敓摔ઐꧥ쟠蜋, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89e1a500 Size: 121

Object: Hidden Code [Driver: cdfsЈ敓摔ઐꧥ쟠蜋, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89e1a500 Size: 121

Object: Hidden Code [Driver: cdfsЈ敓摔ઐꧥ쟠蜋, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89e1a500 Size: 121

Object: Hidden Code [Driver: cdfsЈ敓摔ઐꧥ쟠蜋, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89e1a500 Size: 121

Object: Hidden Code [Driver: cdfsЈ敓摔ઐꧥ쟠蜋, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89e1a500 Size: 121

Object: Hidden Code [Driver: cdfsЈ敓摔ઐꧥ쟠蜋, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89e1a500 Size: 121

Object: Hidden Code [Driver: cdfsЈ敓摔ઐꧥ쟠蜋, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89e1a500 Size: 121

Object: Hidden Code [Driver: cdfsЈ敓摔ઐꧥ쟠蜋, IRP_MJ_CLEANUP]
Process: System Address: 0x89e1a500 Size: 121

Object: Hidden Code [Driver: cdfsЈ敓摔ઐꧥ쟠蜋, IRP_MJ_PNP]
Process: System Address: 0x89e1a500 Size: 121

---------------------------------------------------------------
java , adobe kann ich nicht updaten, es kommt eine Fehler meldung keine berechtigung, ich weiß es auch nicht

kira · 27.10.2010, 22:11

arbeite bitte noch die weitere Punkte ab:-> http://www.trojaner-board.de/92181-m...tml#post582672

DJASK87 · 28.10.2010, 15:24

RSIT Logfile:

Code:

ATTFilter

Logfile of random's system information tool 1.08 (written by random/random)
Run by Kerim at 2010-10-28 16:20:00
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 91 GB (62%) free of 148 GB
Total RAM: 3066 MB (65% free)


======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{5A0D5830-462D-4450-901E-10C1E3C1B043}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-05-14 312880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-12 278192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-09-29 842296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-10-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-05-14 142896]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-12 278192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"eRecoveryService"= []
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-09-28 2424560]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-01 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-03-08 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-09-02 205256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [2008-07-24 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files\Cyberlink\Shared files\brs.exe [2010-03-13 75048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-25 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [2008-07-24 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
D:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio]
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [2008-05-30 544768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-05-14 526896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-08-01 405504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-01 24064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-07-20 182808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
D:\Program Files\iTunes\iTunesHelper.exe [2010-07-21 141608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
D:\Program Files\Launch Manager\LManager.exe [2009-03-05 805384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\Windows\system32\NvCpl.dll [2008-07-18 13543968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2008-07-18 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe -onlytray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [2008-07-18 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
C:\Windows\PLFSetI.exe [2007-10-23 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
D:\QuickTime\QTTask.exe [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
D:\Program Files\CyberLink\PowerDVD10\PowerDVD10\PDVD10Serv.exe [2010-02-03 87336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2008-05-07 6139904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
C:\Windows\Skytel.exe [2007-11-20 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-01 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-25 1049896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TQ566808]
F:\Setup.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [2008-01-29 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
C:\ADVANC~1\wh_exec.exe [2007-11-10 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
d:\Winamp\winampa.exe [2008-08-04 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZPdtWzdVitaKey MC3000]
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe [2008-10-11 3676160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
C:\PROGRA~1\Acer\ACERVC~1\AcerVCM.exe [2008-03-05 1216512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Kerim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
C:\PROGRA~1\CONVES~1\Orion\MESSEN~1.EXE  []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AWinNotifyVitaKey MC3000]
C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll [2008-10-11 3197952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\spba]
C:\Program Files\Common Files\SPBA\homefus2.dll [2008-03-25 567560]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\Acer\Acer Bio Protection\PwdFilter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableCAD"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-10-27 19:15:39 ----D---- C:\Users\Kerim\AppData\Roaming\SUPERAntiSpyware.com
2010-10-27 19:15:39 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2010-10-27 19:15:34 ----D---- C:\Program Files\SUPERAntiSpyware
2010-10-27 18:59:15 ----D---- C:\Windows\Minidump
2010-10-27 17:23:18 ----A---- C:\Windows\system32\gameux.dll
2010-10-27 17:23:17 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-10-27 17:23:17 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-10-26 19:13:03 ----D---- C:\Users\Kerim\AppData\Roaming\Malwarebytes
2010-10-26 19:12:54 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-10-26 19:12:52 ----D---- C:\ProgramData\Malwarebytes
2010-10-26 19:12:52 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-10-25 19:01:29 ----D---- C:\Program Files\trend micro
2010-10-25 19:01:28 ----D---- C:\rsit
2010-10-24 11:45:39 ----N---- C:\Windows\system32\MpSigStub.exe
2010-10-24 02:44:48 ----D---- C:\Program Files\Common Files\Java
2010-10-24 02:44:15 ----A---- C:\Windows\system32\javaws.exe
2010-10-24 02:44:15 ----A---- C:\Windows\system32\javaw.exe
2010-10-24 02:44:15 ----A---- C:\Windows\system32\java.exe
2010-10-24 02:08:40 ----D---- C:\Users\Kerim\AppData\Roaming\Avira
2010-10-24 01:55:49 ----A---- C:\Windows\system32\drivers\ssmdrv.sys
2010-10-24 01:55:45 ----A---- C:\Windows\system32\drivers\avipbb.sys
2010-10-24 01:55:45 ----A---- C:\Windows\system32\drivers\avgntmgr.sys
2010-10-24 01:55:45 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2010-10-24 01:55:45 ----A---- C:\Windows\system32\drivers\avgntdd.sys
2010-10-24 01:55:43 ----D---- C:\ProgramData\Avira
2010-10-24 01:55:43 ----D---- C:\Program Files\Avira
2010-10-23 23:45:00 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-10-20 21:21:47 ----A---- C:\Windows\system32\auth.dll
2010-10-20 21:21:47 ----A---- C:\Windows\system32\advd.dll
2010-10-20 21:21:46 ----A---- C:\Windows\system32\NCTAudioTransform2.dll
2010-10-20 21:21:46 ----A---- C:\Windows\system32\NCTAudioRecord2.dll
2010-10-20 21:21:46 ----A---- C:\Windows\system32\NCTAudioPlayer2.dll
2010-10-20 21:21:46 ----A---- C:\Windows\system32\NCTAudioEditor2.dll
2010-10-20 21:21:45 ----A---- C:\Windows\system32\NCTAudioInformation2.dll
2010-10-20 21:21:45 ----A---- C:\Windows\system32\NCTAudioFile2.dll
2010-10-20 21:21:45 ----A---- C:\Windows\system32\lame_enc.dll
2010-10-20 21:21:44 ----D---- C:\Users\Kerim\AppData\Roaming\concept design
2010-10-20 20:55:39 ----A---- C:\Windows\system32\drivers\sptd.sys
2010-10-20 20:54:48 ----D---- C:\Users\Kerim\AppData\Roaming\DAEMON Tools Lite
2010-10-20 20:54:46 ----D---- C:\ProgramData\DAEMON Tools Lite
2010-10-20 20:48:53 ----A---- C:\Windows\ODBC.INI
2010-10-20 20:48:51 ----A---- C:\Windows\system32\mdimon.dll
2010-10-20 20:46:41 ----D---- C:\Program Files\Common Files\DESIGNER
2010-10-20 20:29:43 ----D---- C:\Users\Kerim\AppData\Roaming\Template
2010-10-13 18:14:00 ----A---- C:\Windows\system32\wmp.dll
2010-10-13 18:13:57 ----A---- C:\Windows\system32\wmploc.DLL
2010-10-13 18:13:32 ----A---- C:\Windows\system32\srvsvc.dll
2010-10-13 18:13:32 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-10-13 18:13:32 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-10-13 18:13:32 ----A---- C:\Windows\system32\drivers\srv.sys
2010-10-13 18:13:29 ----A---- C:\Windows\system32\netevent.dll
2010-10-13 18:13:07 ----A---- C:\Windows\system32\schannel.dll
2010-10-13 18:13:04 ----A---- C:\Windows\system32\ole32.dll
2010-10-13 18:13:01 ----A---- C:\Windows\system32\t2embed.dll
2010-10-13 18:12:57 ----A---- C:\Windows\system32\mshtml.dll
2010-10-13 18:12:56 ----A---- C:\Windows\system32\msfeeds.dll
2010-10-13 18:12:56 ----A---- C:\Windows\system32\ieframe.dll
2010-10-13 18:12:55 ----A---- C:\Windows\system32\licmgr10.dll
2010-10-13 18:12:54 ----A---- C:\Windows\system32\urlmon.dll
2010-10-13 18:12:53 ----A---- C:\Windows\system32\wininet.dll
2010-10-13 18:12:53 ----A---- C:\Windows\system32\mstime.dll
2010-10-13 18:12:53 ----A---- C:\Windows\system32\mshtmled.dll
2010-10-13 18:12:53 ----A---- C:\Windows\system32\iertutil.dll
2010-10-13 18:12:53 ----A---- C:\Windows\system32\iedkcs32.dll
2010-10-13 18:12:50 ----A---- C:\Windows\system32\occache.dll
2010-10-13 18:12:50 ----A---- C:\Windows\system32\msfeedssync.exe
2010-10-13 18:12:50 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-10-13 18:12:50 ----A---- C:\Windows\system32\jsproxy.dll
2010-10-13 18:12:50 ----A---- C:\Windows\system32\ieUnatt.exe
2010-10-13 18:12:50 ----A---- C:\Windows\system32\ieui.dll
2010-10-13 18:12:50 ----A---- C:\Windows\system32\iesysprep.dll
2010-10-13 18:12:50 ----A---- C:\Windows\system32\iesetup.dll
2010-10-13 18:12:50 ----A---- C:\Windows\system32\iernonce.dll
2010-10-13 18:12:50 ----A---- C:\Windows\system32\iepeers.dll
2010-10-13 18:12:50 ----A---- C:\Windows\system32\ie4uinit.exe
2010-10-13 18:10:37 ----A---- C:\Windows\system32\mfc40u.dll
2010-10-13 18:10:37 ----A---- C:\Windows\system32\mfc40.dll
2010-10-13 18:10:18 ----A---- C:\Windows\system32\win32k.sys
2010-10-13 18:10:15 ----A---- C:\Windows\system32\msshsq.dll
2010-10-13 18:10:12 ----A---- C:\Windows\system32\wmpmde.dll
2010-10-13 18:10:09 ----A---- C:\Windows\system32\comctl32.dll
2010-09-29 17:25:13 ----A---- C:\Windows\system32\tzres.dll

======List of files/folders modified in the last 1 months======

2010-10-28 16:19:59 ----D---- C:\Windows\Temp
2010-10-28 16:00:53 ----D---- C:\Windows
2010-10-28 04:26:49 ----SHD---- C:\System Volume Information
2010-10-27 22:34:15 ----HD---- C:\ProgramData
2010-10-27 20:27:19 ----D---- C:\Windows\system32\drivers
2010-10-27 20:08:30 ----D---- C:\Windows\System32
2010-10-27 20:08:29 ----D---- C:\Windows\AppPatch
2010-10-27 20:06:20 ----D---- C:\Windows\winsxs
2010-10-27 19:15:34 ----D---- C:\Program Files
2010-10-27 19:07:12 ----D---- C:\Windows\inf
2010-10-27 19:07:12 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-10-27 17:21:37 ----D---- C:\Windows\system32\catroot
2010-10-27 17:21:36 ----D---- C:\Windows\system32\catroot2
2010-10-26 20:35:08 ----D---- C:\Windows\Logs
2010-10-26 20:32:22 ----D---- C:\Windows\Tasks
2010-10-26 20:18:59 ----D---- C:\Windows\system32\Tasks
2010-10-25 23:09:41 ----SHD---- C:\Windows\Installer
2010-10-24 12:50:10 ----A---- C:\Windows\win.ini
2010-10-24 12:47:37 ----D---- C:\Program Files\Common Files\microsoft shared
2010-10-24 12:41:41 ----RSD---- C:\Windows\assembly
2010-10-24 02:44:48 ----D---- C:\Program Files\Common Files
2010-10-24 02:43:27 ----A---- C:\Windows\system32\deployJava1.dll
2010-10-24 01:36:53 ----D---- C:\Windows\system32\WDI
2010-10-24 01:05:49 ----RSD---- C:\Windows\Fonts
2010-10-24 00:56:50 ----A---- C:\Windows\WinInit.Ini
2010-10-24 00:14:50 ----SD---- C:\Users\Kerim\AppData\Roaming\Microsoft
2010-10-24 00:03:23 ----D---- C:\Users\Kerim\AppData\Roaming\Winamp
2010-10-24 00:03:19 ----D---- C:\Windows\Debug
2010-10-23 23:52:45 ----HD---- C:\Program Files\InstallShield Installation Information
2010-10-23 23:47:30 ----A---- C:\Windows\system32\msxml3a.dll
2010-10-23 23:47:29 ----A---- C:\Windows\system32\msvcr71.dll
2010-10-23 23:47:29 ----A---- C:\Windows\system32\msvcp71.dll
2010-10-23 22:06:38 ----AD---- C:\ProgramData\Temp
2010-10-23 21:58:33 ----D---- C:\ProgramData\CyberLink
2010-10-23 21:44:40 ----D---- C:\Users\Kerim\AppData\Roaming\vlc
2010-10-23 21:34:40 ----D---- C:\Users\Kerim\AppData\Roaming\dvdcss
2010-10-23 21:33:15 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2010-10-23 21:33:00 ----D---- C:\Program Files\Cyberlink
2010-10-20 20:50:37 ----DC---- C:\Windows\system32\DRVSTORE
2010-10-20 20:47:13 ----D---- C:\Windows\ShellNew
2010-10-20 20:46:25 ----D---- C:\Program Files\Common Files\System
2010-10-20 20:46:04 ----SD---- C:\ProgramData\Microsoft
2010-10-20 20:46:04 ----D---- C:\Program Files\Microsoft.NET
2010-10-20 20:43:40 ----D---- C:\Windows\system
2010-10-20 20:40:09 ----A---- C:\Windows\NeroDigital.ini
2010-10-20 20:39:24 ----D---- C:\Windows\Prefetch
2010-10-20 20:26:14 ----D---- C:\Program Files\Acer GameZone
2010-10-20 20:25:37 ----SHD---- C:\Users\Kerim\AppData\Roaming\.#
2010-10-20 20:10:30 ----D---- C:\ProgramData\Microsoft Help
2010-10-20 20:09:54 ----D---- C:\Program Files\Microsoft Works
2010-10-15 21:53:07 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-10-14 23:12:11 ----D---- C:\Windows\rescache
2010-10-14 20:12:16 ----D---- C:\Windows\system32\de-DE
2010-10-14 20:12:16 ----D---- C:\Program Files\Windows Media Player
2010-10-14 20:12:13 ----D---- C:\Windows\system32\migration
2010-10-14 20:12:13 ----D---- C:\Program Files\Internet Explorer
2010-10-14 15:41:25 ----A---- C:\Windows\system32\mrt.exe
2010-10-11 21:08:04 ----D---- C:\Users\Kerim\AppData\Roaming\ICQ
2010-10-09 03:12:25 ----D---- C:\Windows\Microsoft.NET
2010-10-09 02:07:22 ----D---- C:\Windows\system32\drivers\etc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AlfaFF;AlfaFF File System mini-filter; C:\Windows\system32\Drivers\AlfaFF.sys [2008-10-11 42608]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2008-07-20 324120]
R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2008-05-14 18992]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-10-20 691696]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-30 13824]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/23 21:56:08]; \??\D:\Program Files\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl [2010-08-26 87536]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-07-18 61424]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2007-01-26 69632]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 NTIPPKernel;NTIPPKernel; \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-05-14 16944]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-05-14 60464]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-19 8704]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-03-26 980992]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-03-26 207872]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-05-07 2134424]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E60x86.sys [2008-05-19 47104]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-05-05 3658752]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-06-25 44064]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-07-18 7545824]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192su.sys [2010-02-15 515584]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-03-26 61440]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-25 199472]
R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2008-04-28 50576]
R3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 whfltr2k;WheelMouse USB Lower Filter Driver; C:\Windows\system32\DRIVERS\whfltr2k.sys [2007-01-26 6784]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-03-26 661504]
R3 winbondcir;Winbond IR Transceiver; C:\Windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
S3 afqxat68;afqxat68; C:\Windows\system32\drivers\afqxat68.sys []
S3 ao3psfpd;ao3psfpd; C:\Windows\system32\drivers\ao3psfpd.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2007-05-09 36496]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Bonjour Service;Dienst "Bonjour"; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
R2 eDataSecurity Service;eDataSecurity Service; C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-05-14 500784]
R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
R2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-06 135664]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-07-20 354840]
R2 IGBASVC;iGroupTec Service; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [2008-10-11 3602432]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-06 110592]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-07-18 196608]
R2 Realtek11nSU;Realtek11nSU; C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2009-04-24 36864]
R2 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]
R2 StarWindServiceAE;StarWind AE Service; D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-19 386560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-01 24064]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-22 182768]
S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-07-21 540968]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

--- --- ---

info.txtRSIT Logfile:

Code:

ATTFilter

logfile of random's system information tool 1.08 2010-10-28 16:20:13

======Uninstall list======

-->D:\DivX\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\Setup.exe"  -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\Setup.exe"  -uninstall
Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
Acer Bio Protection

AAU 6.0.00.17-->"C:\Program Files\Acer\Acer Bio Protection\uninstall.exe"
Acer Crystal Eye Webcam 2.0.8-->C:\Program Files\InstallShield Installation Information\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}\setup.exe -runfromtemp -l0x0007 -removeonly
Acer eAudio Management-->"C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.exe" -uninstall
Acer eDataSecurity Management-->C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe -Operation UNINSTALL
Acer Empowering Technology-->"C:\Program Files\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer ePower Management-->"C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer eRecovery Management-->"C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer eSettings Management-->"C:\Program Files\InstallShield Installation Information\{13D85C14-2B85-419F-AC41-C7F21E68B25D}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer GridVista-->C:\Windows\GVUni.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x7  -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9  -removeonly
Acer VCM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}\setup.exe" -l0x7  -removeonly
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Advanced Wheel Mouse 6.0.0.002-->C:\ADVANC~1\uninst.exe
Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}
Apple Mobile Device Support-->MsiExec.exe /I{85991ED2-010C-4930-96FA-52F43C2CE98A}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x0007 -removeonly
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bluesoleil2.6.0.8 Release 070517-->MsiExec.exe /X{438BB9B4-65FE-4626-91D9-A8F57B18001D}
Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
CCleaner-->"D:\Program Files\CCleaner\uninst.exe"
Cisco EAP-FAST Module-->MsiExec.exe /I{BF53252E-4AB2-4C7F-A0FD-6100755745E3}
Cisco LEAP Module-->MsiExec.exe /I{76F9CF97-FC4B-4E20-B363-D127C888448F}
Cisco PEAP Module-->MsiExec.exe /I{4E5386F5-C0F6-4532-A54A-374865AEAB71}
concept/design onlineTV 5-->"D:\Program Files\concept design\onlineTV 5\unins000.exe"
CyberLink PowerDVD 10-->"C:\Program Files\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe" /z-uninstall
CyberLink PowerDVD 10-->"C:\Program Files\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe" /z-uninstall
DivX Codec-->D:\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->D:\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->D:\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->D:\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EVEREST Home Edition v2.20-->"d:\Lavalys\EVEREST Home Edition\unins000.exe"
FLV Player 2.0 (build 25)-->D:\Program Files\FLV Player\uninst.exe
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_223E2B8E7BAD9544.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -IAcrZUn32z.INF
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
iTunes-->MsiExec.exe /I{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}
Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI
LOGO!Soft Comfort V6.1-->"D:\LogoSoft\UninstallerData\Uninstall.exe"
Malwarebytes' Anti-Malware-->"D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{4EA2F95F-A537-4D17-9E7F-6B3FF8D9BBE3}
Mozilla Firefox (3.0.4)-->d:\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 8 Lite 8.2.8.0-->"d:\Nero\unins000.exe"
NTI Backup Now 5-->C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x0407
NTI Media Maker 8-->C:\Program Files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x0407
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
PC Connectivity Solution-->MsiExec.exe /I{0C973594-7DDF-4BD0-84ED-3517F7622037}
PDFCreator-->D:\Program Files\PDFCreator\unins000.exe
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
REALTEK 11n USB Wireless LAN Driver and Utility-->C:\Program Files\InstallShield Installation Information\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}\Install.exe -uninst -l0x7 
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9  -removeonly
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
SopCast 3.2.9-->D:\Program Files\SopCast\uninst.exe
SPBA 5.8-->MsiExec.exe /I{ECCD28B2-8798-4D16-8126-625D728294A1}
sPlan 6.0 (Demo)-->"D:\sPlan60\unins000.exe"
Spybot - Search & Destroy-->"D:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPER © Version 2009.bld.36 (June 10, 2009)-->D:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamSpeak 2 RC2-->d:\Teamspeak2_RC2\unins000.exe
TeamSpeak 3 Client-->"d:\Program Files\TeamSpeak 3 Client\uninstall.exe"
TubeBox!-->MsiExec.exe /I{4527481F-E36D-408E-9F40-89E2630E2120}
TVUPlayer 2.5.2.1-->d:\Program Files\TVUPlayer\uninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Veetle TV 0.9.18-->D:\Program Files\Veetle\UninstallVeetleTV.exe
VLC media player 1.0.5-->D:\VLC\uninstall.exe
Winamp-->"d:\Winamp\UninstWA.exe"
Winbond CIR Device Drivers-->MsiExec.exe /I{10F498FF-5392-4DF3-8F73-FE172A9F3800}
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}
Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR-->D:\Winrar\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\WORLD OF WARCRAFT\Uninstall.exe

======Security center information======

AS: Windows Defender
AS: SUPERAntiSpyware

======System event log======

Computer Name: Kerim-PC
Event Code: 7036
Message: Dienst "Empowering Technology Service" befindet sich jetzt im Status "Ausgeführt".
Record Number: 195925
Source Name: Service Control Manager
Time Written: 20100609160459.000000-000
Event Type: Informationen
User: 

Computer Name: Kerim-PC
Event Code: 7036
Message: Dienst "Apple Mobile Device" befindet sich jetzt im Status "Ausgeführt".
Record Number: 195924
Source Name: Service Control Manager
Time Written: 20100609160459.000000-000
Event Type: Informationen
User: 

Computer Name: Kerim-PC
Event Code: 7036
Message: Dienst "ReadyBoost" befindet sich jetzt im Status "Ausgeführt".
Record Number: 195923
Source Name: Service Control Manager
Time Written: 20100609160459.000000-000
Event Type: Informationen
User: 

Computer Name: Kerim-PC
Event Code: 7036
Message: Dienst "Kryptografiedienste" befindet sich jetzt im Status "Ausgeführt".
Record Number: 195922
Source Name: Service Control Manager
Time Written: 20100609160459.000000-000
Event Type: Informationen
User: 

Computer Name: Kerim-PC
Event Code: 7036
Message: Dienst "CLHNService" befindet sich jetzt im Status "Ausgeführt".
Record Number: 195921
Source Name: Service Control Manager
Time Written: 20100609160459.000000-000
Event Type: Informationen
User: 

=====Application event log=====

Computer Name: Kerim-PC
Event Code: 1003
Message: Der Windows-Suchdienst wurde gestartet.

Record Number: 13618
Source Name: Microsoft-Windows-Search
Time Written: 20090904215134.000000-000
Event Type: Informationen
User: 

Computer Name: Kerim-PC
Event Code: 7500
Message: Intel RAID-Controller: Unbekannter Controller
Anzahl der Serial ATA-Anschlüsse: 4
 
RAID option ROM - Version: Unbekannt
Treiberversion: 8.5.0.1032
RAID-Plug-In - Version: 8.5.0.1032
Sprachressourcenversion des RAID-Plug-In:  Datei nicht gefunden
Assistent zum Erstellen eines Volumes - Version: 8.5.0.1032
Sprachressourcenversion für Assistenten zum Erstellen eines Volumes: Datei nicht gefunden
Assistent zum Erstellen eines Volumes von einer vorhandenen Festplatte - Version: 8.5.0.1032
Sprachressourcenversion des Assistenten zum Erstellen eines Volumes von einer vorhandener Festplatte:  Datei nicht gefunden
Assistent zum Bearbeiten des Volumes - Version: 8.5.0.1032
Sprachressourcenversion des Assistenten zum Bearbeiten des Volumes: Datei nicht gefunden
Assistent zum Löschen eines Volumes - Version: 8.5.0.1032
Sprachressourcenversion des Assistenten zum Löschen eines Volumes:  Datei nicht gefunden
ISDI Bibliothek Version: 8.5.0.1032
Version 8.5.0.1032 des Benutzerbenachrichtigungstools des Event Monitor
Sprachressourcenversion des Benutzerbenachrichtigungstools des Event Monitor:  Datei nicht gefunden
Event Monitor - Version: 8.5.0.1032
 
Festplatte 0
Verwendung: Unbekannte Festplattenverwendung
Status: Normal
Geräteanschluss: 0
Geräteanschlussposition: Intern
Aktueller Serial ATA-Übertragungsmodus: Generation 2
Modell: Hitachi HTS543232L9A300
Seriennummer: 080921FB2400LEC6VHEA
Firmware: FB4OC40C
Native Command Queuing-Unterstützung: Ja
Systemfestplatte: Ja
Gesamtgröße: 298 GB
Physische Sektorgröße: 512 Byte
Logische Sektorgröße: 512 Byte
 
Unbelegter Anschluss 0
Geräteanschluss: 4
Geräteanschlussposition: Intern
 
Unbelegter Anschluss 1
Geräteanschluss: 5
Geräteanschlussposition: Extern
 
CD/DVD-Laufwerk 0
Geräteanschluss: 1
Geräteanschlussposition: Intern
Aktueller Serial ATA-Übertragungsmodus: Generation 1
Modell: Optiarc BD ROM BC-5500S
Seriennummer: Daten nicht ausgegeben
Firmware: 1.B2

Record Number: 13617
Source Name: IAANTmon
Time Written: 20090904215130.000000-000
Event Type: Informationen
User: 

Computer Name: Kerim-PC
Event Code: 5000
Message: 
Record Number: 13616
Source Name: McLogEvent
Time Written: 20090904215130.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: Kerim-PC
Event Code: 102
Message: Windows (2852) Windows: Das Datenbankmodul (6.00.6001.0000) hat eine neue Instanz gestartet (0).
Record Number: 13615
Source Name: ESENT
Time Written: 20090904215129.000000-000
Event Type: Informationen
User: 

Computer Name: Kerim-PC
Event Code: 5617
Message: Die Subsysteme des Windows-Verwaltungsinstrumentationsdienstes wurden erfolgreich initialisiert.
Record Number: 13614
Source Name: Microsoft-Windows-WMI
Time Written: 20090904215129.000000-000
Event Type: Informationen
User: 

=====Security event log=====

Computer Name: Kerim-PC
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		KERIM-PC$
	Kontodomäne:		WORKGROUP
	Anmelde-ID:		0x3e7
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
	Kontoname:		Kerim
	Kontodomäne:		Kerim-PC
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Zielserver:
	Zielservername:	localhost
	Weitere Informationen:	localhost

Prozessinformationen:
	Prozess-ID:		0x540
	Prozessname:		C:\Windows\System32\winlogon.exe

Netzwerkinformationen:
	Netzwerkadresse:	127.0.0.1
	Port:			0

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden.  Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 33441
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091218181136.354467-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: Kerim-PC
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e7

Berechtigungen:		SeAssignPrimaryTokenPrivilege
			SeTcbPrivilege
			SeSecurityPrivilege
			SeTakeOwnershipPrivilege
			SeLoadDriverPrivilege
			SeBackupPrivilege
			SeRestorePrivilege
			SeDebugPrivilege
			SeAuditPrivilege
			SeSystemEnvironmentPrivilege
			SeImpersonatePrivilege
Record Number: 33440
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091218181105.121066-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: Kerim-PC
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		KERIM-PC$
	Kontodomäne:		WORKGROUP
	Anmelde-ID:		0x3e7

Anmeldetyp:			5

Neue Anmeldung:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e7
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Prozessinformationen:
	Prozess-ID:		0x2c8
	Prozessname:		C:\Windows\System32\services.exe

Netzwerkinformationen:
	Arbeitsstationsname:	
	Quellnetzwerkadresse:	-
	Quellport:		-

Detaillierte Authentifizierungsinformationen:
	Anmeldeprozess:		Advapi  
	Authentifizierungspaket:	Negotiate
	Übertragene Dienste:	-
	Paketname (nur NTLM):	-
	Schlüssellänge:		0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
	 - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
	- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
	- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
	- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 33439
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091218181105.121066-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: Kerim-PC
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		KERIM-PC$
	Kontodomäne:		WORKGROUP
	Anmelde-ID:		0x3e7
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Zielserver:
	Zielservername:	localhost
	Weitere Informationen:	localhost

Prozessinformationen:
	Prozess-ID:		0x2c8
	Prozessname:		C:\Windows\System32\services.exe

Netzwerkinformationen:
	Netzwerkadresse:	-
	Port:			-

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden.  Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 33438
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091218181105.121066-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: Kerim-PC
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e7

Berechtigungen:		SeAssignPrimaryTokenPrivilege
			SeTcbPrivilege
			SeSecurityPrivilege
			SeTakeOwnershipPrivilege
			SeLoadDriverPrivilege
			SeBackupPrivilege
			SeRestorePrivilege
			SeDebugPrivilege
			SeAuditPrivilege
			SeSystemEnvironmentPrivilege
			SeImpersonatePrivilege
Record Number: 33437
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091218181104.543863-000
Event Type: Überwachung erfolgreich
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64;D:\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"Pathtem"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64
"NTIPath"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\;
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

--- --- ---

kira · 29.10.2010, 05:49

Zitat:

Zitat von DJASK87

es wird gesagt, dass mir die berechtigung fehlt, zudem kann ich auch keine einstellungen ändern wie Z.B. die Bildschirmauflösung, da wird auch gesagt dass ich keine berechtigung habe, obwohl ich der einzige nutzer admin bin ....

die genaue Meldung bitte posten

DJASK87 · 29.10.2010, 09:07

Auf das angegebene Gerät, bzw. den Pfad oder die Datei kann nicht zugegriffen werden. Sie verfügen eventuell nicht über ausreichende Berechtigungen, um auf das Element zugreifen zu können.

Diese Fehlermeldung kommt bei fast jedem programm, und sogar auch bei bildschirmauflösung, ich kann nicht meine auflösung ändern

27.10.2010, 22:11	#3
kira /// Helfer-Team	Mein Internet Explorer öffnet von alleine und zeigt mir ständig werbungen arbeite bitte noch die weitere Punkte ab:-> http://www.trojaner-board.de/92181-m...tml#post582672 __________________

Mein Internet Explorer öffnet von alleine und zeigt mir ständig werbungen

Plagegeister aller Art und deren Bekämpfung: Mein Internet Explorer öffnet von alleine und zeigt mir ständig werbungen