Internet langsam, Seitenaufbau im Schneckentempo, Verdacht auf Virus oder Trojaner

diana68 · 23.11.2010, 23:50

Hallo,

ich habe ein Problem mit meinem Internet. Anfangs geht es meistens normal, nach manchmal kurzer oder länger Zeit ist es dann kaum noch möglich einen vernünftigen Seitenaufbau zu bekommen. Downloads sind dann nicht mehr möglich. Ich habe schon Tagelang gegoogelt, was es sein könnte und habe dann diese Seitegefunden. Ich habe Angst, dass ich einen Trojaner oder ähnliches habe. Nutze auch Online Banking über T-Online 6.0. Auch da gabs Probleme beim Überweisen. Habs jetzt erstmal gelassen und mein Passwort geändert. Habe leider wenig Ahnung, was ich jetzt machen kann. Folgendes habe ich schon mal ausprobiert. Den CClaener durchlaufen lassen, Anti Maylware durchlaufen lassen und dieses Hjiackhis durchgeführt und mein Avira Premium auf Viren prüfen lassen. Alles zum Glück ohne Funde. Kann mir vielleicht jemand helfen? Bin schon etwas überfordert, weil ich immer noch nicht weiß, was los ist. Hier einmal das Ergebnis dieses Hijackhis....
Vielen, vielen Dank schon mal!!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:58:17, on 22.11.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Users\Diana\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\karl\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-18\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'Default user')
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard Hilfsdienst (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Haufe iDesk-Service in C:\Program Files\Haufe\iDesk\iDeskService\Zope (HRService) - Unknown owner - C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8275 bytes

Gruß Dianahxxp://www.trojaner-board.de/images/smilies/bussi.gif

rea · 24.11.2010, 19:47

Hallo diana68,
das Problem mit dem Internet könnte an deiner Zonelabs Firewall liegen. Versuch mal probeweise die zu deinstallieren. Sofern du über einen Router ins Internet gehst, lohnt sich diese Firewall sowieso nicht und die Windowsfirewall reicht dabei vollkommen aus.

Wir können aber noch nach Malware suchen weil du ja auch Onlinebanking machst, dein Hijackthis-Log zeigt keine Auffälligkeiten, deshalb schauen wir mit OTL und GMER nochmal genauer nach:

1.) Systemscan mit OTL
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

2.) Gmer - Rootkitscan
Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.
Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.

Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
Gmer startet automatisch einen ersten Scan.

Sollte sich ein Fenster mit folgender Warnung öffnen:

Code:

ATTFilter

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

Unbedingt auf "No" klicken,
in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

.
Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
Wichtig: "Show all" darf nicht angehakt sein!
Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
Wenn der Scan fertig ist, bleibt die Zeile leer.
Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

diana68 · 25.11.2010, 21:52

Hallo,

vielen Dank für die Hilfe. Habe das OTL Logfile eingestellt. Mit dem GMER habe ich Pech gehabt. Beim ersten Mal klappte der Scan. Als dieser fertig war, wollte ich speichern, nur leider hatte sich der PC festgefahren. Nichts ging mehr. Nach dem Neustart wollte ich es wiederholen, jedoch stürtzte das System jedesmal ab. Vielleicht reicht das OTL ja?

Nochmals Danke!!!!!
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 25.11.2010 20:33:31 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Diana\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 62,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 27,39 Gb Free Space | 39,25% Space Free | Partition Type: NTFS
Drive D: | 69,52 Gb Total Space | 52,96 Gb Free Space | 76,18% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: DIANA-PC | User Name: Diana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.11.25 20:32:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Diana\Downloads\OTL.exe
PRC - [2010.09.08 07:02:42 | 000,638,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2010.08.09 15:41:56 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe
PRC - [2010.05.05 08:29:46 | 000,804,288 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe
PRC - [2010.05.05 08:29:46 | 000,111,960 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe
PRC - [2010.05.05 08:29:44 | 001,234,360 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe
PRC - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.02.19 22:57:20 | 000,164,097 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avmailc.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.15 13:31:50 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Premium\sched.exe
PRC - [2008.10.15 13:29:58 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avguard.exe
PRC - [2008.09.24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008.08.20 06:08:30 | 000,070,336 | ---- | M] () -- C:\Programme\Haufe\iDesk\iDeskService\ideskservice.exe
PRC - [2008.08.20 06:02:58 | 000,009,408 | ---- | M] () -- C:\Programme\Haufe\iDesk\iDeskService\ideskpython.exe
PRC - [2008.06.12 13:59:46 | 000,258,305 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe
PRC - [2008.06.12 13:28:40 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avgnt.exe
PRC - [2008.05.09 12:22:40 | 000,041,217 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avesvc.exe
PRC - [2008.03.30 19:09:01 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Diana\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2008.03.03 14:05:04 | 000,959,976 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008.03.03 14:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.09.14 14:32:46 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007.07.06 04:06:52 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007.06.28 17:50:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007.06.13 15:54:36 | 000,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007.06.11 13:54:58 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2007.04.25 15:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007.04.23 08:53:48 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007.01.26 13:24:42 | 000,050,688 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe
PRC - [2007.01.09 14:40:00 | 000,368,640 | ---- | M] (fun communications GmbH, fun communications) -- C:\Programme\T-Online\T-Online_Software_6\Notifier\Notifier.exe
PRC - [2006.11.24 11:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.11.25 20:32:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Diana\Downloads\OTL.exe
MOD - [2010.08.31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.02.19 22:57:20 | 000,164,097 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe -- (AntiVirMailService)
SRV - [2008.10.15 13:31:50 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe -- (AntiVirScheduler)
SRV - [2008.10.15 13:29:58 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe -- (AntiVirService)
SRV - [2008.09.24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008.08.20 06:08:30 | 000,070,336 | ---- | M] () [Auto | Running] -- C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe -- (HRService)
SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.06.12 13:59:46 | 000,258,305 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE -- (antivirwebservice)
SRV - [2008.05.09 12:22:40 | 000,041,217 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe -- (AVEService)
SRV - [2008.03.03 14:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.09.14 14:32:46 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007.06.28 17:50:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.06.13 15:54:36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007.04.25 15:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007.04.23 08:53:48 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007.01.26 13:24:42 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
SRV - [2006.12.14 16:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2006.11.24 11:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009.09.02 10:27:38 | 000,551,424 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2009.09.01 14:29:06 | 000,579,840 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2009.05.28 07:07:46 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.05.28 07:07:41 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avgntflt.sys -- (avgntflt)
DRV - [2009.05.28 07:07:39 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avgio.sys -- (avgio)
DRV - [2009.04.07 08:39:44 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.01.19 19:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV11.sys -- (acedrv11)
DRV - [2008.12.03 20:12:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.03.03 14:06:04 | 000,279,440 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2008.01.19 06:53:23 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2008.01.19 06:53:22 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2007.11.08 18:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007.11.05 10:56:58 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.08.02 15:17:26 | 001,749,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007.07.28 10:18:40 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2007.07.18 12:32:40 | 001,841,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.07.16 10:01:32 | 001,062,304 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.06.18 11:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.06.14 03:33:26 | 000,154,624 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.05.17 02:05:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007.05.17 01:46:50 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.05.17 01:46:36 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007.05.17 01:46:26 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007.05.17 01:46:20 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007.05.16 13:47:44 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2007.04.25 15:34:44 | 000,016,680 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2007.04.25 15:34:40 | 000,060,712 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\psdvdisk.sys -- (psdvdisk)
DRV - [2007.04.25 15:34:38 | 000,020,776 | ---- | M] (HiTRUST) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2007.03.21 21:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.02.24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.01.23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.12.07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006.11.02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2006.11.02 14:29:36 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006.11.02 14:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.10.09 14:46:44 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2006.09.19 16:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = Yahoo! Deutschland
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.12 13:05:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.12 13:05:24 | 000,000,000 | ---D | M]
 
[2009.10.15 21:15:41 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\mozilla\Extensions
[2010.11.23 23:42:37 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\wde6csy0.default\extensions
[2010.08.08 21:09:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\wde6csy0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.08 21:09:11 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\wde6csy0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.08.09 16:32:56 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.26 19:28:00 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.05.13 16:40:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.09 16:32:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.11.12 13:05:15 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.11.12 13:05:15 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.11.12 13:05:15 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.11.12 13:05:15 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.11.12 13:05:15 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Diana\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Diana\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{10efa4fb-a470-11dd-95bb-001b38ca12a7}\Shell\verb1\command - "" = desktop.exe
O33 - MountPoints2\{1e07c6dc-b49e-11de-8ea6-001b38ca12a7}\Shell\AutoRun\command - "" = tu2009_(8.0.3000.20)_tu2009aid22de_de-DE_V1.exe
O33 - MountPoints2\{6af05e14-c37e-11dd-b9b6-001b38ca12a7}\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\{a653ca99-9bc1-11de-b848-001b38ca12a7}\Shell\AutoRun\command - "" = F:\Menu.exe -- File not found
O33 - MountPoints2\{ab6e804e-2c35-11de-981e-001b38ca12a7}\Shell - "" = AutoRun
O33 - MountPoints2\{ab6e804e-2c35-11de-981e-001b38ca12a7}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{ab6e8054-2c35-11de-981e-001b38ca12a7}\Shell - "" = AutoRun
O33 - MountPoints2\{ab6e8054-2c35-11de-981e-001b38ca12a7}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{d0cfe3fc-09f9-11df-9ceb-001b38ca12a7}\Shell - "" = AutoRun
O33 - MountPoints2\{d0cfe3fc-09f9-11df-9ceb-001b38ca12a7}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Menu.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.22 22:51:07 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.11.21 23:03:59 | 000,000,000 | ---D | C] -- C:\Users\Diana\AppData\Roaming\Malwarebytes
[2010.11.21 23:03:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.21 23:03:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.11.21 23:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.11.21 23:03:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.11.21 23:02:00 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Diana\Desktop\mbam-setup-1.46.exe
[2010.11.21 22:52:33 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.11.21 21:31:07 | 001,943,584 | ---- | C] (Piriform Ltd) -- C:\Users\Diana\Documents\ccsetup3001310_slim.exe
[2010.11.06 11:44:10 | 000,000,000 | ---D | C] -- C:\Programme\Netzmanager
[2010.11.06 11:42:44 | 000,000,000 | ---D | C] -- C:\Users\Diana\AppData\Local\PackageAware
[2008.01.15 02:59:59 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2008.01.15 02:59:59 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2007.07.28 18:02:42 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
[2007.07.28 10:24:55 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.25 20:38:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BA47987D-4990-4288-ADB6-D5BC009E5E6A}.job
[2010.11.25 20:31:27 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.25 20:31:26 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.25 20:31:26 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.25 20:31:26 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.11.25 20:26:29 | 000,082,139 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.11.25 20:26:13 | 000,352,614 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010.11.25 20:25:28 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.25 20:25:28 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.25 20:25:22 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2010.11.22 22:51:27 | 000,002,523 | ---- | M] () -- C:\Users\Diana\Desktop\HiJackThis.lnk
[2010.11.21 23:03:53 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.21 23:02:36 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Diana\Desktop\mbam-setup-1.46.exe
[2010.11.21 22:52:38 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.11.21 21:31:12 | 001,943,584 | ---- | M] (Piriform Ltd) -- C:\Users\Diana\Documents\ccsetup3001310_slim.exe
[2010.11.20 17:50:04 | 000,082,139 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.11.17 22:58:33 | 000,591,602 | ---- | M] () -- C:\Users\Diana\Documents\QuickSteuer_2010_Dasi.zip
[2010.11.14 14:32:31 | 000,012,321 | ---- | M] () -- C:\Users\Diana\Documents\Gitarre Tabs.docx
[2010.11.06 11:31:36 | 000,352,614 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig(729).xml
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.22 22:51:07 | 000,002,523 | ---- | C] () -- C:\Users\Diana\Desktop\HiJackThis.lnk
[2010.11.21 23:03:53 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.21 22:52:38 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.11.17 22:58:27 | 000,591,602 | ---- | C] () -- C:\Users\Diana\Documents\QuickSteuer_2010_Dasi.zip
[2010.11.14 14:32:31 | 000,012,321 | ---- | C] () -- C:\Users\Diana\Documents\Gitarre Tabs.docx
[2010.11.13 14:24:32 | 002,717,134 | ---- | C] () -- C:\Users\Diana\Desktop\mama 127.JPG
[2010.10.23 17:04:18 | 000,001,336 | ---- | C] () -- C:\Windows\TVEpaDrv.ini
[2010.05.13 17:01:11 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.05.13 17:01:11 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.02.25 21:54:19 | 000,000,000 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\downloads.m3u
[2009.10.15 22:37:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.22 20:43:05 | 000,000,009 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\mdb.bin
[2009.07.28 21:03:11 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2009.05.01 19:08:42 | 000,082,139 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.05.01 19:08:35 | 000,082,139 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.03.31 18:02:27 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.03.30 21:13:04 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.01.08 22:55:17 | 000,000,120 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\default.rss
[2009.01.02 18:56:45 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2008.06.09 18:11:54 | 001,868,868 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL
[2008.04.06 22:59:25 | 000,000,398 | ---- | C] () -- C:\Windows\GTKassenbuch.INI
[2008.04.06 21:13:27 | 000,001,197 | ---- | C] () -- C:\Windows\WISO.INI
[2008.04.06 21:05:47 | 000,000,240 | ---- | C] () -- C:\Windows\BUHL.INI
[2008.03.30 19:50:28 | 000,181,248 | ---- | C] () -- C:\Users\Diana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.30 17:25:26 | 000,000,106 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\wklnhst.dat
[2008.03.30 02:56:20 | 000,080,675 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\nvModes.001
[2008.03.30 02:53:29 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.03.30 02:15:41 | 000,080,675 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\nvModes.dat
[2008.03.30 00:33:02 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2008.03.30 00:30:25 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS61.DLL
[2008.03.29 23:00:54 | 000,000,093 | ---- | C] () -- C:\Users\Diana\AppData\Local\fusioncache.dat
[2008.01.15 10:33:08 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2008.01.15 10:33:07 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2008.01.15 02:59:59 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys
[2008.01.15 02:59:59 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys
[2008.01.15 02:59:59 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini
[2008.01.15 02:59:59 | 000,000,131 | ---- | C] () -- C:\Windows\PidList.ini
[2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.07.28 20:54:24 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007.07.28 18:02:42 | 001,749,376 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007.07.28 18:02:42 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2007.07.28 10:38:36 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007.07.28 10:38:36 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007.07.28 10:37:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007.07.28 10:24:52 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007.07.28 09:35:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.07.28 09:32:12 | 000,000,775 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007.04.25 15:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007.04.25 15:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007.04.25 15:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007.04.25 15:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007.04.25 15:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007.04.25 15:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006.12.25 14:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.10.10 07:57:58 | 000,073,786 | ---- | C] () -- C:\Windows\System32\dntvmc23.dll
[2001.10.10 07:57:58 | 000,061,497 | ---- | C] () -- C:\Windows\System32\dntvm23.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[2001.03.07 07:02:30 | 000,229,431 | ---- | C] () -- C:\Windows\System32\dnt23.dll
 
========== LOP Check ==========
 
[2010.05.08 23:08:36 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\Amazon
[2008.05.26 19:14:33 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\Buhl Data Service
[2010.10.19 20:26:19 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\GitarreroBeginner
[2008.06.20 17:15:20 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\GitarreroMDemo
[2008.05.17 13:32:27 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\Haufe
[2008.03.30 15:08:06 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\Lexware
[2010.10.23 16:59:01 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\MAGIX
[2010.10.23 17:02:29 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\MAGIX USB-Videowandler 2
[2008.08.12 12:08:10 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\OpenOffice.org3
[2010.05.13 17:07:20 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\PC Suite
[2010.10.19 19:19:32 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\ProtectDisc
[2008.10.16 19:35:37 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\S.A.D
[2010.10.17 20:49:31 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\Samsung
[2010.08.12 20:26:43 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\Steganos
[2008.03.29 22:57:42 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\T-Online
[2008.03.30 17:25:28 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\Template
[2009.09.23 21:48:20 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\TuneUp Software
[2010.11.24 00:29:27 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.11.25 20:38:00 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{BA47987D-4990-4288-ADB6-D5BC009E5E6A}.job
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

rea · 25.11.2010, 23:40

Hast du Zonealarm deinstalliert? Ich hatte schon einen Fall, wo Zonealarm bei einem ganz ähnlichem Internet-Problem der Übeltäter gewesen ist.

Und leider fehlt mir noch eine Logfile von OTL (es werden immer zwei erstellt)
=> Extras.txt

Was GMER angeht, das probiereren wir dann nochmal zu einem späteren Zeitpunkt

diana68 · 26.11.2010, 21:06

Hallo,

hier das 2. Logfile von OTL. Habs gefunden......

)OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 25.11.2010 20:33:31 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Diana\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 62,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 27,39 Gb Free Space | 39,25% Space Free | Partition Type: NTFS
Drive D: | 69,52 Gb Total Space | 52,96 Gb Free Space | 76,18% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: DIANA-PC | User Name: Diana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe (Deutsche Telekom AG)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG)
htmlfile [opennew] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG)
http [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG)
https [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0837F1C7-39C3-4747-9436-E9C1E0A5472B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{0DC34BB1-8728-49D1-A443-684A87432A6C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{31D60450-A675-4CA7-9E6A-3F1A4A198FC1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe | 
"{40C5D945-83AF-42B4-80D5-A21A99DFC7C0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe | 
"{4EAF1534-AB51-4F1F-B786-A6D65019BC9E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe | 
"{4EE9CE80-C3D1-46D6-9DEE-852BF8253DD4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{84FD71C4-5848-412F-A933-8F00BD1F1426}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{D6C8E6CB-00DE-497A-A956-61A13CE05E61}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{DAFFBEFD-CACC-45C5-A82C-7D5F382D3D72}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{446BB827-D9A7-4BDC-95CA-22CA5216E3AB}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe | 
"{ABD333AC-86BE-4ED9-B1F6-886CED34F64E}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe | 
"{AEFB2469-56A9-4981-9EEA-EE8DD0DE9B01}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe | 
"{C3A8681E-770E-4294-9046-F3BBA4ABE175}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe | 
"{C8EE00CE-7B28-452D-84AC-6CD0ACBF9D18}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe | 
"{CA443963-A2A1-4479-81F3-D4D714AEB5AD}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{D033DA20-65D1-4A19-80D9-462792854C0E}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{EF6DB405-C6E4-4BCC-9BBC-986FFE4DA449}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{FB01D56B-BCD4-4C80-81E6-8D5DF0566379}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{B9F2C1AF-0F5E-4238-A379-BEA5823DEF6B}C:\program files\t-online\t-online_software_6\browser\browser.exe" = protocol=6 | dir=in | app=c:\program files\t-online\t-online_software_6\browser\browser.exe | 
"UDP Query User{5A41AF34-329B-4B5C-B83C-71B708E7D9D3}C:\program files\t-online\t-online_software_6\browser\browser.exe" = protocol=17 | dir=in | app=c:\program files\t-online\t-online_software_6\browser\browser.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2D6E1F40-DF2C-4144-9854-605D4E4C9B78}" = WISO Geld-Tipp Kassenbuch
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera 
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46F57104-8342-4455-B6F2-0203D8CC8AA5}" = MAGIX USB-Videowandler 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{52A69DD7-952A-460E-93EA-60F7C29F58AC}" = Steuer Update 14.01
"{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{67BACBCA-5F64-41D8-BE0E-AEEDD70DE781}" = Steuer Update 14.01
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9d0f1fdf-3342-4d6c-8448-4cda0f03a3c3}" = Nero 9
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC42EE05-1F5D-4B92-851A-DBFE81088A0C}" = QuickSteuer 2010
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B5761811-28F3-4257-B537-815C5EEF472C}" = Vodafone Mobile Connect Lite
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D5C8E140-6E6F-11DD-9AA9-0050560400B1}" = Haufe iDesk-Service
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EF978935-BB39-493F-9CEE-6E536BA7422B}" = QuickSteuer 2008
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F48AAE0F-52F4-11DD-B1F7-0050560400B1}" = Haufe iDesk-Browser
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AntiVir PersonalEdition Premium" = Avira AntiVir Premium
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANONBJ_Deinstall_CNMCP61.DLL" = Canon PIXMA iP3000
"CCleaner" = CCleaner
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"InstallShield_{46F57104-8342-4455-B6F2-0203D8CC8AA5}" = MAGIX USB-Videowandler 2
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Foto Manager 9 D" = MAGIX Foto Manager 9
"MAGIX Fotos auf CD & DVD 8 D" = MAGIX Fotos auf CD & DVD 8 8.0.1.11 (D)
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"MAGIX Video easy RSIV Edition D" = MAGIX Video easy RSIV Edition 1.0.3.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.5.15)" = Mozilla Firefox (3.5.15)
"NVIDIA Drivers" = NVIDIA Drivers
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"STANDARD" = Microsoft Office Standard 2007
"TVEpaDrv" = MAGIX USB-Videowandler 2 Device Driver
"Visitenkarten in 2 Minuten" = Visitenkarten in 2 Minuten
"VLC media player" = VLC media player 1.0.2
"WORD" = Microsoft Office Word 2007
"ZoneAlarm" = ZoneAlarm
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.11.2010 09:14:46 | Computer Name = Diana-PC | Source = Avira AntiVir | ID = 4112
Description = Bei der Anforderung nach einer Resource des Betriebssystems trat ein
 Fehler auf.  Die Resource 'ENGINE' wurde nicht zugewiesen.  Der Grund hierfür könnte
 zu wenig Hauptspeicher oder ein anderer Systemfehler sein.  Fehlercode: 87
 
Error - 06.11.2010 09:27:54 | Computer Name = Diana-PC | Source = System Restore | ID = 8209
Description = 
 
Error - 06.11.2010 09:13:05 | Computer Name = Diana-PC | Source = Avira AntiVir | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 53
 
Error - 06.11.2010 09:13:05 | Computer Name = Diana-PC | Source = Avira AntiVir | ID = 4112
Description = Bei der Anforderung nach einer Resource des Betriebssystems trat ein
 Fehler auf.  Die Resource 'ENGINE' wurde nicht zugewiesen.  Der Grund hierfür könnte
 zu wenig Hauptspeicher oder ein anderer Systemfehler sein.  Fehlercode: 87
 
Error - 06.11.2010 09:15:16 | Computer Name = Diana-PC | Source = System Restore | ID = 8209
Description = 
 
Error - 06.11.2010 09:27:21 | Computer Name = Diana-PC | Source = System Restore | ID = 8209
Description = 
 
Error - 07.11.2010 15:45:00 | Computer Name = Diana-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 07.11.2010 16:07:08 | Computer Name = Diana-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 08.11.2010 07:51:14 | Computer Name = Diana-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 08.11.2010 15:16:23 | Computer Name = Diana-PC | Source = RasClient | ID = 20227
Description = 
 
[ OSession Events ]
Error - 06.04.2008 16:27:32 | Computer Name = Diana-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 142
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 11.04.2008 10:12:18 | Computer Name = Diana-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 612
 seconds with 540 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 21.11.2010 15:32:07 | Computer Name = Diana-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 21.11.2010 15:32:31 | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 22.11.2010 14:59:29 | Computer Name = Diana-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 22.11.2010 14:59:45 | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.11.2010 18:22:18 | Computer Name = Diana-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 23.11.2010 18:23:13 | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.11.2010 18:23:13 | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 23.11.2010 18:23:13 | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 25.11.2010 15:25:28 | Computer Name = Diana-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 25.11.2010 15:25:58 | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

--- --- ---

diana68 · 26.11.2010, 21:14

hallo,

habe zonealarm deaktieviert. Gestern lief alles ohne Probleme. Werde mal sehen, wie es heute ist. Meine größte Sorge ist natürlich, ich könnte einen Trojaner haben. Habe das OTL Logfile gefunden .....

)OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 25.11.2010 20:33:31 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Diana\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 62,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 27,39 Gb Free Space | 39,25% Space Free | Partition Type: NTFS
Drive D: | 69,52 Gb Total Space | 52,96 Gb Free Space | 76,18% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: DIANA-PC | User Name: Diana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe (Deutsche Telekom AG)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG)
htmlfile [opennew] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG)
http [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG)
https [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0837F1C7-39C3-4747-9436-E9C1E0A5472B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{0DC34BB1-8728-49D1-A443-684A87432A6C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{31D60450-A675-4CA7-9E6A-3F1A4A198FC1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe | 
"{40C5D945-83AF-42B4-80D5-A21A99DFC7C0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe | 
"{4EAF1534-AB51-4F1F-B786-A6D65019BC9E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe | 
"{4EE9CE80-C3D1-46D6-9DEE-852BF8253DD4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{84FD71C4-5848-412F-A933-8F00BD1F1426}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{D6C8E6CB-00DE-497A-A956-61A13CE05E61}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{DAFFBEFD-CACC-45C5-A82C-7D5F382D3D72}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{446BB827-D9A7-4BDC-95CA-22CA5216E3AB}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe | 
"{ABD333AC-86BE-4ED9-B1F6-886CED34F64E}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe | 
"{AEFB2469-56A9-4981-9EEA-EE8DD0DE9B01}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe | 
"{C3A8681E-770E-4294-9046-F3BBA4ABE175}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe | 
"{C8EE00CE-7B28-452D-84AC-6CD0ACBF9D18}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe | 
"{CA443963-A2A1-4479-81F3-D4D714AEB5AD}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{D033DA20-65D1-4A19-80D9-462792854C0E}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{EF6DB405-C6E4-4BCC-9BBC-986FFE4DA449}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{FB01D56B-BCD4-4C80-81E6-8D5DF0566379}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{B9F2C1AF-0F5E-4238-A379-BEA5823DEF6B}C:\program files\t-online\t-online_software_6\browser\browser.exe" = protocol=6 | dir=in | app=c:\program files\t-online\t-online_software_6\browser\browser.exe | 
"UDP Query User{5A41AF34-329B-4B5C-B83C-71B708E7D9D3}C:\program files\t-online\t-online_software_6\browser\browser.exe" = protocol=17 | dir=in | app=c:\program files\t-online\t-online_software_6\browser\browser.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2D6E1F40-DF2C-4144-9854-605D4E4C9B78}" = WISO Geld-Tipp Kassenbuch
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera 
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46F57104-8342-4455-B6F2-0203D8CC8AA5}" = MAGIX USB-Videowandler 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{52A69DD7-952A-460E-93EA-60F7C29F58AC}" = Steuer Update 14.01
"{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{67BACBCA-5F64-41D8-BE0E-AEEDD70DE781}" = Steuer Update 14.01
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9d0f1fdf-3342-4d6c-8448-4cda0f03a3c3}" = Nero 9
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC42EE05-1F5D-4B92-851A-DBFE81088A0C}" = QuickSteuer 2010
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B5761811-28F3-4257-B537-815C5EEF472C}" = Vodafone Mobile Connect Lite
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D5C8E140-6E6F-11DD-9AA9-0050560400B1}" = Haufe iDesk-Service
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EF978935-BB39-493F-9CEE-6E536BA7422B}" = QuickSteuer 2008
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F48AAE0F-52F4-11DD-B1F7-0050560400B1}" = Haufe iDesk-Browser
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AntiVir PersonalEdition Premium" = Avira AntiVir Premium
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANONBJ_Deinstall_CNMCP61.DLL" = Canon PIXMA iP3000
"CCleaner" = CCleaner
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"InstallShield_{46F57104-8342-4455-B6F2-0203D8CC8AA5}" = MAGIX USB-Videowandler 2
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Foto Manager 9 D" = MAGIX Foto Manager 9
"MAGIX Fotos auf CD & DVD 8 D" = MAGIX Fotos auf CD & DVD 8 8.0.1.11 (D)
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"MAGIX Video easy RSIV Edition D" = MAGIX Video easy RSIV Edition 1.0.3.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.5.15)" = Mozilla Firefox (3.5.15)
"NVIDIA Drivers" = NVIDIA Drivers
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"STANDARD" = Microsoft Office Standard 2007
"TVEpaDrv" = MAGIX USB-Videowandler 2 Device Driver
"Visitenkarten in 2 Minuten" = Visitenkarten in 2 Minuten
"VLC media player" = VLC media player 1.0.2
"WORD" = Microsoft Office Word 2007
"ZoneAlarm" = ZoneAlarm
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.11.2010 09:14:46 | Computer Name = Diana-PC | Source = Avira AntiVir | ID = 4112
Description = Bei der Anforderung nach einer Resource des Betriebssystems trat ein
 Fehler auf.  Die Resource 'ENGINE' wurde nicht zugewiesen.  Der Grund hierfür könnte
 zu wenig Hauptspeicher oder ein anderer Systemfehler sein.  Fehlercode: 87
 
Error - 06.11.2010 09:27:54 | Computer Name = Diana-PC | Source = System Restore | ID = 8209
Description = 
 
Error - 06.11.2010 09:13:05 | Computer Name = Diana-PC | Source = Avira AntiVir | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 53
 
Error - 06.11.2010 09:13:05 | Computer Name = Diana-PC | Source = Avira AntiVir | ID = 4112
Description = Bei der Anforderung nach einer Resource des Betriebssystems trat ein
 Fehler auf.  Die Resource 'ENGINE' wurde nicht zugewiesen.  Der Grund hierfür könnte
 zu wenig Hauptspeicher oder ein anderer Systemfehler sein.  Fehlercode: 87
 
Error - 06.11.2010 09:15:16 | Computer Name = Diana-PC | Source = System Restore | ID = 8209
Description = 
 
Error - 06.11.2010 09:27:21 | Computer Name = Diana-PC | Source = System Restore | ID = 8209
Description = 
 
Error - 07.11.2010 15:45:00 | Computer Name = Diana-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 07.11.2010 16:07:08 | Computer Name = Diana-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 08.11.2010 07:51:14 | Computer Name = Diana-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 08.11.2010 15:16:23 | Computer Name = Diana-PC | Source = RasClient | ID = 20227
Description = 
 
[ OSession Events ]
Error - 06.04.2008 16:27:32 | Computer Name = Diana-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 142
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 11.04.2008 10:12:18 | Computer Name = Diana-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 612
 seconds with 540 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 21.11.2010 15:32:07 | Computer Name = Diana-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 21.11.2010 15:32:31 | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 22.11.2010 14:59:29 | Computer Name = Diana-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 22.11.2010 14:59:45 | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.11.2010 18:22:18 | Computer Name = Diana-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 23.11.2010 18:23:13 | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.11.2010 18:23:13 | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 23.11.2010 18:23:13 | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 25.11.2010 15:25:28 | Computer Name = Diana-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 25.11.2010 15:25:58 | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

--- --- ---

diana68 · 26.11.2010, 21:14

hallo,

habe zonealarm deaktieviert. Gestern lief alles ohne Probleme. Werde mal sehen, wie es heute ist. Meine größte Sorge ist natürlich, ich könnte einen Trojaner haben. Habe das OTL Logfile gefunden .....

)OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 25.11.2010 20:33:31 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Diana\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 62,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 27,39 Gb Free Space | 39,25% Space Free | Partition Type: NTFS
Drive D: | 69,52 Gb Total Space | 52,96 Gb Free Space | 76,18% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: DIANA-PC | User Name: Diana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe (Deutsche Telekom AG)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG)
htmlfile [opennew] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG)
http [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG)
https [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0837F1C7-39C3-4747-9436-E9C1E0A5472B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{0DC34BB1-8728-49D1-A443-684A87432A6C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{31D60450-A675-4CA7-9E6A-3F1A4A198FC1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe | 
"{40C5D945-83AF-42B4-80D5-A21A99DFC7C0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe | 
"{4EAF1534-AB51-4F1F-B786-A6D65019BC9E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe | 
"{4EE9CE80-C3D1-46D6-9DEE-852BF8253DD4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{84FD71C4-5848-412F-A933-8F00BD1F1426}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{D6C8E6CB-00DE-497A-A956-61A13CE05E61}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{DAFFBEFD-CACC-45C5-A82C-7D5F382D3D72}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{446BB827-D9A7-4BDC-95CA-22CA5216E3AB}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe | 
"{ABD333AC-86BE-4ED9-B1F6-886CED34F64E}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe | 
"{AEFB2469-56A9-4981-9EEA-EE8DD0DE9B01}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe | 
"{C3A8681E-770E-4294-9046-F3BBA4ABE175}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe | 
"{C8EE00CE-7B28-452D-84AC-6CD0ACBF9D18}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe | 
"{CA443963-A2A1-4479-81F3-D4D714AEB5AD}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{D033DA20-65D1-4A19-80D9-462792854C0E}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{EF6DB405-C6E4-4BCC-9BBC-986FFE4DA449}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{FB01D56B-BCD4-4C80-81E6-8D5DF0566379}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{B9F2C1AF-0F5E-4238-A379-BEA5823DEF6B}C:\program files\t-online\t-online_software_6\browser\browser.exe" = protocol=6 | dir=in | app=c:\program files\t-online\t-online_software_6\browser\browser.exe | 
"UDP Query User{5A41AF34-329B-4B5C-B83C-71B708E7D9D3}C:\program files\t-online\t-online_software_6\browser\browser.exe" = protocol=17 | dir=in | app=c:\program files\t-online\t-online_software_6\browser\browser.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2D6E1F40-DF2C-4144-9854-605D4E4C9B78}" = WISO Geld-Tipp Kassenbuch
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera 
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46F57104-8342-4455-B6F2-0203D8CC8AA5}" = MAGIX USB-Videowandler 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{52A69DD7-952A-460E-93EA-60F7C29F58AC}" = Steuer Update 14.01
"{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{67BACBCA-5F64-41D8-BE0E-AEEDD70DE781}" = Steuer Update 14.01
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9d0f1fdf-3342-4d6c-8448-4cda0f03a3c3}" = Nero 9
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC42EE05-1F5D-4B92-851A-DBFE81088A0C}" = QuickSteuer 2010
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B5761811-28F3-4257-B537-815C5EEF472C}" = Vodafone Mobile Connect Lite
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D5C8E140-6E6F-11DD-9AA9-0050560400B1}" = Haufe iDesk-Service
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EF978935-BB39-493F-9CEE-6E536BA7422B}" = QuickSteuer 2008
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F48AAE0F-52F4-11DD-B1F7-0050560400B1}" = Haufe iDesk-Browser
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AntiVir PersonalEdition Premium" = Avira AntiVir Premium
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANONBJ_Deinstall_CNMCP61.DLL" = Canon PIXMA iP3000
"CCleaner" = CCleaner
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"InstallShield_{46F57104-8342-4455-B6F2-0203D8CC8AA5}" = MAGIX USB-Videowandler 2
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Foto Manager 9 D" = MAGIX Foto Manager 9
"MAGIX Fotos auf CD & DVD 8 D" = MAGIX Fotos auf CD & DVD 8 8.0.1.11 (D)
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"MAGIX Video easy RSIV Edition D" = MAGIX Video easy RSIV Edition 1.0.3.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.5.15)" = Mozilla Firefox (3.5.15)
"NVIDIA Drivers" = NVIDIA Drivers
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"STANDARD" = Microsoft Office Standard 2007
"TVEpaDrv" = MAGIX USB-Videowandler 2 Device Driver
"Visitenkarten in 2 Minuten" = Visitenkarten in 2 Minuten
"VLC media player" = VLC media player 1.0.2
"WORD" = Microsoft Office Word 2007
"ZoneAlarm" = ZoneAlarm
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.11.2010 09:14:46 | Computer Name = Diana-PC | Source = Avira AntiVir | ID = 4112
Description = Bei der Anforderung nach einer Resource des Betriebssystems trat ein
 Fehler auf.  Die Resource 'ENGINE' wurde nicht zugewiesen.  Der Grund hierfür könnte
 zu wenig Hauptspeicher oder ein anderer Systemfehler sein.  Fehlercode: 87
 
Error - 06.11.2010 09:27:54 | Computer Name = Diana-PC | Source = System Restore | ID = 8209
Description = 
 
Error - 06.11.2010 09:13:05 | Computer Name = Diana-PC | Source = Avira AntiVir | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 53
 
Error - 06.11.2010 09:13:05 | Computer Name = Diana-PC | Source = Avira AntiVir | ID = 4112
Description = Bei der Anforderung nach einer Resource des Betriebssystems trat ein
 Fehler auf.  Die Resource 'ENGINE' wurde nicht zugewiesen.  Der Grund hierfür könnte
 zu wenig Hauptspeicher oder ein anderer Systemfehler sein.  Fehlercode: 87
 
Error - 06.11.2010 09:15:16 | Computer Name = Diana-PC | Source = System Restore | ID = 8209
Description = 
 
Error - 06.11.2010 09:27:21 | Computer Name = Diana-PC | Source = System Restore | ID = 8209
Description = 
 
Error - 07.11.2010 15:45:00 | Computer Name = Diana-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 07.11.2010 16:07:08 | Computer Name = Diana-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 08.11.2010 07:51:14 | Computer Name = Diana-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 08.11.2010 15:16:23 | Computer Name = Diana-PC | Source = RasClient | ID = 20227
Description = 
 
[ OSession Events ]
Error - 06.04.2008 16:27:32 | Computer Name = Diana-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 142
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 11.04.2008 10:12:18 | Computer Name = Diana-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 612
 seconds with 540 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 21.11.2010 15:32:07 | Computer Name = Diana-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 21.11.2010 15:32:31 | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 22.11.2010 14:59:29 | Computer Name = Diana-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 22.11.2010 14:59:45 | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.11.2010 18:22:18 | Computer Name = Diana-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 23.11.2010 18:23:13 | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.11.2010 18:23:13 | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 23.11.2010 18:23:13 | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 25.11.2010 15:25:28 | Computer Name = Diana-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 25.11.2010 15:25:58 | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

--- --- ---

diana68 · 26.11.2010, 21:22

Sorry, aber irgendwie ist hier alles doppelt. Keine Ahnung wie das passiert ist. Nun ja, doppelt hält ja bekanntlich besser...

rea · 28.11.2010, 23:08

Wie läuft es inzwischen mit dem Internet? In deinen Logs kann ich nichts verdächtiges ausmachen.
Versuche dann GMER nochmal und nimm im Menü den Haken rechts bei "Devices" heraus, dann klappts manchmal besser. Aber ich denke nicht, dass du da ein Rootkit hast.

Ein paar Tipps für dein System hab ich aber trotzdem:

1.) Fixen mit OTL

Starte bitte die OTL.exe.
Vista-&Win7-User mit Rechtsklick "als Administrator starten"

Kopiere nun den Inhalt der folgenden Codebox in die Benutzerdefinierte Scans/Fixes - Textbox.

Code:

ATTFilter

:OTL
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 -  File not found
O33 - MountPoints2\{10efa4fb-a470-11dd-95bb-001b38ca12a7}\Shell\verb1\command - "" = desktop.exe
O33 - MountPoints2\{1e07c6dc-b49e-11de-8ea6-001b38ca12a7}\Shell\AutoRun\command - "" = tu2009_(8.0.3000.20)_tu2009aid22de_de-DE_V1.exe
O33 - MountPoints2\{6af05e14-c37e-11dd-b9b6-001b38ca12a7}\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\{a653ca99-9bc1-11de-b848-001b38ca12a7}\Shell\AutoRun\command - "" = F:\Menu.exe -- File not found
O33 - MountPoints2\{ab6e804e-2c35-11de-981e-001b38ca12a7}\Shell - "" = AutoRun
O33 - MountPoints2\{ab6e804e-2c35-11de-981e-001b38ca12a7}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{ab6e8054-2c35-11de-981e-001b38ca12a7}\Shell - "" = AutoRun
O33 - MountPoints2\{ab6e8054-2c35-11de-981e-001b38ca12a7}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{d0cfe3fc-09f9-11df-9ceb-001b38ca12a7}\Shell - "" = AutoRun
O33 - MountPoints2\{d0cfe3fc-09f9-11df-9ceb-001b38ca12a7}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Menu.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
:Commands
[EMPTYTEMP]
[CREATERESTOREPOINT]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
Klick auf .
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

2.) Java aktualisieren
Deine Javaversion ist nicht aktuell. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, deinstalliere zunächst alle vorhandenen Java-Versionen über Systemsteuerung => Software => deinstallieren. Starte den Rechner neu.
Downloade nun die Offline-Version von Java Version 6 Update 22 von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

3.) Sicherheitsrisiko Adobe Arcrobat Reader

Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Wir empfehlen daher, die alte Version über Systemsteuerung => Software zu deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Starte den Rechner neu und downloade den aktuellen Acrobat-Reader 9.3.x herunter und installiere ihn.

Da der Adobe Acrobat Reader immer häufiger für gezielte Verbreitung von Malware genutzt wird, schlage ich vor, stattdessen einen alternativen PDF-Anzeiger zu nutzen, beispielsweise kannst Du den Foxit PDF Reader installieren. Er ist "schlanker" und benutzt weniger Resourcen. Achte bei der Installation unbedingt darauf, dass die Ask-Toolbar und/oder Foxit-Toolbar bzw. Sponsoren nicht mitinstalliert werden (ggfs. sofort über Systemsteuerung => Software wieder deinstallieren).

4.) Mozilla Firefox aktualisieren
=> Mozilla Firefox starten
=> Hilfe
=> Nach Updates suchen
=> Anweisungen folgen

5.) Erstelle neue Logfiles mit OTL

Nach den Einstellungen wie oben bereits.

diana68 · 01.12.2010, 00:22

Hallo rea,

wau, ich habe keine Ahnung, aber ich habe alles, hoffentlich richtig, gemacht. Ich bewundere ja schon, was du so alles weißt. Also hier meine "Hausaufgaben".

All processes killed
Error: Unable to interpret <Code: > in the current context!
Error: Unable to interpret <--------- > in the current context!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000023\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10efa4fb-a470-11dd-95bb-001b38ca12a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10efa4fb-a470-11dd-95bb-001b38ca12a7}\ not found.
File desktop.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e07c6dc-b49e-11de-8ea6-001b38ca12a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e07c6dc-b49e-11de-8ea6-001b38ca12a7}\ not found.
File tu2009_(8.0.3000.20)_tu2009aid22de_de-DE_V1.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6af05e14-c37e-11dd-b9b6-001b38ca12a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6af05e14-c37e-11dd-b9b6-001b38ca12a7}\ not found.
File .\recycled\info.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a653ca99-9bc1-11de-b848-001b38ca12a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a653ca99-9bc1-11de-b848-001b38ca12a7}\ not found.
File F:\Menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab6e804e-2c35-11de-981e-001b38ca12a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab6e804e-2c35-11de-981e-001b38ca12a7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab6e804e-2c35-11de-981e-001b38ca12a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab6e804e-2c35-11de-981e-001b38ca12a7}\ not found.
File F:\StartVMCLite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab6e8054-2c35-11de-981e-001b38ca12a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab6e8054-2c35-11de-981e-001b38ca12a7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab6e8054-2c35-11de-981e-001b38ca12a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab6e8054-2c35-11de-981e-001b38ca12a7}\ not found.
File F:\StartVMCLite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0cfe3fc-09f9-11df-9ceb-001b38ca12a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0cfe3fc-09f9-11df-9ceb-001b38ca12a7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0cfe3fc-09f9-11df-9ceb-001b38ca12a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0cfe3fc-09f9-11df-9ceb-001b38ca12a7}\ not found.
File H:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
File G:\Menu.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Diana

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 5166

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18975

21.11.2010 23:13:02
mbam-log-2010-11-21 (23-13-02).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 147021
Laufzeit: 7 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 5166

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18975

22.11.2010 20:20:55
mbam-log-2010-11-22 (20-20-55).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 146986
Laufzeit: 13 Minute(n), 0 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Die neue Logfile von OTL folgt gleich.

Ich bedanke mich wirklich gaaaaanz herzlich. Das Internet läuft bis jetzt ohne Probleme.
Ist schon erleichternd, wenn nicht Schlimmes drauf ist.

Gruß Diana

diana68 · 01.12.2010, 00:22

Hallo rea,

wau, ich habe keine Ahnung, aber ich habe alles, hoffentlich richtig, gemacht. Ich bewundere ja schon, was du so alles weißt. Also hier meine "Hausaufgaben".

All processes killed
Error: Unable to interpret <Code: > in the current context!
Error: Unable to interpret <--------- > in the current context!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000023\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10efa4fb-a470-11dd-95bb-001b38ca12a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10efa4fb-a470-11dd-95bb-001b38ca12a7}\ not found.
File desktop.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e07c6dc-b49e-11de-8ea6-001b38ca12a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e07c6dc-b49e-11de-8ea6-001b38ca12a7}\ not found.
File tu2009_(8.0.3000.20)_tu2009aid22de_de-DE_V1.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6af05e14-c37e-11dd-b9b6-001b38ca12a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6af05e14-c37e-11dd-b9b6-001b38ca12a7}\ not found.
File .\recycled\info.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a653ca99-9bc1-11de-b848-001b38ca12a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a653ca99-9bc1-11de-b848-001b38ca12a7}\ not found.
File F:\Menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab6e804e-2c35-11de-981e-001b38ca12a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab6e804e-2c35-11de-981e-001b38ca12a7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab6e804e-2c35-11de-981e-001b38ca12a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab6e804e-2c35-11de-981e-001b38ca12a7}\ not found.
File F:\StartVMCLite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab6e8054-2c35-11de-981e-001b38ca12a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab6e8054-2c35-11de-981e-001b38ca12a7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab6e8054-2c35-11de-981e-001b38ca12a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab6e8054-2c35-11de-981e-001b38ca12a7}\ not found.
File F:\StartVMCLite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0cfe3fc-09f9-11df-9ceb-001b38ca12a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0cfe3fc-09f9-11df-9ceb-001b38ca12a7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0cfe3fc-09f9-11df-9ceb-001b38ca12a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0cfe3fc-09f9-11df-9ceb-001b38ca12a7}\ not found.
File H:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
File G:\Menu.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Diana

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 5166

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18975

21.11.2010 23:13:02
mbam-log-2010-11-21 (23-13-02).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 147021
Laufzeit: 7 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 5166

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18975

22.11.2010 20:20:55
mbam-log-2010-11-22 (20-20-55).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 146986
Laufzeit: 13 Minute(n), 0 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Die neue Logfile von OTL folgt gleich.

Ich bedanke mich wirklich gaaaaanz herzlich. Das Internet läuft bis jetzt ohne Probleme.
Ist schon erleichternd, wenn nicht Schlimmes drauf ist.

Gruß Diana

diana68 · 01.12.2010, 00:35

Also hier der neue OTL Logfile. Denke ich habe nun alles erledigt. Hoffentlich ist nun alles gut. Würde mich freuen.OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 01.12.2010 00:24:32 - Run 2
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Diana\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 32,38 Gb Free Space | 46,41% Space Free | Partition Type: NTFS
Drive D: | 69,52 Gb Total Space | 52,91 Gb Free Space | 76,11% Space Free | Partition Type: NTFS
 
Computer Name: DIANA-PC | User Name: Diana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.11.25 20:32:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Diana\Downloads\OTL.exe
PRC - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.15 13:31:50 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Premium\sched.exe
PRC - [2008.10.15 13:29:58 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avguard.exe
PRC - [2008.09.24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008.08.20 06:08:30 | 000,070,336 | ---- | M] () -- C:\Programme\Haufe\iDesk\iDeskService\ideskservice.exe
PRC - [2008.08.20 06:02:58 | 000,009,408 | ---- | M] () -- C:\Programme\Haufe\iDesk\iDeskService\ideskpython.exe
PRC - [2008.06.12 13:59:46 | 000,258,305 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe
PRC - [2008.06.12 13:28:40 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avgnt.exe
PRC - [2008.05.09 12:22:40 | 000,041,217 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avesvc.exe
PRC - [2008.03.30 19:09:01 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Diana\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.09.14 14:32:46 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007.07.06 04:06:52 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007.06.28 17:50:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007.06.13 15:54:36 | 000,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007.06.11 13:54:58 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2007.04.25 15:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007.04.23 08:53:48 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007.01.26 13:24:42 | 000,050,688 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe
PRC - [2006.11.24 11:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.11.25 20:32:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Diana\Downloads\OTL.exe
MOD - [2010.08.31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.02.19 22:57:20 | 000,164,097 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe -- (AntiVirMailService)
SRV - [2008.10.15 13:31:50 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe -- (AntiVirScheduler)
SRV - [2008.10.15 13:29:58 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe -- (AntiVirService)
SRV - [2008.09.24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008.08.20 06:08:30 | 000,070,336 | ---- | M] () [Auto | Running] -- C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe -- (HRService)
SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.06.12 13:59:46 | 000,258,305 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE -- (antivirwebservice)
SRV - [2008.05.09 12:22:40 | 000,041,217 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe -- (AVEService)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.09.14 14:32:46 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007.06.28 17:50:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.06.13 15:54:36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007.04.25 15:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007.04.23 08:53:48 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007.01.26 13:24:42 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
SRV - [2006.12.14 16:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2006.11.24 11:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009.09.02 10:27:38 | 000,551,424 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2009.09.01 14:29:06 | 000,579,840 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2009.05.28 07:07:46 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.05.28 07:07:41 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avgntflt.sys -- (avgntflt)
DRV - [2009.05.28 07:07:39 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avgio.sys -- (avgio)
DRV - [2009.04.07 08:39:44 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.01.19 19:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV11.sys -- (acedrv11)
DRV - [2008.12.03 20:12:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.01.19 06:53:23 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2008.01.19 06:53:22 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2007.11.08 18:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007.11.05 10:56:58 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.08.02 15:17:26 | 001,749,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007.07.28 10:18:40 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2007.07.18 12:32:40 | 001,841,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.07.16 10:01:32 | 001,062,304 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.06.18 11:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.06.14 03:33:26 | 000,154,624 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.05.17 02:05:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007.05.17 01:46:50 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.05.17 01:46:36 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007.05.17 01:46:26 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007.05.17 01:46:20 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007.05.16 13:47:44 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2007.04.25 15:34:44 | 000,016,680 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2007.04.25 15:34:40 | 000,060,712 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\psdvdisk.sys -- (psdvdisk)
DRV - [2007.04.25 15:34:38 | 000,020,776 | ---- | M] (HiTRUST) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2007.03.21 21:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.02.24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.01.23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.12.07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006.11.02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2006.11.02 14:29:36 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006.11.02 14:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.10.09 14:46:44 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2006.09.19 16:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = Yahoo! Deutschland
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.01 00:06:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.01 00:06:02 | 000,000,000 | ---D | M]
 
[2009.10.15 21:15:41 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\mozilla\Extensions
[2010.12.01 00:01:43 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\wde6csy0.default\extensions
[2010.08.08 21:09:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\wde6csy0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.25 23:30:03 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.26 19:28:00 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.05.13 16:40:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.09 16:32:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.25 23:30:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.11.25 23:29:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.12.01 00:05:53 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.12.01 00:05:53 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.12.01 00:05:53 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.01 00:05:53 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.12.01 00:05:53 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Diana\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Diana\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.01 00:09:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.11.25 23:30:00 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.11.25 23:30:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.11.25 23:30:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.11.25 22:53:23 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.11.22 22:51:07 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.11.21 23:03:59 | 000,000,000 | ---D | C] -- C:\Users\Diana\AppData\Roaming\Malwarebytes
[2010.11.21 23:03:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.21 23:03:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.11.21 23:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.11.21 23:03:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.11.21 22:52:33 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.11.21 21:31:07 | 001,943,584 | ---- | C] (Piriform Ltd) -- C:\Users\Diana\Documents\ccsetup3001310_slim.exe
[2010.11.06 11:44:10 | 000,000,000 | ---D | C] -- C:\Programme\Netzmanager
[2010.11.06 11:42:44 | 000,000,000 | ---D | C] -- C:\Users\Diana\AppData\Local\PackageAware
[2008.01.15 02:59:59 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2008.01.15 02:59:59 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2007.07.28 18:02:42 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
[2007.07.28 10:24:55 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.01 00:28:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BA47987D-4990-4288-ADB6-D5BC009E5E6A}.job
[2010.12.01 00:16:14 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.01 00:16:14 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.01 00:16:14 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.01 00:16:14 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.01 00:12:17 | 000,082,139 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.12.01 00:11:39 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.01 00:11:39 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.01 00:11:35 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2010.11.30 23:48:14 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2010.11.30 23:27:56 | 000,052,976 | ---- | M] () -- C:\Users\Diana\Documents\cc_20101130_232613.reg
[2010.11.30 23:20:21 | 000,082,139 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.11.25 23:29:33 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.11.25 23:29:33 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.11.25 23:29:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.11.25 23:29:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.11.22 22:51:27 | 000,002,523 | ---- | M] () -- C:\Users\Diana\Desktop\HiJackThis.lnk
[2010.11.21 23:03:53 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.21 22:52:38 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.11.21 21:31:12 | 001,943,584 | ---- | M] (Piriform Ltd) -- C:\Users\Diana\Documents\ccsetup3001310_slim.exe
[2010.11.17 22:58:33 | 000,591,602 | ---- | M] () -- C:\Users\Diana\Documents\QuickSteuer_2010_Dasi.zip
[2010.11.14 14:32:31 | 000,012,321 | ---- | M] () -- C:\Users\Diana\Documents\Gitarre Tabs.docx
[2010.11.06 11:31:36 | 000,352,614 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig(729).xml
 
========== Files Created - No Company Name ==========
 
[2010.11.30 23:48:14 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2010.11.30 23:26:16 | 000,052,976 | ---- | C] () -- C:\Users\Diana\Documents\cc_20101130_232613.reg
[2010.11.22 22:51:07 | 000,002,523 | ---- | C] () -- C:\Users\Diana\Desktop\HiJackThis.lnk
[2010.11.21 23:03:53 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.21 22:52:38 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.11.17 22:58:27 | 000,591,602 | ---- | C] () -- C:\Users\Diana\Documents\QuickSteuer_2010_Dasi.zip
[2010.11.14 14:32:31 | 000,012,321 | ---- | C] () -- C:\Users\Diana\Documents\Gitarre Tabs.docx
[2010.11.13 14:24:32 | 002,717,134 | ---- | C] () -- C:\Users\Diana\Desktop\mama 127.JPG
[2010.10.23 17:04:18 | 000,001,336 | ---- | C] () -- C:\Windows\TVEpaDrv.ini
[2010.05.13 17:01:11 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.05.13 17:01:11 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.02.25 21:54:19 | 000,000,000 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\downloads.m3u
[2009.10.15 22:37:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.22 20:43:05 | 000,000,009 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\mdb.bin
[2009.07.28 21:03:11 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2009.05.01 19:08:42 | 000,082,139 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.05.01 19:08:35 | 000,082,139 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.03.31 18:02:27 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.03.30 21:13:04 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.01.08 22:55:17 | 000,000,120 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\default.rss
[2009.01.02 18:56:45 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2008.06.09 18:11:54 | 001,868,868 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL
[2008.04.06 22:59:25 | 000,000,398 | ---- | C] () -- C:\Windows\GTKassenbuch.INI
[2008.04.06 21:13:27 | 000,001,197 | ---- | C] () -- C:\Windows\WISO.INI
[2008.04.06 21:05:47 | 000,000,240 | ---- | C] () -- C:\Windows\BUHL.INI
[2008.03.30 19:50:28 | 000,181,248 | ---- | C] () -- C:\Users\Diana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.30 17:25:26 | 000,000,106 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\wklnhst.dat
[2008.03.30 02:56:20 | 000,080,675 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\nvModes.001
[2008.03.30 02:53:29 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.03.30 02:15:41 | 000,080,675 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\nvModes.dat
[2008.03.30 00:33:02 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2008.03.30 00:30:25 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS61.DLL
[2008.03.29 23:00:54 | 000,000,093 | ---- | C] () -- C:\Users\Diana\AppData\Local\fusioncache.dat
[2008.01.15 10:33:08 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2008.01.15 10:33:07 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2008.01.15 02:59:59 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys
[2008.01.15 02:59:59 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys
[2008.01.15 02:59:59 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini
[2008.01.15 02:59:59 | 000,000,131 | ---- | C] () -- C:\Windows\PidList.ini
[2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.07.28 20:54:24 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007.07.28 18:02:42 | 001,749,376 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007.07.28 18:02:42 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2007.07.28 10:38:36 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007.07.28 10:38:36 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007.07.28 10:37:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007.07.28 10:24:52 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007.07.28 09:35:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.07.28 09:32:12 | 000,000,775 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007.04.25 15:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007.04.25 15:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007.04.25 15:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007.04.25 15:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007.04.25 15:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007.04.25 15:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006.12.25 14:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.10.10 07:57:58 | 000,073,786 | ---- | C] () -- C:\Windows\System32\dntvmc23.dll
[2001.10.10 07:57:58 | 000,061,497 | ---- | C] () -- C:\Windows\System32\dntvm23.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[2001.03.07 07:02:30 | 000,229,431 | ---- | C] () -- C:\Windows\System32\dnt23.dll

< End of report >

--- --- ---

Bis bald !!!

rea · 01.12.2010, 18:40

Hallo diana68,

ui, da fühl ich mich geschmeichelt

Ein paar Sachen fehlen aber noch:

1.) Versuch GMER bitte nochmal, die Anleitung findest du ja noch weiter oben im Thread, es hat ja erst nicht funktioniert. Damit es diesmal klappt, nimm probeweise den Haken bei Devices heraus bei dem Punkt hier:

Zitat:

Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.

2.) Malwarebytes Antimalware: Du hast da leider nur den Quickscan gemacht, ein Vollständiger Suchlauf wär aber besser. Dauert zwar länger aber es wird mehr gescannt, also am besten nochmal wiederholen.

3.) Und du musst mir vom zweiten Lauf mit OTL noch die Extras.txt posten.

diana68 · 02.12.2010, 22:25

Hallo rea,

bin nun schon etwas deprimiert. Nachdem mein PC wieder 2x mit dem gemr abgstürzt ist, habe ich es im abges. Modus probiert. Tja, es hat zwar geklappt ohne Absturz, aber das Speichern hat nicht hingehauen. Ein blauer Bildschirm mit ein haufen Wörter und dann puff, Absturz. Ich finde auch keine Datei mit dem Logfile. Und das OTL hat kein Extra gemacht. Habs extra nochmal durchlaufen lassen. NO Extra. Ist schon ganzschön anstrengend. Und nun? Ist schon beängstigend, wenn er dauernd abstürzt. Gruß Diana

rea · 02.12.2010, 22:36

Kein Grund deprimiert zu sein, Gmer stürzt dauernd ab und es ist kein Zeichen dass auf jeden Fall Malware vorhanden ist. Gmer zeigt beim Scan an, ob Rootkits gefunden werden, die werden in roter Schrift angezeigt, wenn dir sowas nicht aufgefallen ist, sollte es gut sein.

Ich seh grad, dass du OTL aus deinem Downloadsordner heraus ausführst, da liegt wahrscheinlich das Problem

Verschieb OTL einfach auf den Desktop und führ es nochmal aus und dann sollte die Extras auch auf dem Desktop zu finden sein.

Internet langsam, Seitenaufbau im Schneckentempo, Verdacht auf Virus oder Trojaner

Log-Analyse und Auswertung: Internet langsam, Seitenaufbau im Schneckentempo, Verdacht auf Virus oder Trojaner